brainsik/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Notes from running NixOS in a local VM.
The attached configuration.nix sets users immutable to force managing them through the config. The primary user is added to the wheel group and the wheel group has passwordless sudo access. All passwords are set by hash (using mkpasswd). SSH keys can be added for the primary user and/or Tailscale SSH can be enabled.
Manual installation

Everything below is run as root.
Partition, format, mount, configure:
#
# Partition scheme for UEFI (2G swap)
#

# GPT partition table
parted /dev/vda -- mklabel gpt
# root partition
parted /dev/vda -- mkpart primary 512MB -2GB
# swap partition
parted /dev/vda -- mkpart primary linux-swap -2GB 100%
# boot partition using ESP (EFI system partition)
parted /dev/vda -- mkpart ESP fat32 1MB 512MB
parted /dev/vda -- set 3 esp on

#
# Formatting
#

mkfs.ext4 -L nixos /dev/vda1
mkswap -L swap /dev/vda2
mkfs.fat -F 32 -n boot /dev/vda3

#
# Configuring
#

mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot

nixos-generate-config --root /mnt
Copy configuration.nix (attached to this gist) to /mnt/etc/nixos/configuration.nix.
Complete the installation:
nixos-install
reboot
Optimizing nix-store

nix.settings.auto-optimise-store — If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.
$ nix-store --gc — Runs garbage collection: all paths in the Nix store not reachable via file system references from a set of “roots”, are deleted.

  
## configuration.nix
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.hostName = "nixos"; # Define your hostname.
  # Pick only one of the below networking options.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
  # networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.

  # Set your time zone.
  time.timeZone = "US/Pacific";

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";
  # console = {
  #   font = "Lat2-Terminus16";
  #   keyMap = "us";
  #   useXkbConfig = true; # use xkbOptions in tty.
  # };

  # Enable the X11 windowing system.
  # services.xserver.enable = true;

  # Configure keymap in X11
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e,caps:escape";

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable sound.
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;

  # Enable touchpad support (enabled default in most desktopManager).
  # services.xserver.libinput.enable = true;

  # Keep user management to
  users.mutableUsers = false;

  # Configure root access.
  users.users.root.hashedPassword = "$y$j9T$N0H9t76MQiS2jkhh7Cf4r1$6nz52.cXWWae9xjyCM16jaPZyt/asWsXXxYWpBDMjH7";
  security.sudo.wheelNeedsPassword = false;

  users.users.brainsik = {
    isNormalUser = true;
    home = "/home/brainsik";
    extraGroups = [ "wheel" ];
    shell = "/run/current-system/sw/bin/zsh";
    hashedPassword = "$y$j9T$g6WMJMZHdNUf5/s7hhW9U/$Sa4yoCOz.QF4kFIrUblQFhH93iM837gJQItbVYFLIn8";
    openssh.authorizedKeys.keys = [
      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCCvyvH5Vs89IcykQzEdVlFzpqs2oVyQWlHyds81SUh5IjDYbV1TA/x+jI80ShlwO0hlE6JgtgaPZCe9dBCLqfU= fairy-lake@secretive.M1x.local"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLFjgPHETX0WW5JiTZ2nBQuvVanuA7JeD5XAtl9yofj brainsik@M1x.local"
    ];
    packages = with pkgs; [
      stow
    ];
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    lsd
    starship
    tailscale
    vim
    zsh
  ];

  # List progreams you want to enable:
  programs.git.enable = true;
  programs.starship.enable = true;
  programs.zsh.enable = true;

  # List services that you want to enable:
  services.openssh.enable = true;
  services.tailscale.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # Automatically detect duplicates in the store and replace with hard links.
  nix.settings.auto-optimise-store = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?

}
	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running `nixos-help`).

	{ config, pkgs, ... }:

	{
	imports =
	[ # Include the results of the hardware scan.
	./hardware-configuration.nix
	];

	# Use the systemd-boot EFI boot loader.
	boot.loader.systemd-boot.enable = true;
	boot.loader.efi.canTouchEfiVariables = true;

	networking.hostName = "nixos"; # Define your hostname.
	# Pick only one of the below networking options.
	# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
	# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.

	# Set your time zone.
	time.timeZone = "US/Pacific";

	# Configure network proxy if necessary
	# networking.proxy.default = "http://user:password@proxy:port/";
	# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

	# Select internationalisation properties.
	i18n.defaultLocale = "en_US.UTF-8";
	# console = {
	# font = "Lat2-Terminus16";
	# keyMap = "us";
	# useXkbConfig = true; # use xkbOptions in tty.
	# };

	# Enable the X11 windowing system.
	# services.xserver.enable = true;

	# Configure keymap in X11
	# services.xserver.layout = "us";
	# services.xserver.xkbOptions = "eurosign:e,caps:escape";

	# Enable CUPS to print documents.
	# services.printing.enable = true;

	# Enable sound.
	# sound.enable = true;
	# hardware.pulseaudio.enable = true;

	# Enable touchpad support (enabled default in most desktopManager).
	# services.xserver.libinput.enable = true;

	# Keep user management to
	users.mutableUsers = false;

	# Configure root access.
	users.users.root.hashedPassword = "$y$j9T$N0H9t76MQiS2jkhh7Cf4r1$6nz52.cXWWae9xjyCM16jaPZyt/asWsXXxYWpBDMjH7";
	security.sudo.wheelNeedsPassword = false;

	users.users.brainsik = {
	isNormalUser = true;
	home = "/home/brainsik";
	extraGroups = [ "wheel" ];
	shell = "/run/current-system/sw/bin/zsh";
	hashedPassword = "$y$j9T$g6WMJMZHdNUf5/s7hhW9U/$Sa4yoCOz.QF4kFIrUblQFhH93iM837gJQItbVYFLIn8";
	openssh.authorizedKeys.keys = [
	"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCCvyvH5Vs89IcykQzEdVlFzpqs2oVyQWlHyds81SUh5IjDYbV1TA/x+jI80ShlwO0hlE6JgtgaPZCe9dBCLqfU= fairy-lake@secretive.M1x.local"
	"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLFjgPHETX0WW5JiTZ2nBQuvVanuA7JeD5XAtl9yofj brainsik@M1x.local"
	];
	packages = with pkgs; [
	stow
	];
	};

	# List packages installed in system profile. To search, run:
	# $ nix search wget
	environment.systemPackages = with pkgs; [
	lsd
	starship
	tailscale
	vim
	zsh
	];

	# List progreams you want to enable:
	programs.git.enable = true;
	programs.starship.enable = true;
	programs.zsh.enable = true;

	# List services that you want to enable:
	services.openssh.enable = true;
	services.tailscale.enable = true;

	# Open ports in the firewall.
	# networking.firewall.allowedTCPPorts = [ ... ];
	# networking.firewall.allowedUDPPorts = [ ... ];
	# Or disable the firewall altogether.
	# networking.firewall.enable = false;

	# Copy the NixOS configuration file and link it from the resulting system
	# (/run/current-system/configuration.nix). This is useful in case you
	# accidentally delete configuration.nix.
	# system.copySystemConfiguration = true;

	# Automatically detect duplicates in the store and replace with hard links.
	nix.settings.auto-optimise-store = true;

	# This value determines the NixOS release from which the default
	# settings for stateful data, like file locations and database versions
	# on your system were taken. It's perfectly fine and recommended to leave
	# this value at the release version of the first install of this system.
	# Before changing this value read the documentation for this option
	# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
	system.stateVersion = "23.05"; # Did you read the comment?

	}