NixOS / Nix notes

README.md

Notes from running NixOS in a local VM.

The attached configuration.nix sets users immutable to force managing them through the config. The primary user is added to the wheel group and the wheel group has passwordless sudo access. All passwords are set by hash (using mkpasswd) and SSH keys are added for the primary user.

Manual installation

Partition, format, mount, configure:

#
# Partition scheme for UEFI (2G swap)
#

# GPT partition table
parted /dev/vda -- mklabel gpt
# root partition
parted /dev/vda -- mkpart primary 512MB -2GB
# swap partition
parted /dev/vda -- mkpart primary linux-swap -2GB 100%
# boot partition using ESP (EFI system partition)
parted /dev/vda -- mkpart ESP fat32 1MB 512MB
parted /dev/vda -- set 3 esp on

#
# Formatting
#

mkfs.ext4 -L nixos /dev/vda1
mkswap -L swap /dev/vda2
mkfs.fat -F 32 -n boot /dev/vda3

#
# Configuring
#

mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot

nixos-generate-config --root /mnt

Copy configuration.nix (attached to this gist) to /mnt/etc/nixos/configuration.nix.

Complete the installation:

nixos-install
reboot

Optimizing nix-store

nix.settings.auto-optimise-store — If set to true, Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy. This saves disk space. If set to false (the default), you can still run nix-store --optimise to get rid of duplicate files.

$ nix-store --gc — Runs garbage collection: all paths in the Nix store not reachable via file system references from a set of “roots”, are deleted.

configuration.nix

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  # Define your hostname.
  networking.hostName = "nixalot";

  # Set your time zone.
  time.timeZone = "US/Pacific";

  # Select internationalisation properties.
  i18n.defaultLocale = "en_US.UTF-8";

  # Keep user management to 
  users.mutableUsers = false;

  # Configure root access.
  users.users.root.hashedPassword = "…";
  security.sudo.wheelNeedsPassword = false;

  users.users.brainsik = {
    isNormalUser = true;
    home = "/home/brainsik";
    extraGroups = [ "wheel" ];
    shell = "/run/current-system/sw/bin/zsh";
    hashedPassword = "…";
    openssh.authorizedKeys.keys = [
      "…"
      "…"
    ];
    packages = with pkgs; [
      stow
    ];
  };

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    lsd
    starship
    vim
    zsh
  ];

  # List progreams you want to enable:
  programs.git.enable = true;
  programs.starship.enable = true;
  programs.zsh.enable = true;

  # List services that you want to enable:
  services.openssh.enable = true;

  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
  # Or disable the firewall altogether.
  # networking.firewall.enable = false;

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;
  
  # Automatically detect duplicates in the store and replace with hard links.
  nix.settings.auto-optimise-store = true;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.11"; # Did you read the comment?
}