Skip to content

Instantly share code, notes, and snippets.

@itsnebulalol

itsnebulalol/nixos-apple.md

Created February 17, 2024 02:52
Show Gist options
  • Save itsnebulalol/8a74bb613fc150f73969d1f861b999dc to your computer and use it in GitHub Desktop.
Save itsnebulalol/8a74bb613fc150f73969d1f861b999dc to your computer and use it in GitHub Desktop.
Download ZIP
NixOS install on Apple Silicon with LUKS
Raw
nixos-apple.md

NixOS with LUKS on Apple Silicon

This gist was made for my own reference, but feel free to follow along. Just note that not all partitions may be the same, and you should use your own Nix flake.

Partitioning

Prep

sgdisk /dev/nvme0n1 -n 0:0 -s
sgdisk /dev/nvme0n1 -p # Find number of 8300 type partition, usually 5 on my system

cat /proc/device-tree/chosen/asahi,efi-system-partition
fatlabel /dev/<efi partition> boot # Use disk from the cat command

LUKS

cryptsetup luksFormat --type luks2 --pbkdf argon2id --iter-time 10000 /dev/nvme0n1p5
cryptsetup luksOpen /dev/nvme0n1p5 crypted

pvcreate /dev/mapper/crypted
vgcreate vg /dev/mapper/crypted
lvcreate -L 8G -n swap vg
lvcreate -l '100%FREE' -n nixos vg

Format

nix-shell -p libxfs --run "mkfs.xfs -L nixos /dev/vg/nixos"
mkswap -L swap /dev/vg/swap

Mount

mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
swapon /dev/vg/swap

Configuration

nixos-generate-config --root /mnt
cp -r /etc/nixos/apple-silicon-support /mnt/etc/nixos/
chmod -R +w /mnt/etc/nixos/

Files

# /etc/nixos/configuration.nix

{ config, lib, pkgs, ... }:

{
  imports = [ ./hardware-configuration.nix ./apple-silicon-support ];

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = false;

  networking.hostName = "arete";

  time.timeZone = "America/New_York";

  environment.systemPackages = with pkgs; [
    curl
    git
  ];

  system.stateVersion = "24.05";
}

Only a little needs to be added to the hardware-configuration.nix so it can decrypt your LUKS encrypted devices:

# /etc/nixos/hardware-configuration.nix

boot.initrd.luks.devices = {
  nixos-enc = {
    device = "/dev/nvme0n1p5";
    preLVM = true;
  };
};

Apply flake

After running nixos-install and reboot, we can apply the configuration flake.

Installation

git clone https://github.com/itsnebulalol/nixfiles
cd nixfiles
nixos-rebuild switch --flake .#arete --impure

Copy SSH key

In SSH to the new user on a machine with our private and public key, run these:

nano ~/.ssh/id_ed25519 # paste in private key
nano ~/.ssh/id_ed25519.pub # paste in public key
chmod 644 ~/.ssh/id_ed25519.pub
chmod 600 ~/.ssh/id_ed25519

Required manually

  • Log into 1Password
  • Log into Discord
  • Enable VSCode setup sync
  • Pin 1Password and uBlock Origin in Chromium
  • Set up Wi-Fi

Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment