NixOS setup

0-nixos.sh

#!/usr/bin/env bash
set -e -u -o pipefail -x

DISK='/dev/disk/by-id/ata-QEMU_HARDDISK_QM00003'
PART1="${DISK}-part1"
PART2="${DISK}-part2"
 
parted --script --align=optimal "$DISK" -- \
  mklabel gpt \
  mkpart ESP fat32 1MB 512MB set 1 esp on set 1 boot on \
  mkpart NixOS 512MB '100%'
 
partprobe
udevadm settle --timeout=5 --exit-if-exists="$PART1"
udevadm settle --timeout=5 --exit-if-exists="$PART2"
 
mkfs.vfat "$PART1"
 
zpool create \
  -o ashift=12 \
  -o autotrim=on \
  -R /mnt \
  -O acltype=posixacl \
  -O atime=off \
  -O canmount=off \
  -O dnodesize=auto \
  -O normalization=formD \
  -O xattr=sa \
  -O mountpoint=/ \
  -f \
  rpool "$PART2"
 
zfs create \
  -o canmount=off \
  -o mountpoint=none \
  -o encryption=on \
  -o keylocation=prompt \
  -o keyformat=passphrase \
  rpool/enc

zfs create -o canmount=on -o mountpoint=/        rpool/enc/root
zfs create -o canmount=on -o mountpoint=/var/log rpool/enc/log
zfs create -o canmount=on -o mountpoint=/nix     rpool/enc/nix
zfs create -o canmount=on -o mountpoint=/persist rpool/enc/persist
zfs snapshot rpool/enc/root@blank
zfs create -o canmount=off -o mountpoint=none -o reservation=1G rpool/reserved

mkdir -pv /mnt/boot
mount "$PART1" /mnt/boot

# remove possible ZFS caches
mkdir -p /mnt/etc/zfs/
rm -f /mnt/etc/zfs/zpool.cache
touch /mnt/etc/zfs/zpool.cache
chmod a-w /mnt/etc/zfs/zpool.cache
chattr +i /mnt/etc/zfs/zpool.cache

# Create a directory for persistent directories
mkdir -pv /mnt/persist/etc/nixos
mkdir -pv /mnt/etc/nixos

# Bind mount the persistent configuration
mount -o bind /mnt/persist/etc/nixos /mnt/etc/nixos

nixos-generate-config --root /mnt


tee /mnt/etc/nixos/zfs.nix <<EOF
{ config, pkgs, ... }:

{ boot.supportedFilesystems = [ "zfs" ];
  networking.hostId = "$(head -c 8 /etc/machine-id)";
  boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
  boot.zfs.devNodes = "$PART2";
}
EOF

sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' /mnt/etc/nixos/hardware-configuration.nix
sed -i 's|options = \[ "bind" \];|options = [ "bind" "X-mount.mkdir" ];|g' /mnt/etc/nixos/hardware-configuration.nix

1-config.nix

{ config, pkgs, lib, ... }:
 
{
  imports =
    [
      ./hardware-configuration.nix
      ./zfs.nix
    ];
 
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.postDeviceCommands = lib.mkAfter ''
    zfs rollback -r rpool/enc/root@blank
  '';
 
  networking.hostName = "xtera";
  networking.networkmanager.enable = true;
  time.timeZone = "Europe/Zurich";
  i18n.defaultLocale = "en_US.UTF-8";
 
  users.mutableUsers = false;
  users.users.mh = {
    isNormalUser = true;
    extraGroups = [ "wheel" ];
    # $ nix-shell --run 'mkpasswd -m SHA-512 -s' -p mkpasswd
    initialHashedPassword = "$6$pmqR6IbKeoCR0USi$khO1iI/B6yRAL6TenGfChMC7Sindy8QJoMU1yQqOmPcqRKzF0kF699oNu89EcK71iV/PPpy080Y7AVRi0Laka/";
  };
  security.sudo.wheelNeedsPassword = false;
 
  environment.systemPackages = with pkgs; [ vim git ncdu ];
  system.copySystemConfiguration = true;
  system.stateVersion = "22.11";
  
  environment.etc."machine-id".source = "/persist/etc/machine-id";
}

9-install.sh

nixos-install --no-root-password --max-jobs 8

umount -Rl /mnt
zpool export -a

reboot