Skip to content

Instantly share code, notes, and snippets.

@s0dyy
Last active July 15, 2022 09:45
Show Gist options
  • Save s0dyy/0b8241ddc5f06284966d8646373e3488 to your computer and use it in GitHub Desktop.
Save s0dyy/0b8241ddc5f06284966d8646373e3488 to your computer and use it in GitHub Desktop.
NixOS install (NVME / ESP / EXT4 ON LUKS / SYSTEMD-BOOT / GNOME)
  _   _ _______   ______   _____     _____ _   _  _____ _______       _      _      
 | \ | |_   _\ \ / / __ \ / ____|   |_   _| \ | |/ ____|__   __|/\   | |    | |     
 |  \| | | |  \ V / |  | | (___ ______| | |  \| | (___    | |  /  \  | |    | |     
 | . ` | | |   > <| |  | |\___ \______| | | . ` |\___ \   | | / /\ \ | |    | |     
 | |\  |_| |_ / . \ |__| |____) |    _| |_| |\  |____) |  | |/ ____ \| |____| |____ 
 |_| \_|_____/_/ \_\____/|_____/    |_____|_| \_|_____/   |_/_/    \_\______|______|

NVME / ESP / EXT4 ON LUKS / SYSTEMD-BOOT / GNOME

 

This guide is based on several documentations

Systemd

NixOS Manual

NixOS Manual (Options)

 

About this installation

Unlike my previous installations, this one will be very simple, a single ext4 volume inside the encrypted Luks container.

If you want to do a more complete partitioning, with Btrfs for example, you can look at my Exherbo Linux install gist and adapt it to this one, it works well.

 

1. Boot a live system

Download a minimal ISO of NixOS

Put it on the usb stick:

dd if=/path/to/system-x.y.z.iso of=/dev/sdx

Reboot

 

2. Keyboard layout and ssh (Optional)

Change the keyboard layout:

sudo loadkeys fr

Define a password to be able to connect via ssh:

sudo passwd nixos

Wifi configuration (optional)

sudo systemctl start wpa_supplicant.service
wpa_cli
scan
scan_results
add_network
set_network 0 ssid "MYSSID"
set_network 0 psk "passphrase"
enable_network 0
quit

Connecting via ssh:

ssh nixos@<ip-address>

 

3. Prepare the disk

Disk layout:

+------------------+ +--------------------------------------+
|       ESP        | |      LUKS2 encrypted partition       |
|                  | |                                      |
|                  | |   _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _    |
|                  | |  |                               |   |
|                  | |  |             NixOS             |   |
|                  | |  |                               |   |
|    /efi (vfat)   | |  |     /dev/mapper/root (ext4)   |   |
|                  | |  |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|   |
|                  | |                                      |
|  /dev/nvme0n1p1  | |            /dev/nvme0n1p2            |
|                  | |                                      |
+------------------+ +--------------------------------------+

Create a new GPT disklabel and two partitions, one for the ESP (200mb) and one for the LUKS container (the remaining disk space).

sudo fdisk /dev/nvme0n1
Welcome to fdisk (util-linux 2.37.4).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-1000215182, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-1000215182, default 1000215182): +204800K

Created a new partition 1 of type 'Linux filesystem' and of size 200 MiB.

Command (m for help): t
Selected partition 1
Partition type or alias (type L to list all): 1
Changed type of partition 'Linux filesystem' to 'EFI System'.

Command (m for help): n
Partition number (2-128, default 2):
First sector (411648-1000215182, default 411648):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (411648-1000215182, default 1000215182):

Created a new partition 2 of type 'Linux filesystem' and of size 476.7 GiB.

Command (m for help): p
Disk /dev/nvme0n1: 476.94 GiB, 512110190592 bytes, 1000215216 sectors
Disk model: WDC PC SN720 SDAQNTW-512G-1001
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: D3711CF1-D81D-7D4F-BC7C-931FE0F21636

Device          Start        End   Sectors   Size Type
/dev/nvme0n1p1   2048     411647    409600   200M EFI System
/dev/nvme0n1p2 411648 1000215182 999803535 476.7G Linux filesystem

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

Create the LUKS encrypted container and open it:

sudo cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/nvme0n1p2
sudo cryptsetup open /dev/nvme0n1p2 root

Format LUKS container:

sudo mkfs.ext4 /dev/mapper/root

Format EFI Partition:

sudo mkfs.vfat -F32 /dev/nvme0n1p1

Mount the partitions:

sudo mount /dev/mapper/root /mnt
sudo mkdir /mnt/efi
sudo mount /dev/nvme0n1p1 /mnt/efi

 

4. Generate the configuration

sudo nixos-generate-config --root /mnt

 

5. Verify hardware-configuration.nix

If you have followed all the steps correctly, the hardware-configuration.nix file should look like this:

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:

{
  imports =
    [ (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

  fileSystems."/" =
    { device = "/dev/disk/by-uuid/711c5f1c-b804-4864-8989-df9838d13920";
      fsType = "ext4";
    };

  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/045bab76-78fb-4513-8b08-423dd6a6739d";

  fileSystems."/efi" =
    { device = "/dev/disk/by-uuid/880C-81E0";
      fsType = "vfat";
    };

  swapDevices = [ ];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;

  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
  # high-resolution display
  hardware.video.hidpi.enable = lib.mkDefault true;
}

 

6. Edit configuration.nix

The EFI mount point must be identical to the one in the hardware-configuration.nix file (and NixOS uses /boot/efi by default). So we add it in the conf:

...
boot.loader.efi.efiSysMountPoint = "/efi";
...

Time zone:

...
time.timeZone = "Europe/Paris";
...

Layout:

...
console = {
  font = "Lat2-Terminus16";
  keyMap = "fr";
};
...
services.xserver.layout = "fr";
...

User:

...
users.users.s0dyy = {
  isNormalUser = true;
  extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
};
...

Packages:

...
environment.systemPackages = with pkgs; [
  vim 
  wget
  firefox
  ...
];
...

 

7. Do the installation

sudo nixos-install

 

8. Reboot

reboot

 

9. Last step

Set our user password:

passwd s0dyy

Add the Gnome environment:

...
services.xserver.enable = true;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
...

Rebuild:

nixos-rebuild switch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment