aboutsummaryrefslogtreecommitdiff

Sources

Prepare and boot the installation media

Download NixOS ISO at https://nixos.org/download.html.

Write ISO to a USB stick:

```console
sudo dd if=nix.iso of=/dev/sdX bs=4M status=progress
```

Boot from the USB stick on the target machine.

Connect as sudo:

```console
sudo su
```

SWAP size

Check your RAM with top.

Get the SWAP size according to your RAM size and if you need hibernation: https://itsfoss.com/swap-size/

Partition the disk

Use lsblk your show block devices.

Launch gdisk /dev/<disk>:

  • verify the partition table with v,
  • delete every partition with d,
  • add a boot partition (ef00 EFI) of 500M with n,
  • add a system partition (8300 Linux LVM) on the remaining space with n,
  • write the partition table with w.

Encrypt your disk and open it:

```console
cryptsetup luksFormat /dev/<SYSTEM>
cryptsetup luksOpen /dev/<SYSTEM> crypted
```

Create swap and root logical volumes:

```console
pvcreate /dev/mapper/crypted
vgcreate vg /dev/mapper/crypted
lvcreate -L <ram-size>G -n swap vg
lvcreate -l '100%FREE' -n root vg
```

Format the partitions:

```console
mkfs.fat -F 32 -n BOOT /dev/<BOOT>
mkfs.ext4 -L nixos /dev/vg/root
mkswap -L swap /dev/vg/swap
```

Mount partitions

```console
mount /dev/vg/root /mnt
mkdir /mnt/boot
mount /dev/<BOOT> /mnt/boot
swapon /dev/vg/swap
```

Connect to Internet

Note your wifi interface:

```console
ifconfig
```

Scan available ESSID with:

```console
iwlist <INTERFACE> scan | grep ESSID
```

Write wpa_supplicant configuration:

```console
wpa_passphrase <ESSID> | sudo tee /etc/wpa_supplicant.conf
```

Start wpa_supplicant:

```console
wpa_supplicant -B -i <INTERFACE> -c /etc/wpa_supplicant.conf
```

Install

Generate configuration:

```console
nixos-generate-config --root /mnt
```

Rename disks by labels in mnt/etc/nixos/hardware-configuration.nix.

Complete /mnt/etc/nixos/configuration.nix

```nix
# Hostname
networking.hostName = "joris-laptop";

# Encryption
boot.initrd.luks.devices.root = {
  device = "/dev/disk/by-uuid/<SYSTEM>";
  preLVM = true;
  allowDiscards = true;
};

# Network manager
networking.networkmanager.enable = true;

# Enable gpg agent
programs.gnupg.agent = {
   enable = true;
   pinentryFlavor = "tty";
   enableSSHSupport = true;
};

# Create user
users.users.joris = {
  isNormalUser = true;
  extraGroups = [ "wheel" "networkmanager" ];
};

# Editor
environment.systemPackages = [ pkgs.vim ];

# Flakes
nix = {
  package = pkgs.nixFlakes;
  extraOptions = "experimental-features = nix-command flakes";
};
```

Install:

```console
nixos-install
```

Set user password:

```console
passwd joris
```

Reboot:

```console
reboot
```

If the system doesn’t boot, boot from the USB key, and:

```console
sudo su
cryptsetup luksOpen /dev/<SYSTEM> crypted
lvchange -a y /dev/vg/swap
lvchange -a y /dev/vg/root
mount /dev/vg/root /mnt
mount /dev/<BOOT> /mnt/boot
swapon /dev/vg/swap
```

Import GPG key

Plug in recuperation key and check label with lsblk.

Decrypt and mount private backup:

```console
sudo cryptsetup luksOpen /dev/XXX secrets
sudo mkdir encrypted-storage
sudo mount /dev/mapper/secrets encrypted-storage
```

Import:

```console
gpg --import encrypted-storage/pubkey.asc
gpg --allow-secret-key-import --import encrypted-storage/privkey.asc
```

Trust:

```console
gpg --edit-key joris@guyonvarch.me
gpg> trust
```

Write SSH keygrip in ~/.gnupg/sshcontrol:

```console
gpg2 -K --with-keygrip # [A] keygrip
```

Verify that SSH key is available:

```console
ssh-add -L
```

Unmount and close the encrypted volume:

```console
sudo umount encrypted-storage/
sudo cryptsetup luksClose secret
```

Unplug the volume.

Clone the system

Connect to Internet:

```console
nmtui
```

Install git:

```console
nix-env -i git
```

Clone the configuration:

```console
git clone git@guyonvarch.me:/home/git/config /home/joris/code/config
cd code/config
git checkout main
```

Extract the system’s hardware-configuration.nix, and add it to ./hosts/joris/hardware/.

Move aside the previous configuration:

```console
cp -r /etc/nixos config-old
sudo rm -rf /etc/nixos
```

Link /etc/nixos to the configuration:

```console
sudo ln -s /home/joris/code/config /etc/nixos
```

Disable automatic export of documents if it’s not the principal system.

Change network interface in hosts/network/joris/connman.nix.

Remove .gnupg/.sshcontrol

Build:

```console
nixos-rebuild switch
```

Setup user environment

Create user directories:

```console
mkdir code documents downloads music pictures videos
```

Create .less to setup less keybindings from .lesskey:

```console
lesskey
```

Setup password store:

```console
git clone git@guyonvarch.me:/home/git/password-store.git .password-store
```

Get documents:

```console
duplicity restore rsync://guyonvarch.me/~/backups/documents documents
```

Set up user services

Look at user services:

```console
systemctl --user list-units
systemctl --user list-timers --all
```

If services do not appear, run:

```console
systemctl --user daemon-reload
```

Check hardware acceleration

“OpenGL renderer string” should not be llvm:

```console
nix-shell -p glxinfo --run "glxinfo | grep OpenGL"
```

Synchronize

In order to link a device, use cobang to get the link from the QR code.

Then run:

```console
signal-cli addDevice --uri "uri"
```

If you get NotFoundException, you may have been too slow in the process.

generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 00:47:48 +0000