aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README.md274
1 files changed, 274 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..cbbb336
--- /dev/null
+++ b/README.md
@@ -0,0 +1,274 @@
+# Sources
+
+- [Nixos manual](https://nixos.org/nixos/manual/)
+- [Arch Linux installation guide](https://wiki.archlinux.org/index.php/installation_guide)
+- [Installation of NixOS with encrypted root, martijnvermaat](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134)
+- [Installing NixOS, Chris Martin](https://chris-martin.org/2015/installing-nixos)
+
+# Prepare and boot the installation media
+
+1. Download NixOS ISO at https://nixos.org/download.html.
+
+2. Write ISO to a USB stick:
+
+ sudo dd if=nix.iso of=/dev/sdX status=progress
+
+3. Boot from the USB stick on the target machine.
+
+4. Connect as sudo:
+
+ sudo su
+
+5. Switch to bepo:
+
+ loadkeys fr-bepo
+
+6. Check if UEFI mode is enabled:
+
+ ls /sys/firmware/efi/efivars
+
+# SWAP size
+
+1. Check your RAM with `top`.
+
+2. Get the SWAP size according to your RAM size and if you need hibernation:
+https://itsfoss.com/swap-size/
+
+# Partition the disk
+
+1. Use `lsblk` your show block devices.
+
+2. Launch `gdisk /dev/<disk>`:
+
+ - verify the partition table with `v`,
+ - delete every partition with `d`,
+ - add a boot partition (ef00 EFI) of 500M with `n`,
+ - add a system partition (8300 Linux LVM) on the remaining space with `n`,
+ - write the partition table with `w`.
+
+3. Encrypt your disk and open it:
+
+ cryptsetup luksFormat /dev/<SYSTEM>
+ cryptsetup luksOpen /dev/<SYSTEM> crypted
+
+4. Create swap and root logical volumes:
+
+ pvcreate /dev/mapper/crypted
+ vgcreate vg /dev/mapper/crypted
+ lvcreate -L <ram-size>G -n swap vg
+ lvcreate -l '100%FREE' -n root vg
+
+5. Format the partitions:
+
+ mkfs.fat -F 32 -n BOOT /dev/<BOOT>
+ mkfs.ext4 -L nixos /dev/vg/root
+ mkswap -L swap /dev/vg/swap
+
+6. Mount partitions
+
+ mount /dev/vg/root /mnt
+ mkdir /mnt/boot
+ mount /dev/<BOOT> /mnt/boot
+ swapon /dev/vg/swap
+
+# Connect to Internet
+
+1. Note your wifi interface:
+
+ ifconfig
+
+2. Scan available ESSID with:
+
+ iwlist <INTERFACE> scan | grep ESSID
+
+3. Write `wpa_supplicant` configuration:
+
+ wpa_passphrase <ESSID> | sudo tee /etc/wpa_supplicant.conf
+
+4. Start `wpa_supplicant`:
+
+ wpa_supplicant -B -i <INTERFACE> -c /etc/wpa_supplicant.conf
+
+# Install
+
+1. Generate configuration:
+
+ nixos-generate-config --root /mnt
+
+2. Rename disks by labels in `mnt/etc/nixos/hardware-configuration.nix`.
+
+3. Complete `/mnt/etc/nixos/configuration.nix`
+
+ # Hostname
+ networking.hostName = "joris-laptop";
+
+ # Encryption
+ boot.initrd.luks.devices.root = {
+ device = "/dev/disk/by-uuid/<SYSTEM>";
+ preLVM = true;
+ allowDiscards = true;
+ };
+
+ # Network manager
+ networking.networkmanager.enable = true;
+
+ # Bepo keymap (ease entering a passphrase for decrypting the disk)
+ console.keyMap = "fr-bepo";
+
+ # Enable gpg agent
+ programs.gnupg.agent = {
+ enable = true;
+ pinentryFlavor = "tty";
+ enableSSHSupport = true;
+ };
+
+ # Create user
+ users.users.joris = {
+ isNormalUser = true;
+ extraGroups = [ "wheel" "networkmanager" ];
+ };
+
+ # Editor
+ environment.systemPackages = [ pkgs.vim ];
+
+ # Flakes
+ nix = {
+ package = pkgs.nixFlakes;
+ extraOptions = "experimental-features = nix-command flakes";
+ };
+
+4. Install:
+
+ nixos-install
+
+5. Set user password:
+
+ passwd joris
+
+6. Reboot:
+
+ reboot
+
+If the system doesn’t boot, boot from the USB key, and:
+
+ sudo su
+ cryptsetup luksOpen /dev/<SYSTEM> crypted
+ lvchange -a y /dev/vg/swap
+ lvchange -a y /dev/vg/root
+ mount /dev/vg/root /mnt
+ mount /dev/<BOOT> /mnt/boot
+ swapon /dev/vg/swap
+
+# Import GPG key
+
+1. Extract:
+
+ gpg --decrypt keys.tar.gpg > keys.tar
+ tar -xf keys.tar -C .
+
+2. Import:
+
+ gpg --import pubkey.asc
+ gpg --allow-secret-key-import --import privkey.asc
+
+3. Trust:
+
+ gpg --edit-key joris@guyonvarch.me
+ gpg> trust
+
+4. Write SSH keygrip in `~/gnupg/sshcontrol`:
+
+ gpg2 -K --with-keygrip # [A] keygrip
+
+5. Verify that SSH key is available:
+
+ ssh-add -L
+
+# Clone the system
+
+1. Connect to Internet:
+
+ nmtui
+
+2. Install git:
+
+ nix-env -i git
+
+3. Clone the configuration:
+
+ git clone git@guyonvarch.me:/home/git/config /home/joris/code/config
+ cd code/config
+ git checkout main
+
+4. Extract the system’s `hardware-configuration.nix`, and add it to `./hosts/joris/hardware/`.
+
+5. Move aside the previous configuration:
+
+ cp -r /etc/nixos config-old
+ sudo rm -rf /etc/nixos
+
+6. Link `/etc/nixos` to the configuration:
+
+ sudo ln -s /home/joris/code/config /etc/nixos
+
+6. Disable automatic export of documents if it’s not the principal system.
+
+7. Build:
+
+ nixos-rebuild switch
+
+# Setup user environment
+
+1. Create user directories:
+
+ mkdir code documents downloads music pictures videos
+
+2. Create `.less` to setup less keybindings from `.lesskey`:
+
+ lesskey
+
+3. Setup password store:
+
+ git clone joris@guyonvarch.me:~/backups/passwords .password-store
+
+4. Get documents:
+
+ duplicity restore rsync://guyonvarch.me/~/backups/documents documents
+
+# Set up user services
+
+Look at user services:
+
+ systemctl --user list-units
+ systemctl --user list-timers --all
+
+If services do not appear, run:
+
+ systemctl --user daemon-reload
+
+# Check hardware acceleration
+
+“OpenGL renderer string” should not be llvm:
+
+ nix-shell -p glxinfo --run "glxinfo | grep OpenGL"
+
+# Setup the printer
+
+1. Assign a fix IP address to the printer.
+
+2. Go to the CUPS interface at `http://localhost:631`.
+
+3. Add a printer with connection `lpd://<printer_ip>/BINARY_P1`
+
+Using the CLI to specify the connection:
+
+ lpadmin -p <printer_name> -v lpd://<printer_ip>/BINARY_P1
+
+# Export GPG keys
+
+Save to a physical USB key:
+
+ gpg --export-secret-keys --armor joris@guyonvarch.me > privkey.asc
+ gpg --export --armor joris@guyonvarch.me > pubkey.asc
+ tar -cf keys.tar privkey.asc pubkey.asc
+ gpg --symmetric keys.tar