From 073b29f43b0c7559c4164c86781f6c46303d3c3a Mon Sep 17 00:00:00 2001 From: Joris Date: Sat, 9 Jul 2022 11:42:21 +0200 Subject: Add documentation --- README.md | 274 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 274 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..cbbb336 --- /dev/null +++ b/README.md @@ -0,0 +1,274 @@ +# Sources + +- [Nixos manual](https://nixos.org/nixos/manual/) +- [Arch Linux installation guide](https://wiki.archlinux.org/index.php/installation_guide) +- [Installation of NixOS with encrypted root, martijnvermaat](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134) +- [Installing NixOS, Chris Martin](https://chris-martin.org/2015/installing-nixos) + +# Prepare and boot the installation media + +1. Download NixOS ISO at https://nixos.org/download.html. + +2. Write ISO to a USB stick: + + sudo dd if=nix.iso of=/dev/sdX status=progress + +3. Boot from the USB stick on the target machine. + +4. Connect as sudo: + + sudo su + +5. Switch to bepo: + + loadkeys fr-bepo + +6. Check if UEFI mode is enabled: + + ls /sys/firmware/efi/efivars + +# SWAP size + +1. Check your RAM with `top`. + +2. Get the SWAP size according to your RAM size and if you need hibernation: +https://itsfoss.com/swap-size/ + +# Partition the disk + +1. Use `lsblk` your show block devices. + +2. Launch `gdisk /dev/`: + + - verify the partition table with `v`, + - delete every partition with `d`, + - add a boot partition (ef00 EFI) of 500M with `n`, + - add a system partition (8300 Linux LVM) on the remaining space with `n`, + - write the partition table with `w`. + +3. Encrypt your disk and open it: + + cryptsetup luksFormat /dev/ + cryptsetup luksOpen /dev/ crypted + +4. Create swap and root logical volumes: + + pvcreate /dev/mapper/crypted + vgcreate vg /dev/mapper/crypted + lvcreate -L G -n swap vg + lvcreate -l '100%FREE' -n root vg + +5. Format the partitions: + + mkfs.fat -F 32 -n BOOT /dev/ + mkfs.ext4 -L nixos /dev/vg/root + mkswap -L swap /dev/vg/swap + +6. Mount partitions + + mount /dev/vg/root /mnt + mkdir /mnt/boot + mount /dev/ /mnt/boot + swapon /dev/vg/swap + +# Connect to Internet + +1. Note your wifi interface: + + ifconfig + +2. Scan available ESSID with: + + iwlist scan | grep ESSID + +3. Write `wpa_supplicant` configuration: + + wpa_passphrase | sudo tee /etc/wpa_supplicant.conf + +4. Start `wpa_supplicant`: + + wpa_supplicant -B -i -c /etc/wpa_supplicant.conf + +# Install + +1. Generate configuration: + + nixos-generate-config --root /mnt + +2. Rename disks by labels in `mnt/etc/nixos/hardware-configuration.nix`. + +3. Complete `/mnt/etc/nixos/configuration.nix` + + # Hostname + networking.hostName = "joris-laptop"; + + # Encryption + boot.initrd.luks.devices.root = { + device = "/dev/disk/by-uuid/"; + preLVM = true; + allowDiscards = true; + }; + + # Network manager + networking.networkmanager.enable = true; + + # Bepo keymap (ease entering a passphrase for decrypting the disk) + console.keyMap = "fr-bepo"; + + # Enable gpg agent + programs.gnupg.agent = { + enable = true; + pinentryFlavor = "tty"; + enableSSHSupport = true; + }; + + # Create user + users.users.joris = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" ]; + }; + + # Editor + environment.systemPackages = [ pkgs.vim ]; + + # Flakes + nix = { + package = pkgs.nixFlakes; + extraOptions = "experimental-features = nix-command flakes"; + }; + +4. Install: + + nixos-install + +5. Set user password: + + passwd joris + +6. Reboot: + + reboot + +If the system doesn’t boot, boot from the USB key, and: + + sudo su + cryptsetup luksOpen /dev/ crypted + lvchange -a y /dev/vg/swap + lvchange -a y /dev/vg/root + mount /dev/vg/root /mnt + mount /dev/ /mnt/boot + swapon /dev/vg/swap + +# Import GPG key + +1. Extract: + + gpg --decrypt keys.tar.gpg > keys.tar + tar -xf keys.tar -C . + +2. Import: + + gpg --import pubkey.asc + gpg --allow-secret-key-import --import privkey.asc + +3. Trust: + + gpg --edit-key joris@guyonvarch.me + gpg> trust + +4. Write SSH keygrip in `~/gnupg/sshcontrol`: + + gpg2 -K --with-keygrip # [A] keygrip + +5. Verify that SSH key is available: + + ssh-add -L + +# Clone the system + +1. Connect to Internet: + + nmtui + +2. Install git: + + nix-env -i git + +3. Clone the configuration: + + git clone git@guyonvarch.me:/home/git/config /home/joris/code/config + cd code/config + git checkout main + +4. Extract the system’s `hardware-configuration.nix`, and add it to `./hosts/joris/hardware/`. + +5. Move aside the previous configuration: + + cp -r /etc/nixos config-old + sudo rm -rf /etc/nixos + +6. Link `/etc/nixos` to the configuration: + + sudo ln -s /home/joris/code/config /etc/nixos + +6. Disable automatic export of documents if it’s not the principal system. + +7. Build: + + nixos-rebuild switch + +# Setup user environment + +1. Create user directories: + + mkdir code documents downloads music pictures videos + +2. Create `.less` to setup less keybindings from `.lesskey`: + + lesskey + +3. Setup password store: + + git clone joris@guyonvarch.me:~/backups/passwords .password-store + +4. Get documents: + + duplicity restore rsync://guyonvarch.me/~/backups/documents documents + +# Set up user services + +Look at user services: + + systemctl --user list-units + systemctl --user list-timers --all + +If services do not appear, run: + + systemctl --user daemon-reload + +# Check hardware acceleration + +“OpenGL renderer string” should not be llvm: + + nix-shell -p glxinfo --run "glxinfo | grep OpenGL" + +# Setup the printer + +1. Assign a fix IP address to the printer. + +2. Go to the CUPS interface at `http://localhost:631`. + +3. Add a printer with connection `lpd:///BINARY_P1` + +Using the CLI to specify the connection: + + lpadmin -p -v lpd:///BINARY_P1 + +# Export GPG keys + +Save to a physical USB key: + + gpg --export-secret-keys --armor joris@guyonvarch.me > privkey.asc + gpg --export --armor joris@guyonvarch.me > pubkey.asc + tar -cf keys.tar privkey.asc pubkey.asc + gpg --symmetric keys.tar -- cgit v1.2.3