# Sources - [Nixos manual](https://nixos.org/nixos/manual/) - [Arch Linux installation guide](https://wiki.archlinux.org/index.php/installation_guide) - [Installation of NixOS with encrypted root, martijnvermaat](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134) - [Installing NixOS, Chris Martin](https://chris-martin.org/2015/installing-nixos) # Prepare and boot the installation media Download NixOS ISO at https://nixos.org/download.html. Write ISO to a USB stick: ```console sudo dd if=nix.iso of=/dev/sdX bs=4M status=progress ``` Boot from the USB stick on the target machine. Connect as sudo: ```console sudo su ``` # SWAP size Check your RAM with `top`. Get the SWAP size according to your RAM size and if you need hibernation: https://itsfoss.com/swap-size/ # Partition the disk Use `lsblk` your show block devices. Launch `gdisk /dev/`: - verify the partition table with `v`, - delete every partition with `d`, - add a boot partition (ef00 EFI) of 500M with `n`, - add a system partition (8300 Linux LVM) on the remaining space with `n`, - write the partition table with `w`. Encrypt your disk and open it: ```console cryptsetup luksFormat /dev/ cryptsetup luksOpen /dev/ crypted ``` Create swap and root logical volumes: ```console pvcreate /dev/mapper/crypted vgcreate vg /dev/mapper/crypted lvcreate -L G -n swap vg lvcreate -l '100%FREE' -n root vg ``` Format the partitions: ```console mkfs.fat -F 32 -n BOOT /dev/ mkfs.ext4 -L nixos /dev/vg/root mkswap -L swap /dev/vg/swap ``` Mount partitions ```console mount /dev/vg/root /mnt mkdir /mnt/boot mount /dev/ /mnt/boot swapon /dev/vg/swap ``` # Connect to Internet Note your wifi interface: ```console ifconfig ``` Scan available ESSID with: ```console iwlist scan | grep ESSID ``` Write `wpa_supplicant` configuration: ```console wpa_passphrase | sudo tee /etc/wpa_supplicant.conf ``` Start `wpa_supplicant`: ```console wpa_supplicant -B -i -c /etc/wpa_supplicant.conf ``` # Install Generate configuration: ```console nixos-generate-config --root /mnt ``` Rename disks by labels in `mnt/etc/nixos/hardware-configuration.nix`. Complete `/mnt/etc/nixos/configuration.nix` ```nix # Hostname networking.hostName = "joris-laptop"; # Encryption boot.initrd.luks.devices.root = { device = "/dev/disk/by-uuid/"; preLVM = true; allowDiscards = true; }; # Network manager networking.networkmanager.enable = true; # Enable gpg agent programs.gnupg.agent = { enable = true; pinentryFlavor = "tty"; enableSSHSupport = true; }; # Create user users.users.joris = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; }; # Editor environment.systemPackages = [ pkgs.vim ]; # Flakes nix = { package = pkgs.nixFlakes; extraOptions = "experimental-features = nix-command flakes"; }; ``` Install: ```console nixos-install ``` Set user password: ```console passwd joris ``` Reboot: ```console reboot ``` If the system doesn’t boot, boot from the USB key, and: ```console sudo su cryptsetup luksOpen /dev/ crypted lvchange -a y /dev/vg/swap lvchange -a y /dev/vg/root mount /dev/vg/root /mnt mount /dev/ /mnt/boot swapon /dev/vg/swap ``` # Import GPG key Plug in recuperation key and check label with `lsblk`. Decrypt and mount private backup: ```console sudo cryptsetup luksOpen /dev/XXX secrets sudo mkdir encrypted-storage sudo mount /dev/mapper/secrets encrypted-storage ``` Import: ```console gpg --import encrypted-storage/pubkey.asc gpg --allow-secret-key-import --import encrypted-storage/privkey.asc ``` Trust: ```console gpg --edit-key joris@guyonvarch.me gpg> trust ``` Write SSH keygrip in `~/.gnupg/sshcontrol`: ```console gpg2 -K --with-keygrip # [A] keygrip ``` Verify that SSH key is available: ```console ssh-add -L ``` Unmount and close the encrypted volume: ```console sudo umount encrypted-storage/ sudo cryptsetup luksClose secret ``` Unplug the volume. # Clone the system Connect to Internet: ```console nmtui ``` Install git: ```console nix-env -i git ``` Clone the configuration: ```console git clone git@guyonvarch.me:/home/git/config /home/joris/code/config cd code/config git checkout main ``` Extract the system’s `hardware-configuration.nix`, and add it to `./hosts/joris/hardware/`. Move aside the previous configuration: ```console cp -r /etc/nixos config-old sudo rm -rf /etc/nixos ``` Link `/etc/nixos` to the configuration: ```console sudo ln -s /home/joris/code/config /etc/nixos ``` Disable automatic export of documents if it’s not the principal system. Change network interface in `hosts/network/joris/connman.nix`. Remove `.gnupg/.sshcontrol` Build: ```console nixos-rebuild switch ``` # Setup user environment Create user directories: ```console mkdir code documents downloads music pictures videos ``` Create `.less` to setup less keybindings from `.lesskey`: ```console lesskey ``` Setup password store: ```console git clone git@guyonvarch.me:/home/git/password-store.git .password-store ``` Get documents: ```console duplicity restore rsync://guyonvarch.me/~/backups/documents documents ``` # Set up user services Look at user services: ```console systemctl --user list-units systemctl --user list-timers --all ``` If services do not appear, run: ```console systemctl --user daemon-reload ``` # Check hardware acceleration “OpenGL renderer string” should not be llvm: ```console nix-shell -p glxinfo --run "glxinfo | grep OpenGL" ``` # Synchronize In order to link a device, use `cobang` to get the link from the QR code. Then run: ```console signal-cli addDevice --uri "uri" ``` If you get `NotFoundException`, you may have been too slow in the process.