# Sources - [Nixos manual](https://nixos.org/nixos/manual/) - [Arch Linux installation guide](https://wiki.archlinux.org/index.php/installation_guide) - [Installation of NixOS with encrypted root, martijnvermaat](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134) - [Installing NixOS, Chris Martin](https://chris-martin.org/2015/installing-nixos) # Prepare and boot the installation media 1. Download NixOS ISO at https://nixos.org/download.html. 2. Write ISO to a USB stick: ```sh sudo dd if=nix.iso of=/dev/sdX bs=4M status=progress ``` 3. Boot from the USB stick on the target machine. 4. Connect as sudo: ```sh sudo su ``` # SWAP size 1. Check your RAM with `top`. 2. Get the SWAP size according to your RAM size and if you need hibernation: https://itsfoss.com/swap-size/ # Partition the disk 1. Use `lsblk` your show block devices. 2. Launch `gdisk /dev/`: - verify the partition table with `v`, - delete every partition with `d`, - add a boot partition (ef00 EFI) of 500M with `n`, - add a system partition (8300 Linux LVM) on the remaining space with `n`, - write the partition table with `w`. 3. Encrypt your disk and open it: ```sh cryptsetup luksFormat /dev/ cryptsetup luksOpen /dev/ crypted ``` 4. Create swap and root logical volumes: ```sh pvcreate /dev/mapper/crypted vgcreate vg /dev/mapper/crypted lvcreate -L G -n swap vg lvcreate -l '100%FREE' -n root vg ``` 5. Format the partitions: ```sh mkfs.fat -F 32 -n BOOT /dev/ mkfs.ext4 -L nixos /dev/vg/root mkswap -L swap /dev/vg/swap ``` 6. Mount partitions ```sh mount /dev/vg/root /mnt mkdir /mnt/boot mount /dev/ /mnt/boot swapon /dev/vg/swap ``` # Connect to Internet 1. Note your wifi interface: ```sh ifconfig ``` 2. Scan available ESSID with: ```sh iwlist scan | grep ESSID ``` 3. Write `wpa_supplicant` configuration: ```sh wpa_passphrase | sudo tee /etc/wpa_supplicant.conf ``` 4. Start `wpa_supplicant`: ```sh wpa_supplicant -B -i -c /etc/wpa_supplicant.conf ``` # Install 1. Generate configuration: ```sh nixos-generate-config --root /mnt ``` 2. Rename disks by labels in `mnt/etc/nixos/hardware-configuration.nix`. 3. Complete `/mnt/etc/nixos/configuration.nix` ```nix # Hostname networking.hostName = "joris-laptop"; # Encryption boot.initrd.luks.devices.root = { device = "/dev/disk/by-uuid/"; preLVM = true; allowDiscards = true; }; # Network manager networking.networkmanager.enable = true; # Enable gpg agent programs.gnupg.agent = { enable = true; pinentryFlavor = "tty"; enableSSHSupport = true; }; # Create user users.users.joris = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; }; # Editor environment.systemPackages = [ pkgs.vim ]; # Flakes nix = { package = pkgs.nixFlakes; extraOptions = "experimental-features = nix-command flakes"; }; ``` 4. Install: ```sh nixos-install ``` 5. Set user password: ```sh passwd joris ``` 6. Reboot: ```sh reboot ``` If the system doesn’t boot, boot from the USB key, and: ```sh sudo su cryptsetup luksOpen /dev/ crypted lvchange -a y /dev/vg/swap lvchange -a y /dev/vg/root mount /dev/vg/root /mnt mount /dev/ /mnt/boot swapon /dev/vg/swap ``` # Import GPG key 1. Plug in recuperation key and check label with `lsblk`. 2. Decrypt and mount private backup: ```sh sudo cryptsetup luksOpen /dev/XXX secrets sudo mkdir encrypted-storage sudo mount /dev/mapper/secrets encrypted-storage ``` 3. Import: ```sh gpg --import encrypted-storage/pubkey.asc gpg --allow-secret-key-import --import encrypted-storage/privkey.asc ``` 4. Trust: ```sh gpg --edit-key joris@guyonvarch.me gpg> trust ``` 5. Write SSH keygrip in `~/.gnupg/sshcontrol`: ```sh gpg2 -K --with-keygrip # [A] keygrip ``` 6. Verify that SSH key is available: ```sh ssh-add -L ``` 7. Unmount and close the encrypted volume: ```bash sudo umount encrypted-storage/ sudo cryptsetup luksClose secret ``` 8. Unplug the volume. # Clone the system 1. Connect to Internet: ```sh nmtui ``` 2. Install git: ```sh nix-env -i git ``` 3. Clone the configuration: ```sh git clone git@guyonvarch.me:/home/git/config /home/joris/code/config cd code/config git checkout main ``` 4. Extract the system’s `hardware-configuration.nix`, and add it to `./hosts/joris/hardware/`. 5. Move aside the previous configuration: ```sh cp -r /etc/nixos config-old sudo rm -rf /etc/nixos ``` 6. Link `/etc/nixos` to the configuration: ```sh sudo ln -s /home/joris/code/config /etc/nixos ``` 7. Disable automatic export of documents if it’s not the principal system. 8. Change network interface in `hosts/network/joris/connman.nix`. 9. Remove `.gnupg/.sshcontrol` 10. Build: ```sh nixos-rebuild switch ``` # Setup user environment 1. Create user directories: ```sh mkdir code documents downloads music pictures videos ``` 2. Create `.less` to setup less keybindings from `.lesskey`: ```sh lesskey ``` 3. Setup password store: ```sh git clone git@guyonvarch.me:/home/git/password-store.git .password-store ``` 4. Get documents: ```sh duplicity restore rsync://guyonvarch.me/~/backups/documents documents ``` # Set up user services Look at user services: ```sh systemctl --user list-units systemctl --user list-timers --all ``` If services do not appear, run: ```sh systemctl --user daemon-reload ``` # Check hardware acceleration “OpenGL renderer string” should not be llvm: ```sh nix-shell -p glxinfo --run "glxinfo | grep OpenGL" ``` # Synchronize In order to link a device, use `cobang` to get the link from the QR code. Then run: ```sh signal-cli addDevice --uri "uri" ``` If you get `NotFoundException`, you may have been too slow in the process.