# Sources

- [Nixos manual](https://nixos.org/nixos/manual/)
- [Arch Linux installation guide](https://wiki.archlinux.org/index.php/installation_guide)
- [Installation of NixOS with encrypted root, martijnvermaat](https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134)
- [Installing NixOS, Chris Martin](https://chris-martin.org/2015/installing-nixos)

# Prepare and boot the installation media

1. Download NixOS ISO at https://nixos.org/download.html.

2. Write ISO to a USB stick:

    sudo dd if=nix.iso of=/dev/sdX status=progress

3. Boot from the USB stick on the target machine.

4. Connect as sudo:

    sudo su

5. Switch to bepo:

    loadkeys fr-bepo

6. Check if UEFI mode is enabled:

    ls /sys/firmware/efi/efivars

# SWAP size

1. Check your RAM with `top`.

2. Get the SWAP size according to your RAM size and if you need hibernation:
https://itsfoss.com/swap-size/

# Partition the disk

1. Use `lsblk` your show block devices.

2. Launch `gdisk /dev/<disk>`:

  - verify the partition table with `v`,
  - delete every partition with `d`,
  - add a boot partition (ef00 EFI) of 500M with `n`,
  - add a system partition (8300 Linux LVM) on the remaining space with `n`,
  - write the partition table with `w`.

3. Encrypt your disk and open it:

    cryptsetup luksFormat /dev/<SYSTEM>
    cryptsetup luksOpen /dev/<SYSTEM> crypted

4. Create swap and root logical volumes:

    pvcreate /dev/mapper/crypted
    vgcreate vg /dev/mapper/crypted
    lvcreate -L <ram-size>G -n swap vg
    lvcreate -l '100%FREE' -n root vg

5. Format the partitions:

    mkfs.fat -F 32 -n BOOT /dev/<BOOT>
    mkfs.ext4 -L nixos /dev/vg/root
    mkswap -L swap /dev/vg/swap

6. Mount partitions

    mount /dev/vg/root /mnt
    mkdir /mnt/boot
    mount /dev/<BOOT> /mnt/boot
    swapon /dev/vg/swap

# Connect to Internet

1. Note your wifi interface:

    ifconfig

2. Scan available ESSID with:

    iwlist <INTERFACE> scan | grep ESSID

3. Write `wpa_supplicant` configuration:

    wpa_passphrase <ESSID> | sudo tee /etc/wpa_supplicant.conf

4. Start `wpa_supplicant`:

    wpa_supplicant -B -i <INTERFACE> -c /etc/wpa_supplicant.conf

# Install

1. Generate configuration:

    nixos-generate-config --root /mnt

2. Rename disks by labels in `mnt/etc/nixos/hardware-configuration.nix`.

3. Complete `/mnt/etc/nixos/configuration.nix`

    # Hostname
    networking.hostName = "joris-laptop";

    # Encryption
    boot.initrd.luks.devices.root = {
      device = "/dev/disk/by-uuid/<SYSTEM>";
      preLVM = true;
      allowDiscards = true;
    };

    # Network manager
    networking.networkmanager.enable = true;

    # Bepo keymap (ease entering a passphrase for decrypting the disk)
    console.keyMap = "fr-bepo";

    # Enable gpg agent
    programs.gnupg.agent = {
       enable = true;
       pinentryFlavor = "tty";
       enableSSHSupport = true;
    };

    # Create user
    users.users.joris = {
      isNormalUser = true;
      extraGroups = [ "wheel" "networkmanager" ];
    };

    # Editor
    environment.systemPackages = [ pkgs.vim ];
    
    # Flakes
    nix = {
      package = pkgs.nixFlakes;
      extraOptions = "experimental-features = nix-command flakes";
    };

4. Install:

    nixos-install

5. Set user password:

    passwd joris

6. Reboot:

    reboot

If the system doesn’t boot, boot from the USB key, and:

    sudo su
    cryptsetup luksOpen /dev/<SYSTEM> crypted
    lvchange -a y /dev/vg/swap
    lvchange -a y /dev/vg/root
    mount /dev/vg/root /mnt
    mount /dev/<BOOT> /mnt/boot
    swapon /dev/vg/swap

# Import GPG key

1. Extract:

    gpg --decrypt keys.tar.gpg > keys.tar
    tar -xf keys.tar -C .

2. Import:

    gpg --import pubkey.asc
    gpg --allow-secret-key-import --import privkey.asc

3. Trust:

    gpg --edit-key joris@guyonvarch.me
    gpg> trust

4. Write SSH keygrip in `~/gnupg/sshcontrol`:

    gpg2 -K --with-keygrip # [A] keygrip

5. Verify that SSH key is available:

    ssh-add -L

# Clone the system

1. Connect to Internet:

    nmtui

2. Install git:

    nix-env -i git

3. Clone the configuration:

    git clone git@guyonvarch.me:/home/git/config /home/joris/code/config
    cd code/config
    git checkout main

4. Extract the system’s `hardware-configuration.nix`, and add it to `./hosts/joris/hardware/`.

5. Move aside the previous configuration:

    cp -r /etc/nixos config-old
    sudo rm -rf /etc/nixos
    
6. Link `/etc/nixos` to the configuration:

    sudo ln -s /home/joris/code/config /etc/nixos

7. Disable automatic export of documents if it’s not the principal system.

8. Change network interface in `hosts/network/joris/connman.nix`.

9. Remove `.gnupg/.sshcontrol`

10. Build:

    nixos-rebuild switch

# Setup user environment

1. Create user directories:

    mkdir code documents downloads music pictures videos

2. Create `.less` to setup less keybindings from `.lesskey`:

    lesskey

3. Setup password store:

    git clone git@guyonvarch.me:/home/git/password-store.git .password-store

4. Get documents:

    duplicity restore rsync://guyonvarch.me/~/backups/documents documents

# Set up user services

Look at user services:

    systemctl --user list-units
    systemctl --user list-timers --all

If services do not appear, run:

    systemctl --user daemon-reload

# Check hardware acceleration

“OpenGL renderer string” should not be llvm:

    nix-shell -p glxinfo --run "glxinfo | grep OpenGL"

# Export GPG keys

Save to a physical USB key:

    gpg --export-secret-keys --armor joris@guyonvarch.me > privkey.asc
    gpg --export --armor joris@guyonvarch.me > pubkey.asc
    tar -cf keys.tar privkey.asc pubkey.asc
    gpg --symmetric keys.tar

# Synchronize

In order to link a device, use `cobang` to get the link from the QR code.

Then run:

    signal-cli addDevice --uri "uri"

If you get `NotFoundException`, you may have been too slow in the process.