quentin.dufour.io/_drafts/nix.md

152 lines
2.9 KiB
Markdown
Raw Permalink Normal View History

2021-10-28 11:55:50 +00:00
## Boot a VM
Check launch.sh
## Create basic partitioning
```bash
sudo parted /dev/sda -- mklabel gpt
# uefi part
sudo parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
sudo parted /dev/sda -- set 1 esp on
sudo mkfs.fat -F 32 -n boot /dev/sda1
# encrypted part
sudo parted /dev/sda -- mkpart cryptroot 512MiB 100%
```
Setup the crypted boot:
```bash
sudo cryptsetup luksFormat /dev/sda2 # need to set the password
sudo cryptsetup open /dev/sda2 cryptlvm
sudo pvcreate /dev/mapper/cryptlvm
sudo vgcreate EncryptedOS /dev/mapper/cryptlvm
sudo lvcreate -L 8G EncryptedOS -n swap
sudo lvcreate -l 100%FREE EncryptedOS -n root
mkfs.ext4 -L nixos /dev/MyVolGroup/root
mkswap -L cryptswap /dev/MyVolGroup/swap
```
## Mount our stuff!
```
sudo swapon -L cryptswap
sudo mount /dev/disk/by-label/nixos /mnt
sudo mkdir /mnt/boot
sudo mount /dev/disk/by-label/boot /mnt/boot
```
## Generate the configuration
```bash
nixos-generate-config --root /mnt
```
And then we need to update `/mnt/etc/nix/configuration.nix` to add luks to the initrd:
```
{
# snip...
boot.initrd.luks.devices."cryptlvm".device = "/dev/disk/by-partlabel/cryptroot";
# snip...
}
```
*Another tutorial updates the hardware-configuration.nix but it seems to be a bad practise as the file may be overwritten in the future by some Nix tools*
*Do not forget to put "s" at the end when required, do not forget the semi colon at the end of the expression*.
When ready, run:
```bash
sudo nixos-install
```
The tool assumes that you mounted your future system on `/mnt`.
Type the password you want for your root user, wait that the program returns and poweroff:
```bash
sudo poweroff
```
## Booting on a fresh NixOS
*Show how we changed the command line*
Start your VM, first type your cryptsetup password.
Then login with the root account (you just created the password with `nixos-install`).
If you made a change to your configuration.nix, you can apply it with:
```
nixos-rebuild switch
```
You can update your system by running:
```bash
nix-channel --update nixos
nixos-rebuild switch
```
## Setting up my users
I chose to go for the declarative way.
I first set:
```
users.mutableUsers = false;
```
Then I create my user:
```
users.users.quentin = {
isNormalUser = true;
home = "/home/quentin";
description = "Quentin Dufour";
extraGroups = [ "wheel" "networkmanager" ];
hashedPassword = ""; # compute with mkpasswd -m sha-512
}
```
## Setting up my DE
I chose Sway which is an i3 clone for Wayland.
```
programs.sway.enable = true;
```
It is covered here: https://nixos.org/manual/nixos/stable/index.html#sec-wayland
I also added some programs:
```
wget
vim
nyxt
alacritty
```
## Sources
Comment configurer une machine UEFI :
- https://papy-tux.legtux.org/doc1310/index.html
Comment installer simplement :
- https://nixos.org/manual/nixos/stable/#sec-installation
Comment chiffrer :
- https://ramblings.henryjenkins.name/posts/going-from-zero-to-nixos/