2.9 KiB
Boot a VM
Check launch.sh
Create basic partitioning
sudo parted /dev/sda -- mklabel gpt
# uefi part
sudo parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
sudo parted /dev/sda -- set 1 esp on
sudo mkfs.fat -F 32 -n boot /dev/sda1
# encrypted part
sudo parted /dev/sda -- mkpart cryptroot 512MiB 100%
Setup the crypted boot:
sudo cryptsetup luksFormat /dev/sda2 # need to set the password
sudo cryptsetup open /dev/sda2 cryptlvm
sudo pvcreate /dev/mapper/cryptlvm
sudo vgcreate EncryptedOS /dev/mapper/cryptlvm
sudo lvcreate -L 8G EncryptedOS -n swap
sudo lvcreate -l 100%FREE EncryptedOS -n root
mkfs.ext4 -L nixos /dev/MyVolGroup/root
mkswap -L cryptswap /dev/MyVolGroup/swap
Mount our stuff!
sudo swapon -L cryptswap
sudo mount /dev/disk/by-label/nixos /mnt
sudo mkdir /mnt/boot
sudo mount /dev/disk/by-label/boot /mnt/boot
Generate the configuration
nixos-generate-config --root /mnt
And then we need to update /mnt/etc/nix/configuration.nix
to add luks to the initrd:
{
# snip...
boot.initrd.luks.devices."cryptlvm".device = "/dev/disk/by-partlabel/cryptroot";
# snip...
}
Another tutorial updates the hardware-configuration.nix but it seems to be a bad practise as the file may be overwritten in the future by some Nix tools
Do not forget to put "s" at the end when required, do not forget the semi colon at the end of the expression.
When ready, run:
sudo nixos-install
The tool assumes that you mounted your future system on /mnt
.
Type the password you want for your root user, wait that the program returns and poweroff:
sudo poweroff
Booting on a fresh NixOS
Show how we changed the command line
Start your VM, first type your cryptsetup password.
Then login with the root account (you just created the password with nixos-install
).
If you made a change to your configuration.nix, you can apply it with:
nixos-rebuild switch
You can update your system by running:
nix-channel --update nixos
nixos-rebuild switch
Setting up my users
I chose to go for the declarative way.
I first set:
users.mutableUsers = false;
Then I create my user:
users.users.quentin = {
isNormalUser = true;
home = "/home/quentin";
description = "Quentin Dufour";
extraGroups = [ "wheel" "networkmanager" ];
hashedPassword = ""; # compute with mkpasswd -m sha-512
}
Setting up my DE
I chose Sway which is an i3 clone for Wayland.
programs.sway.enable = true;
It is covered here: https://nixos.org/manual/nixos/stable/index.html#sec-wayland
I also added some programs:
wget
vim
nyxt
alacritty
Sources
Comment configurer une machine UEFI :
Comment installer simplement :
Comment chiffrer :