caspervk/nixos
1
Code Activity Actions
❄️
107 commits 2 branches 0 tags 6.9 MiB
Nix 85.2%
HTML 14.8%
Find a file
snowflake 6937393cad flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c' (2023-08-28)
  → 'github:nix-community/home-manager/9787dffff5d315c9593d3f9fb0f9bf2097e1b57b' (2023-09-11)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/f7848d3e5f15ed02e3f286029697e41ee31662d7' (2023-09-10)
  → 'github:nix-community/home-manager/e63a6b34792884bfe4056d1ef561b5611589b8ad' (2023-09-18)
• Updated input 'impermanence':
    'github:nix-community/impermanence/e3a7acd113903269a1b5c8b527e84ce7ee859851' (2023-07-31)
  → 'github:nix-community/impermanence/e9643d08d0d193a2e074a19d4d90c67a874d932e' (2023-09-13)
• Updated input 'nix-index-database':
    'github:nix-community/nix-index-database/9a5c4996d0918a151269600dfdf6ad3b3748f6a4' (2023-09-11)
  → 'github:nix-community/nix-index-database/9d2bcc47110b3b6217dfebd6761ba20bc78aedf2' (2023-09-17)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/4c8cf44c5b9481a4f093f1df3b8b7ba997a7c760' (2023-09-10)
  → 'github:NixOS/nixpkgs/5d017a8822e0907fb96f7700a319f9fe2434de02' (2023-09-17)
• Updated input 'nixpkgs-unstable':
    'github:NixOS/nixpkgs/db9208ab987cdeeedf78ad9b4cf3c55f5ebd269b' (2023-09-08)
  → 'github:NixOS/nixpkgs/ace5093e36ab1e95cb9463863491bee90d5a4183' (2023-09-15)
2023-09-18 16:02:20 +00:00
hosts Sway workspace and window automation 2023-08-26 19:28:04 +02:00
modules chromium (ungoogled, of course) 2023-09-13 09:39:23 +02:00
overlays Remove kanshi 2023-08-26 19:04:17 +02:00
.gitignore Initial commit 2023-06-25 01:28:19 +02:00
.gitlab-ci.yml Document GitLab CI configuration 2023-08-26 17:05:03 +02:00
flake.lock flake.lock: Update 2023-09-18 16:02:20 +00:00
flake.nix Format 2023-08-26 18:06:23 +02:00
LICENSE fmt license 2023-07-09 00:15:18 +02:00
README.md Add a little debugging help 2023-08-16 02:29:53 +02:00
todo Base 2023-08-01 15:35:59 +02:00

README.md

nixos

Installation

Follow the NixOS manual to obtain and boot the installation medium. Use the graphical ISO image since it ships with useful programs such as nmtui; the installation can still be done through the terminal.

Disk Partitioning

For impermanence, partitioning should be done as outlined in the tmpfs as root blogpost, but with /nix as a LUKS-encrypted file system. The boot partition will not be encrypted, since that is poorly supported by systemd-boot. Persistent files will be saved under /nix/persist.

The following is based on the tmpfs as root blogpost, the NixOS manual's partitioning, formatting and LUKS-Encrypted File Systems sections, ArchWiki's LVM on LUKS, the unofficial NixOS wiki Full Disk Encryption, and this GitHub gist.

We create a 1GiB EFI boot partition (/dev/sda1) and the rest will be our LUKS-encrypted volume:

# Create partition table
parted /dev/sda -- mklabel gpt

# Create /boot partition
parted /dev/sda -- mkpart ESP fat32 1MiB 1024MiB
parted /dev/sda -- set 1 esp on

# Create /nix partition
parted /dev/sda -- mkpart primary 1024MiB 100%

# Create and open LUKS-encrypted container
cryptsetup --type=luks2 luksFormat --label=crypted /dev/sda2
cryptsetup open /dev/sda2 crypted

# Create LVM volume group
pvcreate /dev/mapper/crypted
vgcreate vg /dev/mapper/crypted

# Create root logical volume
lvcreate -l 100%FREE vg -n root

# Format partitions
mkfs.fat -F32 -n BOOT /dev/sda1
mkfs.ext4 -L nix /dev/vg/root

The result should be the following (lsblk -f):

NAME          FSTYPE      FSVER            LABEL
sda
├─sda1        vfat        FAT32            BOOT
└─sda2        crypto_LUKS 2                crypted
  └─crypted   LVM2_member LVM2 001
    └─vg-root ext4        1.0              nix

Installation

Whereas the NixOS manual mounts the newly-created nixos partition to /mnt, we will follow the tmpfs as root blogpost and mount /mnt as tmpfs:

mount -t tmpfs none /mnt
mount --mkdir /dev/disk/by-label/BOOT /mnt/boot
mount --mkdir /dev/disk/by-label/nix /mnt/nix
mkdir -p /mnt/nix/persist/

The remaining installation can be done (more or less) according to the NixOS manual.

cd /mnt/nix
git clone https://git.caspervk.net/caspervk/nixos.git tmp
cd tmp/
nixos-generate-config --root /mnt --show-hardware-config
vim hosts/omega/hardware.nix
git add .  # nix sometimes ignores files outside version control
nixos-install --no-root-passwd --flake .#omega

# Make sure to set a password
mkpasswd > /mnt/nix/persist/passwordfile
chmod 400 /mnt/nix/persist/passwordfile

Hardware Configuration

hosts/*/hardware.nix, while initially generated by nixos-generate-config --show-hardware-config, is manually modified.

Impermanence

To find out which of our darlings will be erased on reboot do tree -x /.

Upgrading

sudo nixos-rebuild switch --flake .

Debugging

nix repl
:lf .
:p nixosConfigurations.omega.config.services.openssh.ports
:p nixosConfigurations.omega.config.home-manager.users.caspervk.programs.ssh.matchBlocks
:p inputs.nixpkgs.outputs.legacyPackages.x86_64-linux.openssh.version