# 0x29a nixos config My personal nixos configuration files for different environments. ## basic system installation - The installations presented in this repository are always luks encrypted - For simplicity I'm using device labels rather than uuids 1. the partitioning layout should look somewhat like this after the installation ```bash NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS nvme0n1 259:0 0 476.9G 0 disk ├─nvme0n1p1 259:1 0 2G 0 part /boot └─nvme0n1p2 259:2 0 474.9G 0 part └─cryptroot 254:0 0 474.9G 0 crypt ├─lvmroot-swap 254:1 0 20G 0 lvm [SWAP] ├─lvmroot-home 254:2 0 250G 0 lvm /home └─lvmroot-root 254:3 0 204.9G 0 lvm /nix/store ``` 2. prepare the installation ```bash # format the boot partition mkfs.fat -F 32 /dev/sda1 -n "nixboot" # create an encrypted partition cryptsetup luksFormat -y --label="nixcrypt" /dev/sda2 # open the encrypted partition and map it to /dev/mapper/cryptroot cryptsetup luksOpen /dev/sda2 cryptroot # create the physical volume pvcreate /dev/mapper/cryptroot # create a volume group inside vgcreate lvmroot /dev/mapper/cryptroot # create the swap volume lvcreate --size 8G lvmroot --name nwap # if you desire, create a home volume lvcreate --size 150G lvmroot --name home # create the root volume lvcreate -l 100%FREE lvmroot --name root # format as usual for root partition mkfs.ext4 -L "nixroot" /dev/mapper/lvmroot-root # if you previously made the home partition, do it too mkfs.ext4 -L "nixhome" /dev/mapper/lvmroot-home # format the swap partition mkswap -L "nixswap" /dev/mapper/lvmroot-swap # mount root mount /dev/disk/by-label/nixroot /mnt # mount boot mount --mkdir /dev/sda1 /mnt/boot # again, if you did the home volume mount --mkdir /dev/disk/by-label/nixhome /mnt/home # turn on swap swapon /dev/disk/by-label/nixswap ``` 3. prepare nixos ```bash # generate templates and update the hardware-configuration.nix sudo nixos-generate-config --root /mnt # add cryptd to the kernelModules boot.initrd.kernelModules = [ "dm-snapshot" "cryptd" ]; # add file systems using labels fileSystems."/" = { device = "/dev/disk/by-label/nixroot"; fsType = "ext4"; }; fileSystems."/boot" = { device = "/dev/disk/by-label/nixboot"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; fileSystems."/home" = { device = "/dev/disk/by-label/nixhome"; fsType = "ext4"; }; swapDevices = [ { device = "/dev/disk/by-label/nixswap"; } ]; # point the bootloader to the luks device boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-label/nixcrypt"; ``` 4. install nixos ```bash cd /mnt sudo nixos-install ``` ## how to deploy the inital config - Don't forget to install the bootloader, if you changed it since `nixos-install` ```bash $ sudo nixos-rebuild --install-bootloader switch --flake .#host_name ``` ## how to upgrade the system ```bash $ cd /path/to/repo $ sudo nix flake update $ sudo nixos-rebuild switch --flake .#host_name $ sudo nix-collect-garbage ``` ## how to use nix-helper The tool nix-helper is installed by this configuration. It simplifies administrating nixos and adds more output to the rebuild command. It also features a diff after a successful build. The command uses the `NH_FLAKE` environment variable to be able to run from whatever directory. Basic commands with a set `NH_FLAKE` variable are: ```bash $ nh os switch $ nh os build $ nh os test $ nh clean all --keep 5 ``` There is also the option to interface with home-manager by using `nh home switch`but this isn't necessary since home-manager is imported as a module in this config. ## author aaron