Update readme to better reflect current state

Fixes #7.
This commit is contained in:
Simon Bruder 2021-01-27 21:55:04 +01:00
parent 4664265bb0
commit 1a63539df8
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

116
README.md
View file

@ -1,17 +1,39 @@
# NixOS configuration # NixOS configuration
## Structure
* `deploy.nix`: Configuration for deployment with
[krops](https://cgit.krebsco.de/krops/about/)
* `machines`: Machine-specific configuration
+ `README.md`: Short overview of the hardware and usage of the machine
+ `configuration.nix`: Main configuration
+ `hardware-configuration.nix`: Hardware-specific configuration. It should
not depend on any modules or files from this repository, since it is used
for initial setup.
* `modules`: Custom modules. Many are activated by default, since I want them
on all systems.
* `pkgs`: My nixpkgs overlay
* `users/simon`: [home-manager](https://github.com/nix-community/home-manager)
configuration
Secrets are managed with kropss integrated support for
[`pass`](https://www.passwordstore.org/). Permission management for them is
implemented in `modules/secrets.nix`.
## How to install ## How to install
This guide describes how to install this configuration (or any NixOS This guide describes how to install this configuration with GPT and BIOS boot.
configuration) with GPT and legacy (BIOS) boot. It is not a one-fits-all guide, but the base for what I use for interactive
systems. Servers and specialised systems may need a different setup (e.g. swap
with random luks passphrase and no LVM).
If you do not have a wired connection, first set up wifi Set up wifi if no wired connection is available:
wpa_passphrase "SSID" "PSK" | sudo wpa_supplicant -B -i wlp4s0 -c/dev/stdin wpa_passphrase "SSID" "PSK" | wpa_supplicant -B -i wlp4s0 -c/dev/stdin
Create the partition table (enter the indented lines in the repl). Create the partition table (enter the indented lines in the repl):
sudo parted /dev/sdX parted /dev/sdX
mktable GPT mktable GPT
mkpart primary 1MiB 2MiB mkpart primary 1MiB 2MiB
mkpart primary 2MiB 500MiB mkpart primary 2MiB 500MiB
@ -20,69 +42,61 @@ Create the partition table (enter the indented lines in the repl).
disk_toggle pmbr_boot disk_toggle pmbr_boot
quit quit
Format encrypted partition and open it Format encrypted partition and open it:
sudo cryptsetup luksFormat /dev/sdX3 cryptsetup luksFormat --type luks2 /dev/sdX3
sudo cryptsetup luksOpen /dev/sdX3 HOSTNAME-pv cryptsetup open --type luks2 /dev/sdX3 HOSTNAME-pv
Create LVM (replace `8G` with desired swap size) Create LVM (replace `8G` with desired swap size):
sudo pvcreate /dev/mapper/HOSTNAME-pv pvcreate /dev/mapper/HOSTNAME-pv
sudo vgcreate HOSTNAME-vg /dev/mapper/HOSTNAME-pv vgcreate HOSTNAME-vg /dev/mapper/HOSTNAME-pv
sudo lvcreate -L 8G -n swap HOSTNAME-vg lvcreate -L 8G -n swap HOSTNAME-vg
sudo lvcreate -l '100%FREE' -n root HOSTNAME-vg lvcreate -l '100%FREE' -n root HOSTNAME-vg
**Hint**: If you have to reboot to the installation system later because **Hint**: If you have to reboot to the installation system later because
something went wrong and you need access to the LVM (but dont know LVM), do something went wrong and you need access to the LVM (but dont know LVM), do
the following after opening the luks partition: `sudo vgchange -ay` the following after opening the luks partition: `vgchange -ay`.
Create filesystems Create filesystems:
sudo mkfs.ext2 /dev/sdX2 mkfs.ext2 /dev/sdX2
sudo mkfs.ext4 -L root /dev/HOSTNAME-vg/root mkfs.ext4 -L root /dev/HOSTNAME-vg/root
sudo mkswap -L swap /dev/HOSTNAME-vg/swap mkswap -L swap /dev/HOSTNAME-vg/swap
Mount the file systems and activate swap Mount the file systems and activate swap:
sudo mount /dev/HOSTNAME-vg/root /mnt mount /dev/HOSTNAME-vg/root /mnt
sudo mkdir /mnt/boot mkdir /mnt/boot
sudo mount /dev/sdX2 /mnt/boot mount /dev/sdX2 /mnt/boot
sudo swapon /dev/HOSTNAME-vg/swap swapon /dev/HOSTNAME-vg/swap
Create the configuration (see [below](#how-to-add-new-device)) and copy this
repository to your new home directory (e.g. `/mnt/home/simon/nixos`).
Add a symlink as the global configuration
sudo mkdir -p /mnt/etc/nixos/
sudo ln -s ../../home/simon/nixos/machines/nunotaba/configuration.nix /mnt/etc/nixos/configuration.nix
Generate hardware configuration and copy hardware configuration to machine Generate hardware configuration and copy hardware configuration to machine
configuration configuration (skip this step if you already have a hardware-configuration for
this machine):
sudo nixos-generate-config --root /mnt/ nixos-generate-config --root /mnt/
sudo mv /mnt/etc/nixos/hardware-configuration.nix /mnt/home/simon/nixos/machines/nunotaba/hardware-configuration.nix
sudo ln -s ../../home/simon/nixos/machines/nunotaba/hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix
Install NixOS Modify the hardware configuration as needed. Fill in the `FIXME` fields of
sudo nixos-install --no-root-passwd `machines/installation/configuration.nix` and copy it to
`/mnt/etc/nixos/configuration.nix`.
Enter the target as a container and set a user password Install NixOS:
sudo cp /etc/resolv.conf /mnt/etc/ # see https://github.com/NixOS/nixpkgs/issues/39665 nixos-install
nixos-enter
passwd simon
^D # nixos-enter
sudo rm /mnt/etc/resolv.conf
reboot
## How to add new device Add the krops sentinel file:
* Copy the config from the device that is similar to the new one mkdir -p /mnt/var/src
* Import profiles/modules you want touch /mnt/var/src/.populate
* Change settings in `configuration.nix`
* Change secrets After the successful instalation, reboot use `deploy HOSTNAME` on another
system to deploy the new system using krops, after adding the
`configuration.nix` and entry in `machines/default.nix` for the machine.
## License ## License
[MIT License](LICENSE) As nixpkgs, this repository is licensed under the [MIT License](LICENSE). This
only applies to the nix expressions, not the built system or package closure.
Patches may also be licensed differently, since they may be derivative works of
the packages to which they apply.