nixos-config/README.md

# NixOS configuration

## Structure

 * `deploy.nix`: Configuration for deployment with
   [krops](https://cgit.krebsco.de/krops/about/)
 * `machines`: Machine-specific configuration
   + `README.md`: Short overview of the hardware and usage of the machine
   + `configuration.nix`: Main configuration
   + `hardware-configuration.nix`: Hardware-specific configuration. It should
     not depend on any modules or files from this repository, since it is used
     for initial setup.
   + `services`: Non-trivial machine-specific configuration related to a
     specific service the machine provides.
   + `secrets`: Nix expressions that include information that is not meant to
     be visible to everyone (e.g. accounts, password hashes, private
     information etc.) or secrets for services that don’t provide any other
     (easy) way of specifying them and whose secrets leaking does not pose a
     huge threat
 * `modules`: Custom modules. Many are activated by default, since I want them
   on all systems.
 * `pkgs`: My nixpkgs overlay
 * `users/simon`: [home-manager](https://github.com/nix-community/home-manager)
   configuration

Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix).

## How to install

This guide describes how to install this configuration with GPT and BIOS boot.
It is not a one-fits-all guide, but the base for what I use for interactive
systems. Servers and specialised systems may need a different setup (e. g. swap
with random luks passphrase and no LVM).

Set up wifi if no wired connection is available:

    wpa_passphrase "SSID" "PSK" | wpa_supplicant -B -i wlp4s0 -c/dev/stdin

Create the partition table (enter the indented lines in the repl):

    parted /dev/sdX
      mktable GPT
      mkpart primary 1MiB 2MiB
      mkpart primary 2MiB 500MiB
      mkpart primary 500MiB 100%
      set 1 bios_grub on
      disk_toggle pmbr_boot
      quit

Format encrypted partition and open it:

    cryptsetup luksFormat --type luks2 /dev/sdX3
    cryptsetup open --type luks2 /dev/sdX3 HOSTNAME-pv

Create LVM (replace `8G` with desired swap size):

    pvcreate /dev/mapper/HOSTNAME-pv
    vgcreate HOSTNAME-vg /dev/mapper/HOSTNAME-pv
    lvcreate -L 8G -n swap HOSTNAME-vg
    lvcreate -l '100%FREE' -n root HOSTNAME-vg

**Hint**: If you have to reboot to the installation system later because
something went wrong and you need access to the LVM (but don’t know LVM), do
the following after opening the luks partition: `vgchange -ay`.

Create filesystems:

    mkfs.ext2 /dev/sdX2
    mkfs.ext4 -L root /dev/HOSTNAME-vg/root
    mkswap -L swap /dev/HOSTNAME-vg/swap

Mount the file systems and activate swap:

    mount /dev/HOSTNAME-vg/root /mnt
    mkdir /mnt/boot
    mount /dev/sdX2 /mnt/boot
    swapon /dev/HOSTNAME-vg/swap

Generate hardware configuration and copy hardware configuration to machine
configuration (skip this step if you already have a hardware-configuration for
this machine):

    nixos-generate-config --root /mnt/

Modify the hardware configuration as needed. Fill in the fields that have
comments in `machines/installation/configuration.nix` and copy it to
`/mnt/etc/nixos/configuration.nix`.

Install NixOS:

    nixos-install

Add the krops sentinel file:

    mkdir -p /mnt/var/src
    touch /mnt/var/src/.populate

After the successful instalation, reboot use `deploy HOSTNAME` on another
system to deploy the new system using krops, after adding the
`configuration.nix` and entry in `machines/default.nix` for the machine.

## License

As nixpkgs, this repository is licensed under the [MIT License](LICENSE). This
only applies to the nix expressions, not the built system or package closure.
Patches may also be licensed differently, since they may be derivative works of
the packages to which they apply.