Simon Bruder
fa1c274248
This also changes the model to 8-0-4-1 (new upstream default). Since upstream replaced the old model on GitHub releases instead of adding a new release, previous generations that don’t have the old model cached won’t build anymore. |
||
---|---|---|
.git-crypt | ||
machines | ||
modules | ||
nix | ||
pkgs | ||
users/simon | ||
.envrc | ||
.gitattributes | ||
.gitignore | ||
deploy.nix | ||
LICENSE | ||
README.md | ||
shell.nix |
NixOS configuration
Structure
deploy.nix
: Configuration for deployment with kropsmachines
: Machine-specific configurationREADME.md
: Short overview of the hardware and usage of the machineconfiguration.nix
: Main configurationhardware-configuration.nix
: Hardware-specific configuration. It should not depend on any modules or files from this repository, since it is used for initial setup.services
: Non-trivial machine-specific configuration related to a specific service the machine provides.secrets
: Nix expressions that include information that is not meant to be visible to everyone (e.g. accounts, password hashes, private information etc.)
modules
: Custom modules. Many are activated by default, since I want them on all systems.pkgs
: My nixpkgs overlayusers/simon
: home-manager configuration
Secrets are managed with krops’s integrated support for
pass
. Permission management for them is
implemented in modules/secrets.nix
.
How to install
This guide describes how to install this configuration with GPT and BIOS boot. It is not a one-fits-all guide, but the base for what I use for interactive systems. Servers and specialised systems may need a different setup (e. g. swap with random luks passphrase and no LVM).
Set up wifi if no wired connection is available:
wpa_passphrase "SSID" "PSK" | wpa_supplicant -B -i wlp4s0 -c/dev/stdin
Create the partition table (enter the indented lines in the repl):
parted /dev/sdX
mktable GPT
mkpart primary 1MiB 2MiB
mkpart primary 2MiB 500MiB
mkpart primary 500MiB 100%
set 1 bios_grub on
disk_toggle pmbr_boot
quit
Format encrypted partition and open it:
cryptsetup luksFormat --type luks2 /dev/sdX3
cryptsetup open --type luks2 /dev/sdX3 HOSTNAME-pv
Create LVM (replace 8G
with desired swap size):
pvcreate /dev/mapper/HOSTNAME-pv
vgcreate HOSTNAME-vg /dev/mapper/HOSTNAME-pv
lvcreate -L 8G -n swap HOSTNAME-vg
lvcreate -l '100%FREE' -n root HOSTNAME-vg
Hint: If you have to reboot to the installation system later because
something went wrong and you need access to the LVM (but don’t know LVM), do
the following after opening the luks partition: vgchange -ay
.
Create filesystems:
mkfs.ext2 /dev/sdX2
mkfs.ext4 -L root /dev/HOSTNAME-vg/root
mkswap -L swap /dev/HOSTNAME-vg/swap
Mount the file systems and activate swap:
mount /dev/HOSTNAME-vg/root /mnt
mkdir /mnt/boot
mount /dev/sdX2 /mnt/boot
swapon /dev/HOSTNAME-vg/swap
Generate hardware configuration and copy hardware configuration to machine configuration (skip this step if you already have a hardware-configuration for this machine):
nixos-generate-config --root /mnt/
Modify the hardware configuration as needed. Fill in the FIXME
fields of
machines/installation/configuration.nix
and copy it to
/mnt/etc/nixos/configuration.nix
.
Install NixOS:
nixos-install
Add the krops sentinel file:
mkdir -p /mnt/var/src
touch /mnt/var/src/.populate
After the successful instalation, reboot use deploy HOSTNAME
on another
system to deploy the new system using krops, after adding the
configuration.nix
and entry in machines/default.nix
for the machine.
License
As nixpkgs, this repository is licensed under the MIT License. This only applies to the nix expressions, not the built system or package closure. Patches may also be licensed differently, since they may be derivative works of the packages to which they apply.