GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → shazow → nixfiles

shazow / nixfiles

Licence: MIT license
Some of my .nix files

Programming Languages

Nix
1067 projects
lua
6591 projects
Vim Script
2826 projects
shell
77523 projects
Makefile
30231 projects

Labels

dotfilesnixpkgsnix-dotfilesnixos-configuration

Projects that are alternatives of or similar to nixfiles

dotfiles
For keeping all my Dotfiles update to date
Stars: ✭ 29 (+31.82%)
Mutual labels:  nix-dotfiles, nixos-configuration
rc
Structured system configuration (I moved from NixOS to GuixSD)
Stars: ✭ 97 (+340.91%)
Mutual labels:  nix-dotfiles, nixos-configuration
nixpkgs
My Nix system configs!
Stars: ✭ 143 (+550%)
Mutual labels:  nixpkgs, nix-dotfiles
dotnix
nix stuff
Stars: ✭ 27 (+22.73%)
Mutual labels:  nix-dotfiles, nixos-configuration
Home Manager
Manage a user environment using Nix [maintainer=@rycee]
Stars: ✭ 2,447 (+11022.73%)
Mutual labels:  nixpkgs, nix-dotfiles
nix-config
NixOS configuration (also on WSL)
Stars: ✭ 51 (+131.82%)
Mutual labels:  nix-dotfiles, nixos-configuration
triton
Triton Operating System
Stars: ✭ 56 (+154.55%)
Mutual labels:  nixpkgs
nix-template
Make creating nix expressions easy
Stars: ✭ 161 (+631.82%)
Mutual labels:  nixpkgs
yants
Yet Another Nix Type System | Source has moved to https://git.tazj.in/tree/nix/yants
Stars: ✭ 35 (+59.09%)
Mutual labels:  nixpkgs
nix-hs
Haskell + nixpkgs = nix-hs
Stars: ✭ 23 (+4.55%)
Mutual labels:  nixpkgs
dotfiles
Dotfiles. Mac and *nix. Handy scripts, configurations for bash, zsh, git, asdf, Sublime Text, Karabiner-Elements, BetterTouchTool and more.
Stars: ✭ 15 (-31.82%)
Mutual labels:  nixpkgs
stackage2nix
Generate Nix build instructions from a Stack file
Stars: ✭ 48 (+118.18%)
Mutual labels:  nixpkgs
nix-bisect
Bisect nix builds. Status: alpha/proof of concept. You'll probably have to dig into the implementation if you want to use it. Built for personal use, lightly maintained. PRs welcome. Issues welcome, but I make no promises regarding responses or fix
Stars: ✭ 72 (+227.27%)
Mutual labels:  nixpkgs
go2nix
Reproducible builds and development environment for Go
Stars: ✭ 88 (+300%)
Mutual labels:  nixpkgs
gradle2nix
Generate Nix expressions which build Gradle-based projects.
Stars: ✭ 71 (+222.73%)
Mutual labels:  nixpkgs
nixpkgs
Nix Packages collection used in Nubank
Stars: ✭ 24 (+9.09%)
Mutual labels:  nixpkgs
nixpkgs-python
nixpkgs-python is automatically (via pypi2nix) managed collection of nix+python expressions
Stars: ✭ 17 (-22.73%)
Mutual labels:  nixpkgs
nixpkgs-stackage
Stackage overlay for Nixpkgs
Stars: ✭ 25 (+13.64%)
Mutual labels:  nixpkgs
dotfiles
No place like ~. Nix. All. The. Things.
Stars: ✭ 48 (+118.18%)
Mutual labels:  nixpkgs
nixos-installer
Combining the power of Nix, Guile & Elm to install NixOS
Stars: ✭ 14 (-36.36%)
Mutual labels:  nixos-configuration
View All Similar Projects ➔

nixfiles

Some of my .nix files

Installing

Disk Setup

Rough sketch of the expected disk layout with full-disk encryption.

Some changes to the sketch for a more realistic scenario:

  • Swap partition should be at least as big as the machine's RAM to support hibernate-to-disk. Otherwise, it can be omitted altogether in place of a swapfile.
  • Boot partition can be made bigger to support an embedded recovery image (4-6 GB).

NOTE: If trying in a VM, make sure to use a SCSI virtual disk (instead of HDA) and UEFI enabled.

# Setup partition layout
# Swap should be >RAM size if you're going to use hibernate
parted /dev/sda -- mklabel gpt
parted /dev/sda -- mkpart ESP fat32 1MB 512MB  # boot
parted /dev/sda -- set 1 boot on
parted /dev/sda -- mkpart primary 512MB -1GB  # root
parted /dev/sda -- mkpart primary linux-swap -1GB 100%  # swap

# Encrypt the partitions
# Swap partition is also encrypted, so our hibernate state is encrypted.
# We use luks1 (instead of luks2) because grub2 only supports luks1 for now.
# Follow: https://github.com/NixOS/nixpkgs/issues/65375 for LUKS2 on Grub
# To convert, see: https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
cryptsetup luksFormat --type luks1 /dev/sda2  # Enter password
cryptsetup luksFormat --type luks1 /dev/sda3  # Enter the same password

# Good time to add a key file, if we want to do that:
#   dd if=/dev/urandom of=cryptroot.key bs=1 count=4096
#   chmod 0400 cryptroot.key
#   cryptsetup luksAddKey /dev/sda2 cryptroot.key
#   cryptsetup luksAddKey /dev/sda3 cryptroot.key

# Open the encrypted partitions
cryptsetup open /dev/sda2 cryptroot
cryptsetup open /dev/sda3 cryptswap

# Format the underlying partitions
mkfs.fat -F 32 -n EFI /dev/sda1  # Unencrypted EFI partition
mkswap /dev/mapper/cryptswap
mkfs.btrfs /dev/mapper/cryptroot
mount -o defaults,noatime,compress=lzo,autodefrag /dev/mapper/cryptroot /mnt

# Create volumes on the btrfs root
btrfs subvolume create /mnt/@rootnix
btrfs subvolume create /mnt/@home

# Remount with new volumes
umount /mnt
mount -o compress=lzo,subvol=@rootnix /dev/mapper/cryptroot /mnt
mkdir -p /mnt/boot /mnt/home
mount -o compress=lzo,subvol=@home /dev/mapper/cryptroot /mnt/home
mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

# Enable swap if you're using nixos-generate-config to auto-detect mounts
swapon /dev/mapper/cryptswap

Resume an existing disk setup:

cryptsetup open /dev/sda2 cryptroot  # Enter password
cryptsetup open /dev/sda3 cryptswap  # Enter password

mount -o compress=lzo,subvol=@rootnix /dev/mapper/cryptroot /mnt
mount -o compress=lzo,subvol=@home /dev/mapper/cryptroot /mnt/home
mount /dev/sda1 /mnt/boot/efi

NixOS Setup from another distro

If you're installing from inside another distro, you can use these instructions: https://nixos.org/nixos/manual/index.html#sec-installing-from-other-distro

In Arch, using the aur/nix package does not work.

If we need to add hardware-specific configuration imports, we'll need nixos-hardware (setup instructions). The nix environment activator only includes the nixpkgs channel in the NIX_PATH by default, so we'll need to add that too.

# Activate the nix environment
. $HOME/.nix-profile/etc/profile.d/nix.sh

# Add the nixos-hardware channel
nix-channel --add https://github.com/NixOS/nixos-hardware/archive/master.tar.gz nixos-hardware
nix-channel --update nixos-hardware

# Add the new channel to our NIX_PATH
export NIX_PATH=${NIX_PATH}:${NIX_PATH//nixpkgs/nixos-hardware}

Some other notes for installing from another distro (doesn't apply for a normal install):

  • ${disk.efi} should be mounted to /mnt/boot/efi (or whatever the root prefix is).

After that, off we go:

sudo groupadd -g 30000 nixbld
sudo useradd -u 30000 -g nixbld -G nixbld nixbld
sudo PATH="$PATH" NIX_PATH="$NIX_PATH" `which nixos-install` --root /mnt

NixOS Setup from scratch (in a VM)

curl -Ls "https://github.com/shazow/nixfiles/archive/master.zip" -o nixfiles.zip
unzip nixfiles.zip

mkdir /mnt/etc
mv nixfiles-master /mnt/etc/nixos

cd /mnt/etc/nixos
echo \"$(mkpasswd -m sha-512)\" > .hashedPassword.nix
chmod 400 .hashedPassword.nix

cat > disk.nix << EOF
{
  cryptroot = "/dev/sda2";
  cryptswap = "/dev/sda3";
  efi = "/dev/sda1";
}
EOF

cp hosts/example.nix configuration.nix
echo "Edit configuration.nix ... Some of the paths are wrong here, need to fix."

nixos-install --root /mnt

References

Big thanks to my friend group of NixOS pioneers who paved through the unknowns, and answered many questions along the way.

Full Disk Encryption (FDE)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].