My NixOS configuration
- Download the minimal NixOS ISO image from https://nixos.org/download.html#nixos-iso
- Boot into the NixOS installer.
- Run
sudo suto obtain root privileges. - If necessary, change the keyboard layout (e.g.
loadkeys de-latin1for german qwertz layout). - Connect to the internet.
- Use
fdiskorcfdiskto create a GPT partition table with the following partitions:/dev/EFI_PARTITION: EFI system partition (type: EFI System, size: 512M)/dev/LUKS_PARTITION: Encrypted root partition (type: Linux filesystem)
- Create and open the LUKS container:
cryptsetup -yv luksFormat /dev/LUKS_PARTITION cryptsetup open /dev/LUKS_PARTITION root
- Create LVM volumes (adjust volume sizes):
pvcreate /dev/mapper/root vgcreate nixos /dev/mapper/root lvcreate -L '256G' -n nix nixos # nix store lvcreate -L '256G' -n persistent nixos # persistent user data/cache lvcreate -L '16G' -n swap nixos # swap
- Format and mount LVM volumes:
mount -m -t tmpfs -o size=4G,mode=755 tmpfs /mnt mkfs.btrfs /dev/nixos/nix mount -m -o compress=zstd,noatime /dev/nixos/nix /mnt/nix mkfs.btrfs /dev/nixos/persistent mount -m /dev/nixos/persistent /mnt/persistent btrfs subvolume create /mnt/persistent/@data btrfs subvolume create /mnt/persistent/@data/.snapshots btrfs subvolume create /mnt/persistent/@cache btrfs subvolume create /mnt/persistent/@cache/.snapshots umount /mnt/persistent mount -m -o compress=zstd,noatime,subvol=@data /dev/nixos/persistent /mnt/persistent/data mount -m -o compress=zstd,noatime,subvol=@cache /dev/nixos/persistent /mnt/persistent/cache mkswap /dev/nixos/swap swapon /dev/nixos/swap
- Format and mount EFI system partition:
mkfs.fat -F32 /dev/EFI_PARTITION mount -m /dev/EFI_PARTITION /mnt/boot
- Enable flakes on the live system and install git:
mkdir -p ~/.config/nix/ echo experimental-features = nix-command flakes > ~/.config/nix/nix.conf nix profile install nixpkgs#git
- Clone this repository:
mkdir -p /mnt/persistent/data/home/felix/ cd /mnt/persistent/data/home/felix/ git clone https://github.com/Defelo/nixos.git cd nixos
- Create a new host and set the user password:
nix run .#new-host HOSTNAME - Add new host to git:
git add --intent-to-add hosts/HOSTNAME
- Install the base system and reboot:
nixos-install --flake .#HOSTNAME-base --no-channel-copy --no-root-passwd reboot - Install age private key and initialize persistent directories:
cd /persistent/data/home/felix/nixos/ nix run .#setup-host
- Install the system and reboot:
ulimit -n 65536 # increase number of open files limit nixos-rebuild boot --flake . reboot
- Add the new host's age key to global secrets:
find secrets -type f -exec sops updatekeys -y {} \; - Setup pam-u2f:
nix shell nixpkgs#pam_u2f --command pamu2fcfg | sudo tee /persistent/cache/u2f_keys sudo chown root:users /persistent/cache/u2f_keys sudo chmod 640 /persistent/cache/u2f_keys