| Partition | Type | Size |
|---|---|---|
| p1 | boot | 512 MiB |
| p2 | SWAP | 16 GiB |
| p3 | btrfs | - |
export DISK=/dev/nvme0n1
cryptsetup --verify-passphrase -v luksFormat "$DISK"p3
cryptsetup open "$DISK"p3 enc
mkfs.vfat -n boot "$DISK"p1
mkswap "$DISK"p2
swapon "$DISK"p2
mkfs.btrfs /dev/mapper/enc
mount -t btrfs /dev/mapper/enc /mnt
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/nix
btrfs subvolume create /mnt/persist
umount /mntFIXME: Mounting a ramdisk as root may be a bad idea for installation since building the config needs a lot of disk space. Consider mounting some temporary folder and deleting it afterwards or giving the tmpfs more ram.
mount -t tmpfs none /mnt
mkdir -p /mnt/{boot,home,nix,persist}
mount "$DISK"p1 /mnt/boot
mount -o subvol=home,compress=zstd,noatime /dev/mapper/enc /mnt/home
mount -o subvol=nix,compress=zstd,noatime /dev/mapper/enc /mnt/nix
mount -o subvol=persist,compress=zstd,noatime /dev/mapper/enc /mnt/persist
nixos-generate-config --root /mntCompare the generated hardware-configuration.nix with machines/matebook/hardware-configuration.nix, adjust and push to GitHub if needed.
mkdir -p /mnt/home/jakob/.ssh
cp /path/to/.ssh/id_ed25519* /mnt/home/jakob/.sshnixos-install --flake github:jakobkukla/nixos-config#matebook
rebootTODO: Replace command-not-found.pl with nix-index and find a way to circumvent building the index manually.
nix-channel --update| Partition | Type | Size |
|---|---|---|
| p1 | boot | 512 MiB |
| p2 | zfs | - |
Note the ashift value during zpool creation. From the Arch wiki:
Use -o ashift=9 for disks with a 512 byte physical sector size or -o ashift=12
for disks with a 4096 byte physical sector size. See lsblk -S -o NAME,PHY-SEC
to get the physical sector size of each SCSI/SATA disk. Remove -S if you want
the same value from all devices.
For NVMe drives, use nvme id-ns /dev/nvmeXnY -H | grep "LBA Format"
to get which LBA format is in use.
export DISK=/dev/nvme0n1
mkfs.vfat -n boot "$DISK"p1
# Create ZFS root pool
zpool create \
-o ashift=9 \
-o autotrim=on \
-R /mnt \
-O acltype=posixacl \
-O canmount=off \
-O compression=on \
-O dnodesize=auto \
-O relatime=on \
-O xattr=sa \
-O mountpoint=none \
rpool \
"$DISK"p2
# Create encrypted ZFS root system container
zfs create \
-o canmount=off \
-o mountpoint=none \
-o encryption=on \
-o keylocation=prompt \
-o keyformat=passphrase \
rpool/nixos
zfs create -o mountpoint=legacy rpool/nixos/root
zfs snapshot rpool/nixos/root@blank
zfs create -o mountpoint=legacy rpool/nixos/home
zfs create -o mountpoint=legacy rpool/nixos/nix
zfs create -o mountpoint=legacy rpool/nixos/persistmount -t zfs rpool/nixos/root /mnt
mkdir -p /mnt/{boot,home,nix,persist}
mount "$DISK"p1 /mnt/boot
mount -t zfs rpool/nixos/home /mnt/home
mount -t zfs rpool/nixos/nix /mnt/nix
mount -t zfs rpool/nixos/persist /mnt/persist
nixos-generate-config --root /mntCompare the generated hardware-configuration.nix with machines/pc/hardware-configuration.nix, adjust and push to GitHub if needed.
mkdir -p /mnt/home/jakob/.ssh
cp /path/to/.ssh/id_ed25519* /mnt/home/jakob/.sshnixos-install --no-root-password --flake github:jakobkukla/nixos-config#pc
rebootTODO: Replace command-not-found.pl with nix-index and find a way to circumvent building the index manually.
nix-channel --updateBuild and run the VM with:
nixos-rebuild build-vm --flake .#$MACHINE
sudo ./result/bin/run-nixos-$MACHINE-vmRun the resulting path with sudo, otherwise agenix will fail to decrypt secrets.