Installing NixOS

27 October 2014

Below is a rough install log for installing NixOS:

The installation was done onto a laptop where the goal was to dedicate the full disk to NixOS, with a small unencrypted boot patition, and a single LUKS encrypted partition containing two volumes for the root filesystem and swap.

The media nixos-minimal-14.04.534.66af731-i686-linux.iso was used.

Configure wpa\supplicant

A wpa\supplicant daemon should already be running on the wifi card interface. Confirm with systemctl status wpa_supplicant.service.

:# nano /etc/wpa_supplicant.conf
ctrl_interface=/run/wpa_supplicant
update_config=1

:# systemctl restart wpa_supplicant.service

:# wpa_cli
> scan
OK
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
> scan_results
bssid / frequency / signal level / flags / ssid
01:02:03:04:05:06 2462 -49 [WPA2-PSK-CCMP][ESS] AbrahamLinksys
11:12:13:14:15:16 2437 -64 [WPA2-PSK-CCMP][ESS] WuTangLan
> add_network
0
> set_network 0 ssid "WuTangLan"
> set_network 0 psk "passphrase"
> enable_network 0
<2>CTRL-EVENT-CONNECTED ...
> save_config
OK
^D

Enable DHCP

DHCP may have already obtained an address. Test with ifconfig, or start manually:

:# dhcpcd <interface>

Partition the disk

Make a boot partition on /dev/sda1 of +256M, enable the boot flag, then assign remaining space to /dev/sda2.

:# fdisk /dev/sda

Encrypt with LUKS

:# cryptsetup luksFormat /dev/sda2
WARNING!
========
This will overwrite data on /dev/sda2 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase: ****
Verify passphrase: ****
.
:# cryptsetup open --type luks /dev/sda2 luksroot

Create LVM volumes for root and swap

:# pvcreate /dev/mapper/luksroot
 Physical volume "/dev/mapper/luksroot" successfully created
:# vgcreate vg /dev/mapper/luksroot
 Volume group "vg" successfully created
:# lvcreate -ay --size 1G --name swap vg
 Logival volume "Swap" created
:# lvcreate -ay --size 150G --name nixos vg
 Logical volume "nixos" created

Make filesystems

Make swap and root filesystems on the LVM logical volumes. Make the boot filesystem directly on the boot partition.

:# mkswap -L swap /dev/mapper/vg-swap
:# mkfs.ext4 -L nixos /dev/mapper/vg-nixos
:# mkfs.ext4 -L boot /dev/sda1

Mount them.

:# swapon /dev/disk/by-label/swap
:# mount /dev/disk/by-label/nixos /mnt
:# mkdir /mnt/boot
:# mount /dev/disk/by-label/boot /mnt/boot

Configure

:# nixos-generate-config --root /mnt
writing /mnt/etc/nixos/hardware-configuration.nix...
writing /mnt/etc/nixos/configuration.nix...

Filesystems don’t seemt to be detected correctly (?) in hardware-configuration.nix. I had to force set the device of the encrypted root filesystem in order to override.

Edit /mnt/etc/nixos/configuration.nix to include the following, as well as any additional configuration.

boot.loader.grub.device = "/dev/sda";
boot.initrd.luks.devices =
  [ { name = "luksroot"; device = "/dev/sda2"; }
  ];
fileSystems."/".device = pkgs.lib.mkForce "/dev/disk/by-label/nixos";
swapDevices =
  [ { device = "/dev/disk/by-label/swap"; }
  ];

Install

:# nixos-install
:# reboot