INSTALL.md

Setup Instructions

Create a bootable USB drive

• Download Minimal NixOS to $ISO_PATH
• insert drive
• lsblk -> find out drive name (e.g. /dev/sdb) $DRIVE
• run (as root) dd bs=4M if=$ISO_PATH of=$DRIVE conv=fdatasync status=progress && sync

Optional: Installing dual-boot Windows 11 for driver checks etc...

1. Enable secure boot
2. Install Windows 11. Windows 11 now lets you choose size of primary partition during install, I recommend 200GB on a 4TB drive, but lower (100GB) should be fine.
3. Install all updates under Windows while we're at it.
4. Optional: Create a windows recovery USB Drive (Search for "Create Recovery Drive") [Fair warning: This is slooooooooow].
5. Disable secure boot
6. Clear secure boot keys
7. Install NixOS as below, creating a new EFI boot partition separate from the windows one.

Actual installation using and Impermanence

Fantastic Inspiration: https://www.youtube.com/watch?v=YPKwkWtK7l0 NixOS Guide on using Btrfs: https://nixos.wiki/wiki/Btrfs

Note: Disko doesn't support dual-booting just yet, so we're still doing it imperatively.

1. Boot into Minimal NixOS

2. sudo su

3. nix-shell -p neovim

4. lsblk -> find out disk name (e.g. /dev/nvme0n1) $DISK

5. export DISK=/dev/nvme0n1

6. gdisk $DISK

   1. p (print)
   2. d (delete)
   3. n (new)
      1. number=(1|5), begin=default, end=+2G, hex code=ef00 ($BOOT from now on, or /dev/nvme0n1p5 etc)
      2. number=(2|6), begin=default, end=default, hex code=8e00 ($MAIN from now on)
   4. w (write)

7. export BOOT=/dev/nvme0n1p5

8. export MAIN=/dev/nvme0n1p6

9. LVM on LUKS (BTRFS setup inspired by https://github.com/nix-community/disko/blob/master/example/luks-btrfs-subvolumes.nix)

   1. cryptsetup luksFormat $MAIN
   2. cryptsetup luksOpen $MAIN nixos-enc
   3. pvcreate /dev/mapper/nixos-enc
   4. vgcreate nixos-vg /dev/mapper/nixos-enc
   5. lvcreate --size <swap size, e.g. 8G, usually pick 2xRAM for hibernation if space doesn't matter> --name swap nixos-vg
   6. lvcreate --size 100%FREE --name root nixos-vg

10. Create Boot and Main FS

    1. mkfs.vfat -n boot $BOOT
    2. nix-shell -p btrfs-progs
    3. mkfs.btrfs --label nixos /dev/nixos-vg/root
       1. mkdir -p /mnt
       2. mount /dev/nixos-vg/root /mnt
       3. btrfs subvolume create /mnt/root
       4. btrfs subvolume create /mnt/nix
       5. btrfs subvolume create /mnt/persist
       6. btrfs subvolume create /mnt/home
       7. umount /mnt

11. Create and Mount Swap

    1. mkswap --label swap /dev/nixos-vg/swap
    2. swapon /dev/nixos-vg/swap

12. Mount Everything

    1. mount -o compress=zstd,noatime,subvol=root /dev/nixos-vg/root /mnt
    2. mkdir /mnt/{home,nix,persist}
    3. mount -o compress=zstd,noatime,subvol=nix /dev/nixos-vg/root /mnt/nix
    4. mount -o compress=zstd,noatime,subvol=persist /dev/nixos-vg/root /mnt/persist
    5. mount -o compress=zstd,noatime,subvol=home /dev/nixos-vg/root /mnt/home
    6. mkdir /mnt/boot
    7. mount $BOOT /mnt/boot

13. Generate config

    1. nixos-generate-config --root /mnt

14. Add Btrfs mount options to hardware-config (since nixos-generate-config doesn't do that automatically yet): nvim /mnt/etc/nixos/hardware-configuration.nix

     fileSystems = {
       "/".options = [ "compress=zstd" "noatime" ];
       ...
     };

15. Add minimum required stuff to config (nvim /mnt/etc/nixos/configuration.nix)

    boot.initrd.luks.devices = {
      root = {
        device = "$MAIN";
        preLVM = true;
      };
    };
    
    # If not dual-booting with GRUB
    boot.loader.systemd-boot.enable = true;
    
    networking.networkmanager.enable = true;
    
    users.users.farlion = {
      extraGroups = ["wheel" "video" "audio" "disk" "networkmanager"];
      isNormalUser = true;
    };

16. Nixos go brrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

    nixos-install

17. reboot

Enable this setup

1. change your name to farlion because it's hardcoded in the configurations
2. passwd farlion and then su farlion
3. nix-shell -p git neovim
4. export NIXOS_TMP_CONFIG=/home/farlion/nixos-tmp-config
5. git clone https://github.com/workflow/nixos-config.git $NIXOS_TMP_CONFIG
6. cd $NIXOS_TMP_CONFIG
7. Make a new machines/<new_hostname> from the base settings at /etc/nixos/{hardware-}configuration
   1. mkdir machines/<new_hostname>
   2. cp /etc/nixos/hardware-configuration.nix machines/<new_hostname>/hardware-scan.nix
   3. cp /etc/nixos/configuration.nix machines/<new_hostname>/system.nix
   4. Remove imports from machines/<new_hostname>/hardware-scan.nix and machines/<new_hostname>/system.nix
   5. Set correct DHCP config in machines/<new_hostname>/hardware-scan.nix
   6. Update networking.hostname in machines/<new_hostname>/system.nix
   7. Check from other similar machines and copy any further settings that may be needed
8. Update flake.nix with new machine
9. nix-shell -p cachix
10. sudo nvim /etc/nixos/configuration.nix
11. Add nix.settings.trusted-users = ["root" "farlion"]
12. sudo nixos-rebuild switch
13. cachix use workflow-nixos-config
14. git add machines/<new_hostname> (for flakes to pick up the changes)
15. sudo nixos-rebuild boot --flake .#<new hostname> --override-input secrets nixpkgs
16. Reboot

Post-installation steps

1. Go through any immediately needed adaptations : )
2. Push any local $NIXOS_TMP_CONFIG config changes to github
   1. Temporarily disable automatic git signing in home/git.nix
   2. Create new SSH key: ssh-keygen -t ed25519 -C "farlion@<new_hostname>", naming it github
   3. Add SSH key to github
   4. GIT_SSH_COOMAND="ssh -i /home/farlion/.ssh/github" git push
3. trash-put $NIXOS_TMP_CONFIG
4. ln -s ~/code/nixos-config ~/nixos-config
5. Go through secret setup instructions
6. Customize ~/code/nixos-config/machines/<new_hostname>/{system.nix&&hardware-scan.nix} while cleaning them up, taking inspiration from similar machines
7. Change root passwd
8. nh os boot
9. Reboot
10. Update firmware: fwupdmgr regresh && fwupdmgr get-updates
11. Add <new_hostname> to CI build