Init

I heard a lot about NixOS over the last couple of years. For example Why Puppet/Chef/Ansible aren’t good enough (and we can do better) or Binärgewitter Spezial #7: NixOS.

The basic concept of Nix(OS) made me curious, I’ve been working with Puppet as configuration management tool at work since quite a while, which is such an awesome tool! The idea of having package and configuration management as code directly integrated into your operating system sounded really interesting for me, so I wanted to give it a try.

Until very recently, I didn’t had a private Laptop, only my work device with Ubuntu. Some weeks back I bought a Dell 9360 and I’m really happy with this device (small and powerful)

What we going to do

I don’t need Windows on this machine so no need to keep it. Full disk encryption is a must for me in regards of security!

• USB stick installation
• LVM disk partitioning
• Luks encryption full disk encryption
• UEFI boot loader and boot partition
• Minimal system with with i3 as window manager

Conventions

• $ for regular user login
• # for root login
• -- for comments

Preparations

Installation media

At first we need an installation medium. I’m using the 64-bit minimal install CD which is downloadable under NixOS Download

After you downloaded the image it has to be copied to the USB stick (NOTE: this is going to destroy all data on the USB stick)

-- Check for the USB stick device name
$ lsblk

-- Copy the image via dd
-- Source of the NixOs CD image
# IMAGE="~/nixos-minimal-18.03.132268.5f16ba8fb0f-x86_64-linux.iso"
# DEST="/dev/sdb"
# dd bs=1M if=$IMAGE of=$DEST

System configuration

Before the installation can start, some things must be configured inside UEFI.

To enter UEFI press F2 in the beginning of the boot process (this is at least the case for Dell systems, for other systems ask the search engine of your choice)

• Disable Security boot
  • In Dell UEFI: Settings → Secure Boot → Secure Boot Enable
• Set DATA Operation to AHCI, otherwise no hard disk is available during setup
  • In Dell UEFI: Settings → System Configuration → SATA Operation

Installation

Time to boot from the prepared USB Stick. On my Dell machine you must press F12 during boot up to open the boot menu where you then select the USB stick. Also this process can differ from device to device.

From here on we’ll be in a root shell the whole time during the NixOs installation.

Keyboard layout

Yes I’m German and used to the German keyboard layout, so have to change it.

-- Load German layout
# loadkeys de

Networking

Having internet access during NixOs installation is beneficial. If you plan anything more than a minimal system, you want internet access to install system packages.

Either you’re lazy and plug a network cable in or you setup up WiFi, because the Dell 9360 has no Ethernet port I had to do it.

-- Generates PSK entry for autenticating against your WiFi network
wpa_passphrase $SSID $PASSPHRASE > /etc/wpa_supplicant.conf

-- Restarts WPA Supplicant, which enables the WiFi for us
service restart

-- Test
ping nixos.org

64 bytes ....

Partitioning

Keep in mind this step is going to destroy all data on your disk

UEFI devices requiring a GUID partition table (GPT) therefore we’ll using gdisk instead of fdisk. If you’re installing on a non UEFI system you can do the same job with fdisk.

-- Identify the disk for  NixOs installation -- something like /dev/sda or /dev/nvme0n1
-- We'll refer to the disk as $DISK
# blkid

-- Open gdisk on the disk we want to install
# gdisk $DISK

-----------------
-- GDISK COMMANDS

-- Print all partitions on the disk
Command: p

-- Delete all partitions
-- Repeat untill all partitions are gone
Command: d

Now we can create all partitions we need (or want):

1. EFI boot partition
2. LVM partition (Logical volume management) for root and swap partitions
   • LVM makes it easier to change partition size or layout if needed

-----------------
-- STILL IN GDISK
-- GDISK COMMANDS

-- Create EFI boot partition
Command: n
Partition number: 1
First sector: <use default value>
Last sector: +1G       -- Make a 1 gigabyte big partition
Hex code or GUID: ef00 -- EFI System type

-- Create LVM partition
Command: n
Partition number: 2
First sector: <use default value>
Last sector: <use default value>  -- Use all available diskspace
Hex code or GUID: 8e00            -- Linux LVM System type

-- Write changed to disk
Command: w

Encryption and LVM

Partition table and primary partitions are in place. The partition which contains the LVM partitions can be encrypted now. This is the second partition which has been created above - it should be something like /dev/nvme0n1p2 or /dev/sda2, I’ll refer to it as $LVM_PARTITION below.

The boot partition isn’t encrypted because there is no need (at least for me) and I’d make thing to complex, but if you want, take a look at the Archlinux Wiki - Disk encryption.

In my case I’m creating a swap partition as big as the RAM of my machine (16GB for hibernation, which hopefully works) the rest will become root filesystem.

-- Enter your passphrase - DON'T FORGET THIS
# cryptsetup luksFormat $LVM_PARTITION

-- Decrypt the encrypted partition and call it nixos-enc.
-- The decrypted partition will be mounted at /dev/mapper/nixos-enc
# cryptsetup luksOpen $LVM_PARTITION nixos-enc

-- Create the LVM physical volume using nixos-enc
# pvcreate nixos-vg /dev/mapper/nixos-enc

-- Create the LVM volume group which will contain root and swap partition
# vgcreate nixos-vg /dev/mapper/nixos-enc

-- Create a 16G swap partition - the amount of RAM on this machine
-- Volume is labeled "swap"
# lvcreate -L 16G -n swap nixos-vg

-- Create a logical volume for root filesystem from the remaining free space
-- Volume is labeled "root"
# lvcreate -l 100%FREE -n root nixos-vg

Filesystem creation

In this step all needed filesystems are going to be created.

In the below script, $BOOT refers to the above created boot partition (e.g /dev/nvme0n1p1)

-- Create FAT32 filesystem on the boot partition
# mkfs.vfat -n boot $BOOT

-- Create ext4 filesystem for root partition
# mkfs.ext4 -L nixos /dev/nixos-vg/root

-- Create swap partition
# mkswap -L swap /dev/nixos-vg/swap

-- Turn the swap partition on
# swapon /dev/nixos-vg/swap

Preparation for the Installation

Time to mount the created filesystems, create system configuration and finally start the installation.

In the snippet below $BOOT refers to earlier created UEFI boot partition (first partition on the disk, most likely /dev/nvme0n1p1 or /dev/sda1)

# mount /dev/nixos-vg/root /mnt
# mkdir /mnt/boot
# mount $BOOT /mnt/boot

Generate initial NixOS configuration.

# nixos-generate-config --root /mnt

Creating the first Configuration

The NixOS main configuration file is located under /etc/nixos/configuration.nix. The root filesystem has been mounted under /mnt/ so the file path (for the installation) is /mnt/etc/nixos/configuration.nix.

If there is an error in your configuration, the installation command will fail, with an error message which helps you to identify and fix the problem. Keep calm, because of the way NixOS works you can reconfigure your system and every time fallback to a known good configuration. So you don’t have to care to much about the perfect system configuration during installation. Start minimal and build on top of it!

Let’s start to configure our new system.

-- Vim - no comment on that :)
# vim /mnt/etc/nixos/configuration.nix

NixOS needs to know that we’re using UEFI, (nixos-generate-config should do this automatically for new configurations when booted in UEFI mode.)

# Use the systemd-boot EFI boot loader
boot.loader.systemd-boot.enable = true;

It’s key to tell NixOS that we have a Luks encrypted partition, that must be decrypted before the LVM partition can be used.

boot.initrd.luks.devices = [
  {
    name = "root";
    devices = "/dev/nvme0n1p2";
    preLVM = true;
  }
];

Set keyboard layout to German and the default language to English

# Select internationalisation properties
i18n = (
  consoleKeyMap = "de";
  defaultLocale = "en_US.UTF-8"
);

Set timezone to (my) local time zone

# Set your time zone
time.timeZone = "Europe/Berlin";

Manage your network devices in an easy way. I’m going to install the applet package as well.

networking.networkmanager.enable = true;

In addition to the basic configuration items, we may want to install some system packages, otherwise you will end up with a very basic system. Packages can be specified as additional configuration items. The networkmanagerapplet package is included to give us a tray icon to configure networking from.

As the comment in the configuration file tells you, you can search for packages to install with nix-env -qaP | grep $PACKAGE.

# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs: [
  networkmanagerapplet
  vim
];

With the above configuration we would only getting a basic NixOS terminal environment, which isn’t bad at all, but a little bit of graphics would be nice or? The following configuration section will activate X11 with auto start. The window manager of choice, in my case i3 a tiling window manager which is highly configurable.

# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";

services.xserver.windowManager.i3.enable = true;
services.xserver.autorun = true;

Enable touchpad support (Important for a laptop)

services.xserver.libinput.enable = true;

So nearly finished, the last thing to be done is to configure your personal user, because is isn’t a good idea to work the whole time as root. In the example below an user called tuxinaut will be created and added to some groups, most important here the wheel group that the user can run commands with sudo.

# Define a user account. Don't forget to set a password with with passwd
user.extraUsers.tuxinaut = {
  createHome = true;
  extraGroups = ["wheel" "video" "audio" "disk" "networkmanager"];
  group = "users";
  isNormalUser = true;
  uid = 1000;
};

As you might already saw there is a lot of comment out configuration in the auto generated configuration.nix and I encourage you to read through it and try as much as possible out! For everything which isn’t self explaining the Search NixOS options side will help you.

3…2..1 start

When the configuration is fine. The installation can be started.

# nixos-install
-- It'll require you to change your root password - DON'T FORGET IT!

The installation process will take some time, enough time to go out and have some fresh air.

After the installation has been finished, cross fingers and reboot your new system.

# reboot

If something went wrong, don’t worry you can always boot back into the installation, mount the partitions, change your configuration, and install again.

Lets assume, that your system booted into a login screen, you want to change your user password to avoid to login into your graphical environment as root. To do this, press Ctrl-Alt-F1 this will open a terminal, login as root

This command will change your user password $USER has to be replaced with your configured user!

# passwd $USER

Reboot your system and login as your regular user.

# reboot

Enjoy your fresh installed NixOS

References

Here are the references which I used to install NixOs on my system.

• Official NixOs Documentation
• Installing NixOS
• NixOS on a Dell 9560
• Some basics of MBR v/s GPT and BIOS v/s UEFI
• Search NixOS options
• Search NixOS packages