Part 1 - Installing NixOs
2018-05-07Init
I heard a lot about NixOS over the last couple of years. For example Why Puppet/Chef/Ansible aren’t good enough (and we can do better) or Binärgewitter Spezial #7: NixOS.
The basic concept of Nix(OS)
made me curious, I’ve been working with Puppet
as configuration management tool at work since quite a while, which is such an awesome tool! The idea of having package and configuration management as code directly integrated into your operating system sounded really interesting for me, so I wanted to give it a try.
Until very recently, I didn’t had a private Laptop, only my work device with Ubuntu
. Some weeks back I bought a Dell 9360
and I’m really happy with this device (small and powerful)
What we going to do
I don’t need Windows
on this machine so no need to keep it. Full disk encryption is a must for me in regards of security!
- USB stick installation
- LVM disk partitioning
- Luks encryption full disk encryption
- UEFI boot loader and boot partition
- Minimal system with with
i3
as window manager
Conventions
- $ for regular user login
- # for root login
- -- for comments
Preparations
Installation media
At first we need an installation medium. I’m using the 64-bit minimal install CD which is downloadable under NixOS Download
After you downloaded the image it has to be copied to the USB stick (NOTE: this is going to destroy all data on the USB stick)
-- Check for the USB stick device name
$ lsblk
-- Copy the image via dd
-- Source of the NixOs CD image
# IMAGE="~/nixos-minimal-18.03.132268.5f16ba8fb0f-x86_64-linux.iso"
# DEST="/dev/sdb"
# dd bs=1M if=$IMAGE of=$DEST
System configuration
Before the installation can start, some things must be configured inside UEFI
.
To enter UEFI
press F2 in the beginning of the boot process (this is at least the case for Dell
systems, for other systems ask the search engine of your choice)
- Disable Security boot
- In Dell
UEFI
: Settings → Secure Boot → Secure Boot Enable
- In Dell
- Set DATA Operation to AHCI, otherwise no hard disk is available during setup
- In Dell
UEFI
: Settings → System Configuration → SATA Operation
- In Dell
Installation
Time to boot from the prepared USB Stick. On my Dell
machine you must press F12 during boot up to open the boot menu where you then select the USB stick. Also this process can differ from device to device.
From here on we’ll be in a root shell the whole time during the NixOs
installation.
Keyboard layout
Yes I’m German and used to the German keyboard layout, so have to change it.
-- Load German layout
# loadkeys de
Networking
Having internet access during NixOs
installation is beneficial. If you plan anything more than a minimal system, you want internet access to install system packages.
Either you’re lazy and plug a network cable in or you setup up WiFi, because the Dell 9360
has no Ethernet port I had to do it.
-- Generates PSK entry for autenticating against your WiFi network
wpa_passphrase $SSID $PASSPHRASE > /etc/wpa_supplicant.conf
-- Restarts WPA Supplicant, which enables the WiFi for us
service restart
-- Test
ping nixos.org
64 bytes ....
Partitioning
Keep in mind this step is going to destroy all data on your disk
UEFI
devices requiring a GUID
partition table (GPT
) therefore we’ll using gdisk
instead of fdisk
. If you’re installing on a non UEFI
system you can do the same job with fdisk
.
-- Identify the disk for NixOs installation -- something like /dev/sda or /dev/nvme0n1
-- We'll refer to the disk as $DISK
# blkid
-- Open gdisk on the disk we want to install
# gdisk $DISK
-----------------
-- GDISK COMMANDS
-- Print all partitions on the disk
Command: p
-- Delete all partitions
-- Repeat untill all partitions are gone
Command: d
Now we can create all partitions we need (or want):
EFI
boot partition- LVM partition (Logical volume management) for root and swap partitions
- LVM makes it easier to change partition size or layout if needed
-----------------
-- STILL IN GDISK
-- GDISK COMMANDS
-- Create EFI boot partition
Command: n
Partition number: 1
First sector: <use default value>
Last sector: +1G -- Make a 1 gigabyte big partition
Hex code or GUID: ef00 -- EFI System type
-- Create LVM partition
Command: n
Partition number: 2
First sector: <use default value>
Last sector: <use default value> -- Use all available diskspace
Hex code or GUID: 8e00 -- Linux LVM System type
-- Write changed to disk
Command: w
Encryption and LVM
Partition table and primary partitions are in place. The partition which contains the LVM
partitions can be encrypted now. This is the second partition which has been created above - it should be something like /dev/nvme0n1p2
or /dev/sda2
, I’ll refer to it as $LVM_PARTITION
below.
The boot partition isn’t encrypted because there is no need (at least for me) and I’d make thing to complex, but if you want, take a look at the Archlinux Wiki - Disk encryption.
In my case I’m creating a swap partition as big as the RAM of my machine (16GB for hibernation, which hopefully works) the rest will become root filesystem.
-- Enter your passphrase - DON'T FORGET THIS
# cryptsetup luksFormat $LVM_PARTITION
-- Decrypt the encrypted partition and call it nixos-enc.
-- The decrypted partition will be mounted at /dev/mapper/nixos-enc
# cryptsetup luksOpen $LVM_PARTITION nixos-enc
-- Create the LVM physical volume using nixos-enc
# pvcreate nixos-vg /dev/mapper/nixos-enc
-- Create the LVM volume group which will contain root and swap partition
# vgcreate nixos-vg /dev/mapper/nixos-enc
-- Create a 16G swap partition - the amount of RAM on this machine
-- Volume is labeled "swap"
# lvcreate -L 16G -n swap nixos-vg
-- Create a logical volume for root filesystem from the remaining free space
-- Volume is labeled "root"
# lvcreate -l 100%FREE -n root nixos-vg
Filesystem creation
In this step all needed filesystems are going to be created.
In the below script, $BOOT refers to the above created boot partition (e.g /dev/nvme0n1p1
)
-- Create FAT32 filesystem on the boot partition
# mkfs.vfat -n boot $BOOT
-- Create ext4 filesystem for root partition
# mkfs.ext4 -L nixos /dev/nixos-vg/root
-- Create swap partition
# mkswap -L swap /dev/nixos-vg/swap
-- Turn the swap partition on
# swapon /dev/nixos-vg/swap
Preparation for the Installation
Time to mount the created filesystems, create system configuration and finally start the installation.
In the snippet below $BOOT
refers to earlier created UEFI
boot partition (first partition on the disk, most likely /dev/nvme0n1p1
or /dev/sda1
)
# mount /dev/nixos-vg/root /mnt
# mkdir /mnt/boot
# mount $BOOT /mnt/boot
Generate initial NixOS
configuration.
# nixos-generate-config --root /mnt
Creating the first Configuration
The NixOS
main configuration file is located under /etc/nixos/configuration.nix
. The root filesystem has been mounted under /mnt/
so the file path (for the installation) is /mnt/etc/nixos/configuration.nix
.
If there is an error in your configuration, the installation command will fail, with an error message which helps you to identify and fix the problem. Keep calm, because of the way NixOS
works you can reconfigure your system and every time fallback to a known good configuration. So you don’t have to care to much about the perfect system configuration during installation. Start minimal and build on top of it!
Let’s start to configure our new system.
-- Vim - no comment on that :)
# vim /mnt/etc/nixos/configuration.nix
NixOS
needs to know that we’re using UEFI
, (nixos-generate-config
should do this automatically for new configurations when booted in UEFI mode.)
# Use the systemd-boot EFI boot loader
boot.loader.systemd-boot.enable = true;
It’s key to tell NixOS
that we have a Luks
encrypted partition, that must be decrypted before the LVM
partition can be used.
boot.initrd.luks.devices = [
{
name = "root";
devices = "/dev/nvme0n1p2";
preLVM = true;
}
];
Set keyboard layout to German
and the default language to English
# Select internationalisation properties
i18n = (
consoleKeyMap = "de";
defaultLocale = "en_US.UTF-8"
);
Set timezone to (my) local time zone
# Set your time zone
time.timeZone = "Europe/Berlin";
Manage your network devices in an easy way. I’m going to install the applet package as well.
networking.networkmanager.enable = true;
In addition to the basic configuration items, we may want to install some system packages, otherwise you will end up with a very basic system. Packages can be specified as additional configuration items. The networkmanagerapplet
package is included to give us a tray icon to configure networking from.
As the comment in the configuration file tells you, you can search for packages to install with nix-env -qaP | grep $PACKAGE
.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs: [
networkmanagerapplet
vim
];
With the above configuration we would only getting a basic NixOS
terminal environment, which isn’t bad at all, but a little bit of graphics would be nice or? The following configuration section will activate X11
with auto start. The window manager of choice, in my case i3 a tiling window manager which is highly configurable.
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.layout = "de";
services.xserver.windowManager.i3.enable = true;
services.xserver.autorun = true;
Enable touchpad support (Important for a laptop)
services.xserver.libinput.enable = true;
So nearly finished, the last thing to be done is to configure your personal user, because is isn’t a good idea to work the whole time as root
. In the example below an user called tuxinaut
will be created and added to some groups, most important here the wheel
group that the user can run commands with sudo.
# Define a user account. Don't forget to set a password with with passwd
user.extraUsers.tuxinaut = {
createHome = true;
extraGroups = ["wheel" "video" "audio" "disk" "networkmanager"];
group = "users";
isNormalUser = true;
uid = 1000;
};
As you might already saw there is a lot of comment out configuration in the auto generated configuration.nix
and I encourage you to read through it and try as much as possible out! For everything which isn’t self explaining the Search NixOS options side will help you.
3…2..1 start
When the configuration is fine. The installation can be started.
# nixos-install
-- It'll require you to change your root password - DON'T FORGET IT!
The installation process will take some time, enough time to go out and have some fresh air.
After the installation has been finished, cross fingers and reboot your new system.
# reboot
If something went wrong, don’t worry you can always boot back into the installation, mount the partitions, change your configuration, and install again.
Lets assume, that your system booted into a login screen, you want to change your user password to avoid to login into your graphical environment as root
. To do this, press Ctrl-Alt-F1
this will open a terminal, login as root
This command will change your user password $USER
has to be replaced with your configured user!
# passwd $USER
Reboot your system and login as your regular user.
# reboot
Enjoy your fresh installed NixOS
References
Here are the references which I used to install NixOs
on my system.