2021-12-02 18:39:48 +00:00
|
|
|
# Provisioning
|
|
|
|
|
|
2021-12-03 20:52:53 +00:00
|
|
|
NixOS installation:
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
# Physical partitions
|
|
|
|
|
sudo parted /dev/disk/by-id/example -- mklabel gpt
|
|
|
|
|
sudo parted /dev/disk/by-id/example -- mkpart pv-enc 512MiB 100%
|
|
|
|
|
sudo parted /dev/disk/by-id/example -- mkpart ESP fat32 1MiB 512MiB
|
|
|
|
|
sudo parted /dev/disk/by-id/example -- set 2 esp on
|
|
|
|
|
|
|
|
|
|
# Encryption
|
|
|
|
|
sudo cryptsetup luksFormat /dev/disk/by-partlabel/pv-enc
|
|
|
|
|
sudo cryptsetup luksOpen /dev/disk/by-partlabel/pv-enc pv
|
|
|
|
|
|
|
|
|
|
# Logical volumes
|
|
|
|
|
sudo pvcreate /dev/mapper/pv
|
|
|
|
|
sudo vgcreate vg /dev/mapper/pv
|
|
|
|
|
sudo lvcreate --name swap --size 4G vg
|
|
|
|
|
sudo lvcreate --name root --extents '100%FREE' vg
|
|
|
|
|
|
|
|
|
|
# Filesystems
|
|
|
|
|
sudo mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/ESP
|
|
|
|
|
sudo mkswap --label swap /dev/vg/swap
|
2022-01-25 04:47:52 +00:00
|
|
|
sudo mkfs.btrfs --label root /dev/vg/root
|
2021-12-03 20:52:53 +00:00
|
|
|
|
|
|
|
|
# Manual mounts
|
|
|
|
|
sudo swapon /dev/disk/by-label/swap
|
2022-01-25 04:47:52 +00:00
|
|
|
sudo mount -t btrfs -o compress=zstd,noatime /dev/disk/by-label/root /mnt
|
2021-12-03 20:52:53 +00:00
|
|
|
sudo mkdir /mnt/boot
|
|
|
|
|
sudo mount /dev/disk/by-label/boot /mnt/boot
|
|
|
|
|
|
|
|
|
|
# NixOS configuration
|
|
|
|
|
sudo nixos-generate-config --root /mnt
|
|
|
|
|
|
|
|
|
|
# NixOS installation
|
|
|
|
|
sudo nixos-install --no-root-passwd
|
|
|
|
|
```
|
|
|
|
|
|
2023-12-19 23:17:19 +00:00
|
|
|
Channels:
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
# System
|
|
|
|
|
sudo nix-channel --add "https://nixos.org/channels/nixos-$RELEASE" 'nixos'
|
|
|
|
|
sudo nix-channel --add 'https://github.com/NixOS/nixos-hardware/archive/master.tar.gz' 'nixos-hardware'
|
|
|
|
|
|
|
|
|
|
# User
|
|
|
|
|
nix-channel --add "https://github.com/nix-community/home-manager/archive/release-$RELEASE.tar.gz" 'home-manager'
|
2024-04-22 21:58:28 +00:00
|
|
|
nix-channel --add 'https://github.com/xddxdd/nix-math/archive/master.tar.gz' 'nix-math'
|
2023-12-19 23:17:19 +00:00
|
|
|
nix-channel --add 'https://nixos.org/channels/nixos-unstable' 'unstable'
|
|
|
|
|
nix-channel --add 'https://github.com/nix-community/nix-vscode-extensions/archive/master.tar.gz' 'community-vscode-extensions'
|
|
|
|
|
```
|
|
|
|
|
|
2021-12-03 20:52:53 +00:00
|
|
|
Configuration structure:
|
|
|
|
|
|
2021-12-02 18:39:48 +00:00
|
|
|
```bash
|
|
|
|
|
git clone 'git@gitlab.com:Andrew/configuration.git' "$HOME/src/configuration"
|
2023-02-05 18:01:25 +00:00
|
|
|
ln -rs "$HOME/src/configuration/hosts/$HOST/system.nix" '/etc/nixos/configuration.nix'
|
2023-06-01 06:03:19 +00:00
|
|
|
ln -rs "$HOME/src/configuration/hosts/$HOST/user.nix" "$HOME/.config/home-manager/home.nix"
|
2022-08-17 23:31:26 +00:00
|
|
|
ln -rs "$HOME/src/configuration/common/packages.nix" "$HOME/.config/nixpkgs/overlays/packages.nix"
|
2021-12-02 18:39:48 +00:00
|
|
|
```
|
2021-12-03 20:52:53 +00:00
|
|
|
|
|
|
|
|
Host-specific secrets:
|
|
|
|
|
|
|
|
|
|
```bash
|
2022-12-07 17:59:29 +00:00
|
|
|
# U2F
|
2023-12-01 07:20:01 +00:00
|
|
|
pamu2fcfg > '/etc/u2f-mappings' # Keychain
|
|
|
|
|
pamu2fcfg -n >> '/etc/u2f-mappings' # Backup
|
2022-12-07 17:59:29 +00:00
|
|
|
|
|
|
|
|
# Wireguard
|
|
|
|
|
sudo mkdir '/var/lib/wireguard'
|
|
|
|
|
gopass show --password "wireguard/$HOST" | sudo tee '/var/lib/wireguard/wg0.key' >/dev/null
|
|
|
|
|
sudo chown root:systemd-network '/var/lib/wireguard/wg0.key'
|
|
|
|
|
sudo chmod 640 '/var/lib/wireguard/wg0.key'
|
2021-12-03 20:52:53 +00:00
|
|
|
```
|
