# Provisioning

NixOS installation:

```bash
# Physical partitions
sudo parted /dev/disk/by-id/example -- mklabel gpt
sudo parted /dev/disk/by-id/example -- mkpart pv-enc 512MiB 100%
sudo parted /dev/disk/by-id/example -- mkpart ESP fat32 1MiB 512MiB
sudo parted /dev/disk/by-id/example -- set 2 esp on

# Encryption
sudo cryptsetup luksFormat /dev/disk/by-partlabel/pv-enc
sudo cryptsetup luksOpen /dev/disk/by-partlabel/pv-enc pv

# Logical volumes
sudo pvcreate /dev/mapper/pv
sudo vgcreate vg /dev/mapper/pv
sudo lvcreate --name swap --size 4G vg
sudo lvcreate --name root --extents '100%FREE' vg

# Filesystems
sudo mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/ESP
sudo mkswap --label swap /dev/vg/swap
sudo mkfs.btrfs --label root /dev/vg/root

# Manual mounts
sudo swapon /dev/disk/by-label/swap
sudo mount -t btrfs -o compress=zstd,noatime /dev/disk/by-label/root /mnt
sudo mkdir /mnt/boot
sudo mount /dev/disk/by-label/boot /mnt/boot

# NixOS configuration
sudo nixos-generate-config --root /mnt

# NixOS installation
sudo nixos-install --no-root-passwd
```

Configuration structure:

```bash
git clone 'git@gitlab.com:Andrew/configuration.git' "$HOME/src/configuration"
ln -rs "$HOME/src/configuration/hosts/$HOST/nixos.nix" '/etc/nixos/configuration.nix'
ln -rs "$HOME/src/configuration/hosts/$HOST/nix.conf" "$HOME/.config/nix/nix.conf"
ln -rs "$HOME/src/configuration/hosts/$HOST/nixpkgs.nix" "$HOME/.config/nixpkgs/config.nix"
ln -rs "$HOME/src/configuration/hosts/$HOST/home.nix" "$HOME/.config/nixpkgs/home.nix"
```

Host-specific secrets:

```bash
pamu2fcfg > "$HOME/src/configuration/hosts/$HOST/local/andrew.u2f" # Keychain
pamu2fcfg -n >> "$HOME/src/configuration/hosts/$HOST/local/andrew.u2f" # Backup
```