AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add LUKS

Browse Source
This commit is contained in:
Dmitriy 2019-09-22 22:40:08 +04:00
parent bd47069dd6
commit 501c1eb165
3 changed files with 71 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
install/install.sh
View File

@ -3,27 +3,35 @@ DEVICE=/dev/nvme0n1
BOOT_PARTITION=/dev/nvme0n1p1
SWAP_PARTITION=/dev/nvme0n1p2
ROOT_PARTITION=/dev/nvme0n1p3
SWAP_NAME=cryptswap
ROOT_NAME=cryptnixos
gdisk $DEVICE
mkfs.vfat -n BOOT $BOOT_PARTITION
mkfs.btrfs -f -L root $ROOT_PARTITION
mkswap -L swap $SWAP_PARTITION
mount -t btrfs $ROOT_PARTITION /mnt/
btrfs subvolume create /mnt/nixos
umount /mnt/
mount -t btrfs -o subvol=nixos,compress=zstd,noatime,discard,ssd $ROOT_PARTITION /mnt/
btrfs subvolume create /mnt/var
btrfs subvolume create /mnt/home
cryptsetup --type luks2 --cipher aes-xts-plain64 --key-size 256 --hash sha512 luksFormat $ROOT_PARTITION
cryptsetup luksOpen $ROOT_PARTITION $ROOT_NAME
mkfs.btrfs -f -L root /dev/mapper/$ROOT_NAME
mount -t btrfs -o compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt
btrfs subvolume create /mnt/@nixos
btrfs subvolume create /mnt/@nix-store
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@snapshots
umount /mnt
mount -t btrfs -o subvol=@nixos,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/
mkdir -p /mnt/.snapshots
mkdir -p /mnt/home
mkdir -p /mnt/nix/store
mount -t btrfs -o subvol=@snapshots,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/.snapshots
mount -t btrfs -o subvol=@home,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/home
mount -t btrfs -o subvol=@nix-store,compress=zstd,noatime,ssd /dev/mapper/$ROOT_NAME /mnt/nix/store
btrfs subvolume create /mnt/tmp
btrfs subvolume create /mnt/var
mkdir /mnt/boot
mount $BOOT_PARTITION /mnt/boot
# create swap
mkfs.ext2 -L $SWAP_NAME $SWAP_PARTITION 1M
nixos-generate-config --root /mnt/
cp ./min-config.nix /mnt/etc/nixos/configuration.nix
nano /mnt/etc/nixos/configuration.nix
nixos-install -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz

37
install/min-config.nix
View File

@ -12,20 +12,40 @@
fileSystems = {
"/" = {
options = [ "noatime" "ssd" "discard" "compress=zstd" ];
options = [ "noatime" "ssd" "compress=zstd" ];
};
"/.snapshots" = {
options = [ "noatime" "ssd" "compress=zstd" ];
};
"/home" = {
options = [ "noatime" "ssd" "compress=zstd" ];
};
"/nix-store" = {
options = [ "noatime" "ssd" "compress=zstd" ];
};
};
swapDevices = [
{ label = "swap"; }
];
networking = {
hostName = "nixos";
firewall.enable = false;
networkmanager.enable = false;
wireless.enable = true;
wireless.userControlled.enable = true;
wireless = {
enable = true;
userControlled.enable = true;
networks.Alukard_5GHz = {
pskRaw = "feee27000fb0d7118d498d4d867416d04d1d9a1a7b5dbdbd888060bbde816fe4";
priority = 1;
};
};
};
nixpkgs.config = {
allowUnfree = true;
};
nix = {
useSandbox = true;
autoOptimiseStore = true;
optimise.automatic = true;
};
i18n = {
@ -40,9 +60,12 @@
wget vim git
];
users.mutableUsers = false;
users.users.alukard = {
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 1000;
hashedPassword = "$6$kDBGyd99tto$9LjQwixa7NYB9Kaey002MD94zHob1MmNbVz9kx3yX6Q4AmVgsFMGUyNuHozXprxyuXHIbOlTcf8nd4rK8MWfI/";
};
system.stateVersion = "19.03";

24
modules/filesystems.nix
View File

@ -10,6 +10,25 @@ with deviceSpecific; {
else
[ "noatime" "compress=zstd" ];
};
"/.snapshots" = {
options = if isSSD then
[ "ssd" "noatime" "compress=zstd" ]
else
[ "noatime" "compress=zstd" ];
};
"/home" = {
options = if isSSD then
[ "ssd" "noatime" "compress=zstd" ]
else
[ "noatime" "compress=zstd" ];
};
"/nix-store" = {
options = if isSSD then
[ "ssd" "noatime" "compress=zstd" ]
else
[ "noatime" "compress=zstd" ];
};
"/shared/nixos" = lib.mkIf isVM {
fsType = "vboxsf";
device = "shared";
@ -48,9 +67,4 @@ with deviceSpecific; {
];
};
};
# mount swap
swapDevices = [
{ label = "swap"; }
];
}