commit 2795aaf6e38a45020b88100557d09e20cb573e0d from: Alex Arx date: Thu Jan 09 08:39:53 2025 UTC add art/019 -- Install NixOS, update plan commit - f8331f38a176b3044ee7e8fa76286ae02ff20350 commit + 2795aaf6e38a45020b88100557d09e20cb573e0d blob - /dev/null blob + 2de6bb14f9e58c23a9d41e97ff031d432bd44418 (mode 644) --- /dev/null +++ art/019.install_nixos+zfs+encrypted_home.txt @@ -0,0 +1,131 @@ +Title: Install NixOS with ZFS and encrypted /home +Author: Alexander Arkhipov +Created: 2025-01-09 +Modified: 2025-01-09 + +I recently bought a ThinkPad L430 specifically with the purpose of +running a Linux distro on it (rather than my usual choice of OS, +OpenBSD). After some thought I decided to install NixOS with ZFS root, +and encrypted home dataset. + +This turned out to be a somewhat less explored area than I thought it +might be, so here's my how-to guide for such installation. + + +BOOT INTO INSTALLATION ENVIRONMENT + +I assume you know how to do this. If not, refer to the [NixOS Manual]. +For the purposes of this guide, I used a non-graphical installer. You +should be able to use an XFCE/KDE ISO, but you'll have to install the OS +manually anyway. + + +FIRST THINGS FIRST + +$ sudo su - +# loadkeys dvorak + +Ahhh... much better. Also, make sure you network's alright. + +# ping nixos.org + + +DISK SETUP + +Partition the disk as you normally would, creating a boot partition, +swap and a single root partition. Then create the zfs pool, datasets +and the swap partition. For zpool it is much better to use /dev/disk/by-id/* +than plain /dev/*. + +# zpool create -O compression=zstd -O mountpoint=none -O xattr=sa \ +> -O acltype=posixacl -o ashift=12 zroot /dev/disk/by-id/ata-MY_DISK_ID-part3 +# zfs create zroot/ROOT +# zfs create zroot/nix +# zfs create zroot/var +# zfs create -o encryption=on -o keyformat=passphrase -o keylocation=prompt \ +> zroot/home + +You can use zpool status and zfs list for double checking. + +Mount the zfs datasets. + +# mkdir -p /mnt +# mount -t zfs zroot/ROOT /mnt -o zfsutil +# (cd /mnt && mkdir nix var home) +# for d in nix var home; do mount -t zfs zroot/$d /mnt/$d -o zfsutil; done + +And finally, mount the boot partition and enable swap. + +# mkfs.fat -F 32 -n BOOT /dev/disk/by-id/ata-MY_DISK_ID-part1 +# mkdir /mnt/boot +# mount -o umask=077 /dev/disk/by-id/ata-MY_DISK_ID-part1 /mnt/boot +# mkswap -L swap /dev/disk/by-id/ata-MY_DISK_ID-part2 +# swapon /dev/disk/by-id/ata-MY_DISK_ID-part2 + + +INSTALLING NIXOS + +Generate the config as normal: + +# nixos-generate-config --root /mnt + +We need to edit /mnt/etc/nixos/hardware-configuration.nix: + +1. Add options = [ "zfsutils" ]; for zfs mounts. +2. Add randomEncryption = true; in swapDevices. + +Like so: + + + fileSystems."/" = { + device = "zroot/ROOT"; + fsType = "zfs"; + options = [ "zfsutil" ]; # HERE + }; + + fileSystems."/nix" = { + device = "zroot/nix"; + fsType = "zfs"; + options = [ "zfsutil" ]; # AND HERE + }; + + fileSystems."/var" = { + device = "zroot/var"; + fsType = "zfs"; + options = [ "zfsutil" ]; # HERE TOO + }; + + fileSystems."/home" = { + device = "zroot/home"; + fsType = "zfs"; + options = [ "zfsutil" ]; # YOU GUESSED IT + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-id/ata-MY_DISK_ID-part1"; + fsType = "vfat"; + }; + + # Make sure to use /dev/disk/by-id/ if enabling encryption + swapDevices = [{ + device = "/dev/disk/by-id/ata-MY_DISK_ID-part2"; + randomEncryption = true; + }]; + + +In /mnt/etc/nixos/configuration.nix make sure to set: + + boot.zfs.devNodes = "/dev/disk/by-id"; + # Generate hostid with: head -c4 /dev/urandom | od -A none -t x4 + # (or whichever method you prefer) + networking.hostId = "01234567"; + +And finally, run: + +# nixos-install +# nixos-enter --root /mnt -c 'passwd myuser' +# umount /mnt/boot && zpool export -a # Don't forget that if you want to boot +# reboot + + +[NixOS Manual] https://nixos.org/manual/nixos/stable/ blob - /dev/null blob + b04da0bcd1e268fef747bfd4ed20efccd30d4035 (mode 644) --- /dev/null +++ plan/2024.txt @@ -0,0 +1,78 @@ +News: +Entry: 2024-02-26 + +A couple of new additions: + +1. art/012.backups_on_unix.txt +2. thoughts/240226.after_a_month_in_georgia.txt + + +Entry: 2024-03-08 + +Wanted to write an article on using locales and wchar_t in C, but ended +up writing two: + +1. https://manpager.org/usr/aa/art/013.from_ascii_to_unicode.txt + gopher://manpager.org/0/usr/aa/art/013.from_ascii_to_unicode.txt + gemini://manpager.org/usr/aa/art/013.from_ascii_to_unicode.txt +2. https://manpager.org/usr/aa/art/014.locales_in_c.txt + gopher://manpager.org/0/usr/aa/art/014.locales_in_c.txt + gemini://manpager.org/usr/aa/art/014.locales_in_c.txt + + +Entry: 2024-04-27 + +- wrote an about.txt (root directory of the web/gopher/gemini site) +- archived previous year's ~/.plan entries (still can be viewed via + the web/gopher/gemini) +- added thoughts/240427.my_new_habits.txt + + +Entry: 2024-05-05 + +I wrote a new article in thoughts/240505.youth_sucks.txt, called +"Youth sucks (but adulthood and beyond don't have to)". It's pretty +short and to the point, as usual, but it is something I wanted to write +about for a long time. Enjoy! + + +Entry: 2024-06-07 + +Hello, friends. Something very tragic has happened recently. I don't +know if I'll manage to keep the site updated, but I will try, since it +seems to help a bit. + +I added a new article in art/015.cron_tricks.txt + + +Entry: 2024-06-18 + +Made a mastodon (@aa@bsd.cafe) + + +Entry: 2024-06-25 + +New article (a bit of a short one this time): +art/016.notes_on_dot-forward.txt + + +entry: 2024-07-22 + +Wrote a quick little article on installing Alpine Linux under +OpenBSD VMM: art/017.how_to_install_alpine_on_vmm.txt + + +Entry: 2024-11-19 + +gpass 0.6 and gpm 0.3 released. + + +Entry: 2024-12-29 + +Wayland on OpenBSD (2024): art/018.wayland_on_openbsd_2024.txt + + +Entry: 2025-01-09 + +Install NixOS with ZFS and encrypted /home: +art/019.install_nixos+zfs+encrypted_home.txt blob - ebed5ed371d087e9a76e4c8874aa226095bb58ee blob + 335c8485c06fb2fccc653248697100d1d59de924 --- plan.txt +++ plan.txt @@ -1,84 +1,11 @@ Now: -2024-10-17 +2025-01-09 -Having finally *e*mmigrated, trying to figure out *i*mmigration. At this -point I really don't know where it'll go, get back to me in 2030. +Love Georgia. Staying here for the next year too. -Trying to put some of my skills to where the money is at. So far, so -good. -At last, focusing on libre software development. - - News: -Entry: 2024-02-26 +Entry: 2025-01-09 -A couple of new additions: - -1. art/012.backups_on_unix.txt -2. thoughts/240226.after_a_month_in_georgia.txt - - -Entry: 2024-03-08 - -Wanted to write an article on using locales and wchar_t in C, but ended -up writing two: - -1. https://manpager.org/usr/aa/art/013.from_ascii_to_unicode.txt - gopher://manpager.org/0/usr/aa/art/013.from_ascii_to_unicode.txt - gemini://manpager.org/usr/aa/art/013.from_ascii_to_unicode.txt -2. https://manpager.org/usr/aa/art/014.locales_in_c.txt - gopher://manpager.org/0/usr/aa/art/014.locales_in_c.txt - gemini://manpager.org/usr/aa/art/014.locales_in_c.txt - - -Entry: 2024-04-27 - -- wrote an about.txt (root directory of the web/gopher/gemini site) -- archived previous year's ~/.plan entries (still can be viewed via - the web/gopher/gemini) -- added thoughts/240427.my_new_habits.txt - - -Entry: 2024-05-05 - -I wrote a new article in thoughts/240505.youth_sucks.txt, called -"Youth sucks (but adulthood and beyond don't have to)". It's pretty -short and to the point, as usual, but it is something I wanted to write -about for a long time. Enjoy! - - -Entry: 2024-06-07 - -Hello, friends. Something very tragic has happened recently. I don't -know if I'll manage to keep the site updated, but I will try, since it -seems to help a bit. - -I added a new article in art/015.cron_tricks.txt - - -Entry: 2024-06-18 - -Made a mastodon (@aa@bsd.cafe) - - -Entry: 2024-06-25 - -New article (a bit of a short one this time): -art/016.notes_on_dot-forward.txt - - -entry: 2024-07-22 - -Wrote a quick little article on installing Alpine Linux under -OpenBSD VMM: art/017.how_to_install_alpine_on_vmm.txt - - -Entry: 2024-11-19 - -gpass 0.6 and gpm 0.3 released. - - -Entry: 2024-12-29 - -Wayland on OpenBSD (2024): art/018.wayland_on_openbsd_2024.txt +Install NixOS with ZFS and encrypted /home: +art/019.install_nixos+zfs+encrypted_home.txt