1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
#+TITLE: Installation
#+AUTHOR: Franck Cuny
#+EMAIL: franck@fcuny.net
* Prepare the USB stick
Download the most recent image from https://nixos.org/download.html then put it on a stick:
#+begin_src sh
sudo cp ~/downloads/nixos-minimal-21.11.336020.2128d0aa28e-x86_64-linux.iso /dev/sda
#+end_src
* Partitioning
** For the workstation (desktop/laptop)
All hosts have the same partitioning for the boot drive:
- /boot partition for UEFI
- / encrypted with btrfs
- a 8GB swap
If we assume the boot drive to be =nvme0n1=, we will do the following:
#+begin_src sh
parted /dev/nvme0n1 -- mklabel gpt
parted /dev/nvme0n1 -- mkpart primary 512MiB -8GiB
parted /dev/nvme0n1 -- mkpart primary linux-swap -8GiB 100%
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
parted /dev/nvme0n1 -- set 3 esp on
#+end_src
Running =lsbkl= should give the following output:
#+begin_src sh
[root@nixos:~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 709M 1 loop /nix/.ro-store
sda 8:0 1 29.9G 0 disk
├─sda1 8:1 1 784M 0 part /iso
└─sda2 8:2 1 37M 0 part
nvme0n1 259:0 0 465.8G 0 disk
├─nvme0n1p1 259:1 0 457.3G 0 part
├─nvme0n1p2 259:2 0 8G 0 part
└─nvme0n1p3 259:3 0 511M 0 part
#+end_src
Then we create the LUKS device:
#+begin_src sh
cryptsetup --verify-passphrase -v luksFormat /dev/nvme0n1p1
cryptsetup open /dev/nvme0n1p1 system
#+end_src
We can create the partition for the boot drive and activate the swap:
#+begin_src sh
mkswap -L swap /dev/nvme0n1p2
swapon /dev/nvme0n1p2
mkfs.fat -F 32 -n nixos-boot /dev/nvme0n1p3
#+end_src
#+begin_src sh
mkfs.btrfs /dev/mapper/system
mount -t btrfs /dev/mapper/system /mnt
btrfs subvolume create /mnt/nixos
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/snapshots
umount /mnt
#+end_src
Now we can re-mount the partitions with the proper options:
#+begin_src sh
mount -o subvol=nixos,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt
mkdir /mnt/{home,boot,.snapshots}
mount -o subvol=home,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt/home
mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/system /mnt/.snapshots
mount /dev/nvme0n1p3 /mnt/boot
#+end_src
Once the installation is completed:
#+begin_src sh
CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
#+end_src
** Partitions for the NAS
Create the RAIDs:
#+begin_src sh
mdadm --create /dev/md/fast --level=mirror --raid-devices=2 /dev/sda /dev/sdb
mdadm --create /dev/md/slow --level=mirror --raid-devices=2 /dev/sdc /dev/sde
#+end_src
Encrypt the RAIDs:
#+begin_src sh
cryptsetup --verify-passphrase -v luksFormat /dev/md/slow
cryptsetup --verify-passphrase -v luksFormat /dev/md/fast
#+end_src
Then open them:
#+begin_src sh
cryptsetup open /dev/md/fast raid-fast
cryptsetup open /dev/md/slow raid-slow
#+end_src
Create the filesystem:
#+begin_src sh
mkfs.btrfs /dev/mapper/raid-fast
mkfs.btrfs /dev/mapper/raid-slow
#+end_src
Then we can mount them to generate the host configuration
#+begin_src sh
btrfs subvolume create /mnt/media
btrfs subvolume create /mnt/containers
umount /mnt
mount -t btrfs /dev/mapper/raid-slow /mnt/
btrfs subvolume create /mnt/backups
mkdir /mnt/data/{backups,containers,media}
mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
mount -o subvol=containers,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/containers
mount -o subvol=backups,compress=zstd,noatime,autodefrag /dev/mapper/raid-slow /mnt/data/backups
#+end_src
* Installing the system
Let's add git and nixFlakes:
#+begin_src sh
nix-shell -p git nixFlakes
#+end_src
#+begin_src sh
nixos-generate-config --root /mnt
mkdir /mnt/root
git clone https://git.fcuny.net/fcuny/world.git /mnt/root/world
mkdir /mnt/root/world/hosts/<host name>
cp /mnt/etc/nixos/hardware-configuration.nix /mnt/root/world/hosts/<host name>/
cp /mnt/root/world/hosts/aptos/default.nix /mnt/root/world/hosts/<host name>/
vim /mnt/root/world/hosts/<host name>/default.nix
cd /mnt/root/world
git add hosts/tahoe
cd /
nixos-install --root /mnt --flake /mnt/root/world#<host name>
#+end_src
Create another snapshot
#+begin_src sh
CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
#+end_src
And a =reboot= should be enough.
* home-manager initial install
After a reboot, as root:
#+begin_src sh
nix-channel --add https://github.com/nix-community/home-manager/archive/release-21.11.tar.gz home-manager
nix-channel --update
nix-shell '<home-manager>' -A install
home-manager build --flake .#fcuny@<host name>
#+end_src
|
