90 lines
3.2 KiB
Markdown
Raw Normal View History

2023-10-12 13:08:36 +02:00
# nixos-anywhere and disko
2023-10-12 13:04:19 +02:00
2023-10-12 13:08:36 +02:00
This is an example repository for nixos-anywhere and disko.
2023-08-16 15:19:40 +02:00
2023-10-16 19:34:09 +02:00
Inspiration:
2023-10-16 18:55:46 +02:00
* Introductory presentation: https://pad.lassul.us/cccamp-workshop
2023-10-16 19:34:09 +02:00
* https://github.com/numtide/nixos-anywhere-examples
Manuals:
2023-10-16 18:50:51 +02:00
* disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md
* nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md
2023-10-12 13:08:36 +02:00
## Build installer ISO with passwordless SSH
2023-10-12 13:01:44 +02:00
```shell
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
2023-10-24 17:54:40 +02:00
# aarch64 ISO (requires emulation)
#nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix --argstr system aarch64-linux
ls result/iso/*.iso
2023-10-12 13:01:44 +02:00
```
2023-10-12 13:04:19 +02:00
## Hardware Configuration
2023-08-16 15:19:40 +02:00
Boot the target machine into NixOS live ISO. Then execute the following, ideally while connected as root via SSH:
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
```shell
nixos-generate-config --no-filesystems --root /mnt
cat /mnt/etc/nixos/hardware-configuration.nix
2023-08-16 15:19:40 +02:00
```
2023-12-13 12:22:05 +01:00
Save the output to a new file in [./hardware-configs](./hardware-configs). In [./flake.nix](./flake.nix) replace `./hardware-configs/yodaHP.nix` with it.
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
Note: The hardware configuration should not contain any `fileSystems.<name>` options as these are generated based on your disko configuration.
2023-08-16 15:19:40 +02:00
---
Furthermore, in [./flake.nix](./flake.nix) replace `disko.devices.disk.disk1.device` with the id of your target block device.
---
Lastly, in [./flake.nix](./flake.nix) replace `pbkdf-memory` with your amount of RAM - 500 MB.
2023-11-03 13:42:11 +01:00
---
Optionally, if `ssh-fde-unlock.nix` is imported in [./flake.nix](./flake.nix), replace the kernel network driver with the correct one there.
2023-10-12 13:04:19 +02:00
## Installation
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
To run the interactive vm test run:
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
run github:numtide/nixos-anywhere -- -f '.#mysystem' --vm-test
```
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
To install on remote target machine:
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
2023-10-12 14:00:14 +02:00
run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106
2023-08-16 15:19:40 +02:00
```
2023-10-16 18:32:46 +02:00
To install on remote target machine **and** print the SSH fingerprint of the new system. If no encrypted disks are set up, the disk password can be left empty:
2023-10-12 13:43:30 +02:00
```shell
2023-10-16 18:32:46 +02:00
./install-helper.sh 22 root@192.168.178.106
2023-10-12 13:43:30 +02:00
```
2023-10-12 13:04:19 +02:00
## Updating dependencies
2023-08-16 15:19:40 +02:00
2023-10-12 13:04:19 +02:00
Recreate the lock file (i.e. update all inputs) and commit the new lock file:
```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
flake update --commit-lock-file
2023-08-16 15:19:40 +02:00
```
2023-10-16 18:55:46 +02:00
## TODOs
2023-10-16 19:34:09 +02:00
- Hetzner Cloud example: https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix
2023-12-13 12:22:05 +01:00
## Appendix - LUKS Parameters
**Warning**: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose `--iter-time` <= `7500`.
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L498
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L30
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L36C7-L36C7