mirror of https://codeberg.org/privacy1st/nixos-anywhere-example synced 2024-11-20 21:58:06 +01:00

History

Daniel Langbein cc3fc9ea43 NixOS 23.11		2023-12-13 23:11:19 +01:00
..
disk-configs	docs	2023-12-13 12:22:05 +01:00
hardware-configs	add hardware config (yodaHedgehog)	2023-11-03 12:59:36 +01:00
flake.lock	template/flake.lock: Update	2023-12-13 23:10:21 +01:00
flake.nix	NixOS 23.11	2023-12-13 23:11:19 +01:00
install-helper.sh	initrd ssh	2023-11-03 13:42:11 +01:00
iso.nix	refactor	2023-11-03 12:56:52 +01:00
nitrokey.pub	enable SSH	2023-10-12 12:04:12 +02:00
README.md	docs	2023-12-13 12:22:05 +01:00
ssh-fde-unlock.nix	initrd ssh	2023-11-03 13:42:11 +01:00

README.md

nixos-anywhere and disko

This is an example repository for nixos-anywhere and disko.

Inspiration:

Introductory presentation: https://pad.lassul.us/cccamp-workshop
https://github.com/numtide/nixos-anywhere-examples

Manuals:

disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md
nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md

Build installer ISO with passwordless SSH

nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
# aarch64 ISO (requires emulation)
#nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix --argstr system aarch64-linux

ls result/iso/*.iso

Hardware Configuration

Boot the target machine into NixOS live ISO. Then execute the following, ideally while connected as root via SSH:

nixos-generate-config --no-filesystems --root /mnt
cat /mnt/etc/nixos/hardware-configuration.nix

Save the output to a new file in ./hardware-configs. In ./flake.nix replace ./hardware-configs/yodaHP.nix with it.

Note: The hardware configuration should not contain any fileSystems.<name> options as these are generated based on your disko configuration.

Furthermore, in ./flake.nix replace disko.devices.disk.disk1.device with the id of your target block device.

Lastly, in ./flake.nix replace pbkdf-memory with your amount of RAM - 500 MB.

Optionally, if ssh-fde-unlock.nix is imported in ./flake.nix, replace the kernel network driver with the correct one there.

Installation

To run the interactive vm test run:

nix --extra-experimental-features nix-command --extra-experimental-features flakes \
  run github:numtide/nixos-anywhere -- -f '.#mysystem' --vm-test

To install on remote target machine:

nix --extra-experimental-features nix-command --extra-experimental-features flakes \
  run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106

To install on remote target machine and print the SSH fingerprint of the new system. If no encrypted disks are set up, the disk password can be left empty:

./install-helper.sh 22 root@192.168.178.106

Updating dependencies

Recreate the lock file (i.e. update all inputs) and commit the new lock file:

nix --extra-experimental-features nix-command --extra-experimental-features flakes \
  flake update --commit-lock-file

TODOs

Hetzner Cloud example: https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix

Appendix - LUKS Parameters

Warning: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose --iter-time <= 7500.