mirror of https://codeberg.org/privacy1st/nixos-anywhere-example synced 2024-11-20 21:58:06 +01:00

History

Daniel Langbein bbb222f9ab template/flake.lock: Update Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/32ce057c183506cecb0b84950e4eaf39f37e8c75' (2023-10-09) → 'github:nix-community/disko/bd8fbc3f274288ac905bcea66bc2a5428abde458' (2023-12-13) • Updated input 'nixos-anywhere': 'github:numtide/nixos-anywhere/cd5a2d7835e9edbb791a5df571c83822e2a3766e' (2023-10-10) → 'github:numtide/nixos-anywhere/3a87ed3cb058567cff3afe42f84483926d9d05a1' (2023-12-12) • Updated input 'nixos-anywhere/disko': 'github:nix-community/disko/91af5b4a53ee8e57f4178ef58036dce49fbda91a' (2023-09-14) → 'github:nix-community/disko/1144887c6f4d2dcbb2316a24364ef53e25b0fcfe' (2023-12-06) • Updated input 'nixos-anywhere/flake-parts': 'github:hercules-ci/flake-parts/7f53fdb7bdc5bb237da7fefef12d099e4fd611ca' (2023-09-01) → 'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01) • Removed input 'nixos-anywhere/nixos-2305' • Updated input 'nixos-anywhere/nixos-images': 'github:nix-community/nixos-images/c4c73bce65306a1e747684dd0d4bcf0ab2779585' (2023-09-11) → 'github:nix-community/nixos-images/d655cc02fcb9ecdcca4f3fb307e291a4b5be1339' (2023-12-12) • Removed input 'nixos-anywhere/nixos-images/nixos-2305' • Added input 'nixos-anywhere/nixos-images/nixos-2311': follows 'nixos-anywhere/nixos-stable' • Added input 'nixos-anywhere/nixos-stable': 'github:NixOS/nixpkgs/781e2a9797ecf0f146e81425c822dca69fe4a348' (2023-12-10) • Updated input 'nixos-anywhere/treefmt-nix': 'github:numtide/treefmt-nix/7a49c388d7a6b63bb551b1ddedfa4efab8f400d8' (2023-09-12) → 'github:numtide/treefmt-nix/390018a9398f9763bfc05ffe6443ce0622cb9ba6' (2023-12-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f99e5f03cc0aa231ab5950a15ed02afec45ed51a' (2023-10-09) → 'github:NixOS/nixpkgs/cf28ee258fd5f9a52de6b9865cdb93a1f96d09b7' (2023-12-12)		2023-12-13 23:10:21 +01:00
..
disk-configs	docs	2023-12-13 12:22:05 +01:00
hardware-configs	add hardware config (yodaHedgehog)	2023-11-03 12:59:36 +01:00
flake.lock	template/flake.lock: Update	2023-12-13 23:10:21 +01:00
flake.nix	ssh: disable password auth	2023-11-03 14:56:19 +01:00
install-helper.sh	initrd ssh	2023-11-03 13:42:11 +01:00
iso.nix	refactor	2023-11-03 12:56:52 +01:00
nitrokey.pub	enable SSH	2023-10-12 12:04:12 +02:00
README.md	docs	2023-12-13 12:22:05 +01:00
ssh-fde-unlock.nix	initrd ssh	2023-11-03 13:42:11 +01:00

README.md

nixos-anywhere and disko

This is an example repository for nixos-anywhere and disko.

Inspiration:

Introductory presentation: https://pad.lassul.us/cccamp-workshop
https://github.com/numtide/nixos-anywhere-examples

Manuals:

disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md
nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md

Build installer ISO with passwordless SSH

nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
# aarch64 ISO (requires emulation)
#nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix --argstr system aarch64-linux

ls result/iso/*.iso

Hardware Configuration

Boot the target machine into NixOS live ISO. Then execute the following, ideally while connected as root via SSH:

nixos-generate-config --no-filesystems --root /mnt
cat /mnt/etc/nixos/hardware-configuration.nix

Save the output to a new file in ./hardware-configs. In ./flake.nix replace ./hardware-configs/yodaHP.nix with it.

Note: The hardware configuration should not contain any fileSystems.<name> options as these are generated based on your disko configuration.

Furthermore, in ./flake.nix replace disko.devices.disk.disk1.device with the id of your target block device.

Lastly, in ./flake.nix replace pbkdf-memory with your amount of RAM - 500 MB.

Optionally, if ssh-fde-unlock.nix is imported in ./flake.nix, replace the kernel network driver with the correct one there.

Installation

To run the interactive vm test run:

nix --extra-experimental-features nix-command --extra-experimental-features flakes \
  run github:numtide/nixos-anywhere -- -f '.#mysystem' --vm-test

To install on remote target machine:

nix --extra-experimental-features nix-command --extra-experimental-features flakes \
  run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106

To install on remote target machine and print the SSH fingerprint of the new system. If no encrypted disks are set up, the disk password can be left empty:

./install-helper.sh 22 root@192.168.178.106

Updating dependencies

Recreate the lock file (i.e. update all inputs) and commit the new lock file:

nix --extra-experimental-features nix-command --extra-experimental-features flakes \
  flake update --commit-lock-file

TODOs

Hetzner Cloud example: https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix

Appendix - LUKS Parameters

Warning: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose --iter-time <= 7500.