Mirror/nixos-anywhere-example
Mirror/nixos-anywhere-example
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nixos-anywhere-example synced 2025-01-22 06:35:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixos-anywhere-example/template/README.md
Daniel Langbein ed2b5f67b9
docs
2024-02-06 18:40:07 +01:00

112 lines
3.6 KiB
Markdown
Raw Blame History

# nixos-anywhere and disko
This is an example repository for nixos-anywhere and disko.
Inspiration:
* Introductory presentation: https://pad.lassul.us/cccamp-workshop
* https://github.com/numtide/nixos-anywhere-examples
Manuals:
* disko reference: https://github.com/nix-community/disko/blob/master/docs/reference.md
* nixos-anywhere reference: https://github.com/nix-community/nixos-anywhere/blob/main/docs/reference.md
## Build installer ISO with password-less SSH
In [./iso.nix](./iso.nix), replace `./nitrokey.pub` with your SSH public key.
```shell
sudo nix-channel --update
nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix
# aarch64 ISO (requires emulation)
#nix-build '<nixpkgs/nixos>' -A config.system.build.isoImage -I nixos-config=iso.nix --argstr system aarch64-linux
ls result/iso/*.iso
```
## Hardware Configuration
Boot the target machine into NixOS live ISO. Then execute the following, ideally while connected as root via SSH:
```shell
nixos-generate-config --no-filesystems --root /mnt
cat /mnt/etc/nixos/hardware-configuration.nix
```
Save the output to a new file in [./hardware-configs](./hardware-configs). In [./flake.nix](./flake.nix) replace `./hardware-configs/yodaHP.nix` with it.
Note: The hardware configuration should not contain any `fileSystems.<name>` options as these are generated based on your disko configuration.
---
Furthermore, in [./flake.nix](./flake.nix) replace `disko.devices.disk.disk1.device` with the id of your target block device.
---
Additionally, adjust `networking.hostName`.
---
Lastly, in [./flake.nix](./flake.nix) replace `pbkdf-memory` with your amount of RAM - 500 MB.
---
Optionally, if `ssh-fde-unlock.nix` is imported in [./flake.nix](./flake.nix), replace `boot.initrd.availableKernelModules` with the kernel network driver in use.
## Installation
To run the interactive vm test run:
```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
run github:numtide/nixos-anywhere -- -f '.#mysystem' --vm-test
```
To install on remote target machine (if fde is **not** configured):
```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
run github:numtide/nixos-anywhere -- --flake '.#mysystem' -p 22 root@192.168.178.106
```
To install on remote target machine (with or without fde) **and** print the SSH fingerprint of the new system. If fde is not set up, then the disk password can be left empty when asked for it:
```shell
./install-helper.sh 22 root@192.168.178.106
```
## Connect to installed system
fde unlock:
```shell
ssh root@192.168.178.106
```
Once unlocked, connect with SSH. If the connection fails, double check on your router if the system was assigned to another IP address.
```shell
ssh root@192.168.178.106
```
## Updating dependencies
Recreate the lock file (i.e. update all inputs) and commit the new lock file:
```shell
nix --extra-experimental-features nix-command --extra-experimental-features flakes \
flake update --commit-lock-file
```
## TODOs
- Hetzner Cloud example: https://github.com/numtide/nixos-anywhere-examples/blob/main/flake.nix
## Appendix - LUKS Parameters
**Warning**: NixOS has a hardcoded timeout of 10 seconds when opening encrypted drives during boot. Please choose `--iter-time` <= `7500`.
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L498
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L30
* https://github.com/NixOS/nixpkgs/blob/ed2ccd4d1748e52d5d28c440d5be4b25a4f21c08/nixos/modules/system/boot/luksroot.nix#L36C7-L36C7
Reference in New Issue View Git Blame Copy Permalink