Setting up nixOS machines
This guide will take you through the process of installing NixOS using the minimal ISO, configuring a LUKS-encrypted root partition, setting up UEFI (GPT) partitioning, and other installation steps. We'll also use SSH for remote installation to make copying commands and configurations easier.
Use balena Etcher to create a bootable USB drive from the NixOS minimal ISO:
- Download the minimal NixOS ISO from the NixOS Downloads Page.
- Install and open balena Etcher.
- Select the NixOS ISO, choose your USB drive, and click "Flash".
- Insert the USB drive into your machine and boot from the USB.
- At the NixOS boot menu, select the first option to enter the live environment.
For wireless network configuration, follow these steps:
-
Start the wireless service:
sudo systemctl start wpa_supplicant
-
Open the wireless control interface:
wpa_cli
-
Configure your network:
Inside
wpa_cli
:add_network set_network 0 ssid "myhomenetwork" set_network 0 psk "mypassword" set_network 0 key_mgmt WPA-PSK enable_network 0
-
You should see a message like this if the network is successfully connected:
<3>CTRL-EVENT-CONNECTED - Connection to 32:85:ab:ef:24:5c completed [id=0 id_str=]
-
Check your IP address:
ip a
-
Set a password for the
root
user:passwd
-
Start the SSH service:
sudo systemctl start sshd
Now, connect to the live environment from another computer:
-
On your other system, use SSH to connect:
ssh root@<ip_address>
Replace
<ip_address>
with the IP you found in Step 3.5.
You will now partition and format your disk. Note: Replace /dev/nvme0n1
with your actual disk device if it's different.
-
To identify your target disk:
lsblk
In this example, we assume
/dev/nvme0n1
is the intended disk. Adjust commands as needed for your disk. -
Partition the disk using parted:
parted /dev/nvme0n1 -- mklabel gpt parted /dev/nvme0n1 -- mkpart primary 512MiB -100MiB parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB parted /dev/nvme0n1 -- set 2 boot on
-
Format the /boot partition:
mkfs.vfat -F 32 -n BOOT /dev/nvme0n1p2
-
Set up LUKS encryption for the root partition:
cryptsetup luksFormat /dev/nvme0n1p1 cryptsetup open /dev/nvme0n1p1 root mkfs.ext4 /dev/mapper/root
-
Mount the partitions:
mount /dev/mapper/root /mnt mkdir -p /mnt/boot mount /dev/nvme0n1p2 /mnt/boot
-
Generate the default NixOS configuration:
nixos-generate-config --root /mnt
-
Edit
/mnt/etc/nixos/configuration.nix
and replace its content with the configuration from your repo or personal setup.
-
Install NixOS:
nixos-install
-
During installation, you’ll be asked to set the root password.
-
Set a password for your user (replace
dhilipsiva
with your actual username):nixos-enter --root /mnt -c 'passwd dhilipsiva'
After installation, reboot the system:
reboot
Your system should now boot into your new NixOS installation.
If your system has trouble booting or logging in, you can boot back into the live USB, decrypt and mount the LUKS-encrypted partition, and make any necessary changes to the configuration.
-
List available block devices to find your partitions:
lsblk
-
Open the LUKS-encrypted partition:
cryptsetup luksOpen /dev/nvme0n1p1 luks-root
-
Mount the partitions:
mount /dev/mapper/luks-root /mnt mount /dev/nvme0n1p2 /mnt/boot
-
Make changes to the NixOS configuration:
nano /mnt/etc/nixos/configuration.nix
-
Reinstall the configuration:
nixos-install --root /mnt
-
Reboot:
reboot
- For systems with 16GB+ RAM, swap is generally unnecessary.
- If issues arise with networking or disk detection, ensure you check the partition layout and use tools like
lsblk
andfdisk
to verify the correct devices.