fabianhauser/dotfiles

No description

Find a file

Fabian Hauser d9b22252ff Add digidoc app		2025-01-22 16:46:23 +02:00
.github/workflows	Remove CI TOKEN	2025-01-16 14:00:14 +02:00
defaults	Remove ibus	2025-01-16 15:12:44 +02:00
home/fhauser	Add digidoc app	2025-01-22 16:46:23 +02:00
host/ochsenchopf	Remove fixed cifs auth fi	2025-01-16 14:27:02 +02:00
.gitignore	Migrate to flake	2022-04-10 16:15:44 +02:00
.gitlab-ci.yml	Make nixfmt veery happy 🤗	2020-04-20 21:37:37 +00:00
flake.lock	Remove fcc unlock submodule	2025-01-16 13:28:18 +02:00
flake.nix	Fix checks	2025-01-16 14:27:02 +02:00
README.adoc	Fix formatting	2024-09-26 16:43:28 +03:00
STATEFUL.adoc	WIP: Add stateful docs	2022-04-17 10:20:09 +02:00

README.adoc

= fabian's nixconfig

This repository contains fabian's personal nixos configurations.

== Structure

`hardware`:: Hardware specific configuration files, e.g. for wireless
cards.
`host`:: Main nixos `configuration.nix` for every host. The
`configuration.nix` is symlinked to the specific host file.
`defaults`:: Configuration defaults
`modules` :: Custom modules

== Development

* The nix files shoud be formatted using nixfmt:
** `nixfmt -c $(git ls-files *.nix)`


== Setup

# Boot nixos live cd
# Connect network
# sudo passwd root
# From other machine: `ssh -A root@nixos`
# Partitioning:

   parted /dev/nvme0n1
     mklabel gpt
     unit mib

     # Create EFI Partition
     mkpart boot fat32 1 750
     set 1 esp on

     # Main Crypto LVM
     mkpart luks 1500 100%
     quit
# `partprobe`
# Make filesystems:
## `mkfs.fat -F 32 -n boot /dev/disk/by-partlabel/boot`
## `cryptsetup luksFormat --label luks /dev/disk/by-partlabel/luks && cryptsetup open /dev/disk/by-partlabel/luks lvm`
## `pvcreate /dev/mapper/lvm`
## `vgcreate lvmvg /dev/mapper/lvm`
## `lvcreate -L 10G lvmvg -n swap` && `mkswap -L /dev/mapper/lvmvg-swap` && `swapon /dev/mapper/lvmvg-swap`
## `lvcreate -L 800G lvmvg -n hv_ochsenchopf` && mkfs.btrfs -L hv_ochsenchopf /dev/mapper/lvmvg-hv_ochsenchopf
## `sync`
# Create btrfs subvolumes
## `mkdir /mnt/btrfs-root && mount /dev/mapper/lvmvg-hv_ochsenchopf /mnt/btrfs-root && pushd /mnt/btrfs-root`
## `btrfs subvolume create nixos`
## `btrfs subvolume create home`
## `popd && umount /mnt/btrfs-root && rmdir /mnt/btrfs-root`
# Mount Filesystems for installation
## `mount -o subvol=nixos /dev/mapper/lvmvg-hv_ochsenchopf /mnt`
## `mkdir /mnt/{etc,boot,home}`
## `mount -o subvol=home /dev/mapper/lvmvg-hv_ochsenchopf /mnt/home`
## `mount /dev/disk/by-label/boot /mnt/boot`
# Create system configuration
## `nixos-generate-config --root /mnt && mv /mnt/etc/{nixos,nixos_generated}`
## `nix-shell -p git`
## `git clone --recurse-submodules git@github.com:fabianhauser/nixconfig.git /mnt/etc/nixos`
# Adjust configuration manually (Symlink host config, customize partition/disk names etc.
## `rm -r /mnt/etc/nixos_generated`
## Update nixos channels (TODO: With flakes, this is not neccessary anymore)
## pushd /mnt/etc/nixos; ln -s host/ochsenchopf/default.nix configuration.nix; popd
# `nixos-install`
# `reboot`
# Whoop whoop

Enroll Lanzaboot: https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md

# sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+7+12 --wipe-slot=tpm2 /dev/nvme0n1p2