Installing NixOS on a Framework Laptop 13 (bought Feb 10, 2025)

nixos-framework-laptop-13.rst

Installing NixOS on a Framework Laptop 13

Installation media

• Downloaded nixos-gnome-24.11.714533.a60651b217d2-x86_64-linux.iso from channels.nixos.org.
• NixOS manual instructs to create the USB drive using dd (see Booting from a USB Drive)
• I dropped the .iso onto a Ventoy USB drive and booted from it.

About the laptop

This was a Framework Laptop 13 with AMD Ryzen ordered on 2025-02-13 and received on 2025-02-17.

In the BIOS setup, I had:

AMD Ryzen 7 7840U w/ Radeon 780M Grapics
DRAM Frequency: 5600 MHz
Memory Size: 49152 MB

Disable Secure Boot

• Power on the laptop, hit F2 to enter BIOS setup, and select Administer Secure Boot.
• Highlight Enforce Secure Boot Enabled> and hit F5 to Disable.
• Hit F10 for Save and Exit.

Boot from installation media

• Insert Ventoy USB drive and power on the laptop

Detour: Secure Boot

If you hadn't disabled Secure Boot, you'd need to enroll the Ventoy shim UEFI key to boot from the Ventoy USB drive.

Still after that I wasn't able to boot the NixOS installer from the stick.

Here's what I did to enroll the Ventoy shim UEFI key:

• When booting from the Ventoy USB drive, get a blue screen:

  ERROR

  Verification failed: (0x1A) Security Violation

  ┌────┐ │ OK │ └────┘

• Hit Enter and get:

  SHIM UEFI key management Press any key to perform MOK management Booting in 10 seconds

• Hit Enter and to get a Perform MOK management screen with a menu.

• Select Enroll key from disk and hit Enter.

• You should get this screen:

  Select key

  The selected key will be enrolled into the MOK database This means any binaries signed with it will be run without prompting Remember to make sure it is a genuine key before enrolling it

  ┌─────────┐ │ VTOYEFI │ └─────────┘

• Hit Enter to select VTOYEFI

• Select ENROLL_THIS_KEY_IN_MOKMANAGER.cer.

• Select "Continue".

• Answer "Yes" to "Enroll the key(s)?".

• You should be back to Perform MOK management, select Reboot to boot Ventoy again.

• When Ventoy has booted, select nixos-gnome-24.11.714533.a60651b217d2-x86_64-linux.iso.

• Select Boot in normal mode.

• In the NixOS main screen, select NixOS 24.11.714533.a60651b217d2 Installer.

• Then you'll get into the issue I wasn't able to solve:

  error: shim_lock protocol not found error: you need to load the kernel first.

  Press any key to continue...

Boot into the NixOS live environment

But back into the world where Secure Boot is disabled:

• After Ventoy boots, select nixos-gnome-24.11.714533.a60651b217d2-x86_64-linux.iso.
• Select Boot in normal mode.
• In the NixOS main screen, select NixOS 24.11.714533.a60651b217d2 Installer.
• Under Welcome to the NixOS installer, you'll see The system is not connected to the Internet. unless you've connected using an Ethernet cable.
• Open the Wi-Fi > submenu in the top right menu, select your Wi-Fi network and enter the password.
• Select your language → Next.
• Select your location → Next.
• Select your keyboard layout → Next.
• Enter your name, username, new password and the root password → Next.
• Select your desktop environment (I picked GNOME) → Next.
• Select Allow unfree software → Next.

Prepare the internal hard disk

• Ask the installer to erase the disk with a swap partition (without hibernation) and without encryption → Next.
• Select manual partitioning → Next.
• Create a new partitioning table with GPT.
• Create a new 512 MiB fat32 partition called EFI in the free space, with the boot flag, mounted in /boot.
• Create a new 944341 MiB btrfs partition called root in the free space, mounted in /.
• Create a new 9013 MiB swap partition (file system linuxswap) in the free space, flag swap.
• Launch the install.

---

Note

Below are some original steps from my X1 recipe.

• Add or uncomment and modify the following lines, save with Ctrl-X Y Enter:

  boot.loader.efi.efiSysMountPoint = "/boot/efi";
  
  boot.loader.grub = {
    enable = true;
    version = 2;
    efiSupport = true;
    enableCryptodisk = true;
    device = "nodev";
  };
  
  boot.initrd.luks.devices = {
    crypted = {
      device = "/dev/disk/by-uuid/6d2a134f-b4cb-4b9c-b002-f3e88d2b8ca6";
      preLVM = true;
    };
  };
  
  networking.hostName = "mylaptop"; # Define your hostname.
  
  time.timeZone = "Europe/Helsinki";
  
  i18n.defaultLocale = "fi_FI.UTF-8";
  
  console = {
    font = "Lat2-Terminus16";
    keyMap = "fi";
  }
  
  services.xserver.layout = "fi";
  
  services.printing.enable = true;
  
  sound.enable = true;
  hardware.pulseaudio.enable = true;
  
  services.xserver.libinput.enable = true;
  
  users.users.myname = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable 'sudo' for the user.
  };
  
  nixpkgs.config.allowUnfree = true;
  
  environment.systemPackages = with pkgs; [
    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
    wget
    emacs
    firefox
    git
    telnet
    terminator
  ];
  
  programs.gnupg.agent = {
    enable = true;
    enableSSHSupport = true;
  };
  
  services.openssh.enable = true;
  
  networking.firefwall.enable = false;
  

• Run the installer and reboot:

  nixos-install
  # enter the new root password when requested
  reboot
  

Put NixOS configuration in Git

• Open a terminal by hitting the Windows key and typing term Enter

• Set the Git username and e-mail:

  sudo -i
  git config --global user.name "Your name"
  git config --global user.email "[email protected]"
  

• Create an SSH key:

  ssh-keygen -t ed25519 -C root@mylaptop
  # accept the file path
  # type a passphrase twice
  

• Initialize and push the Git repository:

  cd /etc/nixos
  git init
  git add .
  git commit -m "Initial commit"
  git push -u origin master