byrongibson

Requirements

1. Encrypt everthing including /boot and /root
2. Enter password once
3. Support UEFI

Installation media setup

Download NixOS minimal iso and copy to USB stick. For example on Mac OSX

$ diskutil list
$ diskutil unmountDisk /dev/disk1 # Make sure you got right device

byrongibson

Setting up NixOs with LUKS encrypted root

Here are my working notes on getting a system up and running.

WARNING: You can run into a hidden problem that will prevent a correct partition setup and /etc/nixos/configuration.nix from working: if you are setting up a UEFI system, then you need to make sure you boot into the NixOS installation from the UEFI partition of the bootable media. You may have to enter your BIOS boot selection menu to verify this. For example, if you setup a NixOS installer image on a flash drive, your BIOS menu may display several boot options from that flash drive: choose the one explicitly labeled with “UEFI”.

References

I used these resources:

byrongibson

#!/usr/bin/env bash

# NixOS install with encrypted root and swap
#
# sda
# ├─sda1            BOOT
# └─sda2            LINUX (LUKS CONTAINER)
#   └─cryptroot     LUKS MAPPER
#     └─cryptroot1  SWAP
#     └─cryptroot2  ZFS

ctsrc

Guide: Run FreeBSD 13.1-RELEASE for ARM64 in QEMU on Apple Silicon Mac (MacBook Pro M1, etc) with HVF acceleration (Hypervisor.framework)

This guide was adapted from https://gist.github.com/niw/e4313b9c14e968764a52375da41b4278#running-ubuntu-server-for-arm64

Running FreeBSD 13.1-RELEASE for ARM64

1. Install Xcode from App Store or install Command Line Tools on your Mac running on Apple Silicon.

vy-let

...
{

  services.samba = {
    enable = true;
    
    syncPasswordsByPam = true;
    # You will still need to set up the user accounts to begin with:
    # $ sudo smbpasswd -a yourusername

walkermalling

Setting up NixOs with LUKS encrypted root

Here are my working notes on getting a system up and running.

WARNING: You can run into a hidden problem that will prevent a correct partition setup and /etc/nixos/configuration.nix from working: if you are setting up a UEFI system, then you need to make sure you boot into the NixOS installation from the UEFI partition of the bootable media. You may have to enter your BIOS boot selection menu to verify this. For example, if you setup a NixOS installer image on a flash drive, your BIOS menu may display several boot options from that flash drive: choose the one explicitly labeled with “UEFI”.

References

I used these resources:

mx00s

#!/usr/bin/env bash

#
# NixOS install script synthesized from:
#
#   - Erase Your Darlings (https://grahamc.com/blog/erase-your-darlings)
#   - ZFS Datasets for NixOS (https://grahamc.com/blog/nixos-on-zfs)
#   - NixOS Manual (https://nixos.org/nixos/manual/)
#
# It expects the name of the block device (e.g. 'sda') to partition

timstott

#!/usr/bin/env bash

# NixOS install with encrypted root and swap
#
# sda
# ├─sda1            BOOT
# └─sda2            LINUX (LUKS CONTAINER)
#   └─cryptroot     LUKS MAPPER
#     └─cryptroot1  SWAP
#     └─cryptroot2  ZFS

typokign

Zoom Sucks

• Zoom abuses the installer flow on MacOS to bypass permissions dialogs (source)
• Zoom sends identifying device info to Facebook, even when users don't have a Facebook account (source) (fixed)
• A bug in Zoom sent identifying information (including email addresses and profile pictures) of thousands of users to strangers (source)
• Zoom claims that meetings are end-to-end encrypted in their white paper and marketing materials, but meetings are only encrypted in transit, and are available in plaintext to Zoom servers and employees. (source)
• zoomAutenticationTool can be used to escalat

ingenieroariel

{ config, lib, pkgs, ... }:


let
  domain = "puerti.co";
  waylandOverlay = (import (builtins.fetchTarball ({
    url = "https://github.com/piensa/wayner/archive/1e62268.tar.gz";
    sha256 = "07hzhdc9ic3sk4ivd0g3lx2f7jnr3wkrrr884hf5b1n7adzglh50";
   })));