Byron Gibson byrongibson

Requirements

Encrypt everthing including /boot and /root
Enter password once
Support UEFI

Installation media setup

Download NixOS minimal iso and copy to USB stick. For example on Mac OSX

$ diskutil list
$ diskutil unmountDisk /dev/disk1 # Make sure you got right device

Setting up NixOs with LUKS encrypted root

Here are my working notes on getting a system up and running.

WARNING: You can run into a hidden problem that will prevent a correct partition setup and /etc/nixos/configuration.nix from working: if you are setting up a UEFI system, then you need to make sure you boot into the NixOS installation from the UEFI partition of the bootable media. You may have to enter your BIOS boot selection menu to verify this. For example, if you setup a NixOS installer image on a flash drive, your BIOS menu may display several boot options from that flash drive: choose the one explicitly labeled with “UEFI”.

References

I used these resources:

NixOS with ZFS on LUKS

After some effort (and asking for help on the nix-dev mailing list) I installed ZFS on an encrypted partition. The relevant configuration is below.

Installing
- Use keyfile
- Configure passphrase
Configure without passphrase

Verifying that +bgibson is my openname (Bitcoin username). https://onename.com/bgibson

	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, pkgs, ... }:

	{

	################################################################################
	# System

	#!/usr/bin/env bash

	# NixOS install with encrypted root and swap
	#
	# sda
	# ├─sda1 BOOT
	# └─sda2 LINUX (LUKS CONTAINER)
	# └─cryptroot LUKS MAPPER
	# └─cryptroot1 SWAP
	# └─cryptroot2 ZFS

	#!/usr/bin/env bash

	# This script expects a 1TB drive, and formats it with two partitions, a UEFI
	# boot partition and ZFS pool partition.
	# This script assumes disk is wiped and formatted using the script
	# setup-01-wipe-disk.sh
	#
	# script expects one argument - the id of the disk to be formatted:
	#
	# $ sudo sh setup-02-uefi-zfs-partitions.sh /dev/disk/by-id/wwn-0x5001b448b94488f8

	# Edit this configuration file to define what should be installed on
	# your system. Help is available in the configuration.nix(5) man page
	# and in the NixOS manual (accessible by running ‘nixos-help’).

	{ config, pkgs, ... }:

	{

	################################################################################
	# System

	#!/usr/bin/env bash

	#
	# NixOS install script synthesized from:
	#
	# - Erase Your Darlings (https://grahamc.com/blog/erase-your-darlings)
	# - ZFS Datasets for NixOS (https://grahamc.com/blog/nixos-on-zfs)
	# - NixOS Manual (https://nixos.org/nixos/manual/)
	#
	# It expects the name of the block device (e.g. 'sda') to partition

	# First run:
	apt-get install apt-cacher python-vm-builder
	vi /etc/default/apt-cacher # ensure autostart is enabled
	sudo service apt-cacher start

	git clone git://github.com/bitcoin/bitcoin.git
	git clone git://github.com/devrandom/gitian-builder.git
	mkdir gitian-builder/inputs
	wget 'http://miniupnp.tuxfamily.org/files/download.php?file=miniupnpc-1.5.tar.gz' -O gitian-builder/inputs/miniupnpc-1.5.tar.gz
	wget 'http://downloads.sourceforge.net/project/wxwindows/2.9.1/wxWidgets-2.9.1.tar.bz2' -O gitian-builder/inputs/wxWidgets-2.9.1.tar.bz2