Skip to content

Instantly share code, notes, and snippets.

@damien-biasotto

damien-biasotto/setup-guide.org

Created March 29, 2024 04:43
Show Gist options
  • Save damien-biasotto/efb3290a69ba773c3dc557c9bd186297 to your computer and use it in GitHub Desktop.
Save damien-biasotto/efb3290a69ba773c3dc557c9bd186297 to your computer and use it in GitHub Desktop.
Download ZIP
Setup NixOS on Macbook w/ Apple Silicon Chip (LUKS + LVM + BTRFS)
Raw
setup-guide.org

A guide to setup NixOS with LUKS and BTRFS on a MacBook Pro

This is mostly a dumping of my thoughts and steps I had to go to setup my macbook with NixOS.

I cannot guarantee the accuracy of the information and nor being held accountable to any issue if somehow this guide ends up on the internet.

That being said, the macbook being set up will be my work daily driver.

The setup of NixOS on the macbook has been done after a reset factory and a fresh upgrade to Sonoma. No softwares installed.

Prerequisites

You have a usb key with nixos installed that you can boot from.

Disclaimer

This guide is a mashup of different resources I’ve found on the internet:

Installing the bootchain

Bootchain might not be an accurate term, but neither is bootloader. Open macOS `terminal.app`:

  • Press Command + Space
  • Type terminal
  • Press enter

A terminal window will open. Paste the following command: `curl https://alx.sh | sh` and follow the wizard.

At the point of asking which setup you want to do (Installing Gnome or KDE), select the last option, something mentioning UEFI Uboot + m1n1.

Then follow again the prompted steps.

Setting up NixOS

If you’ve followed the prompted steps, you should have landed on nixos live-cd tty.

Switch to root account: `sudo su`

Because we want to use Btrfs as a filesystem we will need to install wifi early on to install `btrfs-progs`

Setting up the wifi (source archlinux wiki)

We will use `iwctl` to connect to the network. Run `iwctl` you will enter `iwd` prompt. Identify the device `device list` (in my case `wlan0`) and turn it on if it is not on: `device wlan0 set-property Powered on` and `adapter phy0 set-property wlan0 Powered on`

Scan the air for networks: `station wlan0 scan`

Get the list of detected networks: `station wlan0 get-networks`

and finally connect to the network that you want: `station wlan0 connect my-wifi-network`

Once connected, install the btrfs-progs: `nix-env -i nixos.btrfs-progs`

Setting up the different volumes (adapted from https://gist.github.com/martijnvermaat/76f2e24d0239470dd71050358b4d5134)

Create a root partition to fill up the free space `sgdisk /dev/nvme0n1 -n 0:0 -s`

Identify the linux partition: `sgdisk /dev/nvme0n1 -p` then look for the line with the code `8300` in my case `/dev/nvme0n1p5`

`sgdisk /dev/nvme0n1 -p` then look for the line with the code `EF00` in my case `/dev/nvme0n1p4`

Create the encrypted volume on this partition: `cryptsetup luksFormat /dev/nvme0n1p5` then enter the passphrase

Unlock the newly encrypted partition `cryptsetup luksOpen /dev/nvme0n1p5 encrypted-physical-volume`

Create the lvm volumes: `pvcreate /dev/mapper/encrypted-physical-volume` `vgcreate volume-group /dev/mapper/encrypted-physical-volume`

Create the swap (I allocate the smae space as the RAM I’ve got so I can suspend / hibernate). `lvcreate -L 32GB -n swap volume-group`

Then allocate the rest of the free space to the root partition `lvcreate -l ‘100%FREE’ -n root volume-group`

Formatting partitions

Formatting root & swap partitions

`mkfs.btrfs -L root /dev/volume-group/root` `mkswap -L swap /dev/volume-group/swap`

Create the mounting points:

`mkdir -p /mnt`

mount the root volume `mount /dev/volume-group/root /mnt`

Create btrfs subvolumes for `/`, `/home` and `/nix`

`btrfs subvolume create /mnt/root` `btrfs subvolume create /mnt/home` `btrfs subvolume create /mnt/nix`

`umount /mnt`

Mount the partitions and subvolumes

` mount -o compress=zstd,subvol=root /dev/volume-group/root /mnt` ` mkdir /mnt/{home,nix}` ` mount -o compress=zstd,subvol=home /dev/volume-group/root /mnt/home` ` mount -o compress=zstd,noatime,subvol=nix /dev/volume-group/root /mnt/nix

` mkdir -p /mnt/boot` ` mount /dev/disk/by-artuuid/`cat /proc/device-tree/chosen/asahi,efi-system-partition` /mnt/boot`

Installing nixos

` nixos-generate-config –root /mnt` ` cp -r /etc/nixos/apple-silicon-support /mnt/etc/nixos` ` chmod -R +w /mnt/etc/nixos/`

Copy the firmware: `mkdir -p /mnt/etc/nixos/firmware && cp /mnt/boot/asahi/{all_firmware.tar.gz,kernelcache*} /mnt/etc/nixos/firmware`

Get the UUID of the crypluk partition `lsblk /dev/nvme0n1p5 –fs –inverse –output=uuid | tr -d ‘UUID \n’` in my case it returns `3508b4ac-7a7e-4edb-881b-f4731dffc592`

Edit hardware-configuration.nix

add the following block to tell initrd to mount the partition before lvm ` boot.initrd.luks.devices = { luksroot = { device = “/dev/disk/by-uuid/3508b4ac-7a7e-4edb-881b-f4731dffc592”; preLVM = true; }; }; `

set `boot.loader.efi.canTouchEfiVariables` to `false`.

Specify the path where to the firmware:

` hardware.asahi.peripheralFirmwareDirectory = ./firmware; `

Declare the swap in block swapDevices:

Get the uuid `lsbklk –fs` and looks for the UUID for thw swap` in my case: `b06f0c78-3331-43c7-b2fa-420d27f29ef6`

“ swapDevices = [{device = “/dev/disk/by-uuid/b06f0c78-3331-43c7-b2fa-420d27f29ef6”; }];

Edit configuration.nix

add `./apple-silicon-support` to the list of `imports`

Enable iwd

`networking.wireless.iwd = { enable = true; settings.General.EnableNetworkConfiguration = true; };`

Install any DE or WM. For ease of use at the beginning let’s pick Gnome

Add:

` services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; `

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment