First, enter a Nix shell with all dependencies:
nix-shell https://github.com/sgillespie/nixos-yubikey-luks/archive/master.tar.gz
Then, run the following commands
# Reference variables
YUBIKEY_SLOT="2"
LUKS_PART="/dev/nvme0n1p5"
BOOT_MNT="/boot"
ykpersonalize -"$YUBIKEY_SLOT" -ochal-resp -ochal-hmac
SALT_LENGTH=16
salt="$(dd if=/dev/random bs=1 count=$SALT_LENGTH 2>/dev/null | rbtohex)"
challenge="$(echo -n $salt | openssl dgst -binary -sha512 | rbtohex)"
response="$(ykchalresp -"$YUBIKEY_SLOT" -x $challenge 2>/dev/null)"
KEY_LENGTH=512
ITERATIONS=1000000
k_luks="$(echo | pbkdf2-sha512 $(($KEY_LENGTH / 8)) $ITERATIONS $response | rbtohex)"
echo -ne "$salt\n$ITERATIONS" | sudo tee "$BOOT_MNT/crypt-storage/default"
CIPHER=aes-xts-plain64
HASH=sha512
echo | pbkdf2-sha512 $(($KEY_LENGTH / 8)) $ITERATIONS $response > /tmp/luks.key
sudo cryptsetup luksAddKey $LUKS_PART /tmp/luks.key
shred --remove /tmp/luks.key