Skip to content

Instantly share code, notes, and snippets.

@jason-riddle

jason-riddle/.settings.sh

Last active January 15, 2018 06:58
Show Gist options
  • Save jason-riddle/ac985933c778d25548b03cbf06e1a0f9 to your computer and use it in GitHub Desktop.
Save jason-riddle/ac985933c778d25548b03cbf06e1a0f9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
.settings.sh
# Adjust sensitivity for logitech mouse
# xinput list
# xinput list-props 17
xinput set-prop 17 144 0.400000, 0.000000, 0.000000, 0.000000, 0.400000, 0.000000, 0.000000, 0.000000, 1.000000
# Scroll speed
xinput set-prop 17 'Evdev Scrolling Distance' 1.9 1 1
Raw
nixos-dell-xps-15-9550.md

BIOS Setup (F-12)

Disable Secure Boot

Secure Boot -> Secure Boot Enable -> Select "Disabled"

Disable RAID Mode

System Configuration -> SATA Operation -> Select "AHCI"

USB Wake Support

Power Management -> USB Wake Support -> Select "Enable USB Wake Support"

NixOS (Root Shell)

Increase Font Size

setfont latarcyrheb-sun32

Start KDE

systemctl start display-manager

Wipe Partition

gdisk /dev/nvme0n1
o (create new empty partition table)
n (add partition, Partition number 1, 500M, type ef00 EFI)
n (add partition, remaining space, type 8300 Linux LVM)
w (write partition table and exit)

When you are done, you will have the following.

Part. Number End Sector Size Code Purpose Codename
1 +500M EF00 EFI partition n/a
2 +3M 8300 cryptsetup luks key cryptkey
3 +16G 8300 swap space (hibernation) cryptswap
4 remaining (222 GiB) 8300 root filesystem cryptroot

Setup Encryption

# Create an encrypted disk to hold our key, the key to this drive
# is what you'll type in to unlock the rest of your drives... so,
# remember it:
$ cryptsetup luksFormat /dev/nvme0n1p2
$ cryptsetup luksOpen /dev/nvme0n1p2 cryptkey

# Fill our key disk with random data, wihch will be our key:
$ dd if=/dev/random of=/dev/mapper/cryptkey bs=1024 count=14000

# Use the encrypted key to create our encrypted swap:
$ cryptsetup luksFormat --key-file=/dev/mapper/cryptkey /dev/nvme0n1p3

# Create an encrypted root with a key you can remember.
$ cryptsetup luksFormat /dev/nvme0n1p4
# Now add the cryptkey as a decryption key to the root partition, this
# way you can only decrypt the cryptkey on startup, and use the
# cryptkey to decrypt the root.
#
# The first human-rememberable key we added is just in case.
$ cryptsetup luksAddKey /dev/nvme0n1p4 /dev/mapper/cryptkey

# Now we open the swap and the root and make some filesystems.
$ cryptsetup luksOpen --key-file=/dev/mapper/cryptkey /dev/nvme0n1p3 cryptswap
$ mkswap /dev/mapper/cryptswap

$ cryptsetup luksOpen --key-file=/dev/mapper/cryptkey /dev/nvme0n1p4 cryptroot
$ mkfs.ext4 /dev/mapper/cryptroot

# and rebuild the boot partition:
$ mkfs.vfat /dev/nvme0n1p1

Generate Config

nixos-generate-config --root /mnt

Install

nixos-install --chroot
passwd jason
exit
reboot

Rebuild

nixos-rebuild boot
nixos-rebuild switch

Troubleshooting

Debugging a Failed Boot

If your NixOS boot does not work, you mess up, or need to reboot for any reason, just boot from your USB drive in UEFI mode like before. To re-setup everything so you can fix the NixOS configuration

cryptsetup luksOpen /dev/nvme0n1p2 cryptkey
cryptsetup luksOpen --key-file=/dev/mapper/cryptkey /dev/nvme0n1p3 cryptswap
cryptsetup luksOpen --key-file=/dev/mapper/cryptkey /dev/nvme0n1p4 cryptroot
mount /dev/disk/by-uuid/4543 /mnt
mkdir -p /mnt/boot
mount /dev/disk/by-uuid/86CE /mnt/boot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment