NOTE: Assumes you're using the entire disk /dev/sda.
$ parted /dev/sda -- mklabel gpt
$ parted /dev/sda -- mkpart primary 512MiB 100%
$ parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
$ parted /dev/sda -- set 2 esp on
$ mkfs.fat -F 32 -n boot /dev/sda2
$ cryptsetup luksFormat /dev/sda1
$ cryptsetup luksOpen /dev/sda1 xps-enc
$ pvcreate /dev/mapper/xps-enc
$ vgcreate xps-vg /dev/mapper/xps-enc
$ lvcreate -L 8G -n swap xps-vg
$ lvcreate -l '100%FREE' -n root xps-vg
$ mkfs.ext4 -L root /dev/xps-vg/root
$ mkswap -L swap /dev/xps-vg/swap
$ mount /dev/xps-vg/root /mnt
$ mkdir /mnt/boot
$ mount /dev/sda2 /mnt/boot
$ swapon /dev/xps-vg/swapboot.loader = {
grub = {
enable = true;
version = 2;
efiSupport = true;
device = "nodev";
};
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
};
Get the UUID of /dev/sda1 and add LUKS configuration clause to unlock at boot:
$ UUID=$(for link in /dev/disk/by-uuid/*; do readlink $link | grep -q sda1 && { echo $(basename $link); break; }; done)
$ cat <<EOF >>/mnt/etc/nixos/configuration.nix
boot.initrd.luks.devices = {
"xps-enc" = {
device = "/dev/disk/by-uuid/${UUID}"
preLVM = true;
};
};
EOFservices.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.cinnamon.enable = true;