Skip to content

brusapa/nix-config

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

111 Commits
home
home
 
 
hosts
hosts
 
 
modules
modules
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

NixOS configuration files

Execute a fresh install

  1. Choose the passphrase for the storage

    echo -n "passphrase" > /tmp/cryptroot.key

  2. Partition the disc, be careful to substitute the 

    sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko --write-efi-boot-entries  --flake 'github:brusapa/nix-config#<host>'

  3. Install NixOS, be careful to substitute the 

    sudo nixos-install --root /mnt --flake 'github:brusapa/nix-config#<host>'

Post-installation steps

Secure boot and TPM unlock

Reference guide

  1. Set the secure boot on the BIOS on setup mode

  2. Create secure boot the keys

    # sbctl create-keys

  3. Enroll the keys

    # sbctl enroll-keys -- --microsoft

  4. Reboot and verify

    $ bootctl status
System:
  Firmware: UEFI 2.80 (American Megatrends 5.27)
  Firmware Arch: x64
  Secure Boot: enabled (user)
  TPM2 Support: yes
  Measured UKI: yes
  Boot into FW: supported

  5. Store the keys on the TPM module (you may have to change the last parameter to point to your encrypted root partition):

    # systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+7+12 --wipe-slot=tpm2 /dev/nvme0n1p2

Import SSH resident key

$ cd ~/.ssh
$ ssh-keygen -K
$ mv id_ed25519_sk_* id_ed25519_sk

Enable Tailscale

# tailscale up

Cooler control

# sensors-detect --auto

About

Nix and home-manager configuration files

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages