-
-
Notifications
You must be signed in to change notification settings - Fork 27
Installing with encrypted root (thinkpad example)
sioodmy edited this page Nov 9, 2022
·
3 revisions
This repo is not a linux distro, community framework nor theme, therefore its not guaranteed that it's going to work on your machine. However feel free to use it as an inspiration for your configuration.
We create a 512MB EFI boot partition (/dev/sda1) and the rest will be our LUKS encrypted physical volume for LVM (/dev/sda2).
$ gdisk /dev/sda
-
o(create new empty partition table) -
n(add partition, 512M, type ef00 EFI) -
n(add partition, remaining space, type 8300 Linux LVM) -
w(write partition table and exit)
Setup the encrypted LUKS partition and open it:
$ cryptsetup luksFormat /dev/sda2
$ cryptsetup config /dev/sda2 --label cryptroot
$ cryptsetup luksOpen /dev/sda2 enc-pv
We create two logical volumes, a 16GB swap parition and the rest will be our root filesystem
$ pvcreate /dev/mapper/enc-pv
$ vgcreate vg /dev/mapper/enc-pv
$ lvcreate -L 16G -n swap vg
$ lvcreate -l '100%FREE' -n root vg
Format the partitions:
$ mkfs.fat /dev/sda1 -n boot
$ mkfs.ext4 -L root /dev/vg/root
$ mkswap -L swap /dev/vg/swap
We mount the partitions we just created under /mnt so we can install NixOS on them.
$ mount /dev/vg/root /mnt
$ mkdir /mnt/boot
$ mount /dev/sda1 /mnt/boot
$ swapon /dev/vg/swap
$ ulimit -n 500000
Enable flakes using nix-shell -p nixFlakes.
Finally, install using
$ nixos-install --flake github:sioodmy/nixdots#thinkpad --impure