path: root/docs/install.org



#+TITLE: Installation
#+AUTHOR: Franck Cuny
#+EMAIL: franck@fcuny.net

* Prepare the USB stick
Download the most recent image from https://nixos.org/download.html then put it on a stick:
#+begin_src sh
sudo cp ~/downloads/nixos-minimal-21.11.336020.2128d0aa28e-x86_64-linux.iso /dev/sda
#+end_src
* Partitioning
** For the workstation (desktop/laptop)
All hosts have the same partitioning for the boot drive:
- /boot partition for UEFI
- / encrypted with btrfs
- a 8GB swap

If we assume the boot drive to be =nvme0n1=, we will do the following:
#+begin_src sh
parted /dev/nvme0n1 -- mklabel gpt
parted /dev/nvme0n1 -- mkpart primary 512MiB -8GiB
parted /dev/nvme0n1 -- mkpart primary linux-swap -8GiB 100%
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
parted /dev/nvme0n1 -- set 3 esp on
#+end_src

Running =lsbkl= should give the following output:
#+begin_src sh
[root@nixos:~]# lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0         7:0    0   709M  1 loop /nix/.ro-store
sda           8:0    1  29.9G  0 disk
├─sda1        8:1    1   784M  0 part /iso
└─sda2        8:2    1    37M  0 part
nvme0n1     259:0    0 465.8G  0 disk
├─nvme0n1p1 259:1    0 457.3G  0 part
├─nvme0n1p2 259:2    0     8G  0 part
└─nvme0n1p3 259:3    0   511M  0 part
#+end_src

Then we create the LUKS device:
#+begin_src sh
cryptsetup --verify-passphrase -v luksFormat /dev/nvme0n1p1
cryptsetup open /dev/nvme0n1p1 system
#+end_src

We can create the partition for the boot drive and activate the swap:
#+begin_src sh
mkswap -L swap /dev/nvme0n1p2
swapon /dev/nvme0n1p2
mkfs.fat -F 32 -n nixos-boot /dev/nvme0n1p3
#+end_src
#+begin_src sh
mkfs.btrfs /dev/mapper/system

mount -t btrfs /dev/mapper/system /mnt

btrfs subvolume create /mnt/nixos
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/snapshots

umount /mnt
#+end_src

Now we can re-mount the partitions with the proper options:
#+begin_src sh
mount -o subvol=nixos,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt

mkdir /mnt/{home,boot,.snapshots}

mount -o subvol=home,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt/home
mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/system /mnt/.snapshots
mount /dev/nvme0n1p3 /mnt/boot
#+end_src

Once the installation is completed:
#+begin_src sh
CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
#+end_src
** Partitions for the NAS
Create the RAIDs:
#+begin_src sh
mdadm --create /dev/md/fast --level=mirror --raid-devices=2 /dev/sda /dev/sdb
mdadm --create /dev/md/slow --level=mirror --raid-devices=2 /dev/sdc /dev/sde
#+end_src

Encrypt the RAIDs:
#+begin_src sh
cryptsetup --verify-passphrase -v luksFormat /dev/md/slow
cryptsetup --verify-passphrase -v luksFormat /dev/md/fast
#+end_src

Then open them:
#+begin_src sh
cryptsetup open /dev/md/fast raid-fast
cryptsetup open /dev/md/slow raid-slow
#+end_src

Create the filesystem:
#+begin_src sh
mkfs.btrfs /dev/mapper/raid-fast
mkfs.btrfs /dev/mapper/raid-slow
#+end_src

Then we can mount them to generate the host configuration
#+begin_src sh
btrfs subvolume create /mnt/media
btrfs subvolume create /mnt/containers
umount /mnt

mount -t btrfs /dev/mapper/raid-slow /mnt/
btrfs subvolume create /mnt/backups
mkdir /mnt/data/{backups,containers,media}
mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
mount -o subvol=containers,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/containers
mount -o subvol=backups,compress=zstd,noatime,autodefrag /dev/mapper/raid-slow /mnt/data/backups
#+end_src
* Installing the system
Let's add git and nixFlakes:
#+begin_src sh
nix-shell -p git nixFlakes
#+end_src

#+begin_src sh
nixos-generate-config --root /mnt
mkdir /mnt/root
git clone https://git.fcuny.net/fcuny/world.git /mnt/root/world
mkdir /mnt/root/world/hosts/<host name>
cp /mnt/etc/nixos/hardware-configuration.nix /mnt/root/world/hosts/<host name>/
cp /mnt/root/world/hosts/aptos/default.nix /mnt/root/world/hosts/<host name>/
vim /mnt/root/world/hosts/<host name>/default.nix
cd /mnt/root/world
git add hosts/tahoe
cd /
nixos-install --root /mnt --flake /mnt/root/world#<host name>
#+end_src

Create another snapshot
#+begin_src sh
CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
#+end_src

And a =reboot= should be enough.
* home-manager initial install
After a reboot, as root:
#+begin_src sh
nix-channel --add https://github.com/nix-community/home-manager/archive/release-21.11.tar.gz home-manager
nix-channel --update
nix-shell '<home-manager>' -A install
home-manager build --flake .#fcuny@<host name>
#+end_src
#+TITLE: Installation
#+AUTHOR: Franck Cuny
#+EMAIL: franck@fcuny.net

* Prepare the USB stick
Download the most recent image from https://nixos.org/download.html then put it on a stick:
#+begin_src sh
sudo cp ~/downloads/nixos-minimal-21.11.336020.2128d0aa28e-x86_64-linux.iso /dev/sda
#+end_src
* Partitioning
** For the workstation (desktop/laptop)
All hosts have the same partitioning for the boot drive:
- /boot partition for UEFI
- / encrypted with btrfs
- a 8GB swap

If we assume the boot drive to be =nvme0n1=, we will do the following:
#+begin_src sh
parted /dev/nvme0n1 -- mklabel gpt
parted /dev/nvme0n1 -- mkpart primary 512MiB -8GiB
parted /dev/nvme0n1 -- mkpart primary linux-swap -8GiB 100%
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 512MiB
parted /dev/nvme0n1 -- set 3 esp on
#+end_src

Running =lsbkl= should give the following output:
#+begin_src sh
[root@nixos:~]# lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0         7:0    0   709M  1 loop /nix/.ro-store
sda           8:0    1  29.9G  0 disk
├─sda1        8:1    1   784M  0 part /iso
└─sda2        8:2    1    37M  0 part
nvme0n1     259:0    0 465.8G  0 disk
├─nvme0n1p1 259:1    0 457.3G  0 part
├─nvme0n1p2 259:2    0     8G  0 part
└─nvme0n1p3 259:3    0   511M  0 part
#+end_src

Then we create the LUKS device:
#+begin_src sh
cryptsetup --verify-passphrase -v luksFormat /dev/nvme0n1p1
cryptsetup open /dev/nvme0n1p1 system
#+end_src

We can create the partition for the boot drive and activate the swap:
#+begin_src sh
mkswap -L swap /dev/nvme0n1p2
swapon /dev/nvme0n1p2
mkfs.fat -F 32 -n nixos-boot /dev/nvme0n1p3
#+end_src
#+begin_src sh
mkfs.btrfs /dev/mapper/system

mount -t btrfs /dev/mapper/system /mnt

btrfs subvolume create /mnt/nixos
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/snapshots

umount /mnt
#+end_src

Now we can re-mount the partitions with the proper options:
#+begin_src sh
mount -o subvol=nixos,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt

mkdir /mnt/{home,boot,.snapshots}

mount -o subvol=home,compress=zstd,noatime,autodefrag /dev/mapper/system /mnt/home
mount -o subvol=snapshots,compress=zstd,noatime /dev/mapper/system /mnt/.snapshots
mount /dev/nvme0n1p3 /mnt/boot
#+end_src

Once the installation is completed:
#+begin_src sh
CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
#+end_src
** Partitions for the NAS
Create the RAIDs:
#+begin_src sh
mdadm --create /dev/md/fast --level=mirror --raid-devices=2 /dev/sda /dev/sdb
mdadm --create /dev/md/slow --level=mirror --raid-devices=2 /dev/sdc /dev/sde
#+end_src

Encrypt the RAIDs:
#+begin_src sh
cryptsetup --verify-passphrase -v luksFormat /dev/md/slow
cryptsetup --verify-passphrase -v luksFormat /dev/md/fast
#+end_src

Then open them:
#+begin_src sh
cryptsetup open /dev/md/fast raid-fast
cryptsetup open /dev/md/slow raid-slow
#+end_src

Create the filesystem:
#+begin_src sh
mkfs.btrfs /dev/mapper/raid-fast
mkfs.btrfs /dev/mapper/raid-slow
#+end_src

Then we can mount them to generate the host configuration
#+begin_src sh
btrfs subvolume create /mnt/media
btrfs subvolume create /mnt/containers
umount /mnt

mount -t btrfs /dev/mapper/raid-slow /mnt/
btrfs subvolume create /mnt/backups
mkdir /mnt/data/{backups,containers,media}
mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
mount -o subvol=media,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/media
mount -o subvol=containers,compress=zstd,noatime,autodefrag /dev/mapper/raid-fast /mnt/data/containers
mount -o subvol=backups,compress=zstd,noatime,autodefrag /dev/mapper/raid-slow /mnt/data/backups
#+end_src
* Installing the system
Let's add git and nixFlakes:
#+begin_src sh
nix-shell -p git nixFlakes
#+end_src

#+begin_src sh
nixos-generate-config --root /mnt
mkdir /mnt/root
git clone https://git.fcuny.net/fcuny/world.git /mnt/root/world
mkdir /mnt/root/world/hosts/<host name>
cp /mnt/etc/nixos/hardware-configuration.nix /mnt/root/world/hosts/<host name>/
cp /mnt/root/world/hosts/aptos/default.nix /mnt/root/world/hosts/<host name>/
vim /mnt/root/world/hosts/<host name>/default.nix
cd /mnt/root/world
git add hosts/tahoe
cd /
nixos-install --root /mnt --flake /mnt/root/world#<host name>
#+end_src

Create another snapshot
#+begin_src sh
CUSTOMIZE_TIMESTAMP=$(date -u +%Y%m%dT%H%M%S)
btrfs subvolume snapshot /mnt /mnt/.snapshots/$CUSTOMIZE_TIMESTAMP
#+end_src

And a =reboot= should be enough.
* home-manager initial install
After a reboot, as root:
#+begin_src sh
nix-channel --add https://github.com/nix-community/home-manager/archive/release-21.11.tar.gz home-manager
nix-channel --update
nix-shell '<home-manager>' -A install
home-manager build --flake .#fcuny@<host name>
#+end_src