Christian Ott 188845f45d ➕ add skype		2 years ago
README.md	📝 Add short documentation about the initial installation	2 years ago
configuration.nix	➕ Add pciutils/usbutils for debugging	2 years ago
disko.nix	❄️ Switch to Flakes and use it in ~/.nixos-config	2 years ago
flake.lock	⬆️ Use framework 16 configuration	2 years ago
flake.nix	⬆️ Use framework 16 configuration	2 years ago
hardware-configuration.nix	🐛 Prevent luks key change also for backup disk	2 years ago
home.nix	➕ add skype	2 years ago
my-luksroot.nix	✨ prevent luks key change after decryption to support multiple yubikeys	2 years ago
pbkdf2-sha512.c	➕ Add luksroot module from 23.11 to adapt for multi yubikey support	2 years ago

README.md

NixOS Configuration

Initial Framework 16 Setup

Create LUKS key files for all Yubikeys by following the first 3 steps of this guide

Attention: only run step 1) ykpersonalize -2 -ochal-resp -ochal-hmac if it's a new Yubikey or if you are sure that slot 2 is not used! You may loose access to existing devices otherwise
use the same salt for all keys
store a file with the content of the LUKS_KEYS variable

Configure the disko.nix file to match your system.

Run the NixOS installer, copy the files to /tmp

cp -r yk /tmp/yk # contains the keys
cp disko.nix /tmp/disko.nix

Run disko

nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /tmp/disko.nix

Copy the salt's to the unencrypted partition

mkdir /mnt/boot/crypt-storage
mkdir /mnt/backup-esp/crypt-storage
cp yk/yk_salt /mnt/boot/crypt-storage/default
cp yk/yk_salt /mnt/backup-esp/crypt-storage/default

Copy the configuration files

cp configuration.nix /mnt/etc/nixos/configuration.nix
cp disko.nix /mnt/etc/nixos/disko.nix
cp hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix

Run nixos-install