You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
33 lines
1.3 KiB
33 lines
1.3 KiB
# NixOS Configuration
|
|
|
|
## Initial Framework 16 Setup
|
|
|
|
1. Create LUKS key files for all Yubikeys by following the first 3 steps of [this guide](https://github.com/sgillespie/nixos-yubikey-luks)
|
|
- Attention: only run step 1) `ykpersonalize -2 -ochal-resp -ochal-hmac` if it's a new Yubikey or if you are sure that slot 2 is not used! You may loose access to existing devices otherwise
|
|
- use the same salt for all keys
|
|
- store a file with the content of the LUKS_KEYS variable
|
|
2. Configure the `disko.nix` file to match your system.
|
|
3. Run the NixOS installer, copy the files to /tmp
|
|
```bash
|
|
cp -r yk /tmp/yk # contains the keys
|
|
cp disko.nix /tmp/disko.nix
|
|
```
|
|
4. Run disko
|
|
```bash
|
|
nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /tmp/disko.nix
|
|
```
|
|
5. Copy the salt's to the unencrypted partition
|
|
```bash
|
|
mkdir /mnt/boot/crypt-storage
|
|
mkdir /mnt/backup-esp/crypt-storage
|
|
cp yk/yk_salt /mnt/boot/crypt-storage/default
|
|
cp yk/yk_salt /mnt/backup-esp/crypt-storage/default
|
|
```
|
|
6. Copy the configuration files
|
|
```bash
|
|
cp configuration.nix /mnt/etc/nixos/configuration.nix
|
|
cp disko.nix /mnt/etc/nixos/disko.nix
|
|
cp hardware-configuration.nix /mnt/etc/nixos/hardware-configuration.nix
|
|
```
|
|
7. Run `nixos-install`
|
|
|
|
|