### Partitioning: Stage Start. ## Creating a GPT partition table for our reproducible dev environment. sudo parted /dev/vda -- mklabel gpt ## Configuring a boot partition of size 525 MiB with a 1MiB offset. sudo parted /dev/vda -- mkpart ESP fat32 1MiB 526MiB ## Setting the first partition as our boot location. sudo parted /dev/vda -- set 1 esp on ## Creating a primary partition that allocates/uses the remaining space (starting from our boot to leaving 16GiB for swap partition). sudo parted /dev/vda -- mkpart primary 526MiB -16GiB ## Allocating the remaining 16GiB of disk space for a swap partition. sudo parted /dev/vda -- mkpart linux-swap -16GiB 100% ### Partitioning: Stage End. ### Format Stage 1. ## Formatting the boot partition with the FAT32 file system. sudo mkfs.fat -F 32 -n BOOT /dev/vda1 ## Initializing the swap partition. sudo mkswap /dev/vda3 ## Activating swap. sudo swapon /dev/vda3 ### Full Disk Encryption: Stage Start. ## This FDE stage can be skipped/commented if you don't need/care about: ## [Encryption at Rest](https://www.youtube.com/watch?v=5rlZtasM-Pk). ## [Data at rest - Encryption](https://en.wikipedia.org/wiki/Data_at_rest#Encryption). ## All of the options/flags are succinctly described on the [Archlinux Wiki Site](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt) (please donate if you can!<3) ## Fully encrypts the main storage space using LUKS2 with the [Argon2id key derivation](https://en.wikipedia.org/wiki/Argon2). sudo cryptsetup --verbose --type luks2 --cipher aes-xts-plain64 --hash sha512 --key-size 512 --pbkdf argon2id --use-urandom --verify-passphrase luksFormat /dev/vda2 ## Opens the encryption while also labeling the disk partition to "luksroot". sudo cryptsetup luksOpen /dev/vda2 luksroot ### Full disk encryption: Stage End. ### Format Stage 2. ## If FDE was skipped please uncomment and use the "Alt" variant bash commands and comment out the "First" commands. ## First: sudo mkfs.btrfs -L nixos /dev/mapper/luksroot ## Alt: # sudo mkfs.btrfs -L nixos /dev/vda2 ### BTRFS Subvolume Creation: Stage Start. ## First: sudo mount /dev/mapper/luksroot /mnt ## Alt: # sudo mount /dev/vda2 /mnt cd /mnt sudo btrfs subvolume create /mnt/root sudo btrfs subvolume create /mnt/home sudo btrfs subvolume create /mnt/nix sudo btrfs subvolume create /mnt/.logs sudo btrfs subvolume create /mnt/.snapshots cd sudo umount /mnt ## First: sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=root /dev/mapper/luksroot /mnt # Alt: # sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=root /dev/vda2 /mnt ### BTRFS Subvolume Creation: Stage End. ### Partition Mounting: Stage Start. ## Creating the corresponding directories to mount the subvolumes. sudo mkdir -p /mnt/{boot,home,nix,.logs,.snapshots} sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=home /dev/mapper/luksroot /mnt/home sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=nix /dev/mapper/luksroot /mnt/nix sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=.logs /dev/mapper/luksroot /mnt/.logs sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=.snapshots /dev/mapper/luksroot /mnt/.snapshots sudo mount -o umask=077 /dev/vda1 /mnt/boot ### Partition Mounting: Stage End. ### Initial Config Generation. ## This generates the initial `configuration.nix` and `hardware-configuration.nix`. ## `configuration.nix` will be replaced with the one provided in the repository but the command is still necessary to generate the proper config for `hardware-configuration.nix`. sudo nixos-generate-config --root /mnt # sudo nixos-install --no-root-passwd ## ^this last bash command is commented to allow users to configure/customize their dev environment before performing the first install. ## Once you've added your username, password, and a hostname into `secrets.nix` you're ready to install! ## Running this command will perform the first NixOS install using the config details that was provided in: ## `configuration.nix`, `hardware-configuration.nix`, `secrets.nix`. ## After the initial install is complete, you'll want to use/run the following command to update your system: # sudo nixos-rebuild switch --upgrade ## ^this updates your system on the fly and generates a new bootable entry when you first turn on your computer/VM. ## Congrats you now have an indestructable system! ## Whenever one entry/version fails to boot, ## you can restart your comp and just select another previous version and choose to update again. ## Ex: version 1 works but you decide today's a good day to update. Version 2 loads on the fly, you work for a bit, turn off your comp, and turn in for the day. ## Later, after turning on your comp and loading v2 it fails to load which sucks. ## So you load v1 again, log in, update again which creates v3. ## If v3 works then your update just works and the broken v2 update can safely be nuked from orbit. ## ez upgrades, ez life ## perfection