[Nix-dev] Encrypted root: LUKS over LVM

Nikita Karetnikov nikita at karetnikov.org
Sun Jan 4 21:04:11 CET 2015


I’m trying to configure NixOS with LUKS over LVM as described in [1].
After partitioning the disk (see ‘partition-table.sfdisk’), I did the
following:

# mkfs.ext3 /dev/sda1
# cryptsetup luksFormat -i 5000 /dev/sda2
# cryptsetup luksOpen /dev/sda2 main
# pvcreate /dev/mapper/main
# vgcreate main /dev/mapper/main
# lvcreate -n main --extent=100%FREE main
# mkfs.ext3 /dev/main/main
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot
# mount /dev/main/main /mnt
# nixos-generate-config --root /mnt

Then I edited ‘configuration.nix’ (attached) according to the wiki page
and ran ‘nixos-install’, which failed (see ‘nixos-install.log’).  Is
anything wrong with the config file?

[1] https://nixos.org/wiki/Encrypted_Root_on_NixOS

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: partition-table.sfdisk
Url: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150105/c3c827e2/attachment-0002.pl 
-------------- next part --------------
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the GRUB 2 boot loader.
  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda";

  boot.initrd.luks.devices = [ 
    { name = "main"; device = "/dev/sda2"; preLVM = true; }
  ];

  fileSystems = [ {
    mountPoint ="/";
    device = "/dev/mapper/main";
  } {
    mountPoint = "/boot";
    device = "/dev/sda1";
  }
  ];

  networking.hostName = "hostname"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless.

  # Select internationalisation properties.
  i18n = {
    consoleFont = "Lat2-Terminus";
    consoleKeyMap = "us";
    defaultLocale = "en_US.UTF-8";
  };

  # List packages installed in system profile. To search by name, run:
  # $ nix-env -qaP | grep wget
  # environment.systemPackages = with pkgs; [
  #   wget
  # ];

  # List services that you want to enable:

  # Enable the OpenSSH daemon.
  # services.openssh.enable = true;

  # Enable CUPS to print documents.
  # services.printing.enable = true;

  # Enable the X11 windowing system.
  services.xserver.enable = true;
  services.xserver.layout = "us";
  services.xserver.xkbOptions = "eurosign:e";

  # Enable the KDE Desktop Environment.
  # services.xserver.displayManager.kdm.enable = true;
  # services.xserver.desktopManager.kde4.enable = true;

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.extraUsers.guest = {
    name = "user";
    isNormalUser = true;
    uid = 1000;
  };

}
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: nixos-install.log
Url: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150105/c3c827e2/attachment-0003.pl 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150105/c3c827e2/attachment-0001.bin 


More information about the nix-dev mailing list