[Nix-dev] NixOS UEFI+LUKS+LVM or UEFI+LUKS+ZFS

Mark Gardner mkg at vt.edu
Tue Sep 27 21:02:34 CEST 2016 

I am new to NixOS. I definitely like what I have seen so far. Thank you.

I would like to encrypt the root partition with LUKS upon which LVM or ZFS
would provide /, swap, /home etc. I used https://nixos.org/wiki/
Encrypted_Root_on_NixOS and
https://bluishcoder.co.nz/2014/05/14/installing-nixos-with-
encrypted-root-on-thinkpad-w540.html as inspiration in my experiments in
Vbox. Here is how I set up the disk for the UEFI+LUKS+LVM case:

parted /dev/sda mktable gpt
sgdisk -n1:1M:+1M   -t1:EF02 -c1:GRUB /dev/sda
sgdisk -n2:2M:+512M -t2:EF00 -c2:BOOT /dev/sda
sgdisk -n3:0:0      -t3:8E00 -c3:LUKS /dev/sda

cryptsetup luksFormat /dev/sda3
cryptsetup luksOpen /dev/sda3 enc-pv

pvcreate /dev/mapper/enc-pv
vgcreate vg /dev/mapper/enc-pv
lvcreate -L 1G -n swap vg
lvcreate -l 1662 -n root vg  # lvcreate -L 40G vg -> 1662 extents

mkfs.msdos -F32 -n BOOT /dev/sda2
mkfs.jfs -L ROOT /dev/vg/root
mkswap -L SWAP /dev/vg/swap

mount /dev/vg/root /mnt
mount /dev/sda2 /mnt/boot
swapon /dev/vg/swap

Here is my configuration.nix:
{ config, pkgs, ... }:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  boot.loader.grub.enable = true;
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
  boot.initrd.luks.devices = [
    {
      name = "luksroot";
      device = "/dev/sda3";
      preLVM = true;
    }
  ];

  networking.hostName = "nixos";

  system.stateVersion = "16.03";
}

When I rebooted after installation, it seems to hang after prompting for
the LUKS password. I have searched the mailing list archives and can't find
anything that indicates where it is going wrong.

Does anyone have a configuration.nix that combines LUKS with LVM? Or with
ZFS? (Ultimately, I want to use ZFS. I am only using LVM to figure out
where the problem lies. Apparently the problem is related to LUKS.)

Mark
-- 
Mark Gardner
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160927/22980023/attachment.html>

More information about the nix-dev mailing list