[Nix-dev] NixOS UEFI+LUKS+LVM or UEFI+LUKS+ZFS

Bas van Dijk v.dijk.bas at gmail.com
Tue Sep 27 21:20:06 CEST 2016 

Your installation steps look very similar to the following how-to I use
when setting up a new system. The most significant difference seems to be
that you're calling mkfs.jfs while I'm calling mkfs.ext4:

# See:
#
# *
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
#
# *
http://nixos.org/nixos/manual/sec-installation.html#sec-uefi-installation
#
#
# gdisk /dev/sda
# o       # create a new empty GUID partition table (GPT)
# Y       # This option deletes all partitions and created a new protective
MBR. Proceed Y/N?
# n       # add a new partition
#         # Partition number, default 1
#         # First sector
# +512M   # Last sector
# EF00    # GUID (EFI System)
# n       # add a new partition
#         # Partition number, default 2
#         # First sector
#         # Last sector
# 8E00    # GUID (Linux LVM)
# w       # write table to disk and exit
# Y       # Do you want to proceed Y/N?
#
# cryptsetup luksFormat /dev/sda2
# YES
# <passphrase>
# <passphrase>
#
# mkfs.vfat /dev/sda1 -n BOOT
#
# cryptsetup open --type luks /dev/sda2 lvm
# <passphrase>
#
# # # To activate an existing volume:
# # pvscan
# # vgchange -ay MyStorage
#
# pvcreate /dev/mapper/lvm
#
# vgcreate MyStorage /dev/mapper/lvm
#
# lvcreate -L 16G MyStorage -n swapvol
# lvcreate -l +100%FREE MyStorage -n rootvol
#
# mkfs.ext4 /dev/mapper/MyStorage-rootvol -L root
# mkswap    /dev/mapper/MyStorage-swapvol -L swap
#
# swapon /dev/disk/by-label/swap
#
# mount /dev/disk/by-label/root /mnt
#
# mkdir /mnt/boot
#
# mount /dev/disk/by-label/BOOT /mnt/boot
#
# nixos-generate-config --root /mnt
#
# nix-env -i emacs
#
# emacs -nw /mnt/etc/nixos/configuration.nix
# Set:
# boot.loader.grub.device = "/dev/sda";
# boot.initrd.kernelModules = [ "fbcon" ];
#
# services.openssh = {
#   enable = true;
#   permitRootLogin = "yes";
# };
#
# boot.initrd.luks.devices = [
#   { name = "lvm";
#     device = "/dev/sda2";
#   }
# ];
#
# nixos-install
# <root password>
# <root password>
#
# reboot


On 27 September 2016 at 21:02, Mark Gardner <mkg at vt.edu> wrote:

> I am new to NixOS. I definitely like what I have seen so far. Thank you.
>
> I would like to encrypt the root partition with LUKS upon which LVM or ZFS
> would provide /, swap, /home etc. I used https://nixos.org/wiki/Encrypt
> ed_Root_on_NixOS and
> https://bluishcoder.co.nz/2014/05/14/installing-nixos-with-e
> ncrypted-root-on-thinkpad-w540.html as inspiration in my experiments in
> Vbox. Here is how I set up the disk for the UEFI+LUKS+LVM case:
>
> parted /dev/sda mktable gpt
> sgdisk -n1:1M:+1M   -t1:EF02 -c1:GRUB /dev/sda
> sgdisk -n2:2M:+512M -t2:EF00 -c2:BOOT /dev/sda
> sgdisk -n3:0:0      -t3:8E00 -c3:LUKS /dev/sda
>
> cryptsetup luksFormat /dev/sda3
> cryptsetup luksOpen /dev/sda3 enc-pv
>
> pvcreate /dev/mapper/enc-pv
> vgcreate vg /dev/mapper/enc-pv
> lvcreate -L 1G -n swap vg
> lvcreate -l 1662 -n root vg  # lvcreate -L 40G vg -> 1662 extents
>
> mkfs.msdos -F32 -n BOOT /dev/sda2
> mkfs.jfs -L ROOT /dev/vg/root
> mkswap -L SWAP /dev/vg/swap
>
> mount /dev/vg/root /mnt
> mount /dev/sda2 /mnt/boot
> swapon /dev/vg/swap
>
> Here is my configuration.nix:
> { config, pkgs, ... }:
>
> {
>   imports =
>     [ # Include the results of the hardware scan.
>       ./hardware-configuration.nix
>     ];
>
>   boot.loader.grub.enable = true;
>   boot.loader.grub.version = 2;
>   boot.loader.grub.device = "/dev/sda";
>   boot.initrd.luks.devices = [
>     {
>       name = "luksroot";
>       device = "/dev/sda3";
>       preLVM = true;
>     }
>   ];
>
>   networking.hostName = "nixos";
>
>   system.stateVersion = "16.03";
> }
>
> When I rebooted after installation, it seems to hang after prompting for
> the LUKS password. I have searched the mailing list archives and can't find
> anything that indicates where it is going wrong.
>
> Does anyone have a configuration.nix that combines LUKS with LVM? Or with
> ZFS? (Ultimately, I want to use ZFS. I am only using LVM to figure out
> where the problem lies. Apparently the problem is related to LUKS.)
>
> Mark
> --
> Mark Gardner
> --
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160927/6c3994dd/attachment-0001.html>

More information about the nix-dev mailing list