Diskussion:NixOS: Unterschied zwischen den Versionen
Vater (Diskussion | Beiträge) (Neuer Abschnitt →Ideen für Ideen zu und rund um NixOS) |
Vater (Diskussion | Beiträge) KKeine Bearbeitungszusammenfassung |
||
(44 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
== Ideen für Ideen zu und rund um [[NixOS]] == | == Ideen für Ideen zu und rund um [[NixOS]] == | ||
==== [[NixOS]] meets iRedMail ==== | ==== <s>[[NixOS]] meets iRedMail</s> ==== | ||
* http://www.iredmail.org/docs/ | * <s>http://www.iredmail.org/docs/</s> | ||
* https://gitlab.com/simple-nixos-mailserver | |||
** https://nixos-mailserver.readthedocs.io/ | |||
==== (g)ui the whole configuration.nix ==== | ==== (g)ui the whole configuration.nix ==== | ||
Zeile 16: | Zeile 18: | ||
==== nixpkgs on [[BSD]] ==== | ==== nixpkgs on [[BSD]] ==== | ||
; [[FreeBSD]]: | |||
: Siehe [[Diskussion:BSD#FreeBSD meets Nixpkgs]] | |||
; [[Dragonfly BSD]]: | ; [[Dragonfly BSD]]: | ||
Zeile 22: | Zeile 27: | ||
; nix für Jails: | ; nix für Jails: | ||
== my perfect NixOS laptop installation == | |||
The goal is to set up a sweet default for the usage of a (usual) laptop running [[NixOS]]. | |||
: Probably we are going to use a ThinkPad (idea of the project [[denkende Bretter bohren]]). Of course everybody can bring their own device. | |||
The "perfect" setup seems to be: | |||
* [[NixOS]] | |||
* [[ZFS]] (for everything but ''/boot'') | |||
*: ext4 might be possible also but is not as feature rich. btrfs should be also available to install (NixOS) on. | |||
* 2 mirrored disks (nice to have) | |||
*: (A caddy for a second disk (for a ThinkPad) will be there for testing such a setup. [[user:vater]] has got one.) | |||
* all data encrypted (as far as possible - for ''/'' but probably without ''/boot'') | |||
*: Probably we have to use the 18.03 (version of [[NixOS]], a prerelease) b/c we also want to test native ZFS encryption. | |||
*:: Those who are interested to run LUKS - the "typical" way to encrypt devices on [[GNU/Linux]] - can do of course. | |||
*:: ZFS native encryption is one of the newest features of ZFS, driven by the ZoL community. (It is not available on [[FreeBSD]] at present (2017-10).) | |||
* (maybe a device or file for swap) | |||
=== Installation === | |||
==== Hardware ==== | |||
; Laptop: lenovo ThikPad T430 | |||
; Massenspeicher: | |||
* 2 x 500 GB HDD | |||
* 1 x 24 GB SSD | |||
* <small>1 x 16 GB USB</small> | |||
; Arbeitsspeicher: | |||
* 2 x 8 GB DDR3 | |||
==== Partitionieren und Formatieren ==== | |||
===== Bestandsaufnahme der verfügbaren Geräte an Massenspeicher ===== | |||
: <code>lsblk</code> | |||
: <code>fdisk -l /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors | |||
Units: sectors of 1 * 512 = 512 bytes | |||
Sector size (logical/physical): 512 bytes / 4096 bytes | |||
I/O size (minimum/optimal): 4096 bytes / 4096 bytes | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"></syntaxhighlight> | |||
: <code>fdisk -l /dev/sdb</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sdb: 22.4 GiB, 24015495168 bytes, 46905264 sectors | |||
Units: sectors of 1 * 512 = 512 bytes | |||
Sector size (logical/physical): 512 bytes / 512 bytes | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"></syntaxhighlight> | |||
: <code>fdisk -l /dev/sdc</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sdc: 14.9 GiB, 16005464064 bytes, 31260672 sectors | |||
Units: sectors of 1 * 512 = 512 bytes | |||
Sector size (logical/physical): 512 bytes / 512 bytes | |||
I/O size (minimum/optimal): 512 bytes / 512 bytes | |||
Disklabel type: dos | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"></syntaxhighlight> | |||
: <code>fdisk -l /dev/sdd</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sdd: 465.8 GiB, 500107862016 bytes, 976773168 sectors | |||
Units: sectors of 1 * 512 = 512 bytes | |||
Sector size (logical/physical): 512 bytes / 4096 bytes | |||
I/O size (minimum/optimal): 4096 bytes / 4096 bytes | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"></syntaxhighlight> | |||
===== Partitionierung eines verfügbaren Gerätes an Massenspeicher ===== | |||
; Pauschales Erstellen einer neuen Partitionstabelle auf jedem Gerät, das künftig Bestandteil vom Setup sein soll: | |||
: BTW: Das kann auch gern auf der grafischen Oberfläche mit ''GParted'' gemacht werden. | |||
:* Gerät im Dropdown-Menü auswählen | |||
:* ''Device'' -> ''Create Partion Table'' | |||
:* <s>''gpt''</s> im Dropdown-Menü auswählen | |||
:* Bestätigen | |||
<s> | |||
??? | |||
: <code>sgdisk -p /dev/sda</code> | |||
<syntaxhighlight lang="shell"></syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Number Start (sector) End (sector) Size Code Name | |||
1 2048 2099199 1024.0 MiB 8300 Linux filesystem | |||
2 2099200 976773119 464.8 GiB 8300 Linux filesystem | |||
</syntaxhighlight> | |||
: <code>sgdisk -Z /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
GPT data structures destroyed! You may now partition the disk using fdisk or other utilities. | |||
</syntaxhighlight> | |||
: <code>sgdisk -o /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
Creating new GPT entries. | |||
The operation has completed successfully. | |||
</syntaxhighlight> | |||
: <code>sgdisk -p /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sdd: 976773168 sectors, 465.8 GiB | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Model: | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Sector size (logical/physical): 512/4096 bytes | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Disk identifier (GUID): | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Partition table holds up to 128 entries | |||
Main partition table begins at sector 2 and ends at sector 33 | |||
First usable sector is 34, last usable sector is 976773134 | |||
Partitions will be aligned on 2048-sector boundaries | |||
Total free space is 976773101 sectors (465.8 GiB) | |||
Number Start (sector) End (sector) Size Code Name | |||
</syntaxhighlight> | |||
</s> | |||
Achtung! | |||
Bisher wurde ausschließlich mit MBR erfolgreich die Installation durchgeführt. | |||
---- | |||
<!-- | |||
: <code>sgdisk -Z /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
*************************************************************** | |||
Found invalid GPT and valid MBR; converting MBR to GPT format | |||
in memory. | |||
*************************************************************** | |||
GPT data structures destroyed! You may now partition the disk using fdisk or other utilities. | |||
</syntaxhighlight> | |||
: <code>sgdisk -o /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
Creating new GPT entries. | |||
The operation has completed successfully. | |||
</syntaxhighlight> | |||
: <code>sgdisk -p /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sda: 976773168 sectors, 465.8 GiB | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Model: | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Sector size (logical/physical): 512/4096 bytes | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Disk identifier (GUID): | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Partition table holds up to 128 entries | |||
Main partition table begins at sector 2 and ends at sector 33 | |||
First usable sector is 34, last usable sector is 976773134 | |||
Partitions will be aligned on 2048-sector boundaries | |||
Total free space is 976773101 sectors (465.8 GiB) | |||
Number Start (sector) End (sector) Size Code Name | |||
</syntaxhighlight> | |||
!--> | |||
---- | |||
: <code>sgdisk -a1 -n2:34:2047 -t2:EF02 /dev/sda</code> | |||
: <code>sgdisk -n1:0:0 -t1:BF01 /dev/sda</code> | |||
: <code>sgdisk -p /dev/sda</code> | |||
<syntaxhighlight lang="shell"> | |||
Disk /dev/sda: 976773168 sectors, 465.8 GiB | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Model: | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Sector size (logical/physical): 512/4096 bytes | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Disk identifier (GUID): | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Partition table holds up to 128 entries | |||
Main partition table begins at sector 2 and ends at sector 33 | |||
First usable sector is 34, last usable sector is 976773134 | |||
Partitions will be aligned on 8-sector boundaries | |||
Total free space is 0 sectors (0 bytes) | |||
Number Start (sector) End (sector) Size Code Name | |||
1 2048 976773134 465.8 GiB BF01 | |||
2 34 2047 1007.0 KiB EF02 | |||
</syntaxhighlight> | |||
===== Partitionierung eines weiteren Gerätes an Massenspeicher ===== | |||
Replizieren der Partitionstablle vom eingerichteten Gerät ''sda'' auf das gleichermaßen einzurichtende Gerät ''sdd'' | |||
: <code>sgdisk /dev/sda -R /dev/sdd</code> | |||
<syntaxhighlight lang="shell"> | |||
The operation has completed successfully. | |||
</syntaxhighlight> | |||
Generieren einer neuen (abweichenden) [[wikipedia:de:Globally Unique Identifier|GUID]] für das gleichermassen einzurichtende Gerät ''sdd'' | |||
: <code>sgdisk -G /dev/sdd</code> | |||
===== Erstellen vom Spiegel der Partitionen fürs Booten ===== | |||
: (leider) ohne ZFS | |||
: Spiegeln (in Anlehnung an den Spiegel von ZFS) der Geräte | |||
Erstellen von einem Spiegel der Partitionen (''sda1'' und ''sdd1'') für das Booten der einheitlich eingerichteten Geräte ''sda'' und ''sdd'' | |||
: <code>mdadm --create /dev/md127 --metadata=0.90 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdd1</code> | |||
<syntaxhighlight lang="shell"> | |||
mdadm: array /dev/md127 started. | |||
</syntaxhighlight> | |||
<s>(theoretisches) Zerstören vom Spiegel der Partitionen (''sda1'' und ''sdd1'') | |||
: <code>mdadm --stop /dev/md127</code> | |||
: <code>mdadm --zero-superblock /dev/sda1 /dev/sdd1</code> | |||
</s> | |||
(optionales) Anzeigen lassen der Einzelheiten des erstellten Spiegels | |||
: <code>mdadm --detail /dev/md127</code> | |||
<syntaxhighlight lang="shell"> | |||
</syntaxhighlight> | |||
: <code>mkfs.ext4 -m 0 -L boot -j /dev/md127</code> | |||
<syntaxhighlight lang="shell"> | |||
mke2fs 1.43.7 (16-Oct-2017) | |||
Creating filesystem with 122096368 4k blocks and 30531584 inodes | |||
Filesystem UUID: eb3bd738-a661-400e-a0dc-990bace991d7 | |||
Superblock backups stored on blocks: | |||
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, | |||
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, | |||
102400000 | |||
Allocating group tables: done | |||
Writing inode tables: done | |||
Creating journal (262144 blocks): done | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Writing superblocks and filesystem accounting information: | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
done | |||
</syntaxhighlight> | |||
===== Erstellen vom gespiegelten Pool der Partitionen für ZFS ===== | |||
: <code>zpool create -f -o ashift=12 -o altroot=/mnt -O encryption=aes-256-gcm -O keyformat=passphrase zroot mirror /dev/sda1 /dev/sdd1</code> | |||
<syntaxhighlight lang="shell"> | |||
Enter passphrase: | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell"> | |||
Re-enter passphrase: | |||
</syntaxhighlight> | |||
===== Erstellen der Datasets gespiegelten Pool der Partitionen für ZFS ===== | |||
: <code>zfs create -o mountpoint=none zroot/root</code> | |||
: <code>zfs create -o mountpoint=legacy -o sync=disabled zroot/root/tmp</code> | |||
: <code>zfs create -o mountpoint=legacy zroot/root/nixos</code> | |||
: <code>zfs create -o mountpoint=legacy zroot/root/home</code> | |||
: <code>zfs set compression=lz4 zroot/root/home</code> | |||
===== Einhängen der Speicher für die Installation ===== | |||
: <code>mount -t zfs zroot/root/nixos /mnt</code> | |||
: <code>mkdir /mnt/{home,tmp,boot}</code> | |||
: <code>mount /dev/md127 /mnt/boot/</code> | |||
: <code>mount -t zfs zroot/root/home /mnt/home/</code> | |||
: <code>mount -t zfs zroot/root/tmp /mnt/tmp/</code> | |||
===== Einhängen der Speicher für die Installation ===== | |||
: <code>nixos-generate-config --root /mnt</code> | |||
<syntaxhighlight lang="shell"> | |||
writing /mnt/etc/nixos/hardware-configuration.nix... | |||
writing /mnt/etc/nixos/configuration.nix... | |||
</syntaxhighlight> | |||
===== Einhängen der Speicher für die Installation ===== | |||
: <code>nixos-generate-config --root /mnt</code> | |||
<syntaxhighlight lang="shell"> | |||
writing /mnt/etc/nixos/hardware-configuration.nix... | |||
warning: not overwriting existing /mnt/etc/nixos/configuration.nix | |||
</syntaxhighlight> | |||
: <code>cat /mnt/etc/nixos/hardware-configuration.nix</code> | |||
<syntaxhighlight lang="nix"> | |||
# Do not modify this file! It was generated by ‘nixos-generate-config’ | |||
# and may be overwritten by future invocations. Please make changes | |||
# to /etc/nixos/configuration.nix instead. | |||
{ config, lib, pkgs, ... }: | |||
{ | |||
imports = | |||
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> | |||
]; | |||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sdhci_pci" ]; | |||
boot.kernelModules = [ "kvm-intel" ]; | |||
boot.extraModulePackages = [ ]; | |||
fileSystems."/" = | |||
{ device = "zroot/root/nixos"; | |||
fsType = "zfs"; | |||
}; | |||
fileSystems."/boot" = | |||
{ device = "/dev/disk/by-uuid/161f4a4b-93da-4722-a8bf-035451b28201"; | |||
fsType = "ext4"; | |||
}; | |||
fileSystems."/home" = | |||
{ device = "zroot/root/home"; | |||
fsType = "zfs"; | |||
}; | |||
fileSystems."/tmp" = | |||
{ device = "zroot/root/tmp"; | |||
fsType = "zfs"; | |||
}; | |||
swapDevices = | |||
[ { device = "/dev/disk/by-uuid/8d44ba2b-4cc3-4f7f-b4b4-6e78f461222b"; } | |||
]; | |||
nix.maxJobs = lib.mkDefault 4; | |||
#### powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; | |||
} | |||
</syntaxhighlight> | |||
: <code>cat /mnt/etc/nixos/hardware-configuration.nix</code> | |||
<syntaxhighlight lang="nix"> | |||
# Edit this configuration file to define what should be installed on | |||
# your system. Help is available in the configuration.nix(5) man page | |||
# and in the NixOS manual (accessible by running ‘nixos-help’). | |||
{ config, pkgs, ... }: | |||
{ | |||
imports = | |||
[ # Include the results of the hardware scan. | |||
./hardware-configuration.nix | |||
]; | |||
# Use the GRUB 2 boot loader. | |||
boot.loader.grub.enable = true; | |||
boot.loader.grub.version = 2; | |||
# boot.loader.grub.efiSupport = true; | |||
# boot.loader.grub.efiInstallAsRemovable = true; | |||
# boot.loader.efi.efiSysMountPoint = "/boot/efi"; | |||
# Define on which hard drive you want to install Grub. | |||
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only | |||
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdd" ]; | |||
boot.zfs.enableUnstable = true; | |||
boot.supportedFilesystems = [ "zfs" ]; | |||
# networking.hostName = "nixos"; # Define your hostname. | |||
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. | |||
networking.hostId = "ac174b52"; | |||
# Select internationalisation properties. | |||
# i18n = { | |||
# consoleFont = "Lat2-Terminus16"; | |||
# consoleKeyMap = "us"; | |||
# defaultLocale = "en_US.UTF-8"; | |||
# }; | |||
i18n = { | |||
consoleFont = "Lat2-Terminus16"; | |||
consoleKeyMap = "us"; | |||
defaultLocale = "en_US.UTF-8"; | |||
}; | |||
# Set your time zone. | |||
# time.timeZone = "Europe/Amsterdam"; | |||
time.timeZone = "Europe/Berlin"; | |||
# List packages installed in system profile. To search by name, run: | |||
# $ nix-env -qaP | grep wget | |||
# environment.systemPackages = with pkgs; [ | |||
# wget vim | |||
# ]; | |||
environment.systemPackages = with pkgs; [ | |||
wget | |||
vim | |||
firefox | |||
]; | |||
# Some programs need SUID wrappers, can be configured further or are | |||
# started in user sessions. | |||
# programs.bash.enableCompletion = true; | |||
programs.bash.enableCompletion = true; | |||
# programs.mtr.enable = true; | |||
programs.mtr.enable = true; | |||
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; | |||
programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; | |||
# List services that you want to enable: | |||
# Enable the OpenSSH daemon. | |||
# services.openssh.enable = true; | |||
services.openssh.enable = true; | |||
# Open ports in the firewall. | |||
# networking.firewall.allowedTCPPorts = [ ... ]; | |||
# networking.firewall.allowedUDPPorts = [ ... ]; | |||
# Or disable the firewall altogether. | |||
# networking.firewall.enable = false; | |||
# Enable CUPS to print documents. | |||
# services.printing.enable = true; | |||
# Enable the X11 windowing system. | |||
# services.xserver.enable = true; | |||
services.xserver.enable = true; | |||
# services.xserver.layout = "us"; | |||
services.xserver.layout = "us"; | |||
# services.xserver.xkbOptions = "eurosign:e"; | |||
services.xserver.xkbOptions = "eurosign:e"; | |||
# Enable touchpad support. | |||
# services.xserver.libinput.enable = true; | |||
# Enable the KDE Desktop Environment. | |||
# services.xserver.displayManager.sddm.enable = true; | |||
services.xserver.displayManager.sddm.enable = true; | |||
# services.xserver.desktopManager.plasma5.enable = true; | |||
services.xserver.desktopManager.plasma5.enable = true; | |||
# Define a user account. Don't forget to set a password with ‘passwd’. | |||
# users.extraUsers.guest = { | |||
# isNormalUser = true; | |||
# uid = 1000; | |||
# }; | |||
# This value determines the NixOS release with which your system is to be | |||
# compatible, in order to avoid breaking some software such as database | |||
# servers. You should change this only after NixOS release notes say you | |||
# should. | |||
system.stateVersion = "18.03"; # Did you read the comment? | |||
} | |||
</syntaxhighlight> | |||
===== Ersetzen eines der Geräte an Massenspeicher ===== | |||
tbc | |||
; MBR: | |||
; GPT: | |||
== booting from ZFS == | |||
=== GRUB kann doch ZFS, oder? === | |||
: oder ist das nur ein Ding für FreeBSD? | |||
* https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS#Booting_your_kernel_and_initrd_from_ZFS | |||
* https://wiki.archlinux.org/index.php/ZFS#GRUB-compatible_pool_creation | |||
* https://www.gnu.org/software/grub/manual/grub/html_node/Multi_002dboot-manual-config.html | |||
Das Übergeben vom Passwort ist dann vielleicht noch einmal ein anderer Akt. (Ich bilde mir ein, dass als [[PC-BSD]] zeitweise GRUB nutzte, das da bereits bei GRUB das Passwort abverlangt wurde. (<code>set kFreeBSD.kern.geom.eli.passphrase="$pass"</code> oder so ein Pfeffer<ref>https://github.com/trueos/trueos-core/blob/master/overlays/install-overlay/boot/grub/grub.cfg.trueos</ref>)) | |||
== Domains == | |||
* nix | |||
** guide | |||
** style | |||
** support | |||
** training | |||
** earth | |||
** international | |||
** world | |||
** land | |||
** city | |||
** farm | |||
** team | |||
** group | |||
** community | |||
** center | |||
** school | |||
** academy | |||
** institute | |||
** company | |||
** promo | |||
** tools | |||
** network | |||
** … | |||
* nixos | |||
** … | |||
== wir machen nix für euch == | |||
* https://www.systemli.org/service/ | |||
* https://disroot.org/en/#services | |||
* https://riseup.net/de/security/resources/radical-servers | |||
== Software, die for public good paketiert werden könnte == | |||
; Plone: | |||
* https://plone.org/ | |||
* nutzt beispielsweise die TU Dresden oder auch der StuRa HTW Dresden als Website | |||
; PWM: | |||
* https://github.com/pwm-project/pwm | |||
* nutzt Disroot für die Verwaltung von Konten | |||
; <s>[[wikipedia:de:Forgejo|Forgejo]]</s>: | |||
: https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/version-management/forgejo/default.nix | |||
* https://forgejo.org/ | |||
* https://codeberg.org/forgejo/forgejo | |||
; Tube: | |||
* https://git.mills.io/prologic/tube | |||
; Carbonyl: | |||
* https://github.com/fathyb/carbonyl | |||
; [[wikipedia:en:Ghost (blogging platform)|Ghost]]: | |||
* https://ghost.org/ | |||
* https://github.com/TryGhost/Ghost | |||
; Publii: | |||
* https://github.com/GetPublii/Publii | |||
* https://getpublii.com/docs/install-publii.html | |||
; Listen: | |||
* https://github.com/awesome-foss/awesome-sysadmin | |||
* https://codeberg.org/crypt0wl/golang-selfhosted | |||
== redundante Geräte für Massenspeicher == | |||
Der Einfachkeit halber gehen wir (erst einmal) von einem einfachen Spiegel von 2 Geräten für Massenspeicher für die Redundanz aus. | |||
=== Redundanz mit dem Dateisystem === | |||
==== Redundanz mit dem Dateisystem Btrfs ==== | |||
==== Redundanz mit dem Dateisystem ZFS ==== | |||
* https://elis.nu/blog/2019/08/encrypted-zfs-mirror-with-mirrored-boot-on-nixos/ | |||
=== Sonstiges === | |||
==== mehrere Geräte von denen gestartet werden kann ==== | |||
===== mehrere Geräte von denen gestartet werden kann <code>/boot/efi/</code> ===== | |||
; Problem: Es kann - mindestens wegen einer eigenständigen Partition für UEFI - nicht einfach durch die [[#Redundanz mit dem Dateisystem]] die redundante Funktionalität hergestellt werden. | |||
; Vorschläge: | |||
* [https://search.nixos.org/options?channel=unstable&query=boot.loader.grub.mirroredBoots boot.loader.grub.mirroredBoots] | |||
* [https://search.nixos.org/options?channel=unstable&show=boot.loader.grub.extraInstallCommands&query=boot.loader.grub.extraInstallCommands boot.loader.grub.extraInstallCommands] | |||
** [https://github.com/ne9z/dotfiles-flake/blob/openzfs-guide/modules/boot/default.nix#L160 OpenZFS style] | |||
* [https://search.nixos.org/options?channel=unstable&show=boot.loader.systemd-boot.extraInstallCommands&query=boot.loader.systemd-boot.extraInstallCommands boot.loader.systemd-boot.extraInstallCommands] | |||
* ("[https://www.thomas-krenn.com/de/wiki/Ubuntu_Software_RAID_mit_redundanten_UEFI_Boot_Eintr%C3%A4gen#L%C3%B6sung händisch]") | |||
===== mehrere Geräte von denen gestartet werden kann <code>/boot/</code> ===== | |||
* mdadm | |||
== andere [[Betriebssystem]]e vernixen == | |||
; NixOS meets [[Kali Linux]]: | |||
* https://jjjollyjim.github.io/arewehackersyet/ | |||
; NixOS meets [[Qubes OS]]: | |||
; NixOS meets [[OpenWrt]]: | |||
== Einzelnachweise == | |||
<references /> |
Aktuelle Version vom 22. Februar 2024, 20:33 Uhr
Ideen für Ideen zu und rund um NixOS
NixOS meets iRedMail
(g)ui the whole configuration.nix
- gui oder wui
- Unmöglichkeit von Typos
- bessere Übersicht zu (allen) verfügbaren Optionen
- ...
NixOS as FreeBSD
- aka uNix oder FreeNix oder NixBSD
nixpkgs on BSD
- Anwendungsbeispiele
- nix für Jails
my perfect NixOS laptop installation
The goal is to set up a sweet default for the usage of a (usual) laptop running NixOS.
- Probably we are going to use a ThinkPad (idea of the project denkende Bretter bohren). Of course everybody can bring their own device.
The "perfect" setup seems to be:
- NixOS
- ZFS (for everything but /boot)
- ext4 might be possible also but is not as feature rich. btrfs should be also available to install (NixOS) on.
- 2 mirrored disks (nice to have)
- (A caddy for a second disk (for a ThinkPad) will be there for testing such a setup. user:vater has got one.)
- all data encrypted (as far as possible - for / but probably without /boot)
- Probably we have to use the 18.03 (version of NixOS, a prerelease) b/c we also want to test native ZFS encryption.
- (maybe a device or file for swap)
Installation
Hardware
- Laptop
- lenovo ThikPad T430
- Massenspeicher
- 2 x 500 GB HDD
- 1 x 24 GB SSD
- 1 x 16 GB USB
- Arbeitsspeicher
- 2 x 8 GB DDR3
Partitionieren und Formatieren
Bestandsaufnahme der verfügbaren Geräte an Massenspeicher
lsblk
fdisk -l /dev/sda
Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
fdisk -l /dev/sdb
Disk /dev/sdb: 22.4 GiB, 24015495168 bytes, 46905264 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
fdisk -l /dev/sdc
Disk /dev/sdc: 14.9 GiB, 16005464064 bytes, 31260672 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
fdisk -l /dev/sdd
Disk /dev/sdd: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Partitionierung eines verfügbaren Gerätes an Massenspeicher
- Pauschales Erstellen einer neuen Partitionstabelle auf jedem Gerät, das künftig Bestandteil vom Setup sein soll
- BTW: Das kann auch gern auf der grafischen Oberfläche mit GParted gemacht werden.
- Gerät im Dropdown-Menü auswählen
- Device -> Create Partion Table
gptim Dropdown-Menü auswählen- Bestätigen
???
sgdisk -p /dev/sda
Number Start (sector) End (sector) Size Code Name
1 2048 2099199 1024.0 MiB 8300 Linux filesystem
2 2099200 976773119 464.8 GiB 8300 Linux filesystem
sgdisk -Z /dev/sda
GPT data structures destroyed! You may now partition the disk using fdisk or other utilities.
sgdisk -o /dev/sda
Creating new GPT entries.
The operation has completed successfully.
sgdisk -p /dev/sda
Disk /dev/sdd: 976773168 sectors, 465.8 GiB
Model:
Sector size (logical/physical): 512/4096 bytes
Disk identifier (GUID):
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 2048-sector boundaries
Total free space is 976773101 sectors (465.8 GiB)
Number Start (sector) End (sector) Size Code Name
Achtung! Bisher wurde ausschließlich mit MBR erfolgreich die Installation durchgeführt.
sgdisk -a1 -n2:34:2047 -t2:EF02 /dev/sda
sgdisk -n1:0:0 -t1:BF01 /dev/sda
sgdisk -p /dev/sda
Disk /dev/sda: 976773168 sectors, 465.8 GiB
Model:
Sector size (logical/physical): 512/4096 bytes
Disk identifier (GUID):
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 8-sector boundaries
Total free space is 0 sectors (0 bytes)
Number Start (sector) End (sector) Size Code Name
1 2048 976773134 465.8 GiB BF01
2 34 2047 1007.0 KiB EF02
Partitionierung eines weiteren Gerätes an Massenspeicher
Replizieren der Partitionstablle vom eingerichteten Gerät sda auf das gleichermaßen einzurichtende Gerät sdd
sgdisk /dev/sda -R /dev/sdd
The operation has completed successfully.
Generieren einer neuen (abweichenden) GUID für das gleichermassen einzurichtende Gerät sdd
sgdisk -G /dev/sdd
Erstellen vom Spiegel der Partitionen fürs Booten
- (leider) ohne ZFS
- Spiegeln (in Anlehnung an den Spiegel von ZFS) der Geräte
Erstellen von einem Spiegel der Partitionen (sda1 und sdd1) für das Booten der einheitlich eingerichteten Geräte sda und sdd
mdadm --create /dev/md127 --metadata=0.90 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdd1
mdadm: array /dev/md127 started.
(theoretisches) Zerstören vom Spiegel der Partitionen (sda1 und sdd1)
mdadm --stop /dev/md127
mdadm --zero-superblock /dev/sda1 /dev/sdd1
(optionales) Anzeigen lassen der Einzelheiten des erstellten Spiegels
mdadm --detail /dev/md127
mkfs.ext4 -m 0 -L boot -j /dev/md127
mke2fs 1.43.7 (16-Oct-2017)
Creating filesystem with 122096368 4k blocks and 30531584 inodes
Filesystem UUID: eb3bd738-a661-400e-a0dc-990bace991d7
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information:
done
Erstellen vom gespiegelten Pool der Partitionen für ZFS
zpool create -f -o ashift=12 -o altroot=/mnt -O encryption=aes-256-gcm -O keyformat=passphrase zroot mirror /dev/sda1 /dev/sdd1
Enter passphrase:
Re-enter passphrase:
Erstellen der Datasets gespiegelten Pool der Partitionen für ZFS
zfs create -o mountpoint=none zroot/root
zfs create -o mountpoint=legacy -o sync=disabled zroot/root/tmp
zfs create -o mountpoint=legacy zroot/root/nixos
zfs create -o mountpoint=legacy zroot/root/home
zfs set compression=lz4 zroot/root/home
Einhängen der Speicher für die Installation
mount -t zfs zroot/root/nixos /mnt
mkdir /mnt/{home,tmp,boot}
mount /dev/md127 /mnt/boot/
mount -t zfs zroot/root/home /mnt/home/
mount -t zfs zroot/root/tmp /mnt/tmp/
Einhängen der Speicher für die Installation
nixos-generate-config --root /mnt
writing /mnt/etc/nixos/hardware-configuration.nix...
writing /mnt/etc/nixos/configuration.nix...
Einhängen der Speicher für die Installation
nixos-generate-config --root /mnt
writing /mnt/etc/nixos/hardware-configuration.nix...
warning: not overwriting existing /mnt/etc/nixos/configuration.nix
cat /mnt/etc/nixos/hardware-configuration.nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/161f4a4b-93da-4722-a8bf-035451b28201";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "zroot/root/home";
fsType = "zfs";
};
fileSystems."/tmp" =
{ device = "zroot/root/tmp";
fsType = "zfs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/8d44ba2b-4cc3-4f7f-b4b4-6e78f461222b"; }
];
nix.maxJobs = lib.mkDefault 4;
#### powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}
cat /mnt/etc/nixos/hardware-configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdd" ];
boot.zfs.enableUnstable = true;
boot.supportedFilesystems = [ "zfs" ];
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.hostId = "ac174b52";
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# environment.systemPackages = with pkgs; [
# wget vim
# ];
environment.systemPackages = with pkgs; [
wget
vim
firefox
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
services.xserver.enable = true;
# services.xserver.layout = "us";
services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
# users.extraUsers.guest = {
# isNormalUser = true;
# uid = 1000;
# };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
}
Ersetzen eines der Geräte an Massenspeicher
tbc
- MBR
- GPT
booting from ZFS
GRUB kann doch ZFS, oder?
- oder ist das nur ein Ding für FreeBSD?
- https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS#Booting_your_kernel_and_initrd_from_ZFS
- https://wiki.archlinux.org/index.php/ZFS#GRUB-compatible_pool_creation
- https://www.gnu.org/software/grub/manual/grub/html_node/Multi_002dboot-manual-config.html
Das Übergeben vom Passwort ist dann vielleicht noch einmal ein anderer Akt. (Ich bilde mir ein, dass als PC-BSD zeitweise GRUB nutzte, das da bereits bei GRUB das Passwort abverlangt wurde. (set kFreeBSD.kern.geom.eli.passphrase="$pass"
oder so ein Pfeffer[1]))
Domains
- nix
- guide
- style
- support
- training
- earth
- international
- world
- land
- city
- farm
- team
- group
- community
- center
- school
- academy
- institute
- company
- promo
- tools
- network
- …
- nixos
- …
wir machen nix für euch
Software, die for public good paketiert werden könnte
- Plone
- https://plone.org/
- nutzt beispielsweise die TU Dresden oder auch der StuRa HTW Dresden als Website
- PWM
- https://github.com/pwm-project/pwm
- nutzt Disroot für die Verwaltung von Konten
Forgejo- https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/version-management/forgejo/default.nix
- Tube
- Carbonyl
- Publii
- Listen
redundante Geräte für Massenspeicher
Der Einfachkeit halber gehen wir (erst einmal) von einem einfachen Spiegel von 2 Geräten für Massenspeicher für die Redundanz aus.
Redundanz mit dem Dateisystem
Redundanz mit dem Dateisystem Btrfs
Redundanz mit dem Dateisystem ZFS
Sonstiges
mehrere Geräte von denen gestartet werden kann
mehrere Geräte von denen gestartet werden kann /boot/efi/
- Problem
- Es kann - mindestens wegen einer eigenständigen Partition für UEFI - nicht einfach durch die #Redundanz mit dem Dateisystem die redundante Funktionalität hergestellt werden.
- Vorschläge
- boot.loader.grub.mirroredBoots
- boot.loader.grub.extraInstallCommands
- boot.loader.systemd-boot.extraInstallCommands
- ("händisch")
mehrere Geräte von denen gestartet werden kann /boot/
- mdadm
andere Betriebssysteme vernixen
- NixOS meets Kali Linux
- NixOS meets Qubes OS
- NixOS meets OpenWrt