Diskussion:NixOS: Unterschied zwischen den Versionen
Vater (Diskussion | Beiträge) |
Vater (Diskussion | Beiträge) (Neuer Abschnitt →wir machen nix für euch) |
||
Zeile 530: | Zeile 530: | ||
* nixos | * nixos | ||
** … | ** … | ||
== wir machen nix für euch == | |||
* https://www.systemli.org/service/ | |||
* https://disroot.org/en/#services | |||
* https://riseup.net/de/security/resources/radical-servers |
Version vom 29. Dezember 2022, 07:48 Uhr
Ideen für Ideen zu und rund um NixOS
NixOS meets iRedMail
(g)ui the whole configuration.nix
- gui oder wui
- Unmöglichkeit von Typos
- bessere Übersicht zu (allen) verfügbaren Optionen
- ...
NixOS as FreeBSD
- aka uNix oder FreeNix oder NixBSD
nixpkgs on BSD
- Anwendungsbeispiele
- nix für Jails
my perfect NixOS laptop installation
The goal is to set up a sweet default for the usage of a (usual) laptop running NixOS.
- Probably we are going to use a ThinkPad (idea of the project denkende Bretter bohren). Of course everybody can bring their own device.
The "perfect" setup seems to be:
- NixOS
- ZFS (for everything but /boot)
- ext4 might be possible also but is not as feature rich. btrfs should be also available to install (NixOS) on.
- 2 mirrored disks (nice to have)
- (A caddy for a second disk (for a ThinkPad) will be there for testing such a setup. user:vater has got one.)
- all data encrypted (as far as possible - for / but probably without /boot)
- Probably we have to use the 18.03 (version of NixOS, a prerelease) b/c we also want to test native ZFS encryption.
- (maybe a device or file for swap)
Installation
Hardware
- Laptop
- lenovo ThikPad T430
- Massenspeicher
- 2 x 500 GB HDD
- 1 x 24 GB SSD
- 1 x 16 GB USB
- Arbeitsspeicher
- 2 x 8 GB DDR3
Partitionieren und Formatieren
Bestandsaufnahme der verfügbaren Geräte an Massenspeicher
lsblk
fdisk -l /dev/sda
Disk /dev/sda: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
fdisk -l /dev/sdb
Disk /dev/sdb: 22.4 GiB, 24015495168 bytes, 46905264 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
fdisk -l /dev/sdc
Disk /dev/sdc: 14.9 GiB, 16005464064 bytes, 31260672 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
fdisk -l /dev/sdd
Disk /dev/sdd: 465.8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Partitionierung eines verfügbaren Gerätes an Massenspeicher
- Pauschales Erstellen einer neuen Partitionstabelle auf jedem Gerät, das künftig Bestandteil vom Setup sein soll
- BTW: Das kann auch gern auf der grafischen Oberfläche mit GParted gemacht werden.
- Gerät im Dropdown-Menü auswählen
- Device -> Create Partion Table
gptim Dropdown-Menü auswählen- Bestätigen
???
sgdisk -p /dev/sda
Number Start (sector) End (sector) Size Code Name
1 2048 2099199 1024.0 MiB 8300 Linux filesystem
2 2099200 976773119 464.8 GiB 8300 Linux filesystem
sgdisk -Z /dev/sda
GPT data structures destroyed! You may now partition the disk using fdisk or other utilities.
sgdisk -o /dev/sda
Creating new GPT entries.
The operation has completed successfully.
sgdisk -p /dev/sda
Disk /dev/sdd: 976773168 sectors, 465.8 GiB
Model:
Sector size (logical/physical): 512/4096 bytes
Disk identifier (GUID):
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 2048-sector boundaries
Total free space is 976773101 sectors (465.8 GiB)
Number Start (sector) End (sector) Size Code Name
Achtung! Bisher wurde ausschließlich mit MBR erfolgreich die Installation durchgeführt.
sgdisk -a1 -n2:34:2047 -t2:EF02 /dev/sda
sgdisk -n1:0:0 -t1:BF01 /dev/sda
sgdisk -p /dev/sda
Disk /dev/sda: 976773168 sectors, 465.8 GiB
Model:
Sector size (logical/physical): 512/4096 bytes
Disk identifier (GUID):
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 976773134
Partitions will be aligned on 8-sector boundaries
Total free space is 0 sectors (0 bytes)
Number Start (sector) End (sector) Size Code Name
1 2048 976773134 465.8 GiB BF01
2 34 2047 1007.0 KiB EF02
Partitionierung eines weiteren Gerätes an Massenspeicher
Replizieren der Partitionstablle vom eingerichteten Gerät sda auf das gleichermaßen einzurichtende Gerät sdd
sgdisk /dev/sda -R /dev/sdd
The operation has completed successfully.
Generieren einer neuen (abweichenden) GUID für das gleichermassen einzurichtende Gerät sdd
sgdisk -G /dev/sdd
Erstellen vom Spiegel der Partitionen fürs Booten
- (leider) ohne ZFS
- Spiegeln (in Anlehnung an den Spiegel von ZFS) der Geräte
Erstellen von einem Spiegel der Partitionen (sda1 und sdd1) für das Booten der einheitlich eingerichteten Geräte sda und sdd
mdadm --create /dev/md127 --metadata=0.90 --level=mirror --raid-devices=2 /dev/sda1 /dev/sdd1
mdadm: array /dev/md127 started.
(theoretisches) Zerstören vom Spiegel der Partitionen (sda1 und sdd1)
mdadm --stop /dev/md127
mdadm --zero-superblock /dev/sda1 /dev/sdd1
(optionales) Anzeigen lassen der Einzelheiten des erstellten Spiegels
mdadm --detail /dev/md127
mkfs.ext4 -m 0 -L boot -j /dev/md127
mke2fs 1.43.7 (16-Oct-2017)
Creating filesystem with 122096368 4k blocks and 30531584 inodes
Filesystem UUID: eb3bd738-a661-400e-a0dc-990bace991d7
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information:
done
Erstellen vom gespiegelten Pool der Partitionen für ZFS
zpool create -f -o ashift=12 -o altroot=/mnt -O encryption=aes-256-gcm -O keyformat=passphrase zroot mirror /dev/sda1 /dev/sdd1
Enter passphrase:
Re-enter passphrase:
Erstellen der Datasets gespiegelten Pool der Partitionen für ZFS
zfs create -o mountpoint=none zroot/root
zfs create -o mountpoint=legacy -o sync=disabled zroot/root/tmp
zfs create -o mountpoint=legacy zroot/root/nixos
zfs create -o mountpoint=legacy zroot/root/home
zfs set compression=lz4 zroot/root/home
Einhängen der Speicher für die Installation
mount -t zfs zroot/root/nixos /mnt
mkdir /mnt/{home,tmp,boot}
mount /dev/md127 /mnt/boot/
mount -t zfs zroot/root/home /mnt/home/
mount -t zfs zroot/root/tmp /mnt/tmp/
Einhängen der Speicher für die Installation
nixos-generate-config --root /mnt
writing /mnt/etc/nixos/hardware-configuration.nix...
writing /mnt/etc/nixos/configuration.nix...
Einhängen der Speicher für die Installation
nixos-generate-config --root /mnt
writing /mnt/etc/nixos/hardware-configuration.nix...
warning: not overwriting existing /mnt/etc/nixos/configuration.nix
cat /mnt/etc/nixos/hardware-configuration.nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "zroot/root/nixos";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/161f4a4b-93da-4722-a8bf-035451b28201";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "zroot/root/home";
fsType = "zfs";
};
fileSystems."/tmp" =
{ device = "zroot/root/tmp";
fsType = "zfs";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/8d44ba2b-4cc3-4f7f-b4b4-6e78f461222b"; }
];
nix.maxJobs = lib.mkDefault 4;
#### powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
}
cat /mnt/etc/nixos/hardware-configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.loader.grub.devices = [ "/dev/sda" "/dev/sdd" ];
boot.zfs.enableUnstable = true;
boot.supportedFilesystems = [ "zfs" ];
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.hostId = "ac174b52";
# Select internationalisation properties.
# i18n = {
# consoleFont = "Lat2-Terminus16";
# consoleKeyMap = "us";
# defaultLocale = "en_US.UTF-8";
# };
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "us";
defaultLocale = "en_US.UTF-8";
};
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
time.timeZone = "Europe/Berlin";
# List packages installed in system profile. To search by name, run:
# $ nix-env -qaP | grep wget
# environment.systemPackages = with pkgs; [
# wget vim
# ];
environment.systemPackages = with pkgs; [
wget
vim
firefox
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.bash.enableCompletion = true;
programs.bash.enableCompletion = true;
# programs.mtr.enable = true;
programs.mtr.enable = true;
# programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable the X11 windowing system.
# services.xserver.enable = true;
services.xserver.enable = true;
# services.xserver.layout = "us";
services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
services.xserver.xkbOptions = "eurosign:e";
# Enable touchpad support.
# services.xserver.libinput.enable = true;
# Enable the KDE Desktop Environment.
# services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.enable = true;
# services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
# users.extraUsers.guest = {
# isNormalUser = true;
# uid = 1000;
# };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.03"; # Did you read the comment?
}
Ersetzen eines der Geräte an Massenspeicher
tbc
- MBR
- GPT
booting from ZFS
GRUB kann doch ZFS, oder?
- oder ist das nur ein Ding für FreeBSD?
- https://wiki.archlinux.org/index.php/Installing_Arch_Linux_on_ZFS#Booting_your_kernel_and_initrd_from_ZFS
- https://wiki.archlinux.org/index.php/ZFS#GRUB-compatible_pool_creation
- https://www.gnu.org/software/grub/manual/grub/html_node/Multi_002dboot-manual-config.html
Das Übergeben vom Passwort ist dann vielleicht noch einmal ein anderer Akt. (Ich bilde mir ein, dass als PC-BSD zeitweise GRUB nutzte, das da bereits bei GRUB das Passwort abverlangt wurde. (set kFreeBSD.kern.geom.eli.passphrase="$pass"
oder so ein Pfeffer[1]))
Domains
- nix
- guide
- style
- support
- training
- earth
- international
- world
- land
- city
- farm
- team
- group
- community
- center
- school
- academy
- institute
- company
- promo
- tools
- network
- …
- nixos
- …