I’m continuing my journey of setting up a NixOS machine with secure and redundant storage. In this post, we’re going to perform the actual OS installation!

This is the third post in the series:

1. Preparing the virtual machine and partitioning the disks
2. Disko, LUKS, and btrfs
3. Installing NixOS (this post)

At this point, we have a virtual machine with formatted disks and the file system configured and mounted, ready to receive the NixOS binaries.

Why aren’t we using disko-install?

The Disko project includes a tool called disko-install that allows you to format partitions and install NixOS in a single step. The tool is excellent and even allows for disk parameterization via the command line.

However, a bug prevents its use when the machine’s RAM is smaller than the size of the system being created. Until this is resolved, we will follow the process in two stages: disk preparation (previous post) and the manual installation of the operating system (this post).

But… if that bug is ever fixed, the command would look like this:

sudo nix --experimental-features "nix-command flakes" run 'github:nix-community/disko/latest#disko-install' -- \
  --flake ~/nixos#nixos3 --disk disk1 /dev/vda --disk disk2 /dev/vdb

Installing the operating system

We are starting from the final state of the previous post, with the system mounted at /mnt. If you restarted the virtual machine, just run the following command to mount them again without needing to reformat everything:

sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- \
  --mode mount ~/nixos/disko.nix

With everything mounted, we start the NixOS installation by pointing to our flake:

sudo nixos-install --root /mnt --no-root-passwd --flake ~/nixos#nixos3

This command will take a few minutes. NixOS will download and build the entire system from scratch within the /mnt directory.

Configuration Persistence

To manage your system in the future (using nixos-rebuild), we need to move our configuration files into the new system by copying the repository to your /etc/nixos directory, which is mounted at /mnt/etc/nixos:

sudo cp -R ~/nixos /mnt/etc/nixos

Setting the User Password

Although I left a default password in the settings (luks) to make the lab easier, let’s define the password manually. We will use nixos-enter, which creates a chroot environment in the new system:

sudo nixos-enter --root /mnt -c "passwd giggio"

Note: nixos-enter is extremely useful for maintenance. It allows you to “enter” the installed system even before the first boot to fix configurations or reset passwords.

NixOS is installed! At this stage, we have partitioned and encrypted disks with a password entered during boot, the btrfs file system is formatted, and the operating system is installed. Everything should work; shut down the VM, remove the ISO from your settings, and start the VM again.

First Access and SSH

After booting, log in with the user giggio and the password defined via passwd in the previous step.

To access via SSH from your host machine, remember to clear the old key (from the installation environment) from your known_hosts file (created during the first access to the VM):

ssh-keygen -R <ip>

Now, connect with the new user:

ssh giggio@<ip>

What do we have so far?

If you’ve never used NixOS, now is the time to experiment. In practice, it’s a modern Linux with GNOME. You’ll see that it runs with GNOME 49 (with 50 about to be integrated into nixpkgs), and it’s on the latest Kernel version - currently version 7.0.0.

The system already features RAID 1 via btrfs and LUKS encryption. However, you’ll notice that it still asks for the encryption password manually at every boot.

In the next post, we’ll dive deep into Secure Boot, so I’ll stop here to keep the next one from getting too long. It’s coming soon! See you then!