#!/usr/env/bin bash set -euox pipefail export DISK="/dev/vda" export DISK_EXT="${DISK}" # The size is large because I'd like to be able to hibernate my laptop in its entirety. I have 64 GB of ram. export SWAP_SIZE="32" export SWAP_OFFSET="$(( SWAP_SIZE + 1 ))" export LABEL_CRYPT_LUKS="NixOS-Crypt" export LABEL_SWAP="NixOS-Swap" export LABEL_BTRFS="NixOS-Primary" export LABEL_BOOT="NixOS-Boot" swapoff -a || true umount /mnt/**/* || true umount /mnt/* || true umount /mnt || true cryptsetup close enc || true dd if=/dev/zero of="${DISK}" bs=512 count=1024 || true ### Partition The Disk parted "${DISK}" -- mklabel gpt # Boot partition parted -a optimal "${DISK}" -- mkpart ESP fat32 1MiB 1GiB parted "${DISK}" -- set 1 boot on mkfs.vfat "${DISK_EXT}1" fatlabel "${DISK_EXT}1" "${LABEL_BOOT}" # Swap Partition parted -a optimal "${DISK}" -- mkpart "${LABEL_SWAP}" linux-swap 1Gib "${SWAP_OFFSET}GB" mkswap -L "${LABEL_SWAP}" "${DISK_EXT}2" swapon "${DISK_EXT}2" # Nix Partition, where the OS will reside with our data parted -a optimal "${DISK}" -- mkpart "${LABEL_BTRFS}" "${SWAP_OFFSET}GiB" 100% ### Encrypt cryptsetup --verify-passphrase -v luksFormat "${DISK_EXT}3" cryptsetup config "${DISK_EXT}3" --label "${LABEL_CRYPT_LUKS}" # Have to decrypt it so we can actually get other things setup export CRYPT_OPEN_NAME="enc" export CRYPT_PATH="/dev/mapper/${CRYPT_OPEN_NAME}" cryptsetup open "${DISK_EXT}3" "${CRYPT_OPEN_NAME}" ### BTRFS Setup # Go ahead and make the unerypted BTRFS mkfs.btrfs -L "${LABEL_BTRFS}" "${CRYPT_PATH}" # Mount it mount -t btrfs "${CRYPT_PATH}" /mnt # Create our subvolumes for subvol in "home" "nix"; do btrfs subvolume create "/mnt/@${subvol}" done umount /mnt ### Final Mountings # Mount tmpfs to mnt mount -t tmpfs -o mode=755 none /mnt # Create our directories mkdir /mnt/{"boot","nix","home"} # Mount our boot partition mount -t vfat -o defaults,noatime "${DISK_EXT}1" /mnt/boot # Mount our btrfs subvolumes individually with some btrfs options # NOTE: On high performance NVME SSDs with a beefy CPU it may be worth considering ZLO compression instead of ZSTD. In # many cases ZLO is more performant, especially when writing, than ZSTD while having a somewhat worse comrpession ratio. # WARN: ZLO *may* be a good solution, it can be VERY slow on incompressible data. Something to keep in mind. mount -t btrfs -o noatime,compress=zstd,subvol=@nix "${CRYPT_PATH}" /mnt/nix mount -t btrfs -o noatime,compress=zstd,subvol=@home "${CRYPT_PATH}" /mnt/home mkdir -p /mnt/nix/persist ### Install NixOS # Gotta make sure current working tree isn't dirty for the flake git config --global user.email "m@m.com"; git config --global user.name "name"; git add .; git commit -m "Shit" >/dev/null 2>&1; \ # Clone the flake into place git clone . /mnt/nix/persist/etc/nixos && cd /mnt/nix/persist/etc/nixos # Finally, actually install NixOS nixos-install --flake "git+file:.#orion"