1800-01-01

NixOS on Darwin

There are a number of tutorials for doing a fresh installation of NixOs on a Macintosh machine. The most comprehensive one which was followed here is:

Install Linux on a MacBook Air

In this post we will supplement the above tutorial with a few common hitches that arise in disk formatting and a simplified approach to activate wireless on mac devices with wireless cards requiring the broadcom_sta driver package.

The Seven major steps to creating a dual boot MacOs and NixOS machine are the following:

  1. Turn Off FireVault in MacOS.
  2. Save the nixos_kernel.iso to a USB or CD.
  3. Create A New NixOS Volume in MacOS using the disk utility (Creates a block of memory for NixOS on your machine).
  4. Reboot your machine from the .iso image on the USB and enable Wireless.
  5. (complicated step) Partition and Reformat the NixOS Volume to include /boot (the instructions your computer will execute when it restarts) and an encrypted /root and /swap where the new NixOS files will reside. /root and /swap will be LVM on LUKS encrypted.
  6. run nixos-install.
  7. Reboot your machine into NixOs.

Turn Off FireVault

You can follow the instructions from the original post to turn off FireVault. The decrypting process took about 45 minutes for me.

Create an Iso Image

For many Macs you will require the broadcom_sta nix expression. A suitable iso with this image can be found from this github issue with the isoimage

TODO: should make sure the standard nix.iso has this package so that this just works.

Once downloaded the NixOS Manual provides the following steps to save the image onto a USB drive:

diskutil list

    [..]

/dev/diskN (external, physical):
   #:                       TYPE NAME                    SIZE       IDENTIFIER
    [..]

    $ diskutil unmountDisk diskN

Unmount of all volumes on diskN was successful

    $ sudo dd if=nix.iso of=/dev/rdiskN

NB this can take a (long) while to complete.

You'll get a warning that the USB disk can't be read when it is finished formatting which you can ignore.

Reboot from Image and Enable Wireless

Restart your mac and hold down the option(alt) key when you hear the Apple Chime on reboot. This will take you to the boot menu where you can choose to launch MacOs (what you are used to) or you can launch from the nixos.iso kernel image on the USB drive.

Launch the EFI image.

Once you are in the iso image you can check which wireless devices are available with ifconfig or ip a. (Note if you have an ethernet cable you can skip all this).

The steps to enable wireless are the following install the broadcom_sta package already included in the .iso image:

NIXPKGS_ALLOW_UNFREE=1 nix-env -iA nixos.pkgs.linuxPackages.broadcom_sta
modprobe b43
insmod $(find .nix-profile/lib/ -name wl.ko)

To connect to the wireless you'll need to create a configuration file containing the SSID (name of WiFi) and password for wpa_supplicant which takes care of all things WiFi related for you:

    wpa_passphrase  "SSID" "Password" > wpa_supplicant.conf
    sudo cp wpa_supplicant.conf /etc/wpa_supplicant.conf

And in your /etc/configuration.nix add the line:

networking.wireless.enable = true

Then give the whole system a kick to make sure everything is loaded properly:

    nixos-rebuild test
    systemctl restart wpa_supplicant

You can test its working by using ping -c 1 google.com which should give a response.

Partitioning and Formatting the Disks

ls /dev/ will show you all the device disks available. From the earlier step you've created some space on you main drive for the NixOS Volume so there should be a nice contiguous block of memory. On my machine the main drive was named /dev/nvme0n1 and it had a couple exisiting partitions /dev/nvme0n1p1 and /dev/nme0n1p2 (these may be /dev/sda2 etc. on a different machine).

In your NixOS Volume you'll need to create 512 Mb for the new boot disk and format it as EFI (extensible firmware interface). You can then partition the rest for the root of your new NixOs filesystem. The original tutorial explains how to do this with gdisk.

Running:

gdisk /dev/nvme0n1

and following the instructions should be sufficient. At the end you will have a couple new partitions: one for the EFI boot space and one for a standard Linux File System.

Now for formatting. For simplicity we duplicated exactly the instructions given here:

Encrypt Logical Volumes

root_partition=/dev/sda$PARTITION_NUMBER # e.g., /dev/nvme0n1p4

cryptsetup luksFormat $root_partition
cryptsetup open --type luks $root_partition enc-pv
pvcreate /dev/mapper/enc-pv
vgcreate vg /dev/mapper/enc-pv
lvcreate -L 10G -n swap vg
lvcreate -l 100%VG -n root vg

Format

boot_partition=/dev/sda$PARTITION_NUMBER # e.g.,  /dev/nvme0n1p3

mkfs.ext2 -L boot $boot_partition
mkfs.ext4 -j -L root /dev/vg/root
mkswap -L swap /dev/vg/swap

Note you may have to be a little more specific with the partitioning instruction than in the original instruction to format the boot disk these instructions into FAT-32 format. This command should take care of formatting:

mkfs.fat -v -F 32 -S 4096 -s 1 -n boot /dev/nvme0n1p3

Mount

mount /dev/vg/root /mnt
mkdir /mnt/boot
mount $boot_partition /mnt/boot
swapon /dev/vg/swap

Note that labeling the device disks is recommended in the NixOS Manual. The manual refers to the partitions by their label boot root and swap. This is conceptually clearer than /dev/sda2 or /dev/nvme0n1p3 etc.

Furthermore the default in the configuration scripts refer to the disks by these names. If the partitions are properly labeled you do not need to update /etc/nixos/configuration.nix when you install your system. Forgetting to update configuration.nix if you do not use default labels can lead to the startup failing and entering emergency mode because it cannot find the correct boot partition.

Once the disks are Partitioned, Formatted and Mounted you are almost finished. Running:

nixos-generate-config --root /mnt

Will create the configuration.nix and hardware-configuration.nix in /mnt/etc/nixos/ (which will just be /etc/nixos/ on your new NixOS Volume).

Finally:

nixos install

run from the home directory (it will operate on the filesystem mounted at /mnt) and will install your initial configuration of NixOS.

You may wish to make the following modifications to your configuration.nix beyond your personal customizations.

NB one difference from the original tutorial is that the nix boot.initrd.luks.devices now expects an attribute set:

nixpkgs.config.allowUnfree = true;
boot.initrd.luks.devices = {
                                root = {
                                        device ="/dev/disk/by-uuid/{$ROOT_UUID}";
                                        preLVM = true;
                                        allowDiscards = true;
                                };
                             };

boot.loader.grub.enable = false;

Here the GRUB bootloader has been disabled in favour of the systemd boot loader but this can be customized according to the user's preference.

Recovering

If (when) something goes wrong whilst configuring and you have already created and formatted your disks you can reboot and recover from where you were by running:

    cryptsetup open --type luks $root_partition enc-pv
    lvchange -ay /dev/vg-root --activate the vg-root
    lvchange -ay /dev/vg-swap --activate the vg-swap

Which will decrypt the disk and allow you to mount it at your leisure.

Other Installation Notes and Tutorials

If you run in to problems a number of other notes are out there and you might find their approach useful.

NixOS on MBP

linux on macintosh

encryptedNixos

Installation of NixOS With Encrypted root