It’s been a while since I’ve had a machine running Linux, and even longer since I’ve had actual desktop hardware. Recently my brother upgraded his gaming PC, and I acquired the old motherboard, CPU, RAM and graphics card. It’s a couple of years old but definitely quick enough for my purposes.

I decided to install NixOS on it to give it a proper go. I’d tried Nix on my work OSX laptop for a while, but a lot of tools at work assume you’re using Homebrew so I had to revert back to that. The manual is pretty informative, but as I wanted to run with full disk encryption I used Graham Christensen’s instructions for installing on a Dell machine as the base. All that I had to change were the references to the drive names, as my SATA SSD appeared as /dev/sda.

Things to look out for

UEFI vs BIOS

The installation was relatively straightforward following Graham’s instructions, but when I got to the point where it was going to install Grub, it came up with errors like this:

nix/store/6czhmdkzs04y1bdlq53yvw6hn1bvl1zr-grub-2.x-2015-07-27/sbin/grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
/nix/store/6czhmdkzs04y1bdlq53yvw6hn1bvl1zr-grub-2.x-2015-07-27/sbin/grub-install: warning: Embedding is not possible.  GRUB can only be installed in this setup by using blocklists.  However, blocklists are UNRELIABLE and their use is discouraged..
/nix/store/6czhmdkzs04y1bdlq53yvw6hn1bvl1zr-grub-2.x-2015-07-27/sbin/grub-install: error: will not proceed with blocklists.
/nix/store/w345fzhsr2ckzhazmxr3lc906glnxqiy-install-grub.pl: installation of GRUB on /dev/sda failed

(These are not the precise errors I got as the paths are different, but they’re the same messages). I had partitioned the SSD with a GPT, as I knew the machine had UEFI, but it turned out that for some reason the installer had opted to boot in BIOS mode. Some messing around in the firmware followed, until I scrolled and found the option to disable the “Compatibility Support Module”, or CSM. Rebooting with that switched off made the installer boot in UEFI mode, which was evident by it having a very much smaller font. I copied the existing hardware-configuration.nix and configuration.nix files and re-ran nixos-generate-config, then put back the boot.initrd.luks.devices section and finally ran nixos-install again.

USB keyboards

I rebooted, and got to the prompt that asked for the passphrase to unlock the disks. I found out quite quickly that the kernel didn’t know what to do with my USB keyboard. I rebooted back into the installer, mounted the disks, and added hid_microsoft to the list in boot.initrd.availableKernelModules and re-ran nixos-install. Rebooting then got me a keyboard. I do have a Microsoft keyboard attached to this machine–I suspect I could have got away with the usbhid module, but this one seemed to make sense.

Fun with UUIDs

Make absolutely certain that the UUIDs you use for the various drives are correct. I got quite mixed up here, as when I wrote the boot.initrd.luks.devices section in hardware-configuration.nix I was using the UUIDs for the mapped devices (dm-1 and dm-2) which appear after the disks have been unlocked. If you look at hardware-configuration.nix and find the UUIDs in fileSystems."/" or swapDevices are the same as those in your LUKS devices config, then you’ve got the LUKS config wrong, and will want to have a look carefully at the output of ls -l /dev/disks/by-uuid/ to find the ones that reference actual physical disk partitions like in my case /dev/sda3, and not mapped devices like dm-1 or something under /dev/mapper.

Fixing this, and one more nixos-install, got me to reboot into a working machine.