It’s been a while since I’ve had a machine running Linux, and even longer since I’ve had actual desktop hardware. Recently my brother upgraded his gaming PC, and I acquired the old motherboard, CPU, RAM and graphics card. It’s a couple of years old but definitely quick enough for my purposes.
I decided to install NixOS on it to give it a proper go. I’d tried Nix on my work OSX laptop for a while, but a lot of tools at work assume you’re using Homebrew so I had to revert back to that. The manual is pretty informative, but as I wanted to run with full disk encryption I used Graham Christensen’s instructions for installing on a Dell machine as the base. All that I had to change were the references to the drive names, as my SATA SSD appeared as
Things to look out for
UEFI vs BIOS
The installation was relatively straightforward following Graham’s instructions, but when I got to the point where it was going to install Grub, it came up with errors like this:
nix/store/6czhmdkzs04y1bdlq53yvw6hn1bvl1zr-grub-2.x-2015-07-27/sbin/grub-install: warning: this GPT partition label contains no BIOS Boot Partition; embedding won't be possible.
/nix/store/6czhmdkzs04y1bdlq53yvw6hn1bvl1zr-grub-2.x-2015-07-27/sbin/grub-install: warning: Embedding is not possible. GRUB can only be installed in this setup by using blocklists. However, blocklists are UNRELIABLE and their use is discouraged..
/nix/store/6czhmdkzs04y1bdlq53yvw6hn1bvl1zr-grub-2.x-2015-07-27/sbin/grub-install: error: will not proceed with blocklists.
/nix/store/w345fzhsr2ckzhazmxr3lc906glnxqiy-install-grub.pl: installation of GRUB on /dev/sda failed
(These are not the precise errors I got as the paths are different, but they’re the same messages). I had partitioned the SSD with a GPT, as I knew the machine had UEFI, but it turned out that for some reason the installer had opted to boot in BIOS mode. Some messing around in the firmware followed, until I scrolled and found the option to disable the “Compatibility Support Module”, or CSM. Rebooting with that switched off made the installer boot in UEFI mode, which was evident by it having a very much smaller font. I copied the existing
configuration.nix files and re-ran
nixos-generate-config, then put back the
boot.initrd.luks.devices section and finally ran
I rebooted, and got to the prompt that asked for the passphrase to unlock the disks. I found out quite quickly that the kernel didn’t know what to do with my USB keyboard. I rebooted back into the installer, mounted the disks, and added
hid_microsoft to the list in
boot.initrd.availableKernelModules and re-ran
nixos-install. Rebooting then got me a keyboard. I do have a Microsoft keyboard attached to this machine–I suspect I could have got away with the
usbhid module, but this one seemed to make sense.
Fun with UUIDs
Make absolutely certain that the UUIDs you use for the various drives are correct. I got quite mixed up here, as when I wrote the
boot.initrd.luks.devices section in
hardware-configuration.nix I was using the UUIDs for the mapped devices (
dm-2) which appear after the disks have been unlocked. If you look at
hardware-configuration.nix and find the UUIDs in
swapDevices are the same as those in your LUKS devices config, then you’ve got the LUKS config wrong, and will want to have a look carefully at the output of
ls -l /dev/disks/by-uuid/ to find the ones that reference actual physical disk partitions like in my case
/dev/sda3, and not mapped devices like
dm-1 or something under
Fixing this, and one more
nixos-install, got me to reboot into a working machine.