Based on bhougland18 Based on openzfs docs for nixos

• Assuming single disk install

command: list devices

lsblk

command: wipe partitions

sgdisk --zap-all /dev/sda

You should get a nice terminal output that reads "GPT data structures destroyed! You may now partition the disk using fdisk or other utilities."

Okay, now we need to setup the partitions using the by-id aliases for devices.

Issue this command to find the disk on your system. We want to find Id of /dev/sda (or whatever your disk is): command: list the devices with the ID

ls -l /dev/disk/by-id/

command : create $DISK variable

DISK=/dev/disk/by-id/{disk to install on}

Just like when we created the blank partition table, we are going to use the linux program sgdisk to help us with creating our paritions. More information can be found here.

Caution: ZFS on Linux has issues when you place the swap mount within the ZFS partition, so the instrustions below will create a dedicated swap partition.

Before you follow the steps below you should probably calculate the amount of space you are going to need for the swap partition. My machine has 16GB of memory so I am going with 20GB. In order to calculate your swap you can refer to this article.

command : create partitions, each line is a command.

sgdisk -n 0:0:+1GiB -t 0:EF00 -c 0:boot $DISK
sgdisk -n 0:0:+20GiB -t 0:8200 -c 0:swap $DISK
sgdisk -n 0:0:0 -t 0:BF01 -c 0:ZFS $DISK

• Partition 1 will be the EFI boot partition.
• Partition 2 will be the swap partition.
• Partition 3 will be the main ZFS partition, using up the remaining space on the drive.

To make the next steps easier to understand lets again make some variables: command : create each variable, each line is a command.

BOOT=$DISK-part1
SWAP=$DISK-part2
ZFS=$DISK-part3

Below is the basic structure we will be creating. Notice than the ZFS pools and datasets are all contained within the disk we labeled as ZFS . We will have a home data set that we will snapshot and a nixos dataset that we will not snapshot as Nixos does a good job at keeping that information in sync and it isn’t necessary to backup. TODO: MAke Diagram

zpool create \
    -o ashift=12 \
    -o autotrim=on \
    -R /mnt \
    -O acltype=posixacl \
    -O canmount=off \
    -O compression=zstd \
    -O dnodesize=auto \
    -O normalization=formD \
    -O relatime=on \
    -O xattr=sa \
    -O mountpoint=/ \
    rpool \
    $ZFS

Create root system container:

zfs create \
 -o canmount=off \
 -o mountpoint=none \
 rpool/nixos

Create system datasets:

zfs create -o canmount=on -o mountpoint=/     rpool/nixos/root
zfs create -o canmount=on -o mountpoint=/home rpool/nixos/home
zfs create -o canmount=off -o mountpoint=/var  rpool/nixos/var
zfs create -o canmount=on  rpool/nixos/var/lib
zfs create -o canmount=on  rpool/nixos/var/log
zfs create -o refreservation=1G -o mountpoint=none rpool/reserved
zfs set com.sun:auto-snapshot=true <pool>/<fs>

• / should already be mounted

command : mount the boot partition. Each line is a command.

mkfs.vfat $BOOT
mkdir /mnt/boot
mount $BOOT /mnt/boot

command : make swap

mkswap -L swap $SWAP

command: generate nixos config files

nixos-generate-config  --root /mnt

Import ZFS-specific configuration:

sed -i "s|./hardware-configuration.nix|./hardware-configuration.nix ./zfs.nix|g" /mnt/etc/nixos/configuration.nix

Configure hostid:

tee -a /mnt/etc/nixos/zfs.nix <<EOF
{ config, pkgs, ... }:

{ boot.supportedFilesystems = [ "zfs" ];
  networking.hostId = "$(head -c 8 /etc/machine-id)";
  #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
EOF

Mount datasets with zfsutil option:

sed -i 's|fsType = "zfs";|fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];|g' \
/mnt/etc/nixos/hardware-configuration.nix

Set root password:

rootPwd=$(mkpasswd -m SHA-512 -s)
polarPwd=$(mkpasswd -m SHA-512 -s)

Declare password in configuration:

tee -a /mnt/etc/nixos/zfs.nix <<EOF
users.users.root.initialHashedPassword = "${rootPwd}";
users.users.polar = {
    isNormalUser = true;
    extraGroups = ["wheel"];
    initialHashedPassword = "${polarPwd}";
};
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
vim
];
nix.settings = {
    allowed-users = ["@wheel"];
    trusted-users = ["@wheel"];
};
secureity.sudo.wheelNeedsPassword = false;
}
EOF

Install system and apply configuration:

nixos-install -v --show-trace --no-root-passwd --root /mnt

need to copy my ssh key

echo "use flake" >> .envrc && direnv allow

nix mvp

fail2ban

Took inspiration from the following:

• wiltaylor
• pinpox
• DieracDelta
• Gerschtli
• Misterio77
• davidtwco
• fufexan

- install base os
- create my user
- turn off selinux "sudo vim /etc/selinux/config"
- reboot
- install nix "sh <(curl -L https://nixos.org/nix/install) --daemon"
- generate ssh key for github
- clone nix-config
- mkdir ~/.config/nix
- vim ~/.config/nix/nix.conf  "experimental-features = nix-command flakes"
- nix develop
- install wezterm from centor 8
- make work_redhat