#!/bin/sh set -eu if [ "$(id -u)" -ne 0 ]; then echo "This script must be run as root" >&2 exit 1 fi SWAP_SIZE=16GiB parted /dev/nvme0n1 --script -- \ mklabel gpt \ mkpart primary 512MiB 100% \ mkpart ESP fat32 1MiB 512MiB \ set 2 esp on cryptsetup luksFormat /dev/nvme0n1p1 cryptsetup open /dev/nvme0n1p1 crypt pvcreate /dev/mapper/crypt vgcreate lvm /dev/mapper/crypt lvcreate -L "$SWAP_SIZE" -n swap lvm lvcreate -l 100%FREE -n root lvm mkfs.ext4 -L nixos /dev/lvm/root mkswap -L swap /dev/lvm/swap mkfs.vfat -n boot /dev/nvme0n1p2 mount /dev/disk/by-label/nixos /mnt mkdir /mnt/boot mount /dev/nvme0n1p2 /mnt/boot swapon /dev/lvm/swap cat << EOF # Run the following commands as setup user nixos-generate-config --root /mnt # Change uuids to labels vim /mnt/etc/nixos/hardware-configuration.nix # Install system mkdir -p /mnt/home/ambroisie/git/nix/config cd /mnt/home/ambroisie/git/nix/config git clone <this-repo> . # Assuming you set up GPG key correctly git crypt unlock # Setup LUKS with 'boot.initrd.luks.devices.crypt', device is /dev/nvme0n1p1, preLVM = true # Use 'nixos-install --flake .#aramis --root /mnt --impure' because of home-manager issue EOF