lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity

Fixed up the nix and decryption page

Browse source
This commit is contained in:
Tastatur 2024-04-01 13:54:50 +02:00
parent 0a6e3c8871
commit a441eebeac
2 changed files with 14 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
docs/alpine-desktop-setup/post-install/automatic-decryption.md
View file

@ -2,16 +2,7 @@
Our system can utilize it's TPM2 to automatically decrypt. This can be done because the bootchain is secure and it's a bit tedious to enter an encryption password everytime the system boots up. Our system can utilize it's TPM2 to automatically decrypt. This can be done because the bootchain is secure and it's a bit tedious to enter an encryption password everytime the system boots up.
First off the packages `clevis` and `tpm2-tools` have to be installed: If `home-manager` was installed correctly then it should have also installed both `clevis` and `tpm2-tools`. This allows for the binding of the LUKS volume to TPM with clevis:
```
# <apk add tpm2-tools>
$ <nix-shell -p clevis>
```
> Not yet doable (but will be don't worry ;) )
Now bind our LUKS volume to TPM with clevis:
``` ```
# clevis luks bind -d /dev/<disk2> tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,1,5,7"}' # clevis luks bind -d /dev/<disk2> tpm2 '{"pcr_bank":"sha256","pcr_ids":"0,1,5,7"}'
@ -19,13 +10,13 @@ Now bind our LUKS volume to TPM with clevis:
After rebooting it should automatically decrypt your disk. After rebooting it should automatically decrypt your disk.
Clevis can be envoked again if you have made any changes to secureboot or system and it doesn't automatically decrypt the disk. Clevis can be envoked again if you have made any changes to secureboot or to the system and it doesn't automatically decrypt the disk.
First find the keyslot clevis is using and then "regen" the key: First find the keyslot clevis is using and then regenerate the key:
``` ```
# cryptsetup luksDump /dev/<disk2> # cryptsetup luksDump /dev/<disk2>
# clevis luks regen -d /dev/<disk2> -s <keyslot> # clevis luks regen -d /dev/<disk2> -s <keyslot>
``` ```
It should now work again. If done correctly it should now work again.

22
docs/alpine-desktop-setup/post-install/nix.md
View file

@ -1,9 +1,11 @@
# Nix (WIP - don't follow yet) # Nix
The *Nix package manager* is a package manager which allows for user independent packages and a whole lot more (although it's not necessarily minimal). To set it up install it's package and activate it's service: The *Nix package manager* is a package manager which allows for user independent packages and a whole lot more (although it's not necessarily minimal).
## Setup ## Setup
To set `nix` up install its package and activate its service:
``` ```
# apk add nix # apk add nix
# rc-update add nix-daemon default # rc-update add nix-daemon default
@ -12,12 +14,6 @@ The *Nix package manager* is a package manager which allows for user independent
> (The `nix` package is only available in the `edge` and `apk-ample` repositories) > (The `nix` package is only available in the `edge` and `apk-ample` repositories)
And add this line to `/etc/nix/nix.conf` to globally enable some features so they can be used later if necessary:
```
experimental-features = nix-command flakes
```
Don't forget to add your user to the nix group: Don't forget to add your user to the nix group:
``` ```
@ -29,8 +25,8 @@ Don't forget to add your user to the nix group:
For `nix` to be able to install packages it is necessary to add a few channels: For `nix` to be able to install packages it is necessary to add a few channels:
``` ```
$ nix-channel --add https://nixos.org/channels/nixos-23.11 nixos $ nix-channel --add https://nixos.org/channels/nixos-23.11 nixpkgs
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs $ nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable
$ nix-channel --update $ nix-channel --update
``` ```
@ -39,7 +35,7 @@ $ nix-channel --update
Nix can be used to manage your `$HOME` with `home-manager`. First install `home-manager` through: Nix can be used to manage your `$HOME` with `home-manager`. First install `home-manager` through:
``` ```
$ nix-env -iA nixos.home-manager $ nix-env -iA nixpkgs.home-manager
``` ```
Now that Nix is up and running utilize the `home.nix` that comes with the [config files](https://docs.bijl.us/alpine-desktop-setup/post-install/config-files/) to set up our home for us. But before initialising `nix` make sure that you set the correct `<username>` in `home.nix` which is located in `~/.config/home-manager`. Then after changing that simply run this command: Now that Nix is up and running utilize the `home.nix` that comes with the [config files](https://docs.bijl.us/alpine-desktop-setup/post-install/config-files/) to set up our home for us. But before initialising `nix` make sure that you set the correct `<username>` in `home.nix` which is located in `~/.config/home-manager`. Then after changing that simply run this command:
@ -56,6 +52,8 @@ You are now also able to install packages as a user without root from `nixpkgs`:
$ nix-env -iA nixpkgs.<package> $ nix-env -iA nixpkgs.<package>
``` ```
But for reproducability it's better to use `home-manager` by declaring them in a `.nix` file and importing that within `home.nix`.
You can also test a package before installing it with `nix-shell -p <program>` You can also test a package before installing it with `nix-shell -p <program>`
### NixGL ### NixGL
@ -64,5 +62,5 @@ You can also test a package before installing it with `nix-shell -p <program>`
``` ```
$ nix-channel --add https://github.com/nix-community/nixGL/archive/main.tar.gz nixgl && nix-channel --update $ nix-channel --add https://github.com/nix-community/nixGL/archive/main.tar.gz nixgl && nix-channel --update
$ nix-env -iA nixgl.auto.nixGLDefault nixgl.VulkanIntel $ nix-env -iA nixgl.auto.nixGLDefault nixgl.nixVulkanIntel
``` ```