Bootstrapping
This will help you boostrap a bare host with the help of the bespoke iso live installer.
Note: nothing prevents you from remotely executing the boostrapping process. See below.
Once your target host has booted into the live iso, you need to partition and format your disk according to the official manual.
Mount partitions
Then properly mount the formatted partitions at /mnt
, so that you can
install your system to those new partitions.
Mount nixos
partition to /mnt
and — for UEFI — boot
partition to /mnt/boot
:
$ mount /dev/disk/by-label/nixos /mnt
$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only
$ swapon /dev/disk/by-label/swap
Add some extra space to the store. In the iso, it's running on a tmpfs off your RAM:
$ mkdir -p /mnt/tmpstore/{work,store}
$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store
Install
Install off of a copy of devos from the time the iso was built:
$ cd /iso/devos
$ nixos-install --flake .#NixOS
Notes of interest
Remote access to the live installer
The iso live installer comes preconfigured with a network configuration
which announces it's hostname via MulticastDNS as hostname.local
,
that is bootstrap.local
in the iso example.
In the rare case that MulticastDNS is not availabe or turned off
in your network, there is a static link-local IPv6 address configured to
fe80::47
(mnemonic from the letter's position in the english alphabet:
n=14 i=9 x=24; 47 = n+i+x
).
Provided that you have added your public key to the authorized keys of the
root
user (hint: deploy-rs
needs passwordless
sudo access):
{ ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
../secrets/path/to/key.pub
];
}
You can then ssh into the live installer through one of the following options:
ssh [email protected]
ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target
Note: the static link-local IPv6 address and MulticastDNS is only configured on the live installer. If you wish to enable MulticastDNS for your environment, you ought to configure that in a regular profile.
EUI-64 LLA & Host Identity
The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended Unique Identifiers (EUI-64) that is derived from the host interface's Message Authentication Code (MAC) address.
After a little while (a few seconds), you can remotely discover this unique and host specific address over NDP for example with:
ip -6 neigh show # also shows fe80::47
This LLA is stable for the host, unless you need to swap that particular network card. Under this reservation, though, you may use this EUI-64 to wire up a specific (cryptographic) host identity.