Disko is a way to to declartive disk partitioning in NixOs.
There is a good quickstart guide about it. The disko configurtion i am using is in the disko.nix
file.
# Set the hostname
hostname="nixos"
# Define the keyfile name using the hostname with .luks.key extension
keyfile_name="${hostname}.luks.key"
# Generate the keyfile
dd if=/dev/urandom of=${keyfile_name} bs=1024 count=4
# Set appropriate permissions
chmod 600 ${keyfile_name}
# Read the keyfile content
keyfile_content=$(cat ${keyfile_name})
# Log in to Bitwarden CLI
bw login
# Create a secure note in Bitwarden with the keyfile content
bw create item '{"type": 2, "name": "'"${hostname} LUKS Keyfile"'", "notes": "'"${keyfile_content}"'"}'
nix-env -iA nixos.curl
curl -Lks https://raw.githubusercontent.com/nickhartjes/nix-os/main/nixos/scripts/install.sh | /bin/bash
Decrypt the secrets in the folder.
git-crypt unlock
cd ~/.setup && sudo nixos-rebuild boot --flake .#$HOST
If you try building it before decrypting the secrets, it will fail. Encrypted files are in the Nixos store, please remove them first with sudo nix-collect-garbage -d
. Then decrypt the folder and build again.