I installed NixOS yesterday for the first time to get the feel of it, and I intend to use it permanently on this laptop.
I know my way with Archlinux, Debian… but I have never used Nix (or Guix or anything similar). I have never used LUKS either.
The laptop contains nothing else: no other OS, no personal data for now, nothing of value. It has disks
sda (smallish SSD) and
sdb (big HDD).
I want encryption to protect my data against common theft, not to resist secret-services investigations, so I intend:
- to encrypt personal data on the HDD,
- not to encrypt OS data and cache data on the SSD (but if that helps I would accept to encrypt everything).
In theory (since I have never used LUKS), I envision something like that:
- sda → ( sda1 = ESP (512Mio FAT32); sda2 = LVM PV “PVA” )
- sdb → sdb1 = LUKS → LVM PV “PVB”
- LVM VG = PVA + PVB →
- LV “Swap” on PVA
- LV “Root” ext4 on PVA, mounted on
- LV “Fscache” ext4 on PVA, mounted on
- LV “Home” ext4 on PVB, LVM-cached on PVA, and mounted on
In NixOS, I see that none of these are handled as they are in “procedural distros” like Archlinux:
- the boot-loader options (to ensure LUKS and LVM support, with the right partitions in the right places)
- the partitions…
So what is the easiest way to switch my current vanilla NixOS on ext4 on SSD, to the full setup I described above?
I can reinstall from scratch using the official Gnome Installer on USB, if needed.