I made the changes you suggested to the initrd.
Leaving this for others, I made a mistake when making the boot partition.
File system "/dev/nvme0n1p1" has wrong type for an EFI System Partition (ESP).
To attempt to fix:
umount /mnt/boot
cfdisk /dev/nvme0n1 # change to ESP partition, I just had fat32.
mkfs.fat -F 32 /dev/nvme0n1p1
mount /dev/nvme0n1p1 /mnt/boot
Make sure you change the UUID of the boot partition!
Running nixos-install now yields:
[root@nixos:/mnt]# nixos-install
copying channel...
building the configuration in /mnt/etc/nixos/configuration.nix...
/nix/store/ndlg17m34nawicnrny2kchra1mzygvww-nixos-system-nixos-24.11.713895.666e1b3f09c2
installing the boot loader...
setting up /etc...
Created "/boot/EFI".
Created "/boot/EFI/systemd".
Created "/boot/EFI/BOOT".
Created "/boot/loader".
Created "/boot/loader/entries".
Created "/boot/EFI/Linux".
Copied "/nix/store/xv7q10lk4lxfax7naj3b63aj2pyjv9gb-systemd-256.10/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/systemd/systemd-bootx64.efi".
Copied "/nix/store/xv7q10lk4lxfax7naj3b63aj2pyjv9gb-systemd-256.10/lib/systemd/boot/efi/systemd-bootx64.efi" to "/boot/EFI/BOOT/BOOTX64.EFI".
⚠️ Mount point '/boot' which backs the random seed file is world accessible, which is a security hole! ⚠️
⚠️ Random seed file '/boot/loader/.#bootctlrandom-seed29b32b775ec3aec8' is world accessible, which is a security hole! ⚠️
Random seed file /boot/loader/random-seed successfully written (32 bytes).
Created EFI boot entry "Linux Boot Manager".
setting up /etc...
setting up /etc...
setting root password...
New password:
Password change has been aborted.
passwd: Permission denied
passwd: password unchanged
Setting a root password failed with the above printed error.
You can set the root password manually by executing `nixos-enter --root '/mnt'` and then running `passwd` in the shell of the new system.
I figured I couldn’t ignore these warnings, so what to do now?
According to here (Nixos-install with custom flake results in /boot being world accessible - #6 by NovaViper), I need to set permissions differently.
fileSystems."/boot" = {
device = "${bootPart}";
fsType = "vfat";
- options = [ "fmask=0022" "dmask=0022" ];
+ options = [ "umask=0077" ]";
};
This however didn’t make the warning go away. Reading further it says I can just ignore the warning.
Looks like booting up worked without any issue. I just had to log in and add a password to my user account.
One problem I’m having is that vesktop screen sharing doesn’t work. It seems like it’s falling back to X11-based screensharing because I can capture any xwayland window.