Introducing nixos-up, a dead-simple installer for NixOS

Announcements
#1

A lot of people – myself included – have complained that installing NixOS is a pain. So I went ahead and created a CLI installer, nixos-up, to set up the whole thing for you from the comfort of the Live ISO. So far it

  • Auto-detects BIOS vs UEFI and partitions the disk for you accordingly.
  • Generates sensible /etc/nixos/configuration.nix files for desktop and server environments.
  • Installs home-manager.
  • Auto-detects time zone and sets it up.
  • Auto-detects available RAM and sets up the appropriate amount of swap space.

and basically just tries to get you into a working NixOS install as quickly as possible.

I put together a quick demo video here: nixos-up demo - YouTube. You can check out the project here: GitHub - samuela/nixos-up: The fastest NixOS install there is! 🏎️🏁. The install is just one command:

sudo nix-shell https://github.com/samuela/nixos-up/archive/main.tar.gz

Hopefully others will find it useful! If there’s interest, I’d be happy to donate the project into nixpkgs and the installer ISO.

25 Likes
#2

Video looks great!

Additionally, I would like manual intervention for custom disk setup and or stopping to edit generated config to replace with mine.

But as it is, it doesn’t get any simpler than this (in CLI). I can comfortably suggest NixOS to my newb friends now, thank you!

2 Likes
#3

Great work!
Perhaps you could extend this so that it can detect a already installed OS by using
boot.loader.grub.useOSProber
Thus creating a dualboot?

2 Likes
#4

Great! Yeah, I was thinking of adding a step to let the user edit /etc/nixos/configuration.nix right before nixos-install, but I figured that it would be just as easy to boot into the new install and edit it from there. But I’m open to this as a feature if there’s enough demand for it.

#5

Thanks! I haven’t tackled the multi-boot situation yet since that seems like quite a can of worms, but I agree this would be great to have!

#6

I would definitely like it. My NixOS systems use either Plasma or i3, adding entirety of gnome will add extra bandwidth and more importantly delay to download all of Gnome and then all of Plasma. My country isn’t the greatest in internet connectivity, so it hurts particularly.

#7

In that case there is an option to do a “server” install which is just the most minimal install: no window manager is configured, audio/printing services aren’t enabled, etc. You could try doing that and then configure your desired setup from there!

#8

Yep, I could. I was more of wondering how it would go for first time NixOS, but veteran Linux user.

For eg. like postmarketOS, during setup, we can ask for inputs on set of predetermined DEs and user that to setup. I admit, its a nice-to-have rather than necessity, but it makes the experience that much sweeter and friendlier.

#9

Since you seem okay with putting the password hash of the user in the world-readable nix store, it may also be possible to put the root password in there, or choose to not have a root password !. That would allow all the steps to happen at the beginning.

#10

Is mutableUsers = false considered an anti pattern? I didn’t see any warnings in the docs. I wanted to set the root password to be the same as the user, but I couldn’t figure out a way to pass it into nixos-install.

#11

I personally think mutableUsers = true is an antipattern.

If you use users.users.<name>.hashedPassword it does put the hashed password into the world-readable nix store, which some would consider a security risk, because any user on your system could access the hashed password and try to reverse it with dictionary attacks, offline brute force, etc.

users.users.<name>.passwordFile may be a more secure alternative, but it requires a side-channel way to deploy the secret file (or a way to decrypt files in the nix store like agenix), but in your case, you do have a side-channel available!

I haven’t tested it, but I was hoping that nixos-install would be smart enough to realize if the root password was set in the configuration and not ask for it. Since you have the user in the wheel group, I think it would make sense to not set a root password with users.users.root.hashedPassword="!";.

3 Likes
#12

Ah ok… Yeah I think I can make that happen!

#13

Ok, I took a stab at using passwordFile, but ran into the issue here: How to use users.users.<name>.passwordFile?

1 Like
#14

All done! Disabled password-based login for root, set up passwordFile instead of hashedPassword, and it no longer asks for a root password part way through the install process.

3 Likes
#15

Great. Next, I think it should be possible to improve the invocation by using a nix-shell invocation.

#16

Yeah I’m not super pleased with the one-liner right now, but I’m also not sure that the alternatives are much better. I brought this up in another thread: Curl to nix-shell.

Right now it’s

curl --fail --silent https://raw.githubusercontent.com/samuela/nixos-up/main/nixos-up.ml > nixos-up.ml && chmod +x nixos-up.ml && sudo ./nixos-up.ml

and I’m just not totally sure that

curl --fail --silent https://raw.githubusercontent.com/samuela/nixos-up/main/nixos-up.ml | sudo nix-shell -p ocaml jq -c ocaml

is much better. Especially considering that most people will not be able to copy-paste this command, so I think it’s better to optimize for remember-ability more than length.

#17

I made a pull request to show how I think you should do it:

1 Like
#18

oooh thank you! i see what you mean. i wasn’t aware you could use nix-shell that way!

1 Like
#19

@samuela are you able to edit the OP with the newer way to run it?

#20

yup, good catch! just updated it

1 Like
Hosted by Flying Circus.