A lot of people – myself included – have complained that installing NixOS is a pain. So I went ahead and created a CLI installer, nixos-up, to set up the whole thing for you from the comfort of the Live ISO. So far it
Auto-detects BIOS vs UEFI and partitions the disk for you accordingly.
Generates sensible /etc/nixos/configuration.nix files for desktop and server environments.
Installs home-manager.
Auto-detects time zone and sets it up.
Auto-detects available RAM and sets up the appropriate amount of swap space.
and basically just tries to get you into a working NixOS install as quickly as possible.
Great! Yeah, I was thinking of adding a step to let the user edit /etc/nixos/configuration.nix right before nixos-install, but I figured that it would be just as easy to boot into the new install and edit it from there. But I’m open to this as a feature if there’s enough demand for it.
I would definitely like it. My NixOS systems use either Plasma or i3, adding entirety of gnome will add extra bandwidth and more importantly delay to download all of Gnome and then all of Plasma. My country isn’t the greatest in internet connectivity, so it hurts particularly.
In that case there is an option to do a “server” install which is just the most minimal install: no window manager is configured, audio/printing services aren’t enabled, etc. You could try doing that and then configure your desired setup from there!
Yep, I could. I was more of wondering how it would go for first time NixOS, but veteran Linux user.
For eg. like postmarketOS, during setup, we can ask for inputs on set of predetermined DEs and user that to setup. I admit, its a nice-to-have rather than necessity, but it makes the experience that much sweeter and friendlier.
Since you seem okay with putting the password hash of the user in the world-readable nix store, it may also be possible to put the root password in there, or choose to not have a root password !. That would allow all the steps to happen at the beginning.
Is mutableUsers = false considered an anti pattern? I didn’t see any warnings in the docs. I wanted to set the root password to be the same as the user, but I couldn’t figure out a way to pass it into nixos-install.
I personally think mutableUsers = true is an antipattern.
If you use users.users.<name>.hashedPassword it does put the hashed password into the world-readable nix store, which some would consider a security risk, because any user on your system could access the hashed password and try to reverse it with dictionary attacks, offline brute force, etc.
users.users.<name>.passwordFile may be a more secure alternative, but it requires a side-channel way to deploy the secret file (or a way to decrypt files in the nix store like agenix), but in your case, you do have a side-channel available!
I haven’t tested it, but I was hoping that nixos-install would be smart enough to realize if the root password was set in the configuration and not ask for it. Since you have the user in the wheel group, I think it would make sense to not set a root password with users.users.root.hashedPassword="!";.
All done! Disabled password-based login for root, set up passwordFile instead of hashedPassword, and it no longer asks for a root password part way through the install process.
Yeah I’m not super pleased with the one-liner right now, but I’m also not sure that the alternatives are much better. I brought this up in another thread: Curl to nix-shell.
is much better. Especially considering that most people will not be able to copy-paste this command, so I think it’s better to optimize for remember-ability more than length.