I hope you’re doing great! I’m currently having an issue that I wanted to report, to know if I’m doing something wrong or not.
TL;DR;
Can’t decrypt the LUKS partition (from stage 1 boot) after fresh install, with the correct password (tested through CLI after installation, before restarting). I may suspect some keyboard layout issue.
Steps
Let me break it down in a comprehensible way :
Downloaded this ISO : nixos-gnome-24.11.715908.7105ae395770-x86_64-linux.iso
Burned it on an USB with sudo dd if=<iso-file>.iso of=/dev/sda bs=4M status=progress conv=fsync oflag=direct
Booted and installed NixOS 24.11 on my machine, nothing fancy (through Calamares), using defaults
Changed the country to the corresponding keyboard (did this after my third re-installation, who knows?)
Changed the keyboard layout to the corresponding one (no fancy layout), and tested it in the little text box below
“Erase disk” for the partitioning + “Encrypt disk” (LUKS) with a password (which I tested in the previous text box, to confirm the layout)
Opened “Disks”, locked the newly LUKS formatted partition and unlocked it without issue
Restarted to apply the installation
Entered my password when prompted at the first boot stage
Getting an error : "no key available with this passphrase - failure" (tried several times to be sure of the passphrase I was entering, I’m 100% positive it’s the correct one)
If it’s a keyboard layout issue, how can I fix it before restarting?
If I want to investigate the configuration generated by Calamares, where should I look? I might be able to enforce a services.xserver.xkb/console.keyMap layout?
Thank you in advance, for taking your time to read me and for your help
Take care!
PS: BTW I tried the latest ISO nixos-gnome-24.11.716793.a880f49904d6-x86_64-linux.iso but couldn’t get it to start correctly… I had plenty of services that couldn’t start at boot time and then i had something like “Starting getty on tty1” (might be for the autologin?), but it was failing too…
May I ask where did you put your config in a freshly installed NixOS system (not yet rebooted)? Did you generate a new config through nixos-generate-config and applied it there?
Because once NixOS is installed through Calamares, where do I find the future system’s configuration? Because I presume I’ll have to apply it there (and then nixos-rebuild switch), right?
This might be fine for a container (depending on how things are done; there are modules in nixpkgs that should be used for docker or lxc guests rather than setting this manually), but it’s definitely bad advice for a VM.
Yes i still do, because if I understand correctly, when installing NixOS from a bootable device, we’re mounting the main disk which will contain our future system (after reboot).
When using Calamares, the mounted partition is here /run/media/nixos/<uuid>/etc/nixos/configuration.nix. So I’ve edited this file to add your snippet (some settings were already set), saved it and then I suppose I need to apply this new conf to the mounted partition.
How can I apply my changes from the generated configuration.nix (e.g. from Calamares) ? Because nixos-rebuild switch will use the bootable’s /etc/nixos/configuration.nix, which I don’t want
So should it be nixos-install with some custom --root pointing to /run/media/nixos/<uuid>/etc/nixos/configuration.nix?
correct and all config (whatever you configure with Nixos installer) will be added to /etc/nixos/configuration.nix - which you’ll see after the 1st reboot
create your image with whatever “base configuration” you need
build and run your VM / container
log into that VM / container
create a etc/nixos/configuration.nix (in the VM / container but not on the assigned partition / space on your disk)
add whatever “additional configuration” (which will build on top of the image configuration)
OR instead of 3, 4, 5, you can simply create a new VM / container with different config
Not quite sure if there’s a “correct” way here though.
To me, I would just re-create a new VM / container and avoid editing configs within the VM / container then it’s kinda twice the changes to track cause ending up with 1 config for the image + 1 config for the container
That shouldn’t be touched AFAIK, edit from within the VM / container instead
Just to be clear on the context, it’s a bare installation on a physical machine to be used as the main OS. So no VM/container involved at this stage.
I’m really just trying to know if NixOS + LUKS will work fine on this new machine, just by booting from the official ISO like any new user wanting to try it. Apparently it doesn’t work (for me), but I’m trying to figure out why
Let me share with you some tests I did after the installation and still before the first reboot (hence, still on the removable bootable NixOS device’s live system) :
Mounted the future system partition (where NixOS just got installed). Now available at /run/media/nixos/<uuid> (default when using Gnome Disks)
Does it have to be mounted to /mnt if ever I need to edit the future system?
cd /run/media/nixos/<uuid> (the mounted partition)
Adding the below snippet to the mounted configuration.nix
services.xserver.xkb = {
layout = "XX"; # This line was already containing the correct kb layout defined when installing the system
variant = "";
};
console = {
earlySetup = true;
useXkbConfig = true;
};
nixos-install --root /run/media/nixos/<uuid>
Warning --root wants an absolute path btw
But at this stage, I got an unexpected issue : “[…] services.xserver.xkb.layout is already defined somewhere else. […] Please use lib.mkDefault or lib.mkForce”. Which got me thinking, that may be the reason why my configured layout isn’t taken in account. Where is this config defined with a higher priority?
Anyway, I’ve used the force lib.mkForce, issue went away, new one coming up : failed to install bootloader. '/boot' is not a mounted partition. Is this path configured correctly?.
What am I doing wrong? Found this thread about a similar issue, without any sustainable usable solution so far… @m-clare Have you find the root cause of your issue (sorry for pinging you on this old thread)
That’s already defined when you go through the Installer step.
You should be able to see the current configuration.nix with sudo cat /mnt/etc/nixos/configuration.nix
That’s only when within the Installer / USB so don’t touch that.
After the first reboot, configuration will be located in /etc/nixos/configuration.nix.
If still no success, try without Calamares.
If you got a dual-boot setup, you might have to wipe it first, install Nixos then re-install the other OS or if on another disk, physically remove the other OS’s disk from your computer, install Nixos then re-add your disk.
In /etc/nixos/configuration.nix, I only have one import (and nothing more) and it’s the installation cd (default). Not sure if adding something here will change the boot behaviour, since it’s the live system (in which I won’t boot at restart).
In your snippet you mention /mnt/etc/nixos/configuration.nix, I don’t have that file, probably because I’m using Calamares and not installing NixOS manually, right?
Using Calamares, nothing is mounted under /mnt once the installation is complete…
Once again, this is a very basic and default installation, ISO downloaded from nixos.org (checksum verified), laptop is clean, the entire disk is used (no other systems) and I’m just wondering why when typing my LUKS passphrase on stage 1 boot, I get an error while being 100% sure that it’s correct (explained above).
I was expecting a smooth experience as I’m not doing anything fancy with the conf. What am I missing that should be obvious?
Sounds like it.
Are you able to install without it? That will quickly confirm.
Prolly partion name being different but I’m not familiar with Calamares so can’t really help on that one haha
So I’ve managed to get it working! BUT still wonder why this isn’t default in the public nixos ISOs
Here’s what I did (for documentation purposes) :
Installed nixos with LUKS and a QWERTY/AZERTY friendly passphrase
To make sure I could log in no matter what
Configured and applied the above console snippet to make sure my keyboard layout was available at stage 1
Make sure to remove/comment your console.keyMap (or use lib.mkForce) because it’ll enter in conflict with console.useXkbConfig which will use services.xserver.xkb.layout
Changed my current - temporary - LUKS passphrase to more complex one, through Gnome Disks (“Change passphrase” on the LUKS partition)
Rebooted and tadaa! Complex passphrase accepted using the correct keyboard layout!
Thanks for your patience and support @JimJ92120 ! I’ll mark this post as the answer (for completeness of the steps for new users), but the answer has been given here :