Skip to main content

Install NixOS

In this section, we perform a manual installation using the minimal ISO image that can be downloaded from the NixOS download page.

Two setups are described:

  • Virtual setup, using an ARM64-based guest with UTM on MacOS,
  • Physical setup, using an ASUS ROG STRIX-X99 server.

Network environment configuration

Virtual setup

In the UTM virtual machine configuration, in the network configuration tab, select:

  • Network Mode: Bridged (Advanced)
UTM network configuration tab
note

Make sure that the MAC address for the virtual machine NIC card is unique to this machine, otherwise you may experience issues with the DHCP resolution.

Physical setup

Make sure the physical machine has a wired or a wireless connection to the network.

Target machine firmware configuration

Virtual setup

Virtual machine parameters

Use Virtualization (as opposed to Emulation) for the sake of speed. Choose Custom configuration (Other).

Information

  • Name: nixos

System

  • Architecture: ARM64 (aarch64)
  • System: QEMU 7.2 ARM Virtual Machine
  • Memory: 8192 MB
  • CPU: Default
  • CPU Cores: 4
  • Force Multicore
  • JIT Cache: Default

QEMU

  • UEFI Boot
  • RNG Device
  • Balloon Device
  • TPM 2.0 Device
  • Use Hypervisor
  • Use local time for base clock
  • Reset UEFI Variables
  • QEMU Machine Properties: Default

Input

  • USB Support: USB 3.0(XHCI)
  • Share USB devices from host
  • Maximum Shared USB devices: 3

Sharing

  • Enable Clipboard Sharing
  • Directory Share Mode: None

Display Device (optional, needed for interactive UEFI configuration)

  • Emulated Display Card: virtio-ramfb
  • Resize display to window size automatically

Serial Device

  • Mode: Pseudo-TTY Device
  • Target: Automatic Serial Device (max 4)
tip

To open a terminal emulator (e.g. on MacOS):

picocom /dev/ttys005  # Enter Ctl-A Ctl-X to exit the terminal emulator

To resize the terminal :

stty cols $COLS rows $ROWS`

Network Device

  • Network Mode: Bridged (Advanced)
  • Emulated Network Card: virtio-net-pci
  • MAC Address: xx:xx:xx:xx:xx:xx

USB Drive

  • Removable Drive
  • Path: nixos-minimal-23.11.6743.576ecd43d3b8-aarch64-linux.iso
  • Read Only?
  • Image Type: CD/DVD (ISO) Image
  • Interface: USB

VirtIO Drive

  • Removable Drive
  • Read Only?
  • Image Type: Disk Image
  • Interface: VirtIO
  • Size: 64 GB

Disable Secure Boot in the UEFI configuration

By default, NixOS installation images are not configured for Secure Boot1. The virtual machine won't boot unless Secure Boot is first disabled in the UEFI BIOS.

Boot the guest VM. Hit F2 at the start of guest boot to enter the boot menu, disable Secure Boot (this requires that the Display Device is enabled on the guest VM).

UEFI main boot menu UEFI device manager UEFI secure boot

Physical setup

Hardware tips

Older STRIX-99 boards seem to be susceptible to electric connection issues with the RAM modules. Clearing the CMOS chip may help. Brushing the DDR4 slots pins, blowing air too. Bad karma will kill you.

Some second-hand STRIX-X99 boards seem to have a bad MAC address on the Intel NIC interface (88:88:88:88:87:88). This can be solved with Intel's EEupdate MS-DOS software utility, that is used to program the SPI Flash images in development or production line environments. You will need a DOS formatted bootable USB-key. You can create such a key using balenaEtcher and the LiteUSB image courtesy FreeDOS.

The following operations will solve the problem:

  • Copy the EEUPDATE.EXE utility to the FreeDOS bootable USB key
  • (Temporarily) enable CSM in the STRIX-X99 BIOS
  • Boot the USB key
  • Enter DOS
  • C:\ eeupdate /nic= /data
  • C:\ eeudpate /nic=1 /mac=xxxxxxxxxxxx
  • Disable CSM in the STRIX-X99 BIOS

Pointers:

BIOS Settings

Advanced\Trusted Computing

  • TPM20 Device Found
  • Security Device Support: Enable
  • Active PCR banks: SHA-1,SHA256
  • Available PCR banks: SHA-1,SHA256
  • SHA-1 PCR Bank: Enabled
  • SHA256 PCR Bank: Enabled
  • Pending operation: None
  • Platform Hierarchy: Enabled
  • Storage Hierarchy: Enabled
  • Endorsement Hierarchy: Enabled
  • TPM2.0 UEFI Spec Version: TCG_2

Advanced\CPU Configuration

  • Intel Virtualization Technology: Enabled

Boot

  • Fast Boot: Enabled
  • Wait For 'F1' If Error: Disabled
  • Setup Mode: EZ Mode

Boot\CSM (Compatibility Support Mode)

  • Launch CSM: Disabled

Boot\Secure Boot

  • Secure Boot state: Disabled
  • Platfor Key (PK) state: Unloaded
  • OS Type: Windows UEFI mode

Boot\Secure Boot\Key Management

  • Clear Secure Boot Keys: Yes

Boot from NixOS installation medium

Boot the target machine using the NixOS installation image and establish ssh connectivity from your installation terminal.

tip

If the target machine is real hardware, when the NixOS installation USB-key initial splash screen appears, choose HiDPI, Quirks and Accessibility, then Serial console=ttyS0,115200n8, finally NixOS *** Installer, in order to enable console via the serial link.

Then on your installation terminal, connect to the target machine with:

picocom -b 115200 /dev/tty.PL2303G-USBtoUART110
tip

On the target machine...

Install the correct keymap:

sudo loadkeys fr

Take a look at the networking configuration:

ip a

Set a password for user nixos, or better, setup .ssh/authorized_keys, so that you can ssh into the target machine from your installation terminal.

passwd

Bootstrap installation

Final installation

OBSOLETE TO BE REMOVED

Make sure that secure Boot is disabled, and that the installation disk is loaded in USB drive.

Then boot the guest VM.

On the host machine, prepare to serve our custom installation scripts:

python3 -m http.server -d ../../bootstrap

On the guest VM, retrieve and run the custom installation script:

curl -O 192.168.43.1:8000/install.sh
bash install.sh

then shut down the guest VM:

sudo shutdown now

then on the host machine, eject the installation disk from the USB drive, optionally remove the VM Display Device, optionally take a snapshot of the guest VM:

qemu-img snapshot ~/Library/Containers/com.utmapp.UTM/Data/Documents/stone.utm/Data/*.qcow2 -c step1

Boot the newly installed system and configure

Boot the guest VM (from the newly installed disk drive).

Connect to the guest VM as admin and activate NixOS flakes:

ssh-add ~/.ssh/id_ed25519
ssh -A admin@192.168.43.2
curl -O 192.168.43.1:8000/install2.sh
bash install2.sh

Footnotes

  1. For secure boot with NixOS, see the nixos wiki and lanzaboote github project.