Updated config and install script to hopefully work with encryption

install.sh

@@ -1,37 +1,52 @@
-# Define the disk to partition
+#!/usr/bin/env bash
-DISK="/dev/sda"
 
-# Create a new partition table
+set -euo pipefail
-parted $DISK -- mklabel gpt
 
-# Create the EFI partition
+# Replace with your actual repo
-parted $DISK -- mkpart ESP fat32 1MiB 512MiB
+REPO_URL="https://git.luke-else.co.uk/luke-else/nixos-config.git"
-parted $DISK -- set 1 esp on
+HOSTNAME="vm"  # Change to desktop/laptop/vm if needed
+TARGET_DISK="/dev/sda"
+MOUNT_POINT="/mnt"
 
-# Create the root partition
+# Confirm before wiping the disk
-parted $DISK -- mkpart primary ext4 512MiB 100%
+echo "WARNING: This will erase ALL data on ${TARGET_DISK}!"
+read -p "Type YES to continue: " confirm
+[[ "$confirm" == "YES" ]] || { echo "Aborting."; exit 1; }
 
-# Format the EFI partition
+# 1. Wipe the disk and create new GPT partition table
-mkfs.fat -F 32 -n BOOT ${DISK}1
+wipefs -a "$TARGET_DISK"
+parted -s "$TARGET_DISK" mklabel gpt
 
-# Format the root partition
+# 2. Create partitions
-mkfs.ext4 ${DISK}2
+# - EFI (512M)
+# - Root (rest of the disk)
+parted -s "$TARGET_DISK" mkpart primary fat32 1MiB 513MiB
+parted -s "$TARGET_DISK" set 1 esp on
+parted -s "$TARGET_DISK" mkpart primary ext4 513MiB 100%
 
-# Mount the partitions
+EFI_PART="${TARGET_DISK}1"
-mount ${DISK}2 /mnt
+CRYPT_PART="${TARGET_DISK}2"
-mkdir -p /mnt/boot/efi
-mount ${DISK}1 /mnt/boot/efi
 
-# Clone the configuration repository
+# 3. Format the EFI partition
-mkdir -p /mnt/etc/nixos
+mkfs.fat -F32 "$EFI_PART"
-git clone https://git.luke-else.co.uk/luke-else/nixos-config.git /mnt/etc/nixos
 
-# Install NixOS using the cloned configuration
+# 4. Set up LUKS encryption for root
-nixos-install --flake /mnt/etc/nixos#vm
+echo "Setting up LUKS encryption on ${CRYPT_PART}"
+cryptsetup luksFormat "$CRYPT_PART"
+cryptsetup open "$CRYPT_PART" cryptroot
 
-# Ensure the bootloader is installed
+# 5. Format root and mount
-nixos-enter --root /mnt -- nixos-rebuild boot
+mkfs.ext4 /dev/mapper/cryptroot
+mount /dev/mapper/cryptroot "$MOUNT_POINT"
 
-# Reboot the system
+# 6. Create and mount boot directory
-echo "Installation complete. Rebooting..."
+mkdir -p "$MOUNT_POINT/boot"
-reboot
+mount "$EFI_PART" "$MOUNT_POINT/boot"
+
+# 7. Clone your NixOS config
+git clone "$REPO_URL" "$MOUNT_POINT/etc/nixos"
+
+# 8. Install NixOS
+nixos-install --flake "/etc/nixos#${HOSTNAME}" --no-root-passwd
+
+echo "✅ NixOS installation complete! You may now reboot."

modules/common.nix

@@ -2,36 +2,33 @@
 
 {
   # Bootloader: systemd-boot with EFI support
-  boot = {
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
 
-    # Kernel parameters for root
+  # Use systemd-boot instead of GRUB
-    kernelParams = [ "root=/dev/sda1" ];
+  boot.loader = {
+    systemd-boot.enable = true;
+    efi.canTouchEfiVariables = true;
+  };
+
+  boot.initrd = {
+    supportedFilesystems = [ "ext4" ];
+    luks.devices."cryptroot".device = "/dev/disk/by-partlabel/cryptroot";
   };
 
-  # File systems
   fileSystems."/" = {
-    device = "/dev/sda1"; # root partition
+    device = "/dev/mapper/cryptroot";
     fsType = "ext4";
   };
 
-  # EFI partition mount (usually /boot or /boot/efi)
   fileSystems."/boot" = {
-    device = "/dev/sda2"; # EFI partition
+    device = "/dev/disk/by-partlabel/ESP";
     fsType = "vfat";
-    options = [ "nofail" "defaults" ];
   };
 
-  # Swap file (4GB)
+  swapDevices = [{
-  swapDevices = [
+    device = "/swapfile";
-    {
+    size = 4096;
-      device = "/swapfile";
+  }];
-      size = 4096; # 4GB
-    }
-  ];
 
   # Locale and timezone
   time.timeZone = "Europe/London";

modules/user.nix

@@ -4,7 +4,7 @@
   users.users."luke-else" = {
     isNormalUser = true;
     home = "/home/luke-else";
-    shell = pkgs.bash;
+    shell = pkgs.zsh;
     extraGroups = [ "wheel" "networkmanager" "docker" ];
   };