Installed Nixos: Dual-Boot and Librem-Key works

I got interested into NixOS, installed it on my Librem 15v3 and will switch from PureOS to using it.

I improved the documentation https://github.com/NixOS/nixos-hardware/tree/master/purism/librem/13v3 I a little bit by documenting how I overcome the problems (which took me a few hours to solve) to

• Adding a PureOS partition to the GRUB menu
• Automatically lock the desktop when removing the librem key

Now I have the situation, that upgrading to a new kernel, configuration etc, I still can boot into PureOS, but when I update GRUB via apt under PureOS, I loose the menuentry for NixOS. Not a big problem for me, as I will rarely switch back.

Hope this might be a help for other people.

Looking forward for my LibremMini and I think the Librem-HW and PureOS are a good fit, if you strive to have a reproducible, tamper resistant system.

Welcome fellow NixOS user, I may “steal” that Librem Key lock script of yours – thank you. I have a Librem 13 v4 myself and the only Librem-specific piece of my configuration is the following fix which is necessary until the upstreamed patch from Purism reaches us through systemd:

services.udev = {                                                                                                                                                                  
    extraHwdb = ''                                                                                                                                                                 
        # https://tracker.pureos.net/T683                                                                                                                                            
        evdev:atkbd:dmi:bvn*:bvr*:bd*:svnPurism*:pn*Librem13v4*:pvr*                                                                                                                 
        KEYBOARD_KEY_56=backslash                                                                                                                                                  
      '';
  };

Which firmware version are you running by the way? I have been unable to upgrade past 4.9-Purism-2 (11/13/2019) since 4.11-Purism-1 made graphics changes that I have been unable to work around.

Other than that, all good. I do have some Atheros WiFi issues on NixOS (packet loss under heavy load) that I have failed to replicate under PureOS, but I am yet to send an e-mail to Purism support regarding it.

Nice to hear from you!

The output of journalctl -b0 | grep Purism is

Apr 06 09:20:06 librem kernel: DMI: Purism Librem 15 v3/Librem 15 v3, BIOS PureBoot-beta-11 01/01/1970
Apr 06 09:20:06 librem kernel: Hardware name: Purism Librem 15 v3/Librem 15 v3, BIOS PureBoot-beta-11 01/01/1970

What is the problem you fix with your udev patch?

I cannot tell a lot about the WiFi because my laptop is almost always connect via a cable.

Hmm… You do seem to have ended up with a more recent BIOS working than me – even though I am sticking to coreboot for now.

> journalctl -b0 | grep Purism
Apr 13 10:14:24 $(hostname) kernel: DMI: Purism Librem 13 v4/Librem 13 v4, BIOS 4.9-Purism-2 11/13/2019

Whenever I try to upgrade beyond this version everything hangs once you selected what to boot in GRUB and you end up with the NixOS logo in the top and a grey. Perhaps it is something with my NixOS configuration as it was generated before the graphics changes in 4.11-Purism-1? However, I tried generating a new configuration after booting the NixOS 19.09 install from USB and saw nothing different compared to my existing hardware-configuration.nix. Would you be happy to share your hardware-configuration.nix and anything relevant you may have passed to the kernel in configuration.nix? I really have not fiddled around with it much, just the parameters to GRUB and increasing inotify.max_user_watches in boot.kernel.sysctl. I tried passing nomodeset to the kernel, but it made no difference and I still ended up stuck at GRUB with 4.11-Purism-1 and had to once again revert to 4.9-Purism-2.

The udev patch corrects an issue caused by the keyboard sending the wrong scan code in hardware for the backslash/pipe key.

In terms of the WiFi, I ran another set of experiments and I think it may just be the atk9k drivers not being that solid. Thus I am considering switching out the chipset for another one from one of my older laptops. Freedom-wise, that is not great, but I can not compromise on WiFi much as this is my main laptop when giving lectures that frequently require a solid connection.

Here my hardware-configuration.nix

# Do not modify this file!  It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations.  Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:

{
imports =
[ 
];

boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

fileSystems."/" =
{ device = "/dev/disk/by-uuid/f7b272a5-b32d-4720-9091-f76a14813202";
fsType = "ext4";
};

fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/623B-F40D";
fsType = "vfat";
};

swapDevices =
[ { device = "/dev/disk/by-uuid/2f7786b2-7b6e-4523-a867-60533b37a21c"; }
];

nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# High-DPI console
i18n.consoleFont = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz";
}

@niklaus Thanks a ton! It looks identical to mine (apart from the console font). I will just have to dig deeper into GRUB behavior or possible find a way to dump the kernel flags from the NixOS install as it boots just fire regardless of coreboot version. Alternatively, I could swap out the drive for a clean install to see how that goes. But that is more “work” than I can handle at the moment.