Create disk partitions We will be creating two new partitions in the free space we made in the previous step. The first will be 512MB, and be used as our Linux boot partition. The second will use the remaining free space and be used for our Linux swap and root partitions. $ gdisk /dev/sda n # new partition # default partition # # default start location +512M # size 512MB ef00 # type boot n # new partition # default partition # # default start location # size remaining space # type default w # write partitions y # confirm Make note of the partition numbers assigned to the partitions. You can always find them again by running fdisk -l and reading the device name of the last two entries, whose types should be “EFI Boot” and “Linux Filesystem”. Configure disk encryption On OS X, the standard for disk encryption is FileVault. On Linux, it’s LUKS. We’ll be using a strategy called LVM On LUKS, where the partition we created above is an encrypted LUKS partition, on top of which we’ll layer root and swap partitions with LVM. root_partition=/dev/sda$PARTITION_NUMBER # e.g., /dev/sda5 cryptsetup luksFormat $root_partition cryptsetup open --type luks $root_partition enc-pv pvcreate /dev/mapper/enc-pv vgcreate vg /dev/mapper/enc-pv lvcreate -L 10G -n swap vg lvcreate -l 100%VG -n root vg Format partitions boot_partition=/dev/sda$PARTITION_NUMBER # e.g., /dev/sda4 mkfs.vfat $boot_partition mkfs.ext4 -j -L root /dev/vg/root mkswap -L swap /dev/vg/swap And then mount them: mount /dev/vg/root /mnt mkdir /mnt/boot mount $boot_partition /mnt/boot swapon /dev/vg/swap You can recover back to this step, by booting into the livecd and running: cryptsetup open --type luks $root_partition lvchange - vg Start by generating a template configuration: nixos-generate-config --root /mnt This will produce two files: /mnt/etc/nixos/configuration.nix: the system’s configuration file /mnt/etc/nixos/hardware-configuration.nix: the system’s hardware configuration Now we will need to edit configuration.nix: # register our root luks device boot.initrd.luks.devices = [ { name = "rootfs"; device = "/dev/sda5"; preLVM = true; } ]; Also, you should ensure that the grub device is correct. For me, this was: boot.loader.grub.device = "/dev/sda"; And then install! nixos-install