Matthew Brunelle's Blog
I spent money on a domain so I might as well use it.
Framework

Setting up my new Framework Laptop 13 DIY Edition with NixOS

Declarative partitioning with Disko, hibernate with LUKS, and Lanzeboote, oh my!

I've used NixOS for year, yet I've never written about the experience before. This month I sold my 2021 M1 Max Macbook Pro and bought a Framework 13 DIY Edition laptop. After I got everything setup I sat down to write about the experience. Some ~4500 words later I realized I needed to break my thoughts into multiple posts. This one covers my perspective on setting up the software side.

See also:

This post is not:

What this post is:

  • I haven't had a Linux laptop for a bit and wanted to share some laptop specific configuration changes I made to my setup.
  • I tried out some new things and wanted to share the solutions to stumbling blocks I found.
  • Talking a bit about having a single NixOS config for multiple machines.

Prepping the live install usb and booting up

I usually use Balena Etcher to setup a live USB for installs. The stable version of the NixOS manual even suggests using Etcher. However, based on this issue, the program has not been included in nixpkgs for a while due to using an out of date Electron version. The issue suggests using Popsicle instead, but you could also just use dd and the manual suggests.

To boot from a live USB for install you need to disable secure boot first. Don't worry, you can re-enable secure boot later. I also had an issue with the laptop not detecting my USB. The Framework laptops use expansion cards for the ports. I removed and reinserted my USB A card and suddenly my USB drive was detected. So perhaps the expansion card was not detected.

When I finally booted from live USB, I couldn't authenticate to my home wifi. I had a usb to ethernet adapter I used instead. Weirdly enough after installation I've had no issue with wifi.

I was tempted to try out nixos-anywhere this time, but I was very excited and just dove in instead.

Partitioning with Disko, finally quick BTRFS on LUKS

I usually am pretty boring when I partition my desktop. Just a simple EFI partition, a single ext4 partition, and a swap partition for hibernate. Simple is easy to setup and diagnose if something goes wrong.

However, I've wanted to try Disko out for a while now. Not only is a declarative parition description appealing, but also I can be lazy and avoid typing all the commands to setup my disk. In fact I felt empowered to try a new partition scheme thanks to Disko.

The project has a whole folder of example configurations. I chose to start with the luks-btrfs-subvolumes.nix example. The only changes I had to make where:

  1. Updating devices to match my nvme drive
  2. Changing the swapfile size to match my ram size. That way I can use hibernate.
  3. Removing the settings.keyFile as noted by a comment in the file. I want to use an interactive password instead.

Thats everything! Basically in five minutes with no prior experience I was able to use the quickstart guide and have BTRSFS on LUKS setup. Also, don't forget to swapon the swap file before you run nixos-generate-config so your configuration includes the swap device.

Installing NixOS and handling multiple machines in a single configuration

The install process was pretty standard. I did not use the GUI installer and instead used the manual. Also, I think I just totally missed this addition, but the nixos-install command now has a --flake option! I've been installing without and then converting to flake based installs this whole time...

Once the install command finished I rebooted. Then I just needed a quick git pull to get my configuration, a rebuild and then everything felt like home. My current current iteration configuration is based off nix-starter-configs. The only host I had configured was my desktop. However if you add a new nixosConfigurations.<hostname> entry in your flake.nix you can have different configurations for each host.

I'm due for a revamp and cleanup to my current configuration. For now I extracted the couple of desktop specific configuration details into their own desktop.nix file that is only imported by my desktop configuration. I then duplicated all the general configuration under a directory for my laptop's hostname. Going forward I'll work on pulling common pieces out into their own modules. [^ I don't want to go too crazy with that though. I did that in the past and ended up with too many modules which felt cumbersome.] I also realized that there is now an issue in the nix-starter-configs repo that the project needs a rework. So I may try to migrate off of to something simpler.

Hibernation using a swapfile with BTRFS on LUKS

Remember when I mentioned I usually do the boring thing for disk partitions? Hibernate is a great reason why. OK, I'm being a little hyperbolic, but hibernation is something I'd really like on a laptop for powersavings and LUKS complicates the process.

If I had used a swap partition I would just need to point swapDevices to the partition. Instead we have a swapfile on BTRFS inside LUKS. The wiki page on hibernation recommends the following:

boot.kernelParams = ["resume_offset=<offset>"];

boot.resumeDevice = "/dev/disk/by-uuid/<uuid-of-root-partition>";

powerManagement.enable = true;

swapDevices = [
  {
    device = "/var/lib/swapfile";
    size = 32 * 1024; # 32GB in MB
  }
];

Where you need to figure out the offset for your swap file using filefrag.

However based on a conversation in the forums, since release 24.05 you only need to enable initrd systemd and set the swap device:

boot.initrd.systemd.enable = true;
swapDevices = [{
  device = "/var/lib/swapfile";
  size = 32 * 1024;
}];

Systemd determines and handles the offset for you. What's more powerManagement.enable defaults to true and can be omitted.

I was afraid of trying secure boot, but that was unfounded

I have never set up secure boot on Linux before, and I'm happy to report the process was painless!

I found this post Framework and NixOS - Secure Boot (Day Three) which pointed me towards Lanzaboote. Then I found this FOSDOM 2023 presentation Towards Secure Boot for NixOS which explains how Lanzaboote works. Some notes from the talk:

  • automatically handles signing everything when you when you do a nixos rebuild
  • provides a stub to help prevent the EFI parition from running out of space when you have many generations
  • you have to handle key generations and rerollment once

Also this lovely quote:

I've heard that it works for other people... I have also heard it did not work for other people.

Thankfully in the time since then the project has improved. I simply followed the quick start guide as prescribed. The guide even includes specific details for Framework Laptop users.

Also note this warning:

To be able to setup Secure Boot on your device, NixOS needs to be installed in UEFI mode and systemd-boot must be used as a boot loader. This means if you wish to install lanzaboote on a new machine, you need to follow the install instruction for systemd-boot and then switch to lanzaboote after the first boot.

I used the flakes option when installing rather than the niv option. Also, make sure to set your UEFI password.

image.png

Linux on Laptops seems simpler now

In the past I feel like I had a whole laundry list of items to attend to when installing Linux on a Laptop. Now in 2025 there really isn't that much tweaking to do compared to a desktop. No mucking about with TLP or anything. The Framework knowledge base recommends:

For Framework Laptop 13/16 AMD Ryzen™ 7040 Series configurations, you will absolutely want to use power-profiles-daemon for the absolute best experience. Do NOT use TLP. Without getting too detailed, there are things happening behind the scenes that require PPD for the best experience for our Linux customers. [^ They have not said if this applies for the AMD 300 Strix AI series, but in absence of clarification I'm avoiding TLP.]

The whole experience is.... peaceful? I still get to tweak a lot of things. Just less of the fiddly bits. I dig it.

I've literally never done a neofetch fastfetch before, but I'd like to end on a cliche:

fastfetch.png

Member discussion

Similar topics

I'm a laptop weirdo and that's why I like my new Framework 13

It turns out I've always done weird things to my laptops.

Framework 13 DIY Edition Hardware Thoughts

Framework did a really great job with the 13 and I'm excited to do terrible things with the laptop.

It's Weirdly Hard to Buy Music Now

How difficult could it be to give someone my money, and they give me music?

What Podcasts Am I Listening To?

I've been listening to some podcast since the beginning, and some are recent additions. Also I wax philosophical for a bit.

I Don't Want to Play the SEO Game

I miss the blogosphere and I'd been thinking about it a lot lately. Thankfully a lot of other people that are smarter than me are thinking about it as well.