Installing Graphene from NixOS

I just got a new Pixel device from the Pixel 9 family. While I enjoy the device so far, I don’t want to talk so much about the device here. One of the first things I did with the device was install GrapheneOS onto it for enhanced privacy and security from the spying eyes of the public corporate overlords who want to harvest data for their advertisers. It’s obviously a great business model for them, but I don’t really want to be part of it any more than I am required to be.

As a user of all NixOS systems for my personal compute, I was looking for how to install Graphene onto my device. Graphene offers a great web installer that you can click through on their site and follow some very simple instructions. But if you are a Linux user, you need to prep the system a bit. Exactly how to prep your system is left a bit nebulous as there might be different ways to do that in different Linux distributions. So here are the steps I took took to get NixOS ready to run the system.

Install necessary software

There are a few pieces of Android-related software that I needed to configure. Firstly, I needed to install and enable the ADB tools, and I needed to give my user access to leverage those tools. In my system configuration I had to enable the following lines to accomplish that:

{
    programs.adb.enable = true;
    users.users.greg.extraGroups = [ "adbusers" "kvm" ];
}

I am not completely sure that the “kvm” group was necessary here. That might only be necessary if you are doing Android development from your system. But I also have KVM installed on my system already for other work that I do, and some guides for other distros suggested KVM group for ADB usage. So I added it here. It doesn’t seem to hurt anything.

Once you have enabled the necessary software, rebuild your system.

Run the necessary software

Either login to a new environment to enable the groups, or activate them in your favorite way. Then launch your browser. I use Firefox, but the GrapheneOS installer is recommended to run in Blink-based browsers (those based on the Chrome/Chromium world). So I don’t usually have those installed, but with Nix that’s not a problem. All I needed to do in order to launch one was

nix run "nixpkgs#chromium"

Chromium launched right up, and I was able to navigate to the GrapheneOS web installer. Before making the above changes, launching Chromium was giving me errors about the WebUSB not being able to detect my phone due to lack of drivers and permissions.

Troubleshooting?

Even with the above my phone still was not being detected by the installer. Eventually, at my wit’s end, I fired up lsusb on the command line and found that the phone was not registering at all with the OS. Swapping from an older cable to the USB-C cable that came with the phone fixed that. So I’m suspecing that the first cable I tried to use was maybe a charging-only cable as that is all I have used it for in the past.

Hope this helps someone else who wants to install GrapheneOS but is using NixOS on your host! Happy FOSSing!