Create your normal Truecrypt volume on the device. You can also do this with a disk partition; i.e., sdq1.
truecrypt -k '' -p somewhatsekrit --volume-type=normal --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq
Mount the volume in Truecrypt so that you can format the filesystem.
truecrypt -k '' --filesystem=none --protect-hidden=no -p somewhatsekrit /dev/sdq
Format the filesystem.
mkfs.ext2 /dev/mapper/truecrypt0
Unmount the volume.
truecrypt -d /dev/sdq
Create the hidden volume with a password you don't intend to divulge. Until they start pulling fingermails, of course. Adjust your hidden volume's size according to your device's contraints. Volume size is given in bytes. fdisk -l /dev/sdq will show how many bytes are available on the device or partition.
truecrypt -k '' --volume-type=hidden -p omgverysekrit --filesystem=none --encryption=AES --hash=RIPEMD-160 --random-source=/dev/urandom -c /dev/sdq --size=50000000
Mount the volume so the filesystem can be formatted.
truecrypt -k '' --filesystem=none --protect-hidden=no -p omgverysekrit --filesystem=none /dev/sdq
Format the volume's filesystem.
mkfs.ext2 /dev/mapper/truecrypt0
Unmount the volume.
truecrypt -d /dev/sdq
Truecrypt requires keyfile values be given (-k) when creating volumes via command line, or it will prompt for them. Adding the two single-quotes (-k '') just says that there isn't a keyfile to be used. Truecrypt in command line mode also apparently won't create an ext2 filesystem, so you first have to create the volume without a filesystem, mount it with truecrypt and use mkfs (mkfs.ext2 in this case) to format the the volume.
