Last active
January 25, 2026 20:32
-
-
Save jumpyvi/9094525cd29d0ff3e48a15e480eac5c2 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo umount -R /mnt 2>/dev/null || true | |
| sudo cryptsetup close cryptroot 2>/dev/null || true | |
| sudo wipefs -a /dev/sda | |
| sudo sgdisk -o /dev/sda | |
| sudo sgdisk -n 1:0:+2G -t 1:ef00 -c 1:"BOOT" /dev/sda | |
| sudo sgdisk -n 2:0:0 -t 2:8300 -c 2:"ROOT" /dev/sda | |
| sudo cryptsetup luksFormat --type luks2 /dev/sda2 | |
| sudo cryptsetup open /dev/sda2 cryptroot | |
| sudo mkfs.fat -F 32 -n BOOT /dev/sda1 | |
| sudo mkfs.btrfs -L ROOT -f /dev/mapper/cryptroot | |
| sudo mount /dev/mapper/cryptroot /mnt | |
| sudo mount --mkdir /dev/sda1 /mnt/boot | |
| BOOT_UUID=$(sudo blkid -s UUID -o value /dev/sda1) | |
| LUKS_UUID=$(sudo blkid -s UUID -o value /dev/sda2) | |
| echo "LUKS UUID: $LUKS_UUID" | |
| echo "BOOT UUID: $BOOT_UUID" | |
| sudo podman run \ | |
| --rm --privileged --pid=host \ | |
| -it \ | |
| -v /etc/containers:/etc/containers:Z \ | |
| -v /var/lib/containers:/var/lib/containers:Z \ | |
| -v /dev:/dev \ | |
| -e RUST_LOG=debug \ | |
| -v "/mnt:/mnt" \ | |
| --security-opt label=type:unconfined_t \ | |
| "ghcr.io/projectbluefin/dakota:latest" bootc install to-filesystem /mnt \ | |
| --composefs-backend \ | |
| --bootloader systemd \ | |
| --karg splash \ | |
| --karg quiet \ | |
| --karg rd.luks.name=${LUKS_UUID}=cryptroot \ | |
| --karg root=/dev/mapper/cryptroot \ | |
| --karg rootflags=subvol=/ \ | |
| --karg rw | |
| # Remount as writable | |
| sudo mount -o remount,rw /mnt | |
| sudo mount -o remount,rw /mnt/boot | |
| DEPLOY_DIR=$(sudo find /mnt/state/deploy -maxdepth 1 -type d -name '*' | grep -v '/mnt/state/deploy$' | head -n 1) | |
| BOOT_ENTRY=$(ls -d /mnt/boot/loader/entries/*) | |
| COMPOSEFS_HASH=$(basename "$DEPLOY_DIR") | |
| sudo sed -i \ | |
| "s|^options.*|options rd.luks.name=${LUKS_UUID}=cryptroot rd.luks.uuid=luks-${LUKS_UUID} root=/dev/mapper/cryptroot rootflags=subvol=/ rw boot=UUID=${BOOT_UUID} composefs=${COMPOSEFS_HASH} splash quiet|" \ | |
| "$BOOT_ENTRY" | |
| sudo bash -c "cat << EOF > ${DEPLOY_DIR}/etc/crypttab | |
| cryptroot UUID=${LUKS_UUID} none luks | |
| EOF" | |
| # fstab (needed???) | |
| sudo bash -c "cat << EOF > ${DEPLOY_DIR}/etc/fstab | |
| /dev/mapper/cryptroot / btrfs defaults 0 0 | |
| UUID=${BOOT_UUID} /boot vfat defaults 0 2 | |
| EOF" | |
| #cat /mnt/boot/loader/entries/*.conf | |
| #cat ${DEPLOY_DIR}/etc/fstab | |
| sync | |
| sudo umount -R /mnt | |
| sudo cryptsetup close cryptroot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment