t00 · February 2, 2022 07:34
diff --git a/inst-arch-linux-full-enc b/inst-arch-linux-full-enc
 # Install Arch Linux with full encrypted file-system using dm-crypt and luks
 # The official guide: https://wiki.archlinux.org/index.php/Installation_Guide

 # SSD specials
 # http://ggarcia.me/2016/10/11/arch-linux-ssd-trim.html

 # EFI
 # https://itectec.com/superuser/uefi-and-full-disk-encryption-with-lvm-on-luks/

 # Download the archiso image from https://www.archlinux.org/download/
 # Copy to a usb-drive
 dd bs=16M if=archlinux.iso of=/dev/sdx status=progress oflag=sync # on linux

 # Boot from the usb.
 # Set spanish keymap
 loadkeys uk

 # This assumes a wifi only system...
 wifi-menu

 # Create a primary partition - entire disk
 parted -s /dev/vda mklabel gpt
 parted -s /dev/vda mkpart "EFI system partition" fat32 1MiB 301MiB
 parted -s /dev/vda set 1 esp on
 parted -s /dev/vda mkpart "arch" ext4 301MiB 100%

 # Create and open LUKS container
 cryptsetup luksFormat /dev/vda1
 cryptsetup luksOpen /dev/vda1 lvm

 # Create volume group and logical volumes
 pvcreate /dev/mapper/lvm
 vgcreate vg /dev/mapper/lvm
 lvcreate -L 40G vg -n root
 lvcreate -L 8G vg -n swap
 lvcreate -l +100%FREE vg -n home

 # Create filesystems
 mkswap -L swap /dev/mapper/vg-swap
 mkfs.ext4 /dev/mapper/vg-root
 mkfs.ext4 /dev/mapper/vg-home

 # Activate swap and mount lv's
 swapon /dev/mapper/vg-swap
 mount /dev/mapper/vg-root /mnt
 mkdir /mnt/home
 mount /dev/mapper/vg-home /mnt/home

 # Install the system, wifi and some tools
 pacstrap /mnt base base-devel grub lvm2 efibootmgr mc wpa_supplicant

 # Create fstab
 genfstab -p /mnt >> /mnt/etc/fstab

 # 'install' fstab
 genfstab -pU /mnt >> /mnt/etc/fstab
 # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
 tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0
 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

 # Enter the new system
 arch-chroot /mnt /bin/bash

 # Setup system clock
 ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
 hwclock --systohc --utc

 # Set the hostname
 echo MYHOSTNAME > /etc/hostname

 # Update locale
 echo LANG=en_US.utf8 >> /etc/locale.conf
 #echo LANGUAGE=en_US >> /etc/locale.conf
 #echo LC_ALL=C >> /etc/locale.conf

 # Set virtul console lang and font
 echo KEYMAP=uk > /etc/vconsole.conf
 #echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf

 # Set password for root
 passwd

 # Add real user
 useradd -m -g users -G wheel,storage,power -s /bin/bash MYUSERNAME
 passwd MYUSERNAME

 # Configure mkinitcpio with modules needed for the initrd image
 vim /etc/mkinitcpio.conf
 # Add 'encrypt' and 'lvm2' to HOOKS before filesystems

 # Regenerate initrd image
 mkinitcpio -p linux

 # Setup grub
 In /etc/default/grub add GRUB_ENABLE_CRYPTODISK=y
 and change GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/vda2:lvm:allow-discards rd.luks.options=discard" # if SSD
 and GRUB_CMDLINE_LINUX="cryptdevice=/dev/vda2:lvm" # for HDD
 run:
 grub-mkconfig -o /boot/grub/grub.cfg
 grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB

 # Setup network
 systemctl enable systemd-networkd.service
 # create /etc/systemd/network/20-wired.network containing:
 [Match]
 Name=enp1s0

 [Network]
 DHCP=yes
 EOF

 # Exit new system and go into the cd shell
 exit

 # Unmount all partitions
 umount -R /mnt
 swapoff -a

 # Reboot into the new system, don't forget to remove the cd/usb
 reboot
	# Install Arch Linux with full encrypted file-system using dm-crypt and luks
	# The official guide: https://wiki.archlinux.org/index.php/Installation_Guide

	# SSD specials
	# http://ggarcia.me/2016/10/11/arch-linux-ssd-trim.html

	# EFI
	# https://itectec.com/superuser/uefi-and-full-disk-encryption-with-lvm-on-luks/

	# Download the archiso image from https://www.archlinux.org/download/
	# Copy to a usb-drive
	dd bs=16M if=archlinux.iso of=/dev/sdx status=progress oflag=sync # on linux

	# Boot from the usb.
	# Set spanish keymap
	loadkeys uk

	# This assumes a wifi only system...
	wifi-menu

	# Create a primary partition - entire disk
	parted -s /dev/vda mklabel gpt
	parted -s /dev/vda mkpart "EFI system partition" fat32 1MiB 301MiB
	parted -s /dev/vda set 1 esp on
	parted -s /dev/vda mkpart "arch" ext4 301MiB 100%

	# Create and open LUKS container
	cryptsetup luksFormat /dev/vda1
	cryptsetup luksOpen /dev/vda1 lvm

	# Create volume group and logical volumes
	pvcreate /dev/mapper/lvm
	vgcreate vg /dev/mapper/lvm
	lvcreate -L 40G vg -n root
	lvcreate -L 8G vg -n swap
	lvcreate -l +100%FREE vg -n home

	# Create filesystems
	mkswap -L swap /dev/mapper/vg-swap
	mkfs.ext4 /dev/mapper/vg-root
	mkfs.ext4 /dev/mapper/vg-home

	# Activate swap and mount lv's
	swapon /dev/mapper/vg-swap
	mount /dev/mapper/vg-root /mnt
	mkdir /mnt/home
	mount /dev/mapper/vg-home /mnt/home

	# Install the system, wifi and some tools
	pacstrap /mnt base base-devel grub lvm2 efibootmgr mc wpa_supplicant

	# Create fstab
	genfstab -p /mnt >> /mnt/etc/fstab

	# 'install' fstab
	genfstab -pU /mnt >> /mnt/etc/fstab
	# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
	tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
	# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Setup system clock
	ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
	hwclock --systohc --utc

	# Set the hostname
	echo MYHOSTNAME > /etc/hostname

	# Update locale
	echo LANG=en_US.utf8 >> /etc/locale.conf
	#echo LANGUAGE=en_US >> /etc/locale.conf
	#echo LC_ALL=C >> /etc/locale.conf

	# Set virtul console lang and font
	echo KEYMAP=uk > /etc/vconsole.conf
	#echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf

	# Set password for root
	passwd

	# Add real user
	useradd -m -g users -G wheel,storage,power -s /bin/bash MYUSERNAME
	passwd MYUSERNAME

	# Configure mkinitcpio with modules needed for the initrd image
	vim /etc/mkinitcpio.conf
	# Add 'encrypt' and 'lvm2' to HOOKS before filesystems

	# Regenerate initrd image
	mkinitcpio -p linux

	# Setup grub
	In /etc/default/grub add GRUB_ENABLE_CRYPTODISK=y
	and change GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/vda2:lvm:allow-discards rd.luks.options=discard" # if SSD
	and GRUB_CMDLINE_LINUX="cryptdevice=/dev/vda2:lvm" # for HDD
	run:
	grub-mkconfig -o /boot/grub/grub.cfg
	grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB

	# Setup network
	systemctl enable systemd-networkd.service
	# create /etc/systemd/network/20-wired.network containing:
	[Match]
	Name=enp1s0

	[Network]
	DHCP=yes
	EOF

	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt
	swapoff -a

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot
No results found