documentation/docs/alpine-desktop-setup/provisioning.md

# Provisioning

After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` is not included on the extended ISO, therefore it needs to be obtained from the repository.

To set it up `setup-interfaces` and `setup-apkrepos` will be used.

```
# setup-interfaces -ar
# setup-apkrepos -c1
```

A few packages will have to be installed first:

```
# apk add e2fsprogs cryptsetup lvm2 lsblk sgdisk wipefs dosfstools acpid
```

Wipe the existing disk partitions

```
# wipefs -a /dev/<disk>
# sgdisk --zap-all /dev/<disk>
```

Create on the disk an `EFI system` partition (ESP) and a `Linux filesystem` partition

```
# sgdisk -n 1:1m:+512m -t 1:ef00 /dev/<disk>
# sgdisk -n 2:0:-10m -t 2:8300 /dev/<disk>
```

Reload the device nodes

```
# mdev -s
```

Then, format the ESP with a FAT32 filesystem

```
# mkfs.fat -F 32 -n esp /dev/<disk>1
```

## Volume group creation

The root partition of the system is going to be encrypted using `cryptsetup`. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/luks.key` with:

```
# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/luks.key && cat /tmp/luks.key
```

> Later on in the guide `clevis` will be used for automatic decryption. So, this key only has to be entered a few times. However, if any changes are made to the BIOS or secure-boot then this key will be needed again, so make sure to write it down.

Then format the partition using `cryptsetup`:

```
# cryptsetup luksFormat /dev/<disk>2 --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 4000 --key-size 512 --pbkdf argon2id
[Enter the generated key]
# cryptsetup open --type luks /dev/<disk2> luks
```

Create the LVM volume group

```
# vgcreate vg /dev/mapper/luks
```

Then create partitions inside the volume group:

```
# lvcreate --name alpine_root -L 24G vg
# lvcreate --name home -L <home-quota> vg
# lvcreate --name var -L 16G vg
# lvcreate --name nix -L 32G vg
```

> Setting the `<home-quota>` depends on the total size of the volume group, generally try to reserve some empty space in the volume group.

Create the filesystems on the logical partitions:

```
for i in alpine_root home var nix; do
> mkfs.ext4 /dev/vg/$i
> done
```
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			`# Provisioning`

Updated syntax. 2023-12-27 13:52:44 +01:00			After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` is not included on the extended ISO, therefore it needs to be obtained from the repository.
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			To set it up `setup-interfaces` and `setup-apkrepos` will be used.

			```
			`# setup-interfaces -ar`
			`# setup-apkrepos -c1`
			```

Improved cryptsetup setup 2024-01-03 13:58:23 +01:00			`A few packages will have to be installed first:`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`# apk add e2fsprogs cryptsetup lvm2 lsblk sgdisk wipefs dosfstools acpid`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			```

Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`Wipe the existing disk partitions`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			```
			`# wipefs -a /dev/<disk>`
			`# sgdisk --zap-all /dev/<disk>`
			```

			Create on the disk an `EFI system` partition (ESP) and a `Linux filesystem` partition

			```
			`# sgdisk -n 1:1m:+512m -t 1:ef00 /dev/<disk>`
			`# sgdisk -n 2:0:-10m -t 2:8300 /dev/<disk>`
			```
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`Reload the device nodes`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`# mdev -s`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			```

Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`Then, format the ESP with a FAT32 filesystem`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`# mkfs.fat -F 32 -n esp /dev/<disk>1`
Improved cryptsetup setup 2024-01-03 13:58:23 +01:00			```

Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`## Volume group creation`

			The root partition of the system is going to be encrypted using `cryptsetup`. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/luks.key` with:

			```
			`# cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 20 \| head -n 1 > /tmp/luks.key && cat /tmp/luks.key`
			```

			> Later on in the guide `clevis` will be used for automatic decryption. So, this key only has to be entered a few times. However, if any changes are made to the BIOS or secure-boot then this key will be needed again, so make sure to write it down.
Improved cryptsetup setup 2024-01-03 13:58:23 +01:00
			Then format the partition using `cryptsetup`:

			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`# cryptsetup luksFormat /dev/<disk>2 --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 4000 --key-size 512 --pbkdf argon2id`
Improved cryptsetup setup 2024-01-03 13:58:23 +01:00			`[Enter the generated key]`
Fixed luks naming scheme 2023-12-27 12:17:46 +01:00			`# cryptsetup open --type luks /dev/<disk2> luks`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			```

Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`Create the LVM volume group`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`# vgcreate vg /dev/mapper/luks`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			```

Updated and improved sections in alpine-desktop-setup. 2024-01-03 21:02:59 +01:00			`Then create partitions inside the volume group:`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`# lvcreate --name alpine_root -L 24G vg`
			`# lvcreate --name home -L <home-quota> vg`
			`# lvcreate --name var -L 16G vg`
			`# lvcreate --name nix -L 32G vg`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			```

Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			> Setting the `<home-quota>` depends on the total size of the volume group, generally try to reserve some empty space in the volume group.
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`Create the filesystems on the logical partitions:`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00
			```
Updated provisioning and installation in alpine-desktop install. 2024-08-31 12:53:55 +02:00			`for i in alpine_root home var nix; do`
			`> mkfs.ext4 /dev/vg/$i`
Updated naming scheme in alpine-desktop. 2023-12-27 12:06:05 +01:00			`> done`
			```