From e04dba5fcbcadd44813a9234b5a6eb4d95854757 Mon Sep 17 00:00:00 2001 From: tastatur Date: Sat, 13 Jul 2024 20:51:26 +0200 Subject: [PATCH] First steps --- docs/alpine-desktop-setup/index.md | 2 +- docs/alpine-desktop-setup/provisioning.md | 18 +++++++++++++++--- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/alpine-desktop-setup/index.md b/docs/alpine-desktop-setup/index.md index 3486369..9fc8b5c 100644 --- a/docs/alpine-desktop-setup/index.md +++ b/docs/alpine-desktop-setup/index.md @@ -1,5 +1,5 @@ # An Alpine Linux desktop installation -This guide will demonstrate how to install [Alpine Linux](https://www.alpinelinux.org/) with encryption, secureboot and a graphical wayland session using wayfire. Alpine Linux makes a perfect base for those who want a minimal, simple and secure Linux installation. This installation will also make use of [Nix](https://nixos.org/) and [Home-manager](https://github.com/nix-community/home-manager) which allows for easy deployment and user independent packages. Check out the [Alpine Linux wiki](https://wiki.alpinelinux.org/wiki/Main_Page) for additional resources and information. +This guide will demonstrate how to install [Alpine Linux](https://www.alpinelinux.org/) with zfs, encryption, secureboot and a graphical wayland session using wayfire. Alpine Linux makes a perfect base for those who want a minimal, simple and secure Linux installation. This installation will also make use of [Nix](https://nixos.org/) and [Home-manager](https://github.com/nix-community/home-manager) which allows for easy deployment and user independent packages. Check out the [Alpine Linux wiki](https://wiki.alpinelinux.org/wiki/Main_Page) for additional resources and information. > Note that all this documentation is focused on the `x86_64` architecture. diff --git a/docs/alpine-desktop-setup/provisioning.md b/docs/alpine-desktop-setup/provisioning.md index 5c62030..722283b 100644 --- a/docs/alpine-desktop-setup/provisioning.md +++ b/docs/alpine-desktop-setup/provisioning.md @@ -1,6 +1,6 @@ # Provisioning -After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` is not included on the extended ISO, therefore it needs to be obtained from the repository. +After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` and `zfs` are not included on the extended ISO, therefore they need to be obtained from the repository. To set it up `setup-interfaces` and `setup-apkrepos` will be used. @@ -12,7 +12,7 @@ To set it up `setup-interfaces` and `setup-apkrepos` will be used. A few packages will have to be installed first: ``` -# apk add cryptsetup lvm2 lsblk e2fsprogs gptfdisk dosfstools acpid +# apk add zfs lsblk e2fsprogs gptfdisk dosfstools acpid ``` The drive should be partitioned using `gdisk` (or `cfdisk`). It should have atleast two partitions with one `EFI System` partition and one `Linux filesystem` partition and look something like this: @@ -28,7 +28,7 @@ Then to create the filesystem on the efi partition. # mkfs.fat -F 32 -n efi /dev/ ``` -The root partition of the system is going to be encrypted using `cryptsetup`. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/crypt-key.txt` with: +The root partition of the system is going to be encrypted with ZFS's native encryption. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/crypt-key.txt` with: ``` # cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/crypt-key.txt && cat /tmp/crypt-key.txt @@ -36,6 +36,18 @@ The root partition of the system is going to be encrypted using `cryptsetup`. Fi Later on in the guide `clevis` will be used for automatic decryption so this key only has to be entered a few times. However, if any changes are made to the bios or secureboot then this key will be needed again so make sure to write it down. +Now ZFS has to be invoked for formatting: + +``` +# modprobe zfs +# zpool create -f -o ashift=13 -O canmount=off -O acltype=posixacl -O xattr=sa -O compression=lz4 -O atime=off -O dnodesize=auto -O normalization=formD -O encryption=aes-256-gcm -O keylocation=prompt -O keyformat=passphrase -O mountpoint=/ -R /mnt rpool /dev/ +``` + + + + + + Then format the partition using `cryptsetup`: ```