First steps
This commit is contained in:
parent
e6bae601d3
commit
e04dba5fcb
2 changed files with 16 additions and 4 deletions
|
@ -1,5 +1,5 @@
|
||||||
# An Alpine Linux desktop installation
|
# An Alpine Linux desktop installation
|
||||||
|
|
||||||
This guide will demonstrate how to install [Alpine Linux](https://www.alpinelinux.org/) with encryption, secureboot and a graphical wayland session using wayfire. Alpine Linux makes a perfect base for those who want a minimal, simple and secure Linux installation. This installation will also make use of [Nix](https://nixos.org/) and [Home-manager](https://github.com/nix-community/home-manager) which allows for easy deployment and user independent packages. Check out the [Alpine Linux wiki](https://wiki.alpinelinux.org/wiki/Main_Page) for additional resources and information.
|
This guide will demonstrate how to install [Alpine Linux](https://www.alpinelinux.org/) with zfs, encryption, secureboot and a graphical wayland session using wayfire. Alpine Linux makes a perfect base for those who want a minimal, simple and secure Linux installation. This installation will also make use of [Nix](https://nixos.org/) and [Home-manager](https://github.com/nix-community/home-manager) which allows for easy deployment and user independent packages. Check out the [Alpine Linux wiki](https://wiki.alpinelinux.org/wiki/Main_Page) for additional resources and information.
|
||||||
|
|
||||||
> Note that all this documentation is focused on the `x86_64` architecture.
|
> Note that all this documentation is focused on the `x86_64` architecture.
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Provisioning
|
# Provisioning
|
||||||
|
|
||||||
After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` is not included on the extended ISO, therefore it needs to be obtained from the repository.
|
After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` and `zfs` are not included on the extended ISO, therefore they need to be obtained from the repository.
|
||||||
|
|
||||||
To set it up `setup-interfaces` and `setup-apkrepos` will be used.
|
To set it up `setup-interfaces` and `setup-apkrepos` will be used.
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ To set it up `setup-interfaces` and `setup-apkrepos` will be used.
|
||||||
A few packages will have to be installed first:
|
A few packages will have to be installed first:
|
||||||
|
|
||||||
```
|
```
|
||||||
# apk add cryptsetup lvm2 lsblk e2fsprogs gptfdisk dosfstools acpid
|
# apk add zfs lsblk e2fsprogs gptfdisk dosfstools acpid
|
||||||
```
|
```
|
||||||
|
|
||||||
The drive should be partitioned using `gdisk` (or `cfdisk`). It should have atleast two partitions with one `EFI System` partition and one `Linux filesystem` partition and look something like this:
|
The drive should be partitioned using `gdisk` (or `cfdisk`). It should have atleast two partitions with one `EFI System` partition and one `Linux filesystem` partition and look something like this:
|
||||||
|
@ -28,7 +28,7 @@ Then to create the filesystem on the efi partition.
|
||||||
# mkfs.fat -F 32 -n efi /dev/<disk1>
|
# mkfs.fat -F 32 -n efi /dev/<disk1>
|
||||||
```
|
```
|
||||||
|
|
||||||
The root partition of the system is going to be encrypted using `cryptsetup`. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/crypt-key.txt` with:
|
The root partition of the system is going to be encrypted with ZFS's native encryption. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/crypt-key.txt` with:
|
||||||
|
|
||||||
```
|
```
|
||||||
# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/crypt-key.txt && cat /tmp/crypt-key.txt
|
# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/crypt-key.txt && cat /tmp/crypt-key.txt
|
||||||
|
@ -36,6 +36,18 @@ The root partition of the system is going to be encrypted using `cryptsetup`. Fi
|
||||||
|
|
||||||
Later on in the guide `clevis` will be used for automatic decryption so this key only has to be entered a few times. However, if any changes are made to the bios or secureboot then this key will be needed again so make sure to write it down.
|
Later on in the guide `clevis` will be used for automatic decryption so this key only has to be entered a few times. However, if any changes are made to the bios or secureboot then this key will be needed again so make sure to write it down.
|
||||||
|
|
||||||
|
Now ZFS has to be invoked for formatting:
|
||||||
|
|
||||||
|
```
|
||||||
|
# modprobe zfs
|
||||||
|
# zpool create -f -o ashift=13 -O canmount=off -O acltype=posixacl -O xattr=sa -O compression=lz4 -O atime=off -O dnodesize=auto -O normalization=formD -O encryption=aes-256-gcm -O keylocation=prompt -O keyformat=passphrase -O mountpoint=/ -R /mnt rpool /dev/<disk2>
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Then format the partition using `cryptsetup`:
|
Then format the partition using `cryptsetup`:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
Loading…
Reference in a new issue