lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity
documentation/docs/alpine-desktop-setup/provisioning.md

2.7 KiB
Raw Blame History

Provisioning

After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since gptfdisk is not included on the extended ISO, therefore it needs to be obtained from the repository.

To set it up setup-interfaces and setup-apkrepos will be used.

# setup-interfaces -ar
# setup-apkrepos -c1

A few packages will have to be installed first:

# apk add cryptsetup lvm2 lsblk e2fsprogs gptfdisk dosfstools

The drive should be partitioned using gdisk (or cfdisk). It should have atleast two partitions with one EFI System partition and one Linux filesystem partition and look something like this:

Number of partition Size Type
1 512 MB or more EFI System
2 Rest of the drive Linux filesystem

Then to create the filesystem on the efi partition.

# mkfs.fat -F 32 -n efi /dev/<disk1>

The root partition of the system is going to be encrypted using cryptsetup but first generate a "key" that has to be used to unlock the device. Later on in the guide clevis will be used for automatic decryption so this key only has to be entered a few times before that is installed. But if any changes are made to the bios or secureboot then this key will be needed again so make sure to write it down somewhere safe like Bitwarden. Generate the key and safe it temporarily to the file /tmp/crypt_passphrase.txt with:

# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1 > /tmp/crypt_passphrase.txt && cat /tmp/crypt_passphrase.txt

Make sure to write it down.

Then format the partition using cryptsetup:

# cryptsetup luksFormat /dev/<disk2> --type luks2  --cipher aes-xts-plain64 --hash sha512 --iter-time 4000 --key-size 512 --pbkdf argon2id --verify-passphrase
[Enter the generated key]
# cryptsetup open --type luks /dev/<disk2> luks

Now to create a new LVM volume group (choose n \in \mathbb{N} accordingly):

# vgcreate vg<n> /dev/mapper/luks

To create partitions inside the volume group:

# lvcreate --name alp_root -L 16G vg<n>
# lvcreate --name alp_var -L 8G vg<n>
# lvcreate --name alp_tmp -L 16G vg<n>
# lvcreate --name alp_nix -L 32G vg<n>
# lvcreate --name alp_home -l 100%FREE vg<n>

Now the home partition fills the entirety of the volume group. These sizes should be changed depending on the needs of the user.

To create the filesystems on the logical partitions:

for i in root var tmp nix home; do
> mkfs.ext4 /dev/vg<n>/alp_$i
> done

Other filesystems can also be used but ext4 is the standard for most Linux distrobutions.