89 lines
2.7 KiB
Markdown
89 lines
2.7 KiB
Markdown
To install Gentoo this guide will be using the Alpine Extended Iso. It provides all of the necessary utilities for bootstrapping Gentoo and is overal pleasant to work with. Make sure to boot with Secureboot in setup mode or to already have keys ready to deploy.
|
|
|
|
After booting the Alpine Linux extended ISO, partition the disks. For this action internet is required since `zfs`, `sgdisk` and various other necessary packages are not included on the extended ISO, therefore they need to be obtained from the alpine package repository.
|
|
|
|
To set it up `setup-interfaces` and `setup-apkrepos` will be used.
|
|
|
|
``` shell
|
|
root # setup-interfaces -ar
|
|
root # setup-apkrepos -c1
|
|
```
|
|
|
|
> To use Wi-Fi simply run `setup-interfaces -r` and select `wlan0` or similar.
|
|
|
|
A few packages will have to be installed first,
|
|
|
|
``` shell
|
|
root # apk add zfs lsblk sgdisk wipefs dosfstools
|
|
```
|
|
|
|
and load the ZFS kernel module
|
|
|
|
``` shell
|
|
root # modprobe zfs
|
|
```
|
|
|
|
Wipe the existing disk partitions
|
|
|
|
``` shell
|
|
root # zpool labelclear -f /dev/<disk>
|
|
root # wipefs -a /dev/<disk>
|
|
root # sgdisk --zap-all /dev/<disk>
|
|
```
|
|
|
|
Create on the disk an `EFI system` partition (ESP) and a `Linux filesystem` partition
|
|
|
|
``` shell
|
|
root # sgdisk -n 1:1m:+512m -t 1:ef00 /dev/<disk>
|
|
root # sgdisk -n 2:0:-10m -t 2:8300 /dev/<disk>
|
|
```
|
|
|
|
Reload the device nodes
|
|
|
|
``` shell
|
|
root # mdev -s
|
|
```
|
|
|
|
Then, format the ESP with a FAT32 filesystem
|
|
|
|
``` shell
|
|
root # mkfs.fat -F 32 -n esp /dev/<disk>1
|
|
```
|
|
|
|
## ZFS pool creation
|
|
|
|
The ZFS system pool is going to be encrypted. First generate an encryption key and save it temporarily to the file `/tmp/rpool.key` with:
|
|
|
|
``` shell
|
|
root # cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/rpool.key && cat /tmp/rpool.key
|
|
```
|
|
|
|
> Later on in the guide `zlevis` will be used for automatic decryption, so this key only has to be entered a few times. However, if any changes are made to the bios or secureboot then this key will be needed again, so make sure to save it.
|
|
|
|
Create the system pool:
|
|
|
|
``` shell
|
|
root # zpool create -f \
|
|
-o ashift=12 \
|
|
-O compression=lz4 \
|
|
-O acltype=posix \
|
|
-O xattr=sa \
|
|
-O dnodesize=auto \
|
|
-O encryption=on \
|
|
-O keyformat=passphrase \
|
|
-O keylocation=prompt \
|
|
-m none \
|
|
rpool /dev/<disk>2
|
|
```
|
|
|
|
Then create the system datasets:
|
|
|
|
``` shell
|
|
root # zfs create -o mountpoint=none rpool/root
|
|
root # zfs create -o mountpoint=legacy -o quota=48g rpool/root/gentoo
|
|
root # zfs create -o mountpoint=legacy -o quota=32g rpool/root/gentoo/var
|
|
root # zfs create -o mountpoint=/home -o atime=off -o setuid=off -o devices=off -o quota=<home-quota> rpool/home
|
|
```
|
|
|
|
> Setting the `<home-quota>` depends on the total size of the pool, generally try to reserve some empty space in the pool.
|
|
|