85 lines
2.3 KiB
Markdown
85 lines
2.3 KiB
Markdown
# Provisioning
|
|
|
|
After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` is not included on the extended ISO, therefore it needs to be obtained from the repository.
|
|
|
|
To set it up `setup-interfaces` and `setup-apkrepos` will be used.
|
|
|
|
```
|
|
# setup-interfaces -ar
|
|
# setup-apkrepos -c1
|
|
```
|
|
|
|
A few packages will have to be installed first:
|
|
|
|
```
|
|
# apk add e2fsprogs cryptsetup lvm2 lsblk sgdisk wipefs dosfstools acpid
|
|
```
|
|
|
|
Wipe the existing disk partitions
|
|
|
|
```
|
|
# wipefs -a /dev/<disk>
|
|
# sgdisk --zap-all /dev/<disk>
|
|
```
|
|
|
|
Create on the disk an `EFI system` partition (ESP) and a `Linux filesystem` partition
|
|
|
|
```
|
|
# sgdisk -n 1:1m:+512m -t 1:ef00 /dev/<disk>
|
|
# sgdisk -n 2:0:-10m -t 2:8300 /dev/<disk>
|
|
```
|
|
|
|
Reload the device nodes
|
|
|
|
```
|
|
# mdev -s
|
|
```
|
|
|
|
Then, format the ESP with a FAT32 filesystem
|
|
|
|
```
|
|
# mkfs.fat -F 32 -n esp /dev/<disk>1
|
|
```
|
|
|
|
## Volume group creation
|
|
|
|
The root partition of the system is going to be encrypted using `cryptsetup`. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/luks.key` with:
|
|
|
|
```
|
|
# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/luks.key && cat /tmp/luks.key
|
|
```
|
|
|
|
> Later on in the guide `clevis` will be used for automatic decryption. So, this key only has to be entered a few times. However, if any changes are made to the BIOS or secure-boot then this key will be needed again, so make sure to write it down.
|
|
|
|
Then format the partition using `cryptsetup`:
|
|
|
|
```
|
|
# cryptsetup luksFormat /dev/<disk>2 --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 4000 --key-size 512 --pbkdf argon2id
|
|
[Enter the generated key]
|
|
# cryptsetup open --type luks /dev/<disk2> luks
|
|
```
|
|
|
|
Create the LVM volume group
|
|
|
|
```
|
|
# vgcreate vg /dev/mapper/luks
|
|
```
|
|
|
|
Then create partitions inside the volume group:
|
|
|
|
```
|
|
# lvcreate --name alpine_root -L 24G vg
|
|
# lvcreate --name home -L <home-quota> vg
|
|
# lvcreate --name var -L 16G vg
|
|
# lvcreate --name nix -L 32G vg
|
|
```
|
|
|
|
> Setting the `<home-quota>` depends on the total size of the volume group, generally try to reserve some empty space in the volume group.
|
|
|
|
Create the filesystems on the logical partitions:
|
|
|
|
```
|
|
for i in alpine_root home var nix; do
|
|
> mkfs.ext4 /dev/vg/$i
|
|
> done
|
|
```
|