lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity
documentation/docs/alpine-server-setup/installation/provisioning.md

2.5 KiB
Raw Blame History

Provisioning

After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since gptfdisk is not included on the extended ISO, therefore it needs to be obtained from the repository.

To set it up setup-interfaces and setup-apkrepos will be used.

# setup-interfaces -ar
# setup-apkrepos -c1

A few packages will have to be installed first:

# apk add cryptsetup lsblk btrfs-progs gptfdisk dosfstools acpid

The drive should be partitioned using gdisk (or cfdisk). It should have at least two partitions with one EFI System partition and one Linux filesystem partition and look something like this:

Number of partition Size Type
1 512 MB or more EFI System
2 Rest of the drive Linux filesystem

Then to create the filesystem on the efi partition.

# mkfs.fat -F 32 -n efi /dev/<disk>1

The root partition of the system is going to be encrypted using cryptsetup. First generate a key that will be used to encrypt the device and save it temporarily to the file /tmp/crypt-key.txt with:

# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/crypt-key.txt && cat /tmp/crypt-key.txt

Later on in the guide clevis will be used for automatic decryption, so this key only has to be entered a few times. However, if any changes are made to the bios or secureboot then this key will be needed again so make sure to write it down.

Then format the partition using cryptsetup:

# cryptsetup luksFormat /dev/<disk>2 --type luks2  --cipher aes-xts-plain64 --hash sha512 --iter-time 4000 --key-size 512 --pbkdf argon2id --verify-passphrase
[Enter the generated key]
# cryptsetup open --type luks /dev/<disk>2 luks

This creates a formatted partition on \dev\mapper\luks which is denoted as the root volume. A btrfs filesystem will be created on the root volume by:

# mkfs.btrfs -L alpinelinux -n 32k /dev/mapper/luks

with -n the nodesize, larger nodesize gives better packing and less fragmentation at the cost of more expensive memory operations while updating metadata blocks. The default is 16k.

To access the root volume it needs to be mounted.

# mount /dev/mapper/luks /mnt -t btrfs

Then to create the necessary subvolumes on the root volume, we use:

for i in root home var nix; do
> btrfs subvolume create /mnt/@$i
> done

Now unmount the root volume and provisioning is finished.

# umount -lf /mnt