72 lines
2.5 KiB
Markdown
72 lines
2.5 KiB
Markdown
# Provisioning
|
|
|
|
After flasing the Alpine Linux extended ISO, partition a disk. For this action internet is required since `gptfdisk` is not included on the extended ISO, therefore it needs to be obtained from the repository.
|
|
|
|
To set it up `setup-interfaces` and `setup-apkrepos` will be used.
|
|
|
|
```
|
|
# setup-interfaces -ar
|
|
# setup-apkrepos -c1
|
|
```
|
|
|
|
A few packages will have to be installed first:
|
|
|
|
```
|
|
# apk add cryptsetup lvm2 lsblk e2fsprogs gptfdisk dosfstools acpid
|
|
```
|
|
|
|
The drive should be partitioned using `gdisk` (or `cfdisk`). It should have atleast two partitions with one `EFI System` partition and one `Linux filesystem` partition and look something like this:
|
|
|
|
| Number of partition | Size | Type |
|
|
|:-----:|:-----:|:-----:|
|
|
| 1 | 512 MB or more | EFI System |
|
|
| 2 | Rest of the drive | Linux filesystem |
|
|
|
|
Then to create the filesystem on the efi partition.
|
|
|
|
```
|
|
# mkfs.fat -F 32 -n efi /dev/<disk1>
|
|
```
|
|
|
|
The root partition of the system is going to be encrypted using `cryptsetup`. First generate a key that will be used to encrypt the device and save it temporarily to the file `/tmp/crypt-key.txt` with:
|
|
|
|
```
|
|
# cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/crypt-key.txt && cat /tmp/crypt-key.txt
|
|
```
|
|
|
|
Later on in the guide `clevis` will be used for automatic decryption so this key only has to be entered a few times. However, if any changes are made to the bios or secureboot then this key will be needed again so make sure to write it down.
|
|
|
|
Then format the partition using `cryptsetup`:
|
|
|
|
```
|
|
# cryptsetup luksFormat /dev/<disk2> --type luks2 --cipher aes-xts-plain64 --hash sha512 --iter-time 4000 --key-size 512 --pbkdf argon2id --verify-passphrase
|
|
[Enter the generated key]
|
|
# cryptsetup open --type luks /dev/<disk2> luks
|
|
```
|
|
|
|
Now to create a new LVM volume group, choose $n \in \mathbb{N}$ accordingly:
|
|
|
|
```
|
|
# vgcreate vg<n> /dev/mapper/luks
|
|
```
|
|
|
|
Then create partitions inside the volume group:
|
|
|
|
```
|
|
# lvcreate --name alp_root -L 24G vg<n>
|
|
# lvcreate --name alp_var -L 8G vg<n>
|
|
# lvcreate --name alp_nix -L 32G vg<n>
|
|
# lvcreate --name alp_home -l 100%FREE vg<n>
|
|
```
|
|
|
|
Now the home partition fills the entirety of the volume group. These sizes should be changed depending on the needs of the user.
|
|
|
|
To create the filesystems on the logical partitions:
|
|
|
|
```
|
|
for i in root var nix home; do
|
|
> mkfs.ext4 /dev/vg<n>/alp_$i
|
|
> done
|
|
```
|
|
|
|
Other filesystems can also be used but `ext4` is the standard for most Linux distrobutions.
|