initial commit

2026-01-23 02:24:09 +00:00 · 2015-09-06 15:51:37 -07:00 · 2015-09-06 15:51:37 -07:00 · b6c6dd140e
commit b6c6dd140e
107 changed files with 22809 additions and 0 deletions
--- a/INSTALL.md
+++ b/INSTALL.md
@ -0,0 +1,98 @@
+The following is a brief installation tutorial for [Arch Linux][1]. It assumes
+familiarity with the Arch [Beginner's Guide][2] and [Installation Guide][3].
+
+It will provide a system with full-disk encryption using [LVM on LUKS][4].
+There is no separate `/boot` partition. The entire installation is encrypted
+and booted via [Grub's crypto hooks][5].
+
+1. Boot into Arch installer
+
+2. Verify that the [system clock is up to date][6].
+
+    $ timedatectl set-ntp true
+    
+3. Create a single partition for LUKS.
+
+    $ parted -s /dev/sda mklabel msdos
+    $ parted -s /dev/sda mkpart primary 2048s 100%
+
+4. Create and mount the encrypted filesystem.
+
+    $ cryptsetup luksFormat /dev/sda1
+    $ cryptsetup luksOpen /dev/sda1 lvm
+    $ pvcreate /dev/mapper/lvm
+    $ vgcreate arch /dev/mapper/lvm
+    $ lvcreate -L 8G arch -n swap
+    $ lvcreate -L 30G arch -n root
+    $ lvcreate -l +100%FREE arch -n home
+    $ mkswap -L swap /dev/mapper/arch-swap
+    $ mkfs.ext4 /dev/mapper/arch-root
+    $ mkfs.ext4 /dev/mapper/arch-home
+    $ mount /dev/mapper/arch-root /mnt
+    $ mkdir /mnt/home
+    $ mount /dev/mapper/arch-home /mnt/home
+    $ swapon /dev/mapper/arch-swap
+
+5. Optionally [edit the mirror list][7].
+
+    $ vi /etc/pacman.d/mirrorlist
+
+6. Install the [base system][8].
+
+    $ pacstrap -i /mnt base base-devel
+
+7. Generate and verify [fstab][9].
+
+    $ genfstab -U -p /mnt >> /mnt/etc/fstab
+    $ less /mnt/etc/fstab
+
+8. Change root into the base install and perform [base configuration tasks][10].
+
+    $ arch-chroot /mnt /bin/bash
+    $ echo en_US.UTF-8 UTF-8 >> /etc/locale.gen
+    $ locale-gen
+    $ echo LANG=en_US.UTF-8 > /etc/locale.conf
+    $ export LANG=en_US.UTF-8
+    $ ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
+    $ hwclock --systohc --utc
+    $ echo mymachine > /etc/hostname
+    $ systemctl enable dhcpcd.service
+    $ passwd
+
+9. Add a key file to decrypt the volume and properly set the hooks.
+
+    $ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
+    $ cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
+    $ chmod 000 /crypto_keyfile.bin
+    $ sed -i 's/^FILES=.*/FILES="\/crypto_keyfile.bin"/' /etc/mkinitcpio.conf
+    $ sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"/' /etc/mkinitcpio.conf
+    $ mkinitcpio -p linux
+
+10. Install GRUB.
+
+    $ pacman -S grub
+    $ echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
+    $ sed -i 's/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="cryptdevice=\/dev\/sda1:lvm"/' /etc/default/grub
+    $ grub-mkconfig -o /boot/grub/grub.cfg
+    $ grub-install /dev/sda
+    $ chmod -R g-rwx,o-rwx /boot
+
+11. Cleanup and reboot!
+
+    $ exit
+    $ umount -R /mnt
+    $ reboot
+
+12. Run ansible!
+
+
+[1]: https://www.archlinux.org/
+[2]: https://wiki.archlinux.org/index.php/Beginners'_guide
+[3]: https://wiki.archlinux.org/index.php/Installation_guide
+[4]: https://wiki.archlinux.org/index.php/Encrypted_LVM#LVM_on_LUKS
+[5]: http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/
+[6]: https://wiki.archlinux.org/index.php/Beginners'_guide#Update_the_system_clock
+[7]: https://wiki.archlinux.org/index.php/Beginners'_Guide#Select_a_mirror
+[8]: https://wiki.archlinux.org/index.php/Beginners'_Guide#Install_the_base_system
+[9]: https://wiki.archlinux.org/index.php/Beginners'_guide#Generate_an_fstab
+[10]: https://wiki.archlinux.org/index.php/Beginners'_guide#Configure_the_base_system