system setup:
LUKS + LVM + (ext4) + archlinux. This is for experienced arch user. For
detailed guide on arch installation please use archwiki
and
https://shrik3.com/post/archlinux/arch_setup_new/
-----------------------------------------------------------------------
partition overview overview
-----------------------------------------------------------------------
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS lsblk
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 1G 0 part /boot
└─nvme0n1p2 259:2 0 900G 0 part
└─cryptlvm 253:0 0 900G 0 crypt
├─lvmroot-root 253:1 0 250G 0 lvm /
├─lvmroot-home 253:2 0 600G 0 lvm /home
└─lvmroot-swap 253:3 0 48G 0 lvm [SWAP]
FS dev mappers mappers
/dev/mapper/lvmroot-root -> /
/dev/mapper/lvmroot-home -> /home
/dev/mapper/lvmroot-swap -> swapon
luks PART I - init luks init
-----------------------------------------------------------------------
create the luks partition create
$ cryptsetup -v -y \ # verbose, ask password
-c aes-xts-plain64 \ # cypher, default for LUKS2
-s 512 -h sha512 \ # key size, hash algo
-i 2000 \ # 2 seconds to process pw
--use-random \ # RNG
--label=SOME_LABEL \ # ..
luksFormat --type luks2 \ # format w/ luks2
/dev/nvme0n1p2 # the device
dump information of the luks partition luks info
$ cryptsetup luksDump /dev/nvme0n1p2
backup the luks headers (and save it to safe place) luks backup
$ cryptsetup luksHeaderBackup --header-backup-file \
/a/path/header.img /dev/nvme0n1p2
manually open the luks device: luks open dev
$ cryptsetup open [--type luks2] /dev/nvme0n1p2 cryptlvm
lvm setup lvm setup
-----------------------------------------------------------------------
(first open the luks partition via `cryptsetup open`!)
create lvm physical volume and volume group open crypt dev
$ pvcreate /dev/mapper/cryptlvm
$ vgcreate lvmroot /dev/mapper/cryptlvm
create virtual partitions lvm partations
$ lvcreate -L250G lvmroot root
$ lvcreate -L650G lvmroot home
$ lvcreate -L48G lvmroot swap
file system fs
-----------------------------------------------------------------------
mkfs.vfat -F32 /dev/nvme0n1p1 # the unencrypted part!
mkfs.ext4 /dev/mapper/lvmroot-root # root
mkfs.ext4 /dev/mapper/lvmroot-home # home
mkswap /dev/mapper/lvmroot-swap # swap
mount the disks (see the overview above)
$ mount /dev/mapper/lvmroot-root /mnt
$ mkdir /mnt/boot /mnt/home
$ mount /dev/mapper/lvmroot-home /mnt/home
$ mount /dev/nvme0n1p1 /mnt/boot
system setup (as always) sys setup
-----------------------------------------------------------------------
- install the base system $ pacstrap -K /mnt base linux ....
- generate $ genfstab -U /mnt >> /nnt/etc/fstab
- chroot into /mnt $ arch-chroot /mnt
- set timezone, locale etc. $ skip
- config hostname, users etc.
bootloader bootloader
-----------------------------------------------------------------------
mkinitcpio config mkinitcpio
/etc/mkinitcpio.conf
HOOKS = ... add [encrypt, lvm2] before [filesystems]
regenerate init image
$ mkinitcpio -P
grub config (install grub and efibootmgr first) grub
install grub
$ grub-install --target=x86_64-efi \
--efi-directory=/boot \
--bootloader-id=meow \
--recheck
edit config: /etc/default/grub
# add to GRUB_CMDLINE_LINUX:
cryptdevice=UUID=<UUID-OF-LVM-PART>:cryptlvm root=/dev/lvmroot/root
generate grub config
$ grub-mkconfig -o /boot/grub/grub.cfg
references
-----------------------------------------------------------------------
https://jadarma.github.io/blog/posts/2024/08/installing-nixos-with-flakes-and-lvm-on-luks/
https://gist.github.com/mjnaderi/28264ce68f87f52f2cabb823a503e673
vi: ts=2
vi: tw=72
vi: ft=text