Last active
July 9, 2022 16:26
-
-
Save danielb2/597c175145d6b1ee39207668807d2e3d to your computer and use it in GitHub Desktop.
Revisions
-
danielb2 revised this gist
Jul 11, 2020 . 1 changed file with 11 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -113,12 +113,21 @@ mount -t ext4 /dev/sda1 /mnt/boot/ ```bash setup-disk /mnt dd if=/usr/share/syslinux/mbr.bin of=/dev/sda # write mbr so we can boot ``` ### Enable ZFS' services: ```bash rc-update add zfs-import sysinit rc-update add zfs-mount sysinit ``` Edit the `/etc/mkinitfs/mkinitfs.conf` file and append zfs module to the features parameter: `features="ata base ide scsi usb virtio ext4 lvm zfs"` ## Reboot and enjoy! ;) **NOTE** If you went with the optional step, be sure to disable root login after you reboot. -
Jul 11, 2020 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,124 @@ # Setting up Alpine Linux using ZFS with a pool that uses ZFS' native encryption capabilities. ## Download Download the **extended** release from https://www.alpinelinux.org/downloads/ as only it contains the zfs kernel mods at the time of this writing (2020.07.10) Write it to a USB and boot from it. ## Initial setup Run the following: ```bash setup-alpine ``` Answer all the questions, and hit ctrl-c when promted for what disk you'd like to use. ## OPTIONAL This section is optional and it assumes internet connectivity. You may enable sshd so you can ssh into the box and copy and paste the rest of the commands into my terminal window from these instructions. Edit `/etc/ssh/sshd_config` and search for `Permit`. Change the value after `PermitRootLogin` to read `yes` save and exit to shell. Run `service sshd restart` Now you can ssh in as root. Do not forget to go back and comment this line out when you're done since it will be enabled on your resulting machine. You will be reminded again at the end of this doc. ## Add needed packages: ```bash apk add zfs sfdisk e2fsprogs syslinux ``` ## Create our partitions We're assuming `/dev/sda` here and in the rest of the document but you can use whatever you need to. To see a list, type: `sfdisk -l` ```bash echo -e "/dev/sda1: start=1M,size=100M,bootable\n/dev/sda2: start=101M" | sfdisk --quiet --label dos /dev/sda ``` ## Create device nodes ```bash mdev -s ``` ## Create the /boot filesystem ```bash mkfs.ext4 /dev/sda1 ``` ## Create the root filesystem using zfs ```bash modprobe zfs zpool create -f -o ashift=12 \ -O acltype=posixacl -O canmount=off -O compression=lz4 \ -O dnodesize=auto -O normalization=formD -O relatime=on -O xattr=sa \ -O encryption=aes-256-gcm -O keylocation=prompt -O keyformat=passphrase \ -O mountpoint=/ -R /mnt \ rpool /dev/sda2 ``` You will have to enter your passphrase at this point. Choose wisely, as your passphrase is most likely [the weakest link in this setup](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#5-security-aspects). A few notes on the options supplied to zpool: - `ashift=12` is recommended here because many drives today have 4KiB (or larger) physical sectors, even though they present 512B logical sectors - `acltype=posixacl` enables POSIX ACLs globally - `normalization=formD` eliminates some corner cases relating to UTF-8 filename normalization. It also enables `utf8only=on`, meaning that only files with valid UTF-8 filenames will be accepted. - `xattr=sa` vastly improves the performance of extended attributes, but is Linux-only. If you care about using this pool on other OpenZFS implementation don't specify this option. After completing this, confirm that the pool has been created: \# zpool status Should return something like: ```plaintext pool: rpool state: ONLINE scan: none requested config: NAME STATE READ WRITE CKSUM rpool ONLINE 0 0 0 sda2 ONLINE 0 0 0 errors: No known data errors ``` ## Create the required datasets and mount root ```bash zfs create -o mountpoint=none -o canmount=off rpool/ROOT zfs create -o mountpoint=legacy rpool/ROOT/alpine mount -t zfs rpool/ROOT/alpine /mnt/ ``` ## Mount the `/boot` filesystem ```bash mkdir /mnt/boot/ mount -t ext4 /dev/sda1 /mnt/boot/ ``` ## Install Alpine Linux ```bash setup-disk /mnt dd if=/usr/share/syslinux/mbr.bin of=/dev/sda ``` ## Reboot and enjoy! ;) **NOTE** If you went with the optional step, be sure to disable root login after you reboot.