-
-
Save stricte/2120c450d9b837f03bb6fcec463d7cc7 to your computer and use it in GitHub Desktop.
Revisions
-
stricte revised this gist
Jan 17, 2019 . 1 changed file with 13 additions and 15 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -48,6 +48,10 @@ mount /dev/mapper/vg0-root /mnt # /mnt is the installed system swapon /dev/mapper/vg0-swap # Not needed but a good thing for genstab mkdir /mnt/boot mount /dev/nvme0n1p2 /mnt/boot mkdir /mnt/efi mount /dev/nvme0n1p1 /mnt/efi mkdir /mnt/hostlvm mount --bind /run/lvm /mnt/hostlvm # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system # Unless vim and zsh are desired these can be removed from the command. Dialog is needed by wifi-menu @@ -64,6 +68,9 @@ echo 'tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0' >> /mnt/etc/fstab # Enter the new system arch-chroot /mnt /bin/bash # Link lvm location ln -s /hostlvm /run/lvm # Setup system clock ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime hwclock --systohc --utc @@ -99,22 +106,13 @@ vim /etc/mkinitcpio.conf # Regenerate initrd image mkinitcpio -p linux # Grub grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB grub-mkconfig -o /boot/grub/grub.cfg # In order to unlock the encrypted root partition at boot, the following kernel parameter needs to be set by the boot loader: # GRUB_CMDLINE_LINUX cryptdevice=UUID=device-UUID:cryptlvm root=/dev/MyVolGroup/root # Exit new system and go into the cd shell exit -
Jan 16, 2019 . 1 changed file with 24 additions and 17 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,49 +19,53 @@ wifi-menu cgdisk /dev/nvme0n1 # Partitions /dev/nvme0n1p1 550MB EFI partition # Hex code ef00 /dev/nvme0n1p2 250MB Boot partition # Hex code 8300 /dev/nvme0n1p3 100% size partiton # (to be encrypted) Hex code 8300 # Create EFI partition mkfs.vfat -F32 /dev/nvme0n1p1 # Format boot mkfs.ext2 /dev/nvme0n1p2 # Setup the encryption of the system with 256 bit effective size cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 3000 -y --use-random luksFormat /dev/nvme0n1p3 cryptsetup luksOpen /dev/nvme0n1p3 luks # Create encrypted partitions # This creates one partions for root, modify if /home or other partitions should be on separate partitions pvcreate /dev/mapper/luks vgcreate vg0 /dev/mapper/luks lvcreate --size 8G vg0 --name swap lvcreate -l +100%FREE vg0 --name root # Create filesystems on encrypted partitions mkfs.ext4 /dev/mapper/vg0-root mkswap /dev/mapper/vg0-swap # Mount the new system mount /dev/mapper/vg0-root /mnt # /mnt is the installed system swapon /dev/mapper/vg0-swap # Not needed but a good thing for genstab mkdir /mnt/boot mount /dev/nvme0n1p2 /mnt/boot # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system # Unless vim and zsh are desired these can be removed from the command. Dialog is needed by wifi-menu pacstrap /mnt base base-devel zsh vim git sudo efibootmgr dialog iw wpa_supplicant # 'install' fstab genfstab -pU /mnt >> /mnt/etc/fstab # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) echo 'tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0' >> /mnt/etc/fstab # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) # Enter the new system arch-chroot /mnt /bin/bash # Setup system clock ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime hwclock --systohc --utc # Set the hostname @@ -71,15 +75,14 @@ echo MYHOSTNAME > /etc/hostname #Uncomment wanted locales in /etc/locale.gen vim /etc/locale.gen locale-gen localectl set-locale LANG=pl_PL.UTF-8 #To avoid problems with gnome-terminal set locale system wide #Do NOT set LC_ALL=C. It overrides all the locale vars and messes up special characters #Pay attention to the UTF-8. Capital letters ! echo LANG=pl_PL.UTF-8 >> /etc/locale.conf echo LC_ALL= >> /etc/locale.conf # Set password for root passwd @@ -107,11 +110,11 @@ echo 'timeout 5' >> /boot/loader/loader.conf vim /boot/loader/entries/arch.conf # Add the following content to arch.conf # <UUID> is the the one of the raw encrypted device (/dev/nvme0n1p3). It can be found with the 'blkid' command title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options cryptdevice=UUID=<UUID>:vg0 root=/dev/mapper/vg0-root resume=/dev/mapper/vg0-swap rw # Exit new system and go into the cd shell exit @@ -122,3 +125,7 @@ swapoff -a # Reboot into the new system, don't forget to remove the cd/usb reboot ### post install # Enable Intel microcode updates pacman -S intel-ucode -
Jan 16, 2019 . 1 changed file with 5 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -17,8 +17,11 @@ wifi-menu # Create partitions cgdisk /dev/nvme0n1 # Partitions 1 100MB EFI partition # Hex code ef00 2 250MB Boot partition # Hex code 8300 3 100% size partiton # (to be encrypted) Hex code 8300 # Create EFI partition mkfs.vfat -F32 /dev/nvme0n1p1 -
Jan 16, 2019 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Jan 16, 2019 . 1 changed file with 3 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,8 +7,10 @@ dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. setfont Lat2-Terminus16.psfu.gz -m 8859-2 # Set swiss-french keymap loadkeys pl # This assumes a wifi only system... wifi-menu -
Jan 16, 2019 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
binaerbaum revised this gist
Apr 1, 2016 . 1 changed file with 4 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -68,10 +68,11 @@ vim /etc/locale.gen locale-gen localectl set-locale LANG=en_US.UTF-8 #To avoid problems with gnome-terminal set locale system wide #Do NOT set LC_ALL=C. It overrides all the locale vars and messes up special characters #Pay attention to the UTF-8. Capital letters ! echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LC_ALL= >> /etc/locale.conf # Set password for root -
Mar 28, 2016 . 1 changed file with 2 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -85,6 +85,7 @@ passwd vim /etc/mkinitcpio.conf # Add 'ext4' to MODULES # Add 'encrypt' and 'lvm2' to HOOKS before filesystems # Add 'resume' after 'lvm2' (also has to be after 'udev') # Regenerate initrd image mkinitcpio -p linux @@ -104,7 +105,7 @@ vim /boot/loader/entries/arch.conf title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options cryptdevice=UUID=<UUID>:vg0 root=/dev/mapper/vg0-root resume=/dev/mapper/vg0-swap rw intel_pstate=no_hwp # Exit new system and go into the cd shell exit -
Mar 27, 2016 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -100,6 +100,7 @@ echo 'timeout 5' >> /boot/loader/loader.conf vim /boot/loader/entries/arch.conf # Add the following content to arch.conf # <UUID> is the the one of the raw encrypted device (/dev/nvme0n1p2). It can be found with the 'blkid' command title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img -
Mar 27, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -14,7 +14,7 @@ loadkeys fr_CH-latin1 wifi-menu # Create partitions cgdisk /dev/nvme0n1 1 512MB EFI partition # Hex code ef00 2 100% size partiton # (to be encrypted) Hex code 8300 -
Mar 27, 2016 . 1 changed file with 38 additions and 23 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,30 +7,29 @@ dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. # Set swiss-french keymap loadkeys fr_CH-latin1 # This assumes a wifi only system... wifi-menu # Create partitions cgdisk /dev/nvme0n1pX 1 512MB EFI partition # Hex code ef00 2 100% size partiton # (to be encrypted) Hex code 8300 # Create EFI partition mkfs.vfat -F32 /dev/nvme0n1p1 # Setup the encryption of the system with 256 bit effective size cryptsetup -c aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 3000 -y --use-random luksFormat /dev/nvme0n1p2 cryptsetup luksOpen /dev/nvme0n1p2 luks # Create encrypted partitions # This creates one partions for root, modify if /home or other partitions should be on separate partitions pvcreate /dev/mapper/luks vgcreate vg0 /dev/mapper/luks lvcreate --size 16G vg0 --name swap lvcreate -l +100%FREE vg0 --name root # Create filesystems on encrypted partitions @@ -41,13 +40,11 @@ mkswap /dev/mapper/vg0-swap mount /dev/mapper/vg0-root /mnt # /mnt is the installed system swapon /dev/mapper/vg0-swap # Not needed but a good thing to test mkdir /mnt/boot mount /dev/nvme0n1p1 /mnt/boot # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system # Unless vim and zsh are desired these can be removed from the command. Dialog is needed by wifi-menu pacstrap /mnt base base-devel zsh vim git sudo efibootmgr dialog wpa_supplicant # 'install' fstab genfstab -pU /mnt >> /mnt/etc/fstab @@ -59,17 +56,24 @@ tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 arch-chroot /mnt /bin/bash # Setup system clock ln -s /usr/share/zoneinfo/Europe/Zurich /etc/localtime hwclock --systohc --utc # Set the hostname echo MYHOSTNAME > /etc/hostname # Generate locale #Uncomment wanted locales in /etc/locale.gen vim /etc/locale.gen locale-gen localectl set-locale LANG=en_US.UTF-8 #Alternate locale setup echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LANGUAGE=en_US >> /etc/locale.conf echo LC_ALL=C >> /etc/locale.conf # Set password for root passwd @@ -85,10 +89,21 @@ vim /etc/mkinitcpio.conf # Regenerate initrd image mkinitcpio -p linux # Setup systembootd (grub will not work on nvme at this moment) bootctl --path=/boot install # Create loader.conf echo 'default arch' >> /boot/loader/loader.conf echo 'timeout 5' >> /boot/loader/loader.conf # Create arch.conf (or XYZ.conf for default XYZ in loader.conf) vim /boot/loader/entries/arch.conf # Add the following content to arch.conf title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options cryptdevice=UUID=<UUID>:vg0 root=/dev/mapper/vg0-root rw intel_pstate=no_hwp # Exit new system and go into the cd shell exit -
mattiaslundberg revised this gist
Jan 7, 2016 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -66,9 +66,9 @@ hwclock --systohc --utc echo MYHOSTNAME > /etc/hostname # Update locale echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LANGUAGE=en_US >> /etc/locale.conf echo LC_ALL=C >> /etc/locale.conf # Set password for root passwd -
Sep 3, 2015 . 1 changed file with 14 additions and 8 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,21 +3,21 @@ # Download the archiso image from https://www.archlinux.org/ # Copy to a usb-drive dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. # Set swedish keymap loadkeys sv-latin1 # This assumes a wifi only system... wifi-menu # Create partitions cgdisk /dev/sdX 1 100MB EFI partition # Hex code ef00 2 250MB Boot partition # Hex code 8300 3 100% size partiton # (to be encrypted) Hex code 8300 mkfs.vfat -F32 /dev/sdX1 mkfs.ext2 /dev/sdX2 @@ -47,12 +47,13 @@ mount /dev/sdX1 /mnt/boot/efi # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system # Unless vim and zsh are desired these can be removed from the command pacstrap /mnt base base-devel grub-efi-x86_64 zsh vim git efibootmgr dialog wpa_supplicant # 'install' fstab genfstab -pU /mnt >> /mnt/etc/fstab # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) # Enter the new system arch-chroot /mnt /bin/bash @@ -64,6 +65,11 @@ hwclock --systohc --utc # Set the hostname echo MYHOSTNAME > /etc/hostname # Update locale echo LANG=en_US.UTF-8 > /etc/locale.conf echo LANGUAGE=en_US > /etc/locale.conf echo LC_ALL=C > /etc/locale.conf # Set password for root passwd -
Jan 26, 2015 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -81,7 +81,7 @@ mkinitcpio -p linux # Setup grub grub-install In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run: grub-mkconfig -o /boot/grub/grub.cfg # Exit new system and go into the cd shell -
Jan 25, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,95 @@ # Install ARCH Linux with encrypted file-system and UEFI # The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description. # Download the archiso image from https://www.archlinux.org/ # Copy to a usb-drive dd if=archlinux.img of=/dev/sdX bs=16M # on linux # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabeled in the BIOS configuration. # Set swedish keymap loadkeys sv-latin1 # This assumes a wifi system... wifi-menu wlo1 # wlo1 is the device name, use ip link to find your actual name # Create partitions cgdisk /dev/sdX 1 100MB EFI partition 2 250MB Boot partition 3 100% size partiton # (to be encrypted) mkfs.vfat -F32 /dev/sdX1 mkfs.ext2 /dev/sdX2 # Setup the encryption of the system cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3 cryptsetup luksOpen /dev/sdX3 luks # Create encrypted partitions # This creates one partions for root, modify if /home or other partitions should be on separate partitions pvcreate /dev/mapper/luks vgcreate vg0 /dev/mapper/luks lvcreate --size 8G vg0 --name swap lvcreate -l +100%FREE vg0 --name root # Create filesystems on encrypted partitions mkfs.ext4 /dev/mapper/vg0-root mkswap /dev/mapper/vg0-swap # Mount the new system mount /dev/mapper/vg0-root /mnt # /mnt is the installed system swapon /dev/mapper/vg0-swap # Not needed but a good thing to test mkdir /mnt/boot mount /dev/sdX2 /mnt/boot mkdir /mnt/boot/efi mount /dev/sdX1 /mnt/boot/efi # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system # Unless vim and zsh are desired these can be removed from the command pacstrap /mnt base base-devel grub-efi-x86_64 zsh vim efibootmgr dialog wpa_supplicant # 'install' fstab genfstab -pU /mnt >> /mnt/etc/fstab # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 # Enter the new system arch-chroot /mnt /bin/bash # Setup system clock ln -s /usr/share/zoneinfo/Europe/Stockholm /etc/localtime hwclock --systohc --utc # Set the hostname echo MYHOSTNAME > /etc/hostname # Set password for root passwd # Add real user remove -s flag if you don't whish to use zsh # useradd -m -g users -G wheel,storage,power -s /bin/zsh MYUSERNAME # passwd MYUSERNAME # Configure mkinitcpio with modules needed for the initrd image vim /etc/mkinitcpio.conf # Add 'ext4' to MODULES # Add 'encrypt' and 'lvm2' to HOOKS before filesystems # Regenerate initrd image mkinitcpio -p linux # Setup grub grub-install In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks" then run: grub-mkconfig -o /boot/grub/grub.cfg # Exit new system and go into the cd shell exit # Unmount all partitions umount -R /mnt swapoff -a # Reboot into the new system, don't forget to remove the cd/usb reboot
binaerbaum
revised
this gist