197 lines
4.6 KiB
Plaintext
197 lines
4.6 KiB
Plaintext
# Use `cat` to get file with lines numbered
|
|
cat -n 10_install.txt
|
|
|
|
# Use `eval` from `sed` on lines X-Y
|
|
eval "$(sed -n X,Yp install.txt)"
|
|
|
|
# Ensure ethernet connection is up
|
|
ip link
|
|
|
|
# Partition starting at 1MiB to 513MiB for boot per convention, then rest as ext2
|
|
parted /dev/nvme0n1
|
|
mklabel gpt
|
|
mkpart primary 1MiB 513MiB
|
|
set 1 boot on
|
|
mkpart primary ext2 513MiB 99%
|
|
align-check optimal 1
|
|
align-check optimal 2
|
|
|
|
# Change partition types with t
|
|
# Part 1 as ef00 for EFI system partition
|
|
# Part 2 as 8309 for Linux LUKS
|
|
gdisk /dev/nvme0n1p1
|
|
|
|
mkfs.vfat /dev/nvme0n1p1
|
|
|
|
# Create LUKS container
|
|
cryptsetup luksFormat /dev/nvme0n1p2
|
|
cryptsetup luksOpen /dev/nvme0n1p2 cryptoroot
|
|
|
|
# Partition starting at 0% to 4GiB for swap and 4GiB to 100% for ZFS
|
|
parted /dev/mapper/cryptoroot
|
|
mklabel gpt
|
|
mkpart ext2 0% 4GiB
|
|
mkpart ext2 4GiB 100%
|
|
|
|
# Change partition types with t
|
|
# Part 1 as 8200 for swap
|
|
# Part 2 as bf00 for solaris
|
|
gdisk /dev/mapper/cryptoroot
|
|
|
|
# Make swap and swap on
|
|
mkswap /dev/mapper/cryptoroot1
|
|
swapon /dev/mapper/cryptoroot1
|
|
|
|
# Double check everything is correct
|
|
lsblk /dev/nvme0n1
|
|
|
|
# Load zfs modules and ensure it's loaded
|
|
modprobe zfs
|
|
lsmod | grep -i zfs
|
|
|
|
# Create root zpool
|
|
zpool create -f \
|
|
-O acltype=posixacl \
|
|
-O relatime=on \
|
|
-O dnodesize=auto \
|
|
-O xattr=sa \
|
|
-O normalization=formD \
|
|
-O canmount=off \
|
|
-O devices=off \
|
|
-m none \
|
|
-R /mnt \
|
|
zroot /dev/mapper/cryptoroot2
|
|
|
|
# Create datasets
|
|
zfs create -o mountpoint=none zroot/data
|
|
zfs create -o mountpoint=none -o compression=lz4 zroot/ROOT
|
|
zfs create -o mountpoint=/ -o canmount=noauto zroot/ROOT/default
|
|
zfs create -o mountpoint=/opt zroot/opt
|
|
zfs create -o mountpoint=/var zroot/var
|
|
zfs create zroot/var/log
|
|
zfs create -o mountpoint=/var/lib -o canmount=off zroot/var/lib
|
|
zfs create -o mountpoint=/home zroot/home
|
|
zfs create -o mountpoint=/root zroot/home/root
|
|
zfs create -o setuid=off -o devices=off -o sync=disabled -o mountpoint=/tmp zroot/tmp
|
|
|
|
# Prepare zpool
|
|
zpool export zroot
|
|
zpool import -d /dev/mapper/cryptoroot2 -R /mnt zroot -N
|
|
|
|
# Mount and check
|
|
zfs mount zroot/ROOT/default
|
|
zfs mount -a
|
|
df -k
|
|
|
|
# Prepare device for pool
|
|
zpool set bootfs=zroot/ROOT/default zroot
|
|
zpool set cachefile=/etc/zfs/zpool.cache zroot
|
|
mkdir -p /mnt/{etc/zfs,boot/efi}
|
|
cp /etc/zfs/zpool.cache /mnt/etc/zfs/zpool.cache
|
|
|
|
# Mount boot part
|
|
mount /dev/nvme0n1p1 /mnt/boot/efi
|
|
|
|
# Install with pacstrap
|
|
pacman -Syy
|
|
pacstrap /mnt base dkms git intel-ucode jq less linux linux-firmware linux-headers tmux vim zsh
|
|
|
|
# Create fs table and change root into mount
|
|
genfstab -U -p /mnt/etc/fstab
|
|
arch-chroot /mnt
|
|
|
|
# Remove zroot entries from fstab
|
|
vim /etc/fstab
|
|
|
|
# Add archzfs repository
|
|
vim /etc/pacman.conf
|
|
----
|
|
[archzfs]
|
|
SigLevel = Optional TrustAll
|
|
Server = https://zxcvfdsa.com/archzfs/$repo/$arch
|
|
----
|
|
|
|
# Update repostories and install zfs-linux
|
|
pacman -Syy
|
|
pacman -S zfs-linux
|
|
|
|
# Set hooks for startup load order
|
|
vim /etc/mkinitcpio.conf
|
|
HOOKS=(base udev autodetect microcode modconf kms keymap consolefont block keyboard encrypt load_part resume zfs filesystems)
|
|
|
|
# Create loader to probe cryptoroot partition
|
|
cat > /etc/initcpio/install/load_part << EOFHOOK
|
|
#!/bin/bash
|
|
|
|
build() {
|
|
add_binary 'partprobe'
|
|
add_runscript
|
|
}
|
|
|
|
help() {
|
|
cat << HELPEOF
|
|
Probes mapped LUKS container for partitions.
|
|
HELPEOF
|
|
}
|
|
EOFHOOK
|
|
cat > /etc/initcpio/hooks/load_part << EOFHOOK
|
|
run_hook() {
|
|
partprobe /dev/mapper/cryptoroot
|
|
}
|
|
EOFHOOK
|
|
|
|
# Update initramfs
|
|
mkinitcpio -p linux
|
|
|
|
# Install packages
|
|
pacman -S base-devel bind dhcpcd efibootmgr grub openssh os-prober reflector rsync systemd-networkd terminus-font
|
|
|
|
# Use blkid /dev/nvme0n1p2 for the uuid of cryptoroot and blkid /dev/mapper/cryptoroot2 for the uuid of the swap space and update the grub file
|
|
vim /etc/default/grub
|
|
----
|
|
GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/<uuid>:cryptoroot rw resume=UUID=<swap UUID> root=ZFS=zroot/ROOT/default"
|
|
GRUB_ENABLE_CRYPTODISK=y
|
|
----
|
|
|
|
# Create grub config
|
|
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
|
|
|
# Enable important systems
|
|
systemctl enable dhcpcd reflector.timer sshd systemd-networkd systemd-timesyncd
|
|
systemctl enable zfs-import-cache zfs-import-scan zfs-mount zfs-share zfs-zed zfs.target
|
|
|
|
# Setup
|
|
timedatectl set-timezone America/Vancouver
|
|
ln -sf /usr/share/zoneinfo/Canada/Pacific /etc/localtime
|
|
hwclock --systohc
|
|
|
|
# Make passwords
|
|
passwd
|
|
passwd iborrelli
|
|
|
|
# Make wheel sudoers
|
|
visudo
|
|
----
|
|
%wheel ALL=(ALL) ALL
|
|
----
|
|
|
|
# Backup reflector config and create new one
|
|
cd /etc/xdg/reflector
|
|
mv reflector.conf.orig
|
|
vim reflector.conf
|
|
----
|
|
--country CA
|
|
--protocol https
|
|
--latest 5
|
|
--sort rate
|
|
--save /etc/pacman.d/mirrorlist
|
|
----
|
|
|
|
# Exit chroot and clean up
|
|
exit
|
|
umount /mnt/boot
|
|
zfs umount -a
|
|
zpool export zroot
|
|
reboot
|