If the disk is not in the command output, use /dev/disk/by-path.ĭISK=/dev/disk/by-id/nvme-foo_NVMe_bar_512GB Mountpoint INST_MNT=$(mktemp -d) Format and PartitionĬreate EFI system partition (for use now or in the future):Ĭreate BIOS boot partition, skip if you don't use this: INST_TZ=/usr/share/zoneinfo/Asia/Irkutsk Host name In this part, we will set some variables to configure the system. Tools pacman -Sy -needed cryptsetup btrfs-progs gdisk Uncomment and move mirrors to the beginning of the file. On another computer, connect to the target computer with: Otherwise, refer to Network Configuration wiki page.įind the IP address of the target computer: If the target computer aquires IP address with DHCP, no further steps need to be taken.
minimum 3 disks: use single disk Root on Btrfs, but store important data on ZFS with mirror/raidz2/raidz3įollow official installation guide up to Installation_guide#Boot_the_live_environment.Ĭonnect to the internet.minimum 2 disks: use Root on ZFS with mirror/raidz2/raidz3, or.It should be noted that, with only one disk, data are not redundant and not protected from bitrot.įor best data integrity and redundancy, you can either: įor support and questions, leave a message on User_talk:M0p/LUKS_Root_on_Btrfs. Efforts to automate this for the cloud exist, see.
DROPBEAR SSH LUKS PASSWORD
Password MUST BE interactively entered at boot and can not be automated. I use Root on ZFS on my laptop.Įxisting data on target disk will be destroyed.
See, and search reddit for posts involving crashed btrfs filesystems. Consider Root on ZFS if you want to use a multi-disk setup.ītrfs also has quite some pitfalls, gotchas and limitations. Only single disk installation is supported. Everything except EFI system partition (contains a single grub圆4.efi file) and BIOS boot sector is encrypted with LUKS 1. So let’s move forard and configure /etc/crypttab and /etc/mkinitcpio-systemd-tool/config/crypttab according to systemd-tool requirements.įirst we need to add our encrypted sdxdevice (yours) to /etc/crypttab file.Fully encrypted Arch Linux setup. In other words, if we are dealing with a headless server, it is very likely that we have an external RAID HDD plugged in, that needs decryption when mounting the filesystem. This file can be used for automatically mounting encrypted swap devices or secondary file systems. The formal definition of cryptab says that /etc/crypttab (encrypted device table) file is similar to the fstab file and contains a list of encrypted devices to be unlocked during system boot up. dev/mapper/nuc-root /sysroot auto vice-timeout =9999h 0 1 # This file is part of # REQUIRED READING: # * # * # fstab: mappings for direct partitions in initramfs: # * file location in initramfs: /etc/fstab # * file location in real-root: /etc/mkinitcpio-systemd-tool/config/fstab #. Let’s proceed with the following command: We are going to be using a mkinitcpio hook named systemd-tool, which provides early remote SSH access before the root partition gets mounted. The idea behind this is simple: we are going to start an SSH Service (TinySSH) in our Initial RAM Disk via mkinitcpio that will let us connect to our machine at an early stage, so we can decrypt our LUKS partition remotely. As optional and specially if you are dealing with a headless server, set a static ip address.As optional, switch from Network Manager to systemd-networkd in order to be consistent with the approach being showcased here.systemd-networkd as a network connection manager.