Last active
December 15, 2016 22:48
-
-
Save andrej-peterka/a594d8c90f10a92b7638fcdf85766b54 to your computer and use it in GitHub Desktop.
ZFS root install
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# USEFUL LINKS: | |
https://help.ubuntu.com/community/encryptedZfs | |
https://unix.stackexchange.com/questions/178666/sbin-cryptsetup-not-found-on-boot | |
http://www.pavelkogan.com/2015/01/25/linux-mint-encryption/ | |
https://www.combustible.me/wordpress/2014/09/22/linux-mint-zfs-root-full-disk-encryption-hibernation-encrypted-swap/ | |
https://askubuntu.com/questions/729673/ubuntu-full-disk-encryption-with-encrypted-boot | |
http://thesimplecomputer.info/full-disk-encryption-with-ubuntu | |
https://github.com/zfsonlinux/zfs/wiki/Ubuntu-16.04-Root-on-ZFS | |
# Run this for UEFI booting (for use now or in the future): | |
sgdisk -n3:1M:+512M -t3:EF00 /dev/disk/by-id/ata-VBOX_HARDDISK_VB1104d745-09d29211 | |
# Run these in all cases: | |
sgdisk -n9:-8M:0 -t9:BF07 /dev/disk/by-id/ata-VBOX_HARDDISK_VB1104d745-09d29211 | |
sgdisk -n1:0:0 -t1:BF01 /dev/disk/by-id/ata-VBOX_HARDDISK_VB1104d745-09d29211 | |
cryptsetup -y -v luksFormat /dev/disk/by-id/ata-VBOX_HARDDISK_VB1104d745-09d29211-part1 | |
cryptsetup luksOpen /dev/disk/by-uuid/2b5b8e03-26e2-4c2a-937b-97689c055129 root_crypt | |
zpool create -o ashift=12 -O atime=off -O canmount=off -O compression=lz4 -O normalization=formD -O mountpoint=/ -R /mnt rpool /dev/mapper/root_crypt | |
zfs create -o canmount=off -o mountpoint=none rpool/ROOT | |
zfs create -o canmount=noauto -o mountpoint=/ rpool/ROOT/ubuntu | |
zfs mount rpool/ROOT/ubuntu | |
zfs create -o setuid=off rpool/home | |
zfs create -o mountpoint=/root rpool/home/root | |
zfs create -o canmount=off -o setuid=off -o exec=off rpool/var | |
zfs create -o com.sun:auto-snapshot=false rpool/var/cache | |
zfs create rpool/var/log | |
zfs create rpool/var/spool | |
zfs create -o com.sun:auto-snapshot=false -o exec=on rpool/var/tmp | |
# If you use /srv on this system: | |
zfs create rpool/srv | |
# If this system will have games installed: | |
zfs create rpool/var/games | |
# If this system will store local email in /var/mail: | |
zfs create rpool/var/mail | |
# If this system will use NFS (locking): | |
zfs create -o com.sun:auto-snapshot=false \ | |
-o mountpoint=/var/lib/nfs rpool/var/nfs | |
chmod 1777 /mnt/var/tmp | |
debootstrap xenial /mnt | |
zfs set devices=off rpool | |
echo woot > /mnt/etc/hostname | |
echo "127.0.1.1 woot" >> /mnt/etc/hosts | |
ifconfig -a | |
nano /mnt/etc/network/interfaces.d/NAME | |
######## | |
auto NAME | |
iface NAME inet dhcp | |
######## | |
mount --rbind /dev /mnt/dev | |
mount --rbind /proc /mnt/proc | |
mount --rbind /sys /mnt/sys | |
chroot /mnt /bin/bash --login | |
###### CHROOT HERE! | |
apt install nano | |
ln -s /dev/mapper/root_crypt /dev/root_crypt | |
echo 'ENV{DM_NAME}=="root_crypt", SYMLINK+="root_crypt"' > /etc/udev/rules.d/99-local.rules | |
blkid | |
/dev/sda1: UUID="2b5b8e03-26e2-4c2a-937b-97689c055129" TYPE="crypto_LUKS" PARTUUID="b1e1b55c-5e53-43d9-9263-6d3e19ec33c2" | |
nano /etc/crypttab | |
root_crypt UUID=2b5b8e03-26e2-4c2a-937b-97689c055129 none luks,discard | |
nano /etc/initramfs-tools/conf.d/cryptroot | |
##### | |
target=root_crypt,source=UUID=2b5b8e03-26e2-4c2a-937b-97689c055129,key=none,rootdev,discard | |
##### | |
locale-gen en_US.UTF-8 | |
echo 'LANG="en_US.UTF-8"' > /etc/default/locale | |
dpkg-reconfigure tzdata | |
nano /etc/apt/sources.list | |
########## | |
deb http://archive.ubuntu.com/ubuntu xenial main universe | |
deb-src http://archive.ubuntu.com/ubuntu xenial main universe | |
deb http://security.ubuntu.com/ubuntu xenial-security main universe | |
deb-src http://security.ubuntu.com/ubuntu xenial-security main universe | |
deb http://archive.ubuntu.com/ubuntu xenial-updates main universe | |
deb-src http://archive.ubuntu.com/ubuntu xenial-updates main universe | |
########### | |
ln -s /proc/self/mounts /etc/mtab | |
apt update | |
apt install --yes ubuntu-minimal | |
apt install --yes --no-install-recommends linux-image-generic | |
apt install --yes zfs-initramfs cryptsetup | |
#### ADD THIS TO /etc/initramfs-tools/modules | |
raid1 | |
raid456 | |
aes-x86_64 | |
sha512-ssse3 | |
xts | |
dm-mod | |
dm-crypt | |
#### | |
apt install dosfstools | |
mkdosfs -F 32 -n EFI /dev/disk/by-id/scsi-SATA_disk1-part3 | |
mkdir /boot/efi | |
echo PARTUUID=$(blkid -s PARTUUID -o value \ | |
/dev/disk/by-id/scsi-SATA_disk1-part3) \ | |
/boot/efi vfat defaults 0 1 >> /etc/fstab | |
### ADD THIS TO FSTAB... | |
/dev/mapper/root_crypt / zfs defaults 0 0 | |
### | |
mount /boot/efi | |
apt install --yes grub-efi-amd64 | |
addgroup --system lpadmin | |
addgroup --system sambashare | |
passwd | |
grub-probe / | |
# zfs | |
update-initramfs -c -k all | |
nano /etc/default/grub | |
# add GRUB_ENABLE_CRYPTODISK=y | |
# Comment out: GRUB_HIDDEN_TIMEOUT=0 | |
# Remove quiet and splash from: GRUB_CMDLINE_LINUX_DEFAULT | |
# add boot=zfs to GRUB_CMDLINE_LINUX_DEFAULT | |
# Uncomment: GRUB_TERMINAL=console | |
# Save and quit. | |
update-grub | |
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ubuntu --recheck --no-floppy | |
ls /boot/grub/*/zfs.mod | |
zfs snapshot rpool/ROOT/ubuntu@install | |
exit | |
###### END CHROOT HERE! | |
mount | grep -v zfs | tac | awk '/\/mnt/ {print $3}' | xargs -i{} umount -lf {} | |
zpool export rpool | |
############## REBOOOOOOOOOOOOOOT | |
zfs create rpool/home/pipi | |
adduser pipi | |
cp -a /etc/skel/.[!.]* /home/pipi | |
chown -R pipi:pipi /home/pipi | |
usermod -a -G adm,cdrom,dip,lpadmin,plugdev,sambashare,sudo pipi | |
zfs create -V 4G -b $(getconf PAGESIZE) -o compression=zle \ | |
-o logbias=throughput -o sync=always \ | |
-o primarycache=metadata -o secondarycache=none \ | |
-o com.sun:auto-snapshot=false rpool/swap | |
mkswap -f /dev/zvol/rpool/swap | |
echo /dev/zvol/rpool/swap none swap defaults 0 0 >> /etc/fstab | |
swapon -av | |
apt dist-upgrade --yes | |
apt install --yes xubuntu-desktop | |
for file in /etc/logrotate.d/* ; do | |
if grep -Eq "(^|[^#y])compress" "$file" ; then | |
sed -i -r "s/(^|[^#y])(compress)/\1#\2/" "$file" | |
fi | |
done | |
reboooooot | |
sudo zfs destroy rpool/ROOT/ubuntu@install |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment