This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.
Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.
You will find most of this information pulled from the Arch Wiki and other resources linked thereof.
Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.
| # Description: Boxstarter Script | |
| # Author: Jess Frazelle <[email protected]> | |
| # Last Updated: 2017-09-11 | |
| # | |
| # Install boxstarter: | |
| # . { iwr -useb http://boxstarter.org/bootstrapper.ps1 } | iex; get-boxstarter -Force | |
| # | |
| # You might need to set: Set-ExecutionPolicy RemoteSigned | |
| # | |
| # Run this boxstarter by calling the following from an **elevated** command-prompt: |
| #!/bin/bash | |
| # NOTE: decided to actually make a more reusable version with README and all, to be found at | |
| # this repo: https://github.com/luispabon/borg-s3-home-backup | |
I wanted to replace rsync for my current host backups.
I had 2 hosts (1 laptop and 1 desktop) that would get there changes polled from a backup server. (polled = cronjob ran every hours) Ofcourse those boxes are not always on and a frenzy of cron mails happen every now and then.
I replaced everything with syncthing, they have clients available for linux, illumos, openbsd and mac. With the config below (client::folder master = yes, server::folder master = no) we prevent the server from accidentally overriding a file on the client. The client knows the server's IPv4 and/or IPv6 address so we do not need global or local discovery nor UPnP.