Skip to content

Instantly share code, notes, and snippets.

@neiser

neiser/setup.md

Last active May 14, 2024 06:30
Show Gist options
  • Save neiser/754e701daa6de67a5f3fa0c73e00370f to your computer and use it in GitHub Desktop.
Save neiser/754e701daa6de67a5f3fa0c73e00370f to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu 24.04 debootstrap cryptsetup
Raw
setup.md

The following is loosely based on

Setup

sudo su -
add-apt-repository universe
apt update && apt install -y debootstrap arch-install-scripts
# ALL DATA ON THIS DEVICE WILL BE DESTROYED IN THE FOLLOWING!
TARGETDEV=/dev/nvme0n1

Partitioning

gdisk $TARGETDEV
n 1 (default) +512M ef00      # EFI system partition
n 2 (default) (default) 8300  # Linux partition
w

Formatting and BTRFS Subvolumes

mkfs.vfat ${TARGETDEV}p1
cryptsetup luksFormat --label cryptlinux ${TARGETDEV}p2
cryptsetup open ${TARGETDEV}p2 cryptlinux
mkfs.btrfs /dev/mapper/cryptlinux
mount /dev/mapper/cryptlinux /mnt
btrfs su cr /mnt/@
btrfs su cr /mnt/@home
umount /mnt

Debootstrapping

mount -o defaults,noatime,autodefrag,compress-force=zstd:1,space_cache=v2,discard=async,subvol=@ /dev/mapper/cryptlinux /mnt

mkdir /mnt/home
mount -o defaults,noatime,autodefrag,compress-force=zstd:1,space_cache=v2,discard=async,subvol=@home /dev/mapper/cryptlinux /mnt/home

mkdir -p /mnt/boot/efi
mount -o defaults,nosuid,nodev,relatime,errors=remount-ro,umask=0077 ${TARGETDEV}p1 /mnt/boot/efi

debootstrap noble /mnt http://de.archive.ubuntu.com/ubuntu

genfstab -U /mnt >/mnt/etc/fstab
printf 'cryptlinux UUID=%s none luks\n' $(blkid -o value ${TARGETDEV}p2 | head -1) >/mnt/etc/crypttab

APT Preparations

Note: We use systemd-boot instead of GRUB. Also prevent installing some annoying Ubuntu stuff.

Create file /mnt/etc/apt/preferences.d/ignored-packages

Package: grub-common grub2-common grub-pc grub-pc-bin grub-gfxpayload-lists
Pin: release *
Pin-Priority: -1

Package: cloud-init landscape-common popularity-contest ubuntu-advantage-tools
Pin: release *
Pin-Priority: -1

Edit file /mnt/etc/apt/sources.list to look like:

deb https://mirror.leaseweb.com/ubuntu noble           main restricted universe
deb https://mirror.leaseweb.com/ubuntu noble-security  main restricted universe
deb https://mirror.leaseweb.com/ubuntu noble-updates   main restricted universe

Chroot & Config & Install

arch-chroot /mnt
dpkg-reconfigure locales
dpkg-reconfigure tzdata

echo "QA-L-$(cat /dev/urandom | tr -dc 'A-Z0-9' | fold -w 6 | head -n 1)" >/etc/hostname

echo "quiet splash root=/dev/mapper/cryptlinux rootflags=subvol=@" /etc/kernel/cmdline

apt install -y --no-install-recommends linux-{,image-,headers-}generic-hwe-24.04 linux-firmware initramfs-tools cryptsetup{,-initramfs} efibootmgr zstd btrfs-progs systemd-boot ubuntu-desktop-minimal
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment