tjcim · December 9, 2017 06:27
diff --git a/Arch Linux - UEFI 2 HDDs Install b/Arch Linux - UEFI 2 HDDs Install
 # Download and verify iso
 gpg --verify archlinux-2017.01.01-dual.iso.sig 

 # Burn iso to USB
 dd if=archlinux-*.iso of=/dev/sdX bs=16M && sync  

 # Boot usb image and set root passwd (this is a temp password used for install only)
 passwd

 # Ensure time is correct
 timedatectl set-ntp true

 # Start ssh to connect using another computer
 systemctl start sshd.service

 # Get IP address
 ip addr

 # Log into computer from another machine using root user
 ssh root@<ip address>

 # This gist is designed to work with two harddrives - nvme0n1 is for root and sda will be used for home
 # nvme0n1 - PCIE Hard drive will be used for /boot, /boot/efi, /, swap
 gdisk /dev/nvme0n1

 # Create partitions on primary drive:
 o<enter> Y<enter> # Create a new GPT

 n<enter> 1<enter> <enter> +100M<enter> EF00<enter> # Partition 1 = 100 MiB EFI partition # Hex code EF00
 n<enter> 2<enter> <enter> +250M<enter> 8300<enter> # Partition 2 = 250 MiB Boot partition # Hex code 8300
 n<enter> 3<enter> <enter> <enter> <enter> # Partition 3 = Rest of drive # Hex code 8300.  

 # Review partitions
 p<enter>

 # Write gdisk changes
 w<enter>

 # Create partition on second disk
 gdisk /dev/sda
 o<enter> Y<enter>

 n<enter> 1<enter> <enter> <enter> <enter> # Partition 1 = All of the drive # Hex code 8300

 # Review partitions
 p<enter>

 # Write gdisk changes
 w<enter>

 # Create filesystems for /boot/efi and /boot
 mkfs.vfat -F 32 /dev/nvme0n1p1
 mkfs.ext2 /dev/nvme0n1p2

 # Encrypt system partition
 cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random luksFormat /dev/nvme0n1p3

 # Encrypt second harddrive with password
 cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random luksFormat /dev/sda1

 # Create file to use as a key to open second harddrive
 dd if=/dev/urandom of=/keyfile.bin bs=1024 count=20

 # Add file as key to open second harddrive - later we will copy this to the drive
 cryptsetup luksAddKey /dev/sda1 /keyfile.bin

 # Open first harddrive
 cryptsetup luksOpen /dev/nvme0n1p3 cryptroot

 # Open second harddrive
 cryptsetup --key-file /keyfile.bin luksOpen /dev/sda1 crypthome

 # Create encrypted LVM partitions
 pvcreate /dev/mapper/cryptroot
 pvcreate /dev/mapper/crypthome
 vgcreate Arch /dev/mapper/cryptroot
 vgcreate ArchHome /dev/mapper/crypthome
 # I use a larger swap for virtual machines,
 # I seem to run into trouble without it. If you don't need a large
 # swap set this to something reasonable for you.
 lvcreate -L +16G Arch -n swap
 lvcreate -l +100%FREE Arch -n root
 lvcreate -l +100%FREE ArchHome -n home

 # Create filesystems on your encrypted partitions
 mkswap /dev/mapper/Arch-swap
 mkfs.ext4 /dev/mapper/Arch-root
 mkfs.ext4 /dev/mapper/ArchHome-home

 # Mount the new system 
 mount /dev/mapper/Arch-root /mnt
 swapon /dev/mapper/Arch-swap
 mkdir /mnt/boot
 mount /dev/nvme0n1p2 /mnt/boot
 mkdir /mnt/boot/efi
 mount /dev/nvme0n1p1 /mnt/boot/efi
 mkdir /mnt/home
 mount /dev/mapper/ArchHome-home /mnt/home

 # Check pacman.d mirrolist and comment out any that you do not want to use
 vim /etc/pacman.d/mirrorlist

 # Copy keyfile to new drive and set permissions
 cp /keyfile.bin /mnt/keyfile.bin
 chmod 000 /mnt/keyfile.bin

 # Install your Arch system
 pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog vim

 # Create and review FSTAB
 genfstab -U /mnt >> /mnt/etc/fstab  # The -U option pulls in all the correct UUIDs for your mounted filesystems.
 sed -i 's/noatime/relatime/g' /mnt/etc/fstab  # Swap noatime with relatime

 # Edit crypttab
 HOMEUUID=$(blkid /dev/sda1 | awk '{print $2}' | cut -d '"' -f2)
 echo "crypt_hdd UUID=$HOMEUUID /keyfile.bin luks" >> /mnt/etc/crypttab

 # Copy edited pacman.d to new drive
 cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist

 # Enter the new system
 arch-chroot /mnt /bin/bash

 # Set locale
 echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
 locale-gen
 echo "LANG=en_US.UTF-8" > /etc/locale.conf
 export LANG=en_US.UTF-8

 # Set clock
 unlink /etc/localtime
 ln -s /usr/share/zoneinfo/US/Mountain /etc/localtime
 hwclock --systohc --utc

 # Assign your hostname
 echo "ws" > /etc/hostname

 # Enable dhcpcd
 systemctl enable dhcpcd.service

 # Set root password
 passwd

 # Create user
 useradd -m -G wheel -s /bin/bash trevor
 passwd trevor

 # Configure mkinitcpio with the correct HOOKS required for your initrd image
 sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 resume filesystems fsck"/' /etc/mkinitcpio.conf
 mkinitcpio -p linux

 # Install and configure Grub-EFI
 grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux
 ROOTUUID=$(blkid /dev/nvme0n1p3 | awk '{print $2}' | cut -d '"' -f2)
 sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$ROOTUUID:cryptroot:allow-discards root=\/dev\/mapper\/Arch-root resume=\/dev\/mapper\/Arch-swap\"/" /etc/default/grub

 # Generate Your Final Grub Configuration:
 grub-mkconfig -o /boot/grub/grub.cfg

 # Let users in wheel group run any command
 visudo # Uncomment line: '%wheel ALL=(ALL) ALL'

 # Exit Your New Arch System
 exit

 # Unmount all partitions
 umount -R /mnt
 swapoff -a

 # Reboot
 reboot

 # The rest is to provision archlinux using another machine with ansible:

 # Login locally to the machine and install openssh
 sudo pacman -S openssh python

 # Start the SSH server
 sudo systemctl start sshd.socket

 # Generate an ssh key to be used to download dotfiles from github
 mkdir ~/.ssh
 ssh-keygen -t rsa -C "$(whoami)@$(hostname)-$(date -I)" -f ~/.ssh/rsa_github
 cat ~/.ssh/rsa_github.pub # Copy to github ssh keys

 # The rest is performed from provisioning box

 # Copy the ssh keys
 ssh-copy-id <user>@<ip address>

 # Ensure you can now do passwordless ssh
 ssh <user>@<ip address> "uname -r"
	# Download and verify iso
	gpg --verify archlinux-2017.01.01-dual.iso.sig

	# Burn iso to USB
	dd if=archlinux-*.iso of=/dev/sdX bs=16M && sync

	# Boot usb image and set root passwd (this is a temp password used for install only)
	passwd

	# Ensure time is correct
	timedatectl set-ntp true

	# Start ssh to connect using another computer
	systemctl start sshd.service

	# Get IP address
	ip addr

	# Log into computer from another machine using root user
	ssh root@<ip address>

	# This gist is designed to work with two harddrives - nvme0n1 is for root and sda will be used for home
	# nvme0n1 - PCIE Hard drive will be used for /boot, /boot/efi, /, swap
	gdisk /dev/nvme0n1

	# Create partitions on primary drive:
	o<enter> Y<enter> # Create a new GPT

	n<enter> 1<enter> <enter> +100M<enter> EF00<enter> # Partition 1 = 100 MiB EFI partition # Hex code EF00
	n<enter> 2<enter> <enter> +250M<enter> 8300<enter> # Partition 2 = 250 MiB Boot partition # Hex code 8300
	n<enter> 3<enter> <enter> <enter> <enter> # Partition 3 = Rest of drive # Hex code 8300.

	# Review partitions
	p<enter>

	# Write gdisk changes
	w<enter>

	# Create partition on second disk
	gdisk /dev/sda
	o<enter> Y<enter>

	n<enter> 1<enter> <enter> <enter> <enter> # Partition 1 = All of the drive # Hex code 8300

	# Review partitions
	p<enter>

	# Write gdisk changes
	w<enter>

	# Create filesystems for /boot/efi and /boot
	mkfs.vfat -F 32 /dev/nvme0n1p1
	mkfs.ext2 /dev/nvme0n1p2

	# Encrypt system partition
	cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random luksFormat /dev/nvme0n1p3

	# Encrypt second harddrive with password
	cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random luksFormat /dev/sda1

	# Create file to use as a key to open second harddrive
	dd if=/dev/urandom of=/keyfile.bin bs=1024 count=20

	# Add file as key to open second harddrive - later we will copy this to the drive
	cryptsetup luksAddKey /dev/sda1 /keyfile.bin

	# Open first harddrive
	cryptsetup luksOpen /dev/nvme0n1p3 cryptroot

	# Open second harddrive
	cryptsetup --key-file /keyfile.bin luksOpen /dev/sda1 crypthome

	# Create encrypted LVM partitions
	pvcreate /dev/mapper/cryptroot
	pvcreate /dev/mapper/crypthome
	vgcreate Arch /dev/mapper/cryptroot
	vgcreate ArchHome /dev/mapper/crypthome
	# I use a larger swap for virtual machines,
	# I seem to run into trouble without it. If you don't need a large
	# swap set this to something reasonable for you.
	lvcreate -L +16G Arch -n swap
	lvcreate -l +100%FREE Arch -n root
	lvcreate -l +100%FREE ArchHome -n home

	# Create filesystems on your encrypted partitions
	mkswap /dev/mapper/Arch-swap
	mkfs.ext4 /dev/mapper/Arch-root
	mkfs.ext4 /dev/mapper/ArchHome-home

	# Mount the new system
	mount /dev/mapper/Arch-root /mnt
	swapon /dev/mapper/Arch-swap
	mkdir /mnt/boot
	mount /dev/nvme0n1p2 /mnt/boot
	mkdir /mnt/boot/efi
	mount /dev/nvme0n1p1 /mnt/boot/efi
	mkdir /mnt/home
	mount /dev/mapper/ArchHome-home /mnt/home

	# Check pacman.d mirrolist and comment out any that you do not want to use
	vim /etc/pacman.d/mirrorlist

	# Copy keyfile to new drive and set permissions
	cp /keyfile.bin /mnt/keyfile.bin
	chmod 000 /mnt/keyfile.bin

	# Install your Arch system
	pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog vim

	# Create and review FSTAB
	genfstab -U /mnt >> /mnt/etc/fstab # The -U option pulls in all the correct UUIDs for your mounted filesystems.
	sed -i 's/noatime/relatime/g' /mnt/etc/fstab # Swap noatime with relatime

	# Edit crypttab
	HOMEUUID=$(blkid /dev/sda1 \| awk '{print $2}' \| cut -d '"' -f2)
	echo "crypt_hdd UUID=$HOMEUUID /keyfile.bin luks" >> /mnt/etc/crypttab

	# Copy edited pacman.d to new drive
	cp /etc/pacman.d/mirrorlist /mnt/etc/pacman.d/mirrorlist

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Set locale
	echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
	locale-gen
	echo "LANG=en_US.UTF-8" > /etc/locale.conf
	export LANG=en_US.UTF-8

	# Set clock
	unlink /etc/localtime
	ln -s /usr/share/zoneinfo/US/Mountain /etc/localtime
	hwclock --systohc --utc

	# Assign your hostname
	echo "ws" > /etc/hostname

	# Enable dhcpcd
	systemctl enable dhcpcd.service

	# Set root password
	passwd

	# Create user
	useradd -m -G wheel -s /bin/bash trevor
	passwd trevor

	# Configure mkinitcpio with the correct HOOKS required for your initrd image
	sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 resume filesystems fsck"/' /etc/mkinitcpio.conf
	mkinitcpio -p linux

	# Install and configure Grub-EFI
	grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux
	ROOTUUID=$(blkid /dev/nvme0n1p3 \| awk '{print $2}' \| cut -d '"' -f2)
	sed -i "s/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$ROOTUUID:cryptroot:allow-discards root=\/dev\/mapper\/Arch-root resume=\/dev\/mapper\/Arch-swap\"/" /etc/default/grub

	# Generate Your Final Grub Configuration:
	grub-mkconfig -o /boot/grub/grub.cfg

	# Let users in wheel group run any command
	visudo # Uncomment line: '%wheel ALL=(ALL) ALL'

	# Exit Your New Arch System
	exit

	# Unmount all partitions
	umount -R /mnt
	swapoff -a

	# Reboot
	reboot

	# The rest is to provision archlinux using another machine with ansible:

	# Login locally to the machine and install openssh
	sudo pacman -S openssh python

	# Start the SSH server
	sudo systemctl start sshd.socket

	# Generate an ssh key to be used to download dotfiles from github
	mkdir ~/.ssh
	ssh-keygen -t rsa -C "$(whoami)@$(hostname)-$(date -I)" -f ~/.ssh/rsa_github
	cat ~/.ssh/rsa_github.pub # Copy to github ssh keys

	# The rest is performed from provisioning box

	# Copy the ssh keys
	ssh-copy-id <user>@<ip address>

	# Ensure you can now do passwordless ssh
	ssh <user>@<ip address> "uname -r"