ymatsiuk

Standard project structure

This is a project structure I’ve found useful. Looking for any thoughts/comments/feedback. Roughly, I found a tension between the style nixpkgs expects and the style conducive to development, so I extracted the common portion into a derivation.nix which is used by the remaining .nix files. This setup allows me to use nix build, nix-shell, overlays, Hydra, alternate packaging schemes, cross-compiling, etc.

ymatsiuk

Arch Linux Full-Disk Encryption Installation Guide

This guide provides instructions for an Arch Linux installation featuring full-disk encryption via LVM on LUKS and an encrypted boot partition (GRUB) for UEFI systems.

Following the main installation are further instructions to harden against Evil Maid attacks via UEFI Secure Boot custom key enrollment and self-signed kernel and bootloader.

Preface

You will find most of this information pulled from the Arch Wiki and other resources linked thereof.

Note: The system was installed on an NVMe SSD, substitute /dev/nvme0nX with /dev/sdX or your device as needed.

ymatsiuk

# This assumes a wifi only system...
wifi-menu

# Grab latest mirror list for Germany sorted by speed IPv4 only.
curl -o /etc/pacman.d/mirrorlist https://www.archlinux.org/mirrorlist/?country=DE&protocol=https&ip_version=4&use_mirror_status=on
sed -i 's/\#Server/Server/g' /etc/pacman.d/mirrorlist

# Create partitions
cgdisk /dev/nvme0n1
1 512MB EFI partition # Hex code ef00