Last active
March 14, 2019 12:47
-
-
Save NWuensche/d9022c1433ef6baee840e00ca07240d9 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# sda1 -> boot 220MB | |
# sda2 -> / 120GB | |
# sda3 -> /swap 8GB | |
# sda4 -> /home 110GB | |
sed -e 's/\s*\([+0-9a-zA-Z]*\).*/\1/' << EOF | fdisk /dev/sda | |
o # clear current table (root) | |
n # new partition (boot) | |
p # primary | |
1 # number 1 | |
# default - start at beginning of disk | |
+220M # 220MB boot | |
n # new partition | |
p # primary | |
2 # number 2 | |
# default - start at beginning of disk | |
+120G # 120GB root | |
n # new partition (swap) | |
p # primary | |
3 # number 3 | |
# default - start at beginning of disk | |
+8G # 8GB Swap | |
t # change Partition Type | |
3 # of partion 3 | |
82 # to swap | |
n # new partition (home) | |
p # primary | |
# default - start at beginning of disk | |
# Till the End of HDD (110 GB) | |
w # write | |
EOF | |
echo Y | mkfs.ext4 /dev/sda1 # Y wipes old signature | |
echo Y | mkfs.ext4 /dev/sda2 | |
echo Y | mkfs.ext4 /dev/sda4 | |
echo -n '123' > /tmp/pass #CHRIS? Wo sonst | |
chown root:root /tmp/pass; chmod 400 /tmp/pass | |
#/ | |
echo YES | cryptsetup -v luksFormat --type luks2 /dev/sda2 /tmp/pass | |
cryptsetup open /dev/sda2 cryptroot --key-file /tmp/pass | |
mkfs.ext4 /dev/mapper/cryptroot | |
mount /dev/mapper/cryptroot /mnt | |
#swap | |
echo YES | cryptsetup -y -v luksFormat --type luks2 /dev/sda3 | |
cryptsetup open /dev/sda3 cryptswap --key-file /tmp/pass | |
mkswap /dev/mapper/cryptswap | |
swapon /dev/mapper/cryptswap | |
#home | |
echo YES | cryptsetup -y -v luksFormat --type luks2 /dev/sda4 /tmp/pass | |
cryptsetup open /dev/sda2 crypthome --key-file /tmp/pass | |
mkfs.ext4 /dev/mapper/crypthome | |
mkdir /mnt/home | |
mount /dev/mapper/crypthome /mnt/home | |
#CHRIS Sollte man eher / mit Passwort absichern, welches dann immer beim boot eingeben wird, und dann swap und /home mit keyfile entschlüsseln, welche auf / liegt? | |
cat /etc/mkinitcpio.conf | sed 's/^HOOKS.*/HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck"/' > /tmp/mk | |
cat /tmp/mk > /etc/mkinitcpio.conf | |
#TODO Crypt in GRUB | |
pacstrap /mnt base base-devel | |
genfstab -U -p /mnt >> /mnt/etc/fstab | |
grub-install /dev/sda | |
grub-mkconfig -o /boot/grub/grub.cfg |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment