- Encrypted root partition
- AES-256 bit cipher
- Argon2id variant for PBKDF
- Sha3-512 bit hash
- rEFInd bootloader
- With dreary theme
- Optimal Settings (optimized for aesthetics, and boot time)
- Boot into backups thanks to refind-btrfs
unqualified-search-registries = ['docker.io'] | |
[[registry]] | |
prefix = "docker.io" | |
location = "docker.io" | |
[[registry.mirror]] | |
prefix = "docker.io" | |
# This will set the docker registry mirror of a chinese university. | |
# DON'T use it unless you have a network connection issue and you trust the mirror provider. |
In the following gist I'm going to guide you through the process of installing and booting an entire linux distribution with full desktop environment just like you would have with a classical VM, but with much better performance and much worse isolation :)
The reason why I did this was mainly because it's cool, but also to test new distros with decent graphics performance without actually booting them on my PC.
If you "try this at home" just keep in mind a container is not as secure as a VM, and some of the option we're going to explore will weaken container isolation from "a bit risky" to "totally unsafe" depending on what you choose.
Also, we're going to use systemd-nspawn for containers as it's probably the best fit for our use case and can also boot any linux partition without needing to prepare an apposite container image.
Less go!