Skip to content

Instantly share code, notes, and snippets.

Last active October 23, 2021 10:18
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Install Arch Linux on VPS with Encrypted System Partition
#!/usr/bin/env bash
set -e
set -x
parted -s $drive mklabel msdos
parted -s $drive mkpart primary ext4 1MiB 501MiB
parted -s $drive set 1 boot on
parted -s $drive mkpart primary ext4 501MiB 100%
printf %s ${luks_passphrase} | cryptsetup luksFormat --pbkdf-memory 256 --key-file - --batch-mode $luks_partition
luks_partition_uuid=$(blkid -o value -s UUID $luks_partition)
printf %s ${luks_passphrase} | cryptsetup luksOpen --key-file - --batch-mode $luks_partition cryptlvm
pvcreate /dev/mapper/cryptlvm
vgcreate vg0 /dev/mapper/cryptlvm
lvcreate -n swap -L 2G vg0
lvcreate -l 100%FREE vg0 -n root
mkfs.btrfs --force --label root /dev/mapper/vg0-root
mount -t btrfs -o noatime,compress=zstd:2 LABEL=root /mnt
mkfs.ext4 -F -L boot $boot_partition
mkdir /mnt/boot
mount $boot_partition /mnt/boot
mkswap -L swap /dev/mapper/vg0-swap
swapon /dev/vg0/swap
pacstrap /mnt base base-devel linux linux-firmware git grub-bios openssh sudo vim mkinitcpio-netconf mkinitcpio-tinyssh lvm2 cryptsetup mkinitcpio-utils btrfs-progs wget python
cat <<EOF > /mnt/etc/fstab
LABEL=root / btrfs rw,noatime,compress=zstd:2,space_cache,subvolid=5,subvol=/ 0 0
LABEL=boot /boot ext4 rw,relatime 0 2
LABEL=swap none swap defaults 0 0
arch-chroot /mnt /bin/bash <<EOT
wget -O /etc/tinyssh/root_key
sed -i "s/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap modconf block netconf tinyssh encryptssh lvm2 filesystems btrfs fsck)/g" /etc/mkinitcpio.conf
rm -rf /etc/tinyssh/sshkeydir
/usr/bin/ssh-keygen -A
cat /etc/ssh/ssh_host_ed25519_key | /usr/bin/tinyssh-convert /etc/tinyssh/sshkeydir
mkinitcpio -P
cat <<EOF > /etc/crypttab
cryptlvm UUID=${luks_partition_uuid} none luks
grub-install $drive
sed -i "s|GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=\"cryptdevice=UUID=${luks_partition_uuid}:cryptlvm root=/dev/vg0/root ip=:::::eth0:dhcp loglevel=3 quiet\"|g" /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg
cat <<EOF > /etc/systemd/network/
Name=eth0 en*
echo root:${root_pass} | chpasswd
systemctl enable systemd-networkd systemd-resolved sshd
systemctl set-default
mkdir ~/.ssh
chmod 700 ~/.ssh
wget -O ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment