kevinveenbirkenbach/hetzner-arch-luks
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/hetzner-arch-luks.git synced 2025-11-04 10:48:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated readme instruction

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2020-04-16 22:34:01 +02:00
parent b3b10b2dc4
commit c4f549fd35
1 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
README.md
View File

@@ -84,9 +84,9 @@ pacman -Syyu nano
#### 3.1 Execute the following script #### 3.1 Execute the following script
```bash ```bash
# Install software # Install software
pacman -Syyu busybox mkinitcpio-dropbear mkinitcpio-utils pacman -Syyu busybox mkinitcpio-dropbear mkinitcpio-utils mkinitcpio-netconf
#Copy ssh-key #Copy ssh-key
cp ~/.ssh/authorized_keys /etc/dropbear/root_key cp -v ~/.ssh/authorized_keys /etc/dropbear/root_key
``` ```
#### 3.2 #### 3.2
Replace the following line in **/etc/mkinitcpio.conf** Replace the following line in **/etc/mkinitcpio.conf**
@@ -95,7 +95,7 @@ HOOKS=(base udev autodetect modconf block mdadm_udev lvm2 filesystems keyboard f
``` ```
with with
``` ```
HOOKS=(netconf ppp dropbear encryptssh base udev autodetect modconf block mdadm_udev lvm2 filesystems keyboard fsck) HOOKS=(netconf dropbear encryptssh base udev autodetect modconf block mdadm_udev lvm2 filesystems keyboard fsck)
``` ```
### 4. Activate Encryption ### 4. Activate Encryption
@@ -127,7 +127,7 @@ Copy "system":
# Resync unterbrechen # Resync unterbrechen
echo 0 >/proc/sys/dev/raid/speed_limit_max echo 0 >/proc/sys/dev/raid/speed_limit_max
mkdir /oldroot mkdir /oldroot
cp -a /mnt/. /oldroot/. cp -va /mnt/. /oldroot/.
# Resync fortsetzen # Resync fortsetzen
echo 200000 >/proc/sys/dev/raid/speed_limit_max echo 200000 >/proc/sys/dev/raid/speed_limit_max
``` ```
@@ -144,6 +144,7 @@ vgremove vg0
``` ```
#### 4.8 #### 4.8
Check drive state:
```bash ```bash
cat /proc/mdstat cat /proc/mdstat
``` ```
@@ -151,7 +152,7 @@ cat /proc/mdstat
Encrypt MD1 by executing: Encrypt MD1 by executing:
```bash ```bash
cryptsetup --cipher aes-xts-plain64 --key-size 256 --hash sha256 --iter-time=10000 luksFormat /dev/md1 cryptsetup --cipher aes-xts-plain64 --key-size 256 --hash sha256 --iter-time=10000 luksFormat /dev/md1
ryptsetup luksOpen /dev/md1 cryptroot cryptsetup luksOpen /dev/md1 cryptroot
pvcreate /dev/mapper/cryptroot pvcreate /dev/mapper/cryptroot
vgcreate vg0 /dev/mapper/cryptroot vgcreate vg0 /dev/mapper/cryptroot
lvcreate -n swap -L8G vg0 lvcreate -n swap -L8G vg0
@@ -171,7 +172,7 @@ Copy "system":
```bash ```bash
# Resync unterbrechen # Resync unterbrechen
echo 0 >/proc/sys/dev/raid/speed_limit_max echo 0 >/proc/sys/dev/raid/speed_limit_max
cp -a /oldroot/. /mnt/. cp -av /oldroot/. /mnt/.
# Resync fortsetzen # Resync fortsetzen
echo 200000 >/proc/sys/dev/raid/speed_limit_max echo 200000 >/proc/sys/dev/raid/speed_limit_max
``` ```
@@ -190,8 +191,24 @@ chroot /mnt
```bash ```bash
echo "cryptroot /dev/md1 none luks" >> /etc/crypttab echo "cryptroot /dev/md1 none luks" >> /etc/crypttab
``` ```
# I think here the mess starts....
#### 4.15
rewrite initramfs ***?assume this should be right???***
```bash
mkinitcpio
```
Missing **initramfs neu schreiben** **GRUB neu schreiben** Missing **initramfs neu schreiben** **GRUB neu schreiben**
ssh-keygen -b 4096 -t rsa -m PEM -f /etc/ssh/ssh_host_rsa_key
dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key
* https://github.com/random-archer/mkinitcpio-systemd-tool/issues/21
* https://github.com/random-archer/mkinitcpio-systemd-tool/issues/17
* https://bbs.archlinux.org/viewtopic.php?id=250512
from point 4 on I have questions:
https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot
#### 4.15 #### 4.15
```bash ```bash
exit exit