mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-21 17:11:34 -05:00
Setting up Arch Linux with BTRFS, snapshots and full disk encryption including /boot (UEFI only).
install.sh | ||
LICENSE | ||
README.md |
Introduction
This is my fork of easy-arch, a script made in order to boostrap a basic Arch Linux environment with snapshots and encryption by using a fully automated process.
How does it work?
- Download an Arch Linux ISO from here
- Flash the ISO onto an USB Flash Drive.
- Boot the live environment.
- Connect to the internet.
git clone https://github.com/tommytran732/Arch-Setup-Script/edit/main/README.md
cd Arch-Setup-Script
./install.sh
Changes to the original project
- /boot is now encrypted
- Added option to select your own kernel flavor
- Enabled AppArmor
- Removed swap partition (I will add zram auto config later)
- Replaced Snapper with Timeshift (snapper rollback only works nicely with openSUSE's layout and openSUSE's GRUB. Since the current layout works better with Timeshift and we don't have any GRUB package with SUSE's patches on the AUR, I opt in for Timeshift instead.
- The entire /var, not /var/log is in its own subvolume. There are more things that should not be included and restore with the main system, such as docker containers and virtual machines.
Partitions layout
Partition Number | Label | Size | Mountpoint | Filesystem |
---|---|---|---|---|
1 | ESP | 512 MiB | /boot/efi | FAT32 |
2 | Cryptroot | Rest of the disk | / | Encrypted BTRFS (LUKS1) |
The partitions layout is pretty straightforward, it's inspired by this section of the Arch Wiki. As you can see there's just a couple of partitions:
- A FAT32, 512MiB sized, mounted at
/boot
for the ESP. - A LUKS encrypted container, which takes the rest of the disk space, mounted at
/
for the rootfs. - /boot is encrypted.
BTRFS subvolumes layout
Subvolume Number | Subvolume Name | Mountpoint |
---|---|---|
1 | @ | / |
2 | @home | /home |
3 | @snapshots | /.snapshots |
4 | @var | /var |
The BTRFS subvolumes layout follows the traditional and suggested layout used by Snapper, you can find it here. I only added a swap subvolume in case you need a swapfile, but it's totally optional. You'll be asked if you want it or not during the script execution. Here's a brief explanation of the BTRFS layout I chose:
@
mounted as/
.@boot
mounted as/boot
.@home
mounted as/home
.@snapshots
mounted as/.snapshots
.@var
mounted as/var/
.