mirror of
https://github.com/tommytran732/Arch-Setup-Script
synced 2024-11-21 17:11:34 -05:00
Setting up Arch Linux with BTRFS, snapshots and full disk encryption including /boot (UEFI only).
install.sh | ||
LICENSE | ||
README.md |
Introduction
This is my fork of easy-arch, a script made in order to boostrap a basic Arch Linux environment with snapshots and encryption by using a fully automated process.
How does it work?
- Download an Arch Linux ISO from here
- Flash the ISO onto an USB Flash Drive.
- Boot the live environment.
- Connect to the internet.
git clone https://github.com/tommytran732/Arch-Setup-Script/edit/main/README.md
cd Arch-Setup-Script
chmod u+x ./install.sh && ./install.sh
Changes to the original project
- Enabled AppArmor
- SUSE - like partition layout (I am currently trying to replicate snapper's behavior on openSUSE).
- Default umask to 077
- Firewalld is enabled by default
- Improved kernel settings for better security
- Minimally setup GNOME 40
Partitions layout
Partition Number | Label | Size | Mountpoint | Filesystem |
---|---|---|---|---|
1 | ESP | 300 MiB | /boot/efi | FAT32 |
2 | cryptroot | Rest of the disk | / | Encrypted BTRFS (LUKS1) |
The partitions layout is pretty straightforward, it's inspired by this section of the Arch Wiki. As you can see there's just a couple of partitions:
- A FAT32, 100MiB sized, mounted at
/boot/efi
for the ESP. - A LUKS encrypted container, which takes the rest of the disk space, mounted at
/
for the rootfs. - /boot is encrypted.