Difference between revisions of "User:Rdeckard/Sandbox"

From ArchWiki
Jump to navigation Jump to search
(→‎Network managers: make sortable)
(Blanked - no longer going to pursue this (out of date content))
Tag: Blanking
 
Line 1: Line 1:
{{Note|These are just some potential ideas. Not sure if and when they will go anywhere official.}}
 
  
{{Warning|If you follow this right now, you will probably mess up your computer! Work in progress.}}
 
 
== Btrfs RAID with swap ==
 
 
The following example creates a full system encryption on multiple disks using btrfs' RAID 1 capabilities. {{ic|/boot}} and {{ic|/}} are encrypted with ''[[dm-crypt]]'' + LUKS, and [[btrfs]] subvolumes are used to simulate other partitions.
 
 
This is for a non-[[UEFI]] setup. It is possible to setup RAID with an ESP, but there are [[UEFI#ESP_on_RAID|several considerations]] to take account of.
 
 
{{Warning|If you desire [[swap]], you '''must''' use a partition for it and not a [[swapfile]]. Using a swapfile with btrfs may result in data loss.}}
 
 
+--------------------------+--------------------------+
 
|System partition          |Swap partition            |
 
|LUKS-encrypted            |plain-encrypted          |
 
|/                        |                          |
 
|/dev/sda''X''                |/dev/sda''Z''                |
 
+--------------------------+--------------------------+
 
 
+--------------------------+--------------------------+
 
|System partition          |Swap partition            |
 
|LUKS-encrypted            |plain-encrypted          |
 
|/                        |                          |
 
|/dev/sdb''X''                |/dev/sdb''Z''                |
 
+--------------------------+--------------------------+
 
 
The first steps can be performed directly after booting the Arch Linux install image.
 
 
=== Preparing the disk ===
 
 
{{Note|It is not possible to use btrfs partitioning as described in [[Btrfs#Partitioning]] when using LUKS. Traditional partitioning must be used, even if it is just to create one partition.}}
 
 
Prior to creating any partitions, you should inform yourself about the importance and methods to securely erase the disk, described in [[Dm-crypt/Drive preparation]]. If you are going to create an encrypted swap partition, create the partition for it, but do '''not''' mark it as swap, since plain ''dm-crypt'' will be used with the partition.
 
 
Create the needed partitions, at least one for {{ic|/}} on each device to be used in the btrfs RAID pool (e.g. {{ic|/dev/sda''X''}}, {{ic|/dev/sdb''X''}}, {{ic|/dev/sdc''X''}}). See [[Partitioning]].
 
 
=== Preparing the system and boot partitions ===
 
 
The following commands create a pool of devices to be used for {{ic|/}}. Each partition will use LUKS, and each decrypted device will be part of the btrfs pool.  If you want to use particular non-default encryption options (e.g. cipher, key length), see the [[Dm-crypt/Device encryption#Encryption_options_for_LUKS_mode|encryption options]] before executing the first command.
 
 
# cryptsetup -y -v luksFormat /dev/sda''X''
 
# cryptsetup -y -v luksFormat /dev/sdb''X''
 
# cryptsetup open /dev/sda''X'' sda_cryptroot
 
# cryptsetup open /dev/sdb''X'' sdb_cryptroot
 
# mkfs -t btrfs -d raid1 -m raid1 -L /dev/mapper/sd[ab]_cryptroot
 
 
{{Note|You can use the name of any device in a btrfs multi-device filesystem to mount the entire file system.}}
 
 
# mount -t btrfs -o compress=lzo /dev/sda_cryptroot /mnt
 
 
Check the mapping works as intended:
 
# umount /mnt
 
# cryptsetup close sda_cryptroot
 
# cryptsetup close sdb_cryptroot
 
# cryptsetup open /dev/sda''X'' sda_cryptroot
 
# cryptsetup open /dev/sdb''X'' sdb_cryptroot
 
# mount -t btrfs -o compress=lzo /dev/sda_cryptroot /mnt
 
 
=== Creating btrfs subvolumes ===
 
 
Follow the directions in [[#Creating btrfs subvolumes]].
 
 
=== Configuring mkinitcpio ===
 
 
Follow [[#Configuring mkinitcpio 6]], with the exception that at the key generation step, you must add the generated keyfile to every LUKS-encrypted partition with {{ic|cryptsetup luksAddkey}}.
 
 
=== Configuring the boot loader ===
 
 
Add the following lines to {{ic|/etc/default/grub}}:
 
 
{{hc|1=/etc/default/grub|2=
 
GRUB_CMDLINE_LINUX="...'''cryptdevice=/dev/disk/by-uuid/''UUID'':sda_cryptboot'''..."
 
GRUB_ENABLE_CRYPTODISK=y}}
 
 
where {{ic|''UUID''}} is one of the UUID's of the partition containing {{ic|/}} (the UUID of {{ic|/dev/sda''X''}}, '''not''' the UUID of {{ic|/dev/mapper/sda_cryptroot}}).
 
 
See [[Grub#Encryption]] for more details and options.
 
 
Do the following to install GRUB:
 
 
# grub-install --target=i386-pc --debug /dev/sda
 
# grub-install --target=i386-pc --debug /dev/sdb
 
# grub-mkconfig -o /boot/grub/grub.cfg
 
 
=== Configuring swap ===
 
 
If you created a partitions to be used for encrypted swap, now is the time to configure them. Follow the instructions at [[Dm-crypt/Swap encryption]] for each partition.
 
 
There is no need to set up RAID for the swap partitions, because the kernel knows how to stripe swapping on multiple devices. See [[Swap#RAID]].
 
 
After completing this step, continue configuring your system as normal according to the [[Installation_guide#Reboot|installation guide]].
 
 
== Network managers ==
 
 
{| class="wikitable sortable"
 
! Connection manager || Wired || Automatically handles<br>wired connection || Wireless || Profiles || Roaming || PPP || Official <br>GUI || [[Archiso]] [https://git.archlinux.org/archiso.git/tree/configs/releng/packages.both] || Console tools || Systemd units
 
|-
 
| [[Connman]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{ic|connmanctl}} || {{ic|connman.service}}
 
|-
 
| [[dhcpcd]] || {{Yes}} || {{Yes}} || {{Y|via [[WPA supplicant]]}} || {{No}} || {{No}} || {{No}} || {{No}} || {{Yes}} ({{grp|base}})* || {{ic|dhcpcd}} || {{ic|dhcpcd.service}}, {{ic|dhcpcd@''interface''.service}}
 
|-
 
| [[netctl]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} ({{grp|base}}) || {{ic|netctl}}, {{ic|wifi-menu}} || {{ic|netctl-ifplugd@''interface''.service}}, {{ic|netctl-auto@''interface''.service}}
 
|-
 
| [[NetworkManager]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{ic|nmcli}},{{ic|nmtui}} || {{ic|NetworkManager.service}}
 
|-
 
| [[systemd-networkd]] || {{Yes}} || {{No}} || {{Y|via [[WPA supplicant]]}} || {{No}} || {{No}} || {{No}} || {{No}} || {{Yes}} ({{grp|base}}) || || {{ic|systemd-networkd.service}}, {{ic|systemd-resolved.service}}
 
|-
 
| [[Wicd]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} || {{No}} || {{ic|wicd-curses}} || {{ic|wicd.service}}
 
|-
 
| [[Wifi Radar]] || {{No}} || {{Grey|N/A}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} || {{No}} || {{ic|wifi-radar}} ||
 
|}
 

Latest revision as of 21:45, 21 March 2019