Difference between revisions of "User:Rdeckard/Sandbox"

From ArchWiki
Jump to navigation Jump to search
(→‎Network managers: make sortable)
(Blanked - no longer going to pursue this (out of date content))
Tag: Blanking
Line 1: Line 1:
{{Note|These are just some potential ideas. Not sure if and when they will go anywhere official.}}
{{Warning|If you follow this right now, you will probably mess up your computer! Work in progress.}}
== Btrfs RAID with swap ==
The following example creates a full system encryption on multiple disks using btrfs' RAID 1 capabilities. {{ic|/boot}} and {{ic|/}} are encrypted with ''[[dm-crypt]]'' + LUKS, and [[btrfs]] subvolumes are used to simulate other partitions.
This is for a non-[[UEFI]] setup. It is possible to setup RAID with an ESP, but there are [[UEFI#ESP_on_RAID|several considerations]] to take account of.
{{Warning|If you desire [[swap]], you '''must''' use a partition for it and not a [[swapfile]]. Using a swapfile with btrfs may result in data loss.}}
|System partition          |Swap partition            |
|LUKS-encrypted            |plain-encrypted          |
|/                        |                          |
|/dev/sda''X''                |/dev/sda''Z''                |
|System partition          |Swap partition            |
|LUKS-encrypted            |plain-encrypted          |
|/                        |                          |
|/dev/sdb''X''                |/dev/sdb''Z''                |
The first steps can be performed directly after booting the Arch Linux install image.
=== Preparing the disk ===
{{Note|It is not possible to use btrfs partitioning as described in [[Btrfs#Partitioning]] when using LUKS. Traditional partitioning must be used, even if it is just to create one partition.}}
Prior to creating any partitions, you should inform yourself about the importance and methods to securely erase the disk, described in [[Dm-crypt/Drive preparation]]. If you are going to create an encrypted swap partition, create the partition for it, but do '''not''' mark it as swap, since plain ''dm-crypt'' will be used with the partition.
Create the needed partitions, at least one for {{ic|/}} on each device to be used in the btrfs RAID pool (e.g. {{ic|/dev/sda''X''}}, {{ic|/dev/sdb''X''}}, {{ic|/dev/sdc''X''}}). See [[Partitioning]].
=== Preparing the system and boot partitions ===
The following commands create a pool of devices to be used for {{ic|/}}. Each partition will use LUKS, and each decrypted device will be part of the btrfs pool.  If you want to use particular non-default encryption options (e.g. cipher, key length), see the [[Dm-crypt/Device encryption#Encryption_options_for_LUKS_mode|encryption options]] before executing the first command.
# cryptsetup -y -v luksFormat /dev/sda''X''
# cryptsetup -y -v luksFormat /dev/sdb''X''
# cryptsetup open /dev/sda''X'' sda_cryptroot
# cryptsetup open /dev/sdb''X'' sdb_cryptroot
# mkfs -t btrfs -d raid1 -m raid1 -L /dev/mapper/sd[ab]_cryptroot
{{Note|You can use the name of any device in a btrfs multi-device filesystem to mount the entire file system.}}
# mount -t btrfs -o compress=lzo /dev/sda_cryptroot /mnt
Check the mapping works as intended:
# umount /mnt
# cryptsetup close sda_cryptroot
# cryptsetup close sdb_cryptroot
# cryptsetup open /dev/sda''X'' sda_cryptroot
# cryptsetup open /dev/sdb''X'' sdb_cryptroot
# mount -t btrfs -o compress=lzo /dev/sda_cryptroot /mnt
=== Creating btrfs subvolumes ===
Follow the directions in [[#Creating btrfs subvolumes]].
=== Configuring mkinitcpio ===
Follow [[#Configuring mkinitcpio 6]], with the exception that at the key generation step, you must add the generated keyfile to every LUKS-encrypted partition with {{ic|cryptsetup luksAddkey}}.
=== Configuring the boot loader ===
Add the following lines to {{ic|/etc/default/grub}}:
where {{ic|''UUID''}} is one of the UUID's of the partition containing {{ic|/}} (the UUID of {{ic|/dev/sda''X''}}, '''not''' the UUID of {{ic|/dev/mapper/sda_cryptroot}}).
See [[Grub#Encryption]] for more details and options.
Do the following to install GRUB:
# grub-install --target=i386-pc --debug /dev/sda
# grub-install --target=i386-pc --debug /dev/sdb
# grub-mkconfig -o /boot/grub/grub.cfg
=== Configuring swap ===
If you created a partitions to be used for encrypted swap, now is the time to configure them. Follow the instructions at [[Dm-crypt/Swap encryption]] for each partition.
There is no need to set up RAID for the swap partitions, because the kernel knows how to stripe swapping on multiple devices. See [[Swap#RAID]].
After completing this step, continue configuring your system as normal according to the [[Installation_guide#Reboot|installation guide]].
== Network managers ==
{| class="wikitable sortable"
! Connection manager || Wired || Automatically handles<br>wired connection || Wireless || Profiles || Roaming || PPP || Official <br>GUI || [[Archiso]] [https://git.archlinux.org/archiso.git/tree/configs/releng/packages.both] || Console tools || Systemd units
| [[Connman]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{No}} || {{ic|connmanctl}} || {{ic|connman.service}}
| [[dhcpcd]] || {{Yes}} || {{Yes}} || {{Y|via [[WPA supplicant]]}} || {{No}} || {{No}} || {{No}} || {{No}} || {{Yes}} ({{grp|base}})* || {{ic|dhcpcd}} || {{ic|dhcpcd.service}}, {{ic|dhcpcd@''interface''.service}}
| [[netctl]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} ({{grp|base}}) || {{ic|netctl}}, {{ic|wifi-menu}} || {{ic|netctl-ifplugd@''interface''.service}}, {{ic|netctl-auto@''interface''.service}}
| [[NetworkManager]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{ic|nmcli}},{{ic|nmtui}} || {{ic|NetworkManager.service}}
| [[systemd-networkd]] || {{Yes}} || {{No}} || {{Y|via [[WPA supplicant]]}} || {{No}} || {{No}} || {{No}} || {{No}} || {{Yes}} ({{grp|base}}) || || {{ic|systemd-networkd.service}}, {{ic|systemd-resolved.service}}
| [[Wicd]] || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} || {{No}} || {{ic|wicd-curses}} || {{ic|wicd.service}}
| [[Wifi Radar]] || {{No}} || {{Grey|N/A}} || {{Yes}} || {{Yes}} || {{Yes}} || {{No}} || {{Yes}} || {{No}} || {{ic|wifi-radar}} ||

Latest revision as of 21:45, 21 March 2019