LemmyEditThatForYou/VM_Partitioning_and_Formatt...

125 lines
5.0 KiB
Bash
Raw Normal View History

### Partitioning: Stage Start.
2024-03-08 07:25:59 +00:00
## Creates a GPT partition table for our reproducible dev environment.
sudo parted /dev/vda -- mklabel gpt
2024-03-08 07:25:59 +00:00
## Configures a boot partition of size 525 MiB with a 1MiB offset.
sudo parted /dev/vda -- mkpart ESP fat32 1MiB 526MiB
2024-03-08 07:25:59 +00:00
## Sets the first partition as our boot location.
sudo parted /dev/vda -- set 1 esp on
2024-03-08 07:25:59 +00:00
## Creates a primary partition that allocates/uses the remaining space (starting from our boot to leaving 16GiB for swap partition).
sudo parted /dev/vda -- mkpart primary 526MiB -16GiB
2024-03-08 07:25:59 +00:00
## Allocates the remaining 16GiB of disk space for a swap partition.
sudo parted /dev/vda -- mkpart linux-swap -16GiB 100%
### Partitioning: Stage End.
### Format Stage 1.
2024-03-08 07:25:59 +00:00
## Formats the boot partition with the FAT32 file system.
sudo mkfs.fat -F 32 -n BOOT /dev/vda1
2024-03-08 07:25:59 +00:00
## Initializes the swap partition.
sudo mkswap /dev/vda3
2024-03-08 07:25:59 +00:00
## Activates swap.
sudo swapon /dev/vda3
### Full Disk Encryption: Stage Start.
## This FDE stage can be skipped/commented if you don't need/care about:
## [Encryption at Rest](https://www.youtube.com/watch?v=5rlZtasM-Pk).
## [Data at rest - Encryption](https://en.wikipedia.org/wiki/Data_at_rest#Encryption).
## All of the options/flags are succinctly described on the [Archlinux Wiki Site](https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt) (please donate if you can!<3)
## Fully encrypts the main storage space using LUKS2 with the [Argon2id key derivation](https://en.wikipedia.org/wiki/Argon2).
sudo cryptsetup --verbose --type luks2 --cipher aes-xts-plain64 --hash sha512 --key-size 512 --pbkdf argon2id --use-urandom --verify-passphrase luksFormat /dev/vda2
## Opens the encryption while also labeling the disk partition to "luksroot".
sudo cryptsetup luksOpen /dev/vda2 luksroot
### Full disk encryption: Stage End.
### Format Stage 2.
## If FDE was skipped please uncomment and use the "Alt" variant bash commands and comment out the "First" commands.
## First:
sudo mkfs.btrfs -L nixos /dev/mapper/luksroot
## Alt:
# sudo mkfs.btrfs -L nixos /dev/vda2
### BTRFS Subvolume Creation: Stage Start.
## First:
sudo mount /dev/mapper/luksroot /mnt
## Alt:
# sudo mount /dev/vda2 /mnt
cd /mnt
sudo btrfs subvolume create /mnt/root
sudo btrfs subvolume create /mnt/home
sudo btrfs subvolume create /mnt/nix
sudo btrfs subvolume create /mnt/.logs
sudo btrfs subvolume create /mnt/.snapshots
cd
sudo umount /mnt
## First:
sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=root /dev/mapper/luksroot /mnt
# Alt:
# sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=root /dev/vda2 /mnt
### BTRFS Subvolume Creation: Stage End.
### Partition Mounting: Stage Start.
## Creating the corresponding directories to mount the subvolumes.
sudo mkdir -p /mnt/{boot,home,nix,.logs,.snapshots}
sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=home /dev/mapper/luksroot /mnt/home
sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=nix /dev/mapper/luksroot /mnt/nix
sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=.logs /dev/mapper/luksroot /mnt/.logs
sudo mount -o compress=zstd,discard=async,noatime,space_cache=v2,subvol=.snapshots /dev/mapper/luksroot /mnt/.snapshots
sudo mount -o umask=077 /dev/vda1 /mnt/boot
### Partition Mounting: Stage End.
### Initial Config Generation.
## This generates the initial `configuration.nix` and `hardware-configuration.nix`.
## `configuration.nix` will be replaced with the one provided in the repository but the command is still necessary to generate the proper config for `hardware-configuration.nix`.
sudo nixos-generate-config --root /mnt
# sudo nixos-install --no-root-passwd
## ^this last bash command is commented to allow users to configure/customize their dev environment before performing the first install.
## Once you've added your username, password, and a hostname into `secrets.nix` you're ready to install!
## Running this command will perform the first NixOS install using the config details that was provided in:
## `configuration.nix`, `hardware-configuration.nix`, `secrets.nix`.
## After the initial install is complete, you'll want to use/run the following command to update your system:
# sudo nixos-rebuild switch --upgrade
## ^this updates your system on the fly and generates a new bootable entry when you first turn on your computer/VM.
## Congrats you now have an indestructable system!
## Whenever one entry/version fails to boot,
## you can restart your comp and just select another previous version and choose to update again.
## Ex: version 1 works but you decide today's a good day to update. Version 2 loads on the fly, you work for a bit, turn off your comp, and turn in for the day.
## Later, after turning on your comp and loading v2 it fails to load which sucks.
## So you load v1 again, log in, update again which creates v3.
## If v3 works then your update just works and the broken v2 update can safely be nuked from orbit.
## ez upgrades, ez life
## perfection