pacstrapit icon indicating copy to clipboard operation
pacstrapit copied to clipboard

verified publisher icon atweiden

Metadata

Btrfs on LUKS

btrfs on luks

Last tested2014-11-27 with archlinux-2014.11.01-dual.iso

pacstrapit is meant for provisioning physical hardware. It assumes you have no need for dual-booting Windows, and that you are comfortable working on the command line.

Instructions

  1. Burn LiveCD/LiveUSB with latest Arch ISO
  2. Boot from LiveCD/LiveUSB
  3. Connect to the Internet: wifi-menu -o
  4. Download pacstrapit: curl -k https://codeload.github.com/atweiden/{pacstrapit}/{tar.gz}/{0.10.0} -o "#1-#3.#2"
  5. Extract: tar xvzf pacstrapit-0.10.0.tar.gz
  6. Customize defaults (recommended even if using cmdline flags or environment variables)

WARNING: failure to give appropriate values could cause catastrophic data loss and system instability.

Defaults:

Target partition/dev/sda
Type of processorother
Type of graphics cardIntel
Type of hard driveHDD
Localeen_US
Keymapus
TimezoneAmerica/Los_Angeles (PST)
Root passwordsecret
User nameguru
User passwordsecret
LUKS namelux
LUKS passwordsecret
Hostnameluxor
Hosts allowed192.168.0. (LAN - SSH is disabled by default)

cd pacstrapit-0.10.0 && $EDITOR pacstrapit

Done.

Usage

Run pacstrapit for a capable headless persistent USB installation in /dev/sdb:

./pacstrapit start --bundle    "base"                     \
                   --username  "newusername"              \
                   --userpass  "your new user's password" \
                   --rootpass  "your root password"       \
                   --lukspass  "your LUKS password"       \
                   --hostname  "yourhostname"             \
                   --partition "/dev/sdb"                 \
                   --processor "other"                    \
                   --graphics  "intel"                    \
                   --disk      "usb"                      \
                   --luksname  "infinity"                 \
                   --locale    "en_US"                    \
                   --keymap    "us"                       \
                   --timezone  "America/Los_Angeles"

...use the select option instead of bundle for more control:

./pacstrapit start --select    "base gui python nim"      \
                   --dotfiles                             \
                   --username  "newusername"              \
                   --userpass  "your new user's password" \
                   --rootpass  "your root password"       \
                   --lukspass  "your LUKS password"       \
                   --hostname  "yourhostname"             \
                   --partition "/dev/sdb"                 \
                   --processor "other"                    \
                   --graphics  "intel"                    \
                   --disk      "usb"                      \
                   --luksname  "infinity"                 \
                   --locale    "en_US"                    \
                   --keymap    "us"                       \
                   --timezone  "America/Los_Angeles"

Tip:

Omit --bundle and --select to create a very minimal headless system.

The base bundle adds CLI, vim, grsec and bitcoin pkgs

The lite bundle includes the base bundle plus GUI pkgs and dotfiles

The full bundle includes all pkgs and dotfiles

Run pacstrapit interactively:

./pacstrapit start -i

Tip:

Interactive mode allows you to manually select all important options. Use concealed mode (--concealed | -c) if you're only interested in manually inputting your user password, root password and LUKS password without echoing it to console.

...with ssh access to target machine enabled:

./pacstrapit start -i -s

...with verbose output:

./pacstrapit start -i -s -V

Run pacstrapit using default variables in config section, but with interactive password input:

./pacstrapit start --concealed

...with logging:

./pacstrapit start 2>&1 | tee pacstrapit.log

Run pacstrapit with username and password set from environment variables:

export USERNAME="sky"
export USERPASS="sailing"
./pacstrapit start

Run pacstrapit for a workstation installation:

./pacstrapit start --bundle    "full"                \
                   --username  "newusername"         \
                   --hostname  "yourhostname"        \
                   --partition "/dev/sda"            \
                   --processor "intel"               \
                   --graphics  "nvidia"              \
                   --disk      "ssd"                 \
                   --luksname  "infinity"            \
                   --locale    "en_US"               \
                   --keymap    "us"                  \
                   --timezone  "America/Los_Angeles" \
                   --concealed

If the script exits with an error, it's best to reboot and start fresh with a blank disk (shred -fvz -n 0 /dev/sdX).

Optional: sshd

If you intend to enable SSH access, you'll want to reset the values of _electrum_pubkey_default, _user_pubkey_default, and _user_pubkey_sig_default.

Before setting _ssh to 1...

On the control machine:

Make keys directory.

$ mkdir -p ~/keys

Generate ssh keys.

$ ssh-keygen -t ed25519 -b 521 -f ~/keys/id_ed25519

Get Electrum.

$ sudo pacman -S electrum

Generate an Electrum wallet.

$ electrum create -o

Pick an Electrum address for signing.

$ address_for_signing=$(electrum listaddresses | sed -n '2p' | tr -d '[:punct:]' | awk '{print $1}')

$ echo ${address_for_signing} > ~/keys/id_secp256k1.pub

$ electrum signmessage ${address_for_signing} "$(cat ~/keys/id_ed25519.pub)" > ~/keys/id_ed25519.pub.sig

Upload id_ed25519.pub, id_ed25519.pub.sig and id_secp256k1.pub to GitHub, or any other file hosting service reachable via curl.

Save the exact URL for each keyfile to the corresponding variable (_electrum_pubkey_default, _user_pubkey_default, _user_pubkey_sig_default).

Default packages

Minimum packages installed (excluding dependencies, base and base-devel groups):

absUtilities to download and work with the Arch Build System (ABS).
arch-install-scriptsScripts to aid in installing Arch.
arch-luks-suspendLock encrypted root volume on suspend.
bash-completionProgrammable completion for the bash shell.
btrfs-progsBtrfs filesystem utilities.
ca-certificatesCommon CA certificates.
cronieDaemon that runs specified programs at scheduled times and related tools.
dhclientStandalone DHCP client.
dialogTool to display dialog boxes from shell scripts.
dnscrypt-proxyTool for securing communications between a client and a DNS resolver.
edLine-oriented text editor.
ethtoolUtility for controlling network drivers and hardware.
expectTool for automating interactive applications.
gptfdiskText-mode partitioning tool that works on GUID Partition Table (GPT) disks.
grub-biosGNU GRand Unified Bootloader.
havegedEntropy harvesting daemon using CPU timings.
intel-ucodeMicrocode update files for Intel CPUs.
iproute2IP Routing Utilities.
iptablesLinux kernel packet control tool.
iwnl80211 based CLI configuration utility for wireless devices.
kbdKeytable files and keyboard utilities.
kexec-toolsLoad another kernel from the currently executing Linux kernel.
net-toolsConfiguration tools for Linux networking.
openresolvresolv.conf management framework (resolvconf).
opensshSSH connectivity tools.
pacaurFast workflow AUR helper.
python2High-level scripting language v2.
reflectorRetrieve and filter the latest Pacman mirror list.
rsyncA file transfer program to keep remote files in sync.
sshpassFool ssh into accepting an interactive password non-interactively.
systemd-swapCreate hybrid swap space from zram swaps, swap files and swap partitions.
tmuxTerminal multiplexer.
unzipExtract and view files in zip archives.
wgetRetrieve files from the Web.
wireless_toolsWireless tools.
wpa_actiondDaemon that connects to wpa_supplicant and handles connect and disconnect events.
wpa_supplicantUtility providing key negotiation for WPA wireless networks.
zipCreate and modify zipfiles.
zshVery advanced and programmable shell.

Optional packages

Base packages (use --bundle "base" to include):

ackGrep replacement.
ansibleRadically simple IT automation platform.
appjailSandboxing tool to protect private data from untrusted applications.
archversionArchlinux Version Controller.
arch-wiki-liteOffline Arch Wiki, easily searched and viewable on console.
asignifyYet another signify tool.
autochownMonitor multiple directories using glob patterns and automatically adjust file ownership and permissions.
avahiMulticast/unicast DNS-SD framework.
bind-toolsThe ISC DNS tools.
bluezBluetooth support.
bluez-firmwareFirmware for Broadcom BCM203x and STLC2300 Bluetooth chips.
ccryptCommand-line utility for encrypting and decrypting files and streams.
check-pacman-mtreeLocate files that have changed on disk (size/md5/sha256).
colordiffSyntax highlighting for diff.
commacdA faster way to move around Bash.
corkscrewA tool for tunneling SSH through HTTP proxies.
create_apCreate a NATed/Bridged Software Access Point (aka WiFi).
cronwhipRun missed cronjobs.
cryfs Cryptographic filesystem for the cloud.
darkhttpdSmall and secure static webserver.
devtoolsTools for package maintainers.
downgradeDowngrade software to an earlier version.
dtagsDirectory tags for lazy programmers.
dvd+rw-toolsDVD burning tools.
easytetherEasyTether Internet access drivers.
elinksText mode web browser.
entrRun arbitrary commands when files change.
facadefsFUSE-based filesystem sandbox.
facronfanotify cron system.
findxWrapper to extend the Unix find command.
f-ircUser-friendly IRC client for the console/terminal.
firejailSandbox any type of process.
fzfFuzzy finder for your shell.
fzf-extrasExtra keybindings for fzf.
geturlFilepicker.io CLI tool to get a public link for any file.
gitFast distributed version control system.
git-appraiseDistributed code review system for Git repositories.
git-extrasGit utilities.
git-lfsAn open source Git extension for versioning large files.
gitlintGit commit message linter.
gnupg1GNU Privacy Guard.
hexgrepVersatile grep-like binary stream and file search tool.
httpiecURL for humans.
hubCLI interface for Github.
icdiffImproved colored diff.
idemptablesIdempotent iptables wrapper for appending and deleting rules.
imgurbashImgur.com CLI uploader.
ipsetStore multiple IP addresses or port numbers and match against the collection with iptables in one swoop.
ipw2100-fwIntel Centrino Drivers firmware for IPW2100.
ipw2200-fwFirmware for the Intel PRO/Wireless 2200BG.
irssiModular text mode IRC client with Perl scripting.
irssi-otrOTR support for Irssi.
irssi-script-saslFreenode SASL support for Irssi.
ixClient for the ix.io pastebin.
jqCLI JSON processor.
keybaseCLI tool for GPG with keybase.io.
ledger.pyCLI double-entry accounting.
libfaketimeReport arbitrary dates and times to programs.
libusb-compatUSB device support.
lrzipMulti-threaded file compression.
lsgrpA simple command-line utility to list all members of a group.
lynxText mode Web browser.
macchangerChange your NIC's MAC address.
makedepConvert Pacman optional dependencies to real dependencies.
mawkMinimal-featured Awk designed for speed of execution over functionality.
mdpA command-line based Markdown presentation tool.
mercurialScalable distributed SCM tool.
mlocateLocate files easily.
moby-thesaurusThe Project Gutenberg Etext of Moby Thesaurus II by Grady Ward.
moreutilsA growing collection of the unix tools that nobody thought to write thirty years ago.
moshMobile shell, survives disconnects.
myreposMultiple Repository management tool.
nawkThe One True Awk.
ncursesText mode user interface support.
nyanSimple netcat wrapper.
openvpnAn easy-to-use, robust, and highly configurable VPN.
ottoolsTools for encrypting files with one-time pads.
p7zip7zip file archiver.
pacdepList package dependencies.
package-queryQuery ALPM and AUR.
packerBash wrapper for Pacman and AUR.
paclogList recent commits for Arch Linux packages.
pacmaticPacman with less surprises.
pacnew_scriptsA collection of scripts to help merge changes in .pacnew files.
pacserveEasily share Pacman packages between computers.
pacupgScript that wraps package and AUR upgrades in btrfs snapshots as well as providing an easy way to roll them back.
paexecParallel executor.
parallelExecute jobs in parallel.
parcimonie-shSafely refresh your GnuPG keyring.
pbgetRetrieve PKGBUILDs and local source files from Git, ABS and the AUR for makepkg.
pdfgrepA tool to search text in PDF files.
perl-image-exiftoolAlter EXIF data easily.
pipe-loggerLog rotation of stdout & stderr.
pipexecHandle pipe of commands like a single command.
pkgbuild-introspectionTools for generating .AURINFO files and PKGBUILD data extraction.
pkgcachecleanClean the Pacman cache to save on disk space.
pkg_scriptsA collection of pacman and package-related utilities.
progressShow running coreutils basic commands and display stats.
proxychains-ngRun programs from behind a proxy server.
puppetServer automation framework and application.
python2-pbpSimple crypto tool.
python3-aurAUR-related modules and helper utilities.
qRun SQL directly on CSV or TSV files.
qrencodeEncode data in a QR code.
quickserveA simple HTTP server for quickly sharing files.
quixandCreate single-use unrecoverable encrypted sandboxes.
rangerA simple, Vim-like file manager.
recollectKeep local copies of remote files updated.
repo-add_and_signEasily create signed Pacman package repositories.
repomanThe pacman of repository managers.
reptyrUtility for taking an existing running program and attaching it to a new terminal.
rfkillTool for enabling and disabling wireless devices.
rlwrapAdd readline-style editing and history to programs.
rtorrentRakshasa's BitTorrent client.
salt-raetCentral system and configuration manager.
sdcvStarDict Console Version.
seq2gifConvert a ttyrec record into a gif animation directly.
sfkSwiss File Knife.
shmigDatabase migration tool.
siftA fast and powerful open source alternative to grep.
signifySign and verify signatures on files.
snapperThe ultimate snapshot tool for Linux.
socatMultipurpose relay.
spipedSecure pipe daemon.
sshuttlePoor man's VPN.
ssssCLI tool for Shamir's Secret Sharing Scheme.
steghideEmbed a message in a file.
subrepoGit & Mercurial subrepos done right.
synclinksA tool that synchronizes hierarchies of symlinks.
tcplayCLI TrueCrypt implementation.
terminfo-italicsCommon terminfo formats patched to support italics.
the_platinum_searcherCode searching tool similar to the_silver_searcher.
the_silver_searcherCode searching tool.
timedatectl-restorerRestore system time across reboots when the internal clock is dead.
torAnonymizing overlay network.
torsocksSafely torify applications.
toxicText mode instant messaging client for Tox.
treeShow the contents of a directory in a depth-indented list of files.
ttyrecA tty recorder and player.
tupA fast, file-based build system.
unitsConvert quantities expressed in various systems of measurement to their equivalents in other systems of measurement.
usb_modeswitchActivate switchable USB devices.
usbmuxdUSB Multiplex Daemon.
websocketdTurn any application that uses STDIO/STDOUT into a WebSocket server.
wordsA collection of International 'words' files for /usr/share/dict.
xinetdA secure replacement for inetd.
youtube-dlYouTube.com CLI video downloader.

Additional packages are available.

ASPackages for programming in ActionScript
AdaPackages for programming in Ada
AnalysisPackages for system analysis
AndroidPackages for Android programming
AssemblyPackages for programming in Assembly
BEAMPackages for programming in Erlang / Elixir
CPackages for programming in C / C++ / Obj-C
CrystalPackages for programming in Crystal
DPackages for programming in D
DotNetPackages for programming in .NET
FontsFonts with internationalization
GoPackages for programming in Go
GobiGobi 3G / mobile network connection firmware
GrsecPackages for Grsecurity / PaX
HaskellPackages for programming in Haskell
HaxePackages for programming in Haxe
JuliaPackages for programming in Julia
JVMPackages for programming in Java / Clojure / Groovy / Scala / Kotlin
LaTeXPackages for writing in LaTeX
LispPackages for programming in Lisp / Scheme / Racket
LuaPackages for programming in Lua
MarkdownPackages for writing in Markdown
NimPackages for programming in Nim
OCamlPackages for programming in OCaml
PerlPackages for programming in Perl
Perl6Packages for programming in Perl6
PHPPackages for programming in PHP
PythonPackages for programming in Python
RSTPackages for writing in reStructuredText
RubyPackages for programming in Ruby
RustPackages for programming in Rust
SwiftPackages for programming in Swift
ValaPackages for programming in Vala
VboxPackages for VirtualBox
WebdevHTML, Haml, Jade, Jinja, Mustache/Handlebars, Slim; CSS, LESS, Sass, SCSS, Stylus; JS/Node

Selecting all packages (GUI included) adds over 1.1 GB to the download and over 5.5 GB to the system image size. This is something to be aware of if installing on a slow Internet connection or to a small USB stick. An 8GB USB stick should work perfectly well, but free space would be very limited with all GUI packages included.

Optional: dotfiles

Set _dotfiles to 1 for:

openbox

Dotfiles

Licensing

This is free and unencumbered public domain software. For more information, see http://unlicense.org/ or the accompanying UNLICENSE file.

Metadata

11
Stars
2
Forks
Watchers

Owner

verified publisher icon atweiden

Metadata

Btrfs on LUKS

Back