installs:raspi:argon-oneup:home-setup
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| installs:raspi:argon-oneup:home-setup [2026/03/01 16:11] – added instructions on encryption elraphik | installs:raspi:argon-oneup:home-setup [2026/03/01 20:42] (current) – change info size elraphik | ||
|---|---|---|---|
| Line 9: | Line 9: | ||
| <code bash> | <code bash> | ||
| export DEVICE=/ | export DEVICE=/ | ||
| + | export PART=/ | ||
| # Wipe disk | # Wipe disk | ||
| sudo wipefs -a $DEVICE | sudo wipefs -a $DEVICE | ||
| Line 21: | Line 22: | ||
| # Install cryptsetup and use it to encrypt the device with a passkey | # Install cryptsetup and use it to encrypt the device with a passkey | ||
| sudo apt update && sudo apt install cryptsetup -y | sudo apt update && sudo apt install cryptsetup -y | ||
| - | sudo cryptsetup luksFormat $DEVICE | + | sudo cryptsetup luksFormat $PART |
| # Now open the device with passkey, it should be located at / | # Now open the device with passkey, it should be located at / | ||
| - | sudo cryptsetup open $DEVICE | + | sudo cryptsetup open $PART crypt_home |
| export VOLUME=/ | export VOLUME=/ | ||
| Line 31: | Line 32: | ||
| sudo e2label $VOLUME home | sudo e2label $VOLUME home | ||
| </ | </ | ||
| + | |||
| + | You now have an encrypted disk with a single partition, that has a filesystem, great job! | ||
| + | Now, you may have to migrate the old home files into the new one before we continue, here's how to do so: | ||
| + | |||
| + | <code bash> | ||
| + | # Make temporary mount for migration + configuration | ||
| + | sudo mkdir / | ||
| + | sudo mount / | ||
| + | |||
| + | # Migrate data from old home to new home, trailing slashes are important | ||
| + | sudo rsync -aAXv /home/ / | ||
| + | </ | ||
| + | |||
| + | Great! Let's not configure the auto-mount and auto-decryption of the device on boot. | ||
| + | |||
| + | <code bash> | ||
| + | # Retrieve UUID of the partition | ||
| + | sudo blkid $PART | ||
| + | # Should return / | ||
| + | |||
| + | sudo nano / | ||
| + | # Add crypt_home UUID=YOUR-UUID none luks, | ||
| + | |||
| + | # Now configure your fstab | ||
| + | sudo blkid $VOLUME | ||
| + | sudo nano /etc/fstab | ||
| + | # Add / | ||
| + | </ | ||
| + | |||
| + | <WRAP center round info 100%> | ||
| + | If you pay attention here, you'll notice the " | ||
| + | I noticed that when booting, the prompt for the decryption passphrase does not appear if the disk decryption does not happen during the initramfs boot phase. If not present, it'll try to decypher during the systemd phase, in which you cannot interact with the prompt, so it will timeout and fail pretty hard. | ||
| + | </ | ||
| + | |||
| + | |||
| + | Okay now it's almost all set, just need to move some folders around : | ||
| + | |||
| + | <code bash> | ||
| + | # Archive old home | ||
| + | sudo mv /home /home_old | ||
| + | sudo mkdir /home | ||
| + | </ | ||
| + | |||
| + | You **should** now be able to reboot, and the boot process should ask for a passphrase.\\ | ||
| + | However, if you're like me, you'll need a couple extra steps: | ||
| + | |||
| + | <code bash> | ||
| + | # Install initramfs crypt support | ||
| + | sudo apt install cryptsetup-initramfs | ||
| + | |||
| + | # Regen initramfs | ||
| + | sudo update-initramfs -c -k all | ||
| + | |||
| + | # Now reboot | ||
| + | sudo reboot | ||
| + | </ | ||
| + | |||
installs/raspi/argon-oneup/home-setup.1772381476.txt.gz · Last modified: 2026/03/01 16:11 by elraphik