bit-strickerei.de

You can send me an email to web@bit-strickerei.de

Consider using my GnuPG-key.

Alpine ZFS Root

alpine linux zfs zpool zroot root encryption 
setup-apkrepos
apk add util-linux udev zfs
setup-udev

sysctl -a | grep grsecurity | cut -f1 -d' ' | xargs -I {} sysctl -w {}=0

modprobe zfs

zpool create -f -o ashift=12 -O normalization=formD -O atime=off \
  -m none -R /mnt/alpine zpool /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001

zfs create -o mountpoint=none -o canmount=off zpool/ROOT
zfs create -o mountpoint=legacy zpool/ROOT/alpine
zfs create -o mountpoint=legacy zpool/HOME

# zfs list -t all

zpool set bootfs=zpool/ROOT/alpine zpool

mount -t zfs zpool/ROOT/alpine /mnt/alpine/
mount -t zfs zpool/HOME /mnt/alpine/home

apk --arch x86_64 -X http://nl.alpinelinux.org/alpine/edge/main/ -U --allow-untrusted \
  --root /mnt/alpine \
  --initdb add alpine-base tzdata alpine-mirrors \
    linux-hardened zfs-hardened zfs grub-bios sgdisk util-linux

mkdir -p /mnt/alpine/etc/zfs
cp /etc/zfs/zpool.cache /mnt/alpine/etc/zfs/zpool.cache
cp /etc/resolv.conf /mnt/alpine/etc/

mount -t proc none /mnt/alpine/proc
mount --rbind /sys /mnt/alpine/sys
mount --rbind /dev /mnt/alpine/dev

chroot /mnt/alpine /bin/sh -l

export PS1="(chroot) $PS1"; cd

rc-update add devfs sysinit
rc-update add dmesg sysinit
rc-update add mdev sysinit
rc-update add hwclock boot
rc-update add modules boot
rc-update add sysctl boot
rc-update add hostname boot
rc-update add bootmisc boot
rc-update add networking boot
rc-update add syslog boot
rc-update add urandom boot
rc-update add crond default
rc-update add mount-ro shutdown
rc-update add killprocs shutdown
rc-update add savecache shutdown

sed -i 's/\"$/ zfs\"/g' /etc/mkinitfs/mkinitfs.conf
mkinitfs $(ls /lib/modules)

sgdisk -a1 -n2:48:2047 -t2:EF02 -c2:"BIOS boot partition" /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001
partx -u /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001

echo 'GRUB_DEVICE="zpool/ROOT/alpine"' > /etc/update-extlinux.conf
echo 'GRUB_CMDLINE_LINUX="rootfstype=zfs"' >> /etc/update-extlinux.conf

export ZPOOL_VDEV_NAME_PATH=1
grub-probe /
grub-install /dev/disk/by-id/ata-QEMU_HARDDISK_QM00001
grub-mkconfig -o /boot/grub/grub.cfg

exit

umount -R /mnt/alpine/dev
umount -R /mnt/alpine/proc
umount -R /mnt/alpine/sys

zfs umount -a
zpool export zpool

reboot