fix systemd templates
This commit is contained in:
@ -39,7 +39,7 @@
|
||||
|
||||
# pacstrap
|
||||
# pacstrap -K /mnt/root base linux-lts linux-firmware nano openssh bind bash efibootmgr reflector screen pv pinentry sudo man-db man-pages texinfo ufw nftables intel-ucode e2fsprogs dosfstools curl cryptsetup
|
||||
# sbctl fwupd fwupd-efi dmidecode udisks2
|
||||
# sbctl sbsigntools fwupd fwupd-efi dmidecode udisks2 usbutils
|
||||
|
||||
# gen fstab
|
||||
# genfstab -L /mnt/root >> /mnt/root/etc/fstab
|
||||
@ -79,8 +79,39 @@
|
||||
# echo 'cryptdevice=dbbb9fb2-5509-4701-a2bb-5660934a5378:root root=/dev/mapper/root rw' > /etc/kernel/cmdline
|
||||
# echo 'rd.luks.name=dbbb9fb2-5509-4701-a2bb-5660934a5378=root root=/dev/mapper/root rw' > /etc/kernel/cmdline
|
||||
|
||||
# create a default systemd-networkd config
|
||||
# enable systemd-networkd
|
||||
# enable sshd
|
||||
# enable ufw service
|
||||
# enable ufw firewall
|
||||
# create ufw config to allow ssh port 22
|
||||
|
||||
# modify mkinitcpio for encryption
|
||||
# old HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck)
|
||||
# new HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck)
|
||||
# sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf
|
||||
# sed -i 's/^HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)/HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)/g' /etc/mkinitcpio.conf
|
||||
|
||||
# geneate sb keys with sbctl
|
||||
# keys go to /usr/share/secureboot/keys/db/db.pem
|
||||
# enroll sbctl keys
|
||||
|
||||
# add console= option to cmdline file
|
||||
|
||||
# create initcpio post hook /etc/initcpio/post/uki-sbsign
|
||||
# make /etc/initcpio/post/uki-sbsign executable
|
||||
# chmod +x /etc/initcpio/post/uki-sbsign
|
||||
# make initcpio
|
||||
# mkinitcpio -p linux-lts
|
||||
|
||||
# vfio and iommu
|
||||
# add 'intel_iommu=on iommu=pt' to kernel cmdline
|
||||
|
||||
# add vfio binding
|
||||
# vp2420 iGPU = 8086:4555
|
||||
# add vfio-pci ids to /etc/kernel/cmdline
|
||||
# vfio-pci.ids=8086:4555
|
||||
|
||||
# add vfio modules to mkinitcpio.conf
|
||||
# MODULES=(vfio_pci vfio vfio_iommu_type1)
|
||||
# ensure modconf hook is in mkinitcpio.conf
|
||||
# HOOKS=(base systemd keyboard autodetect modconf kms block sd-encrypt filesystems fsck)
|
Reference in New Issue
Block a user