Number</th>	Size</th>	Code</th>	Format</th>	Use as</th></tr></thead>
1</td>	4g</td>	ef00</td>	vfat</td>	ESP partition</td></tr>
2</td>	->END</td>	8309</td>	luks</td>	Encrypted root partition</td></tr> </tbody></table> Create the ESP partition:</p> sgdisk -n "${ESP_PART}:1m:+4g" -t "${ESP_PART}:ef00" -c 0:esp $DISK </span></code></pre> Create the encrypted root partition:</p> sgdisk -n "${ROOT_PART}:0:0" -t "${ROOT_PART}:8309" -c 0:root $DISK </span></code></pre> Display layout:</p> partprobe $DISK && sgdisk -p $DISK </span></code></pre> Format the ESP partition</h3> NOTE</strong> Labels on file systems are optional, but helpful. They allow for easy mounting without a UUID.</p> Create a FAT32 file system:</p> mkfs.fat -n ESP -F 32 $ESP_DISK </span></code></pre> Encrypt the root partition</h3> Encrypt the partition using luks2</code>:</p> cryptsetup luksFormat -y --type luks2 $ROOT_DISK </span></code></pre> The newly-created LUKS device is opened and mapped to /dev/mapper/root</code>, as suggested by the Discoverable Partitions Specification</a>:</p> cryptsetup open $ROOT_DISK root </span></code></pre> Define a variable for the root device:</p> export ROOT_DEV="/dev/mapper/root" </span></code></pre> Format the root device</h3> Create a BTRFS file system:</p> mkfs.btrfs -L arch $ROOT_DEV </span></code></pre> Mount the root device:</p> mount $ROOT_DEV /mnt </span></code></pre> Create subvolumes</h3> Changing BTRFS subvolume layouts is made simpler by not mounting the top-level subvolume as /</code> (which is the default).</p> As an alternative, create a BTRFS subvolume that contains the actual data, and mount that</em> to /</code>. Use @</code> for the name of this new subvolume (which is the default name used by Snapper</a>, a tool for making file system snapshots):</p> btrfs subvolume create /mnt/@ </span></code></pre> Create additional subvolumes to facilitate system rollbacks that leave logs, databases, and home files untouched:</p> btrfs subvolume create /mnt/@home </span>btrfs subvolume create /mnt/@cache </span>btrfs subvolume create /mnt/@log </span>btrfs subvolume create /mnt/@tmp </span>btrfs subvolume create /mnt/@srv </span>btrfs subvolume create /mnt/@snapshots </span></code></pre> Define variable for subvolume mount options</h3> For an installation on a NVMe disk, these are the subvolume mount options I use:</p> noatime</code>: Disables writing “last accessed” timestamps. Extends SSD lifespan and improves read speeds.</li> compress=zstd:1</code>: Compression algorithm/setting “sweet spot” for NVMe (default is 3</code>). For non-NVMe disks, omit this setting and accept the default.</li> space_cache=v2</code>: Method to track free blocks. Significantly more efficient than v1</code>.</li> commit=120</code>: Default commit interval is 30 seconds. Increasing the interval allows BTRFS to bundle small writes in memory into fewer, larger sequential writes. If the system is connected to a UPS or healthy battery, the commit interval can be increased because the risk of a sudden power-loss shutdown is much lower.</li> </ul> Define a variable with these options:</p> export SUB_OPTS="noatime,compress=zstd:1,space_cache=v2,commit=120" </span></code></pre> For more options and details, see the BTRFS Administration</a> page.</p> Mount the subvolumes</h3> Unmount the previously mounted root</code> device:</p> umount /mnt </span></code></pre> Mount the subvolumes:</p> mount -o ${SUB_OPTS},subvol=@ $ROOT_DEV /mnt </span>mount --mkdir -o ${SUB_OPTS},subvol=@home $ROOT_DEV /mnt/home </span>mount --mkdir -o ${SUB_OPTS},subvol=@cache $ROOT_DEV /mnt/var/cache </span>mount --mkdir -o ${SUB_OPTS},subvol=@log $ROOT_DEV /mnt/var/log </span>mount --mkdir -o ${SUB_OPTS},subvol=@tmp $ROOT_DEV /mnt/var/tmp </span>mount --mkdir -o ${SUB_OPTS},subvol=@srv $ROOT_DEV /mnt/srv </span>mount --mkdir -o ${SUB_OPTS},subvol=@snapshots $ROOT_DEV /mnt/.snapshots </span></code></pre> Mount the ESP partition</h3> mount --mkdir $ESP_DISK /mnt/boot && df -h </span></code></pre> 4. Installation</h2> Select the mirrors</h3> Packages to be installed must be downloaded from mirror servers, which are defined in /etc/pacman.d/mirrorlist</code>. Generate a new</strong> mirrorlist using reflector</a>.</p> Backup the existing mirrorlist:</p> cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak </span></code></pre> Example: This command will select the 5 most recently synchronized HTTPS mirrors located in Canada, sort them by download speed, and overwrite the mirrorlist with the new links:</p> reflector --verbose --protocol https --latest 5 --sort rate --country Canada --save /etc/pacman.d/mirrorlist </span></code></pre> Synchronize the pacman</a> package databases using the new mirror list:</p> pacman -Syy </span></code></pre> Install</h3> Identify the processor vendor:</p> grep vendor_id /proc/cpuinfo </span></code></pre> Create a variable for an appropriate microcode package to load updates and security fixes:</p> UCODE="[vendor]-ucode" </span></code></pre> …where [vendor]</code> for Intel processors is intel</code> and AMD processors is amd</code>.</p> Create a variable for an editor (nano</code>, vim</code>, etc.) used to modify configuration files after we chroot</code> into the new system:</p> export EDIT="nano" </span></code></pre> Use pacstrap</a> to install the base package, Linux kernel, firmware for common hardware, crypt and file utilities, and some nice extras:</p> pacstrap -K /mnt base base-devel linux linux-firmware btrfs-progs cryptsetup efibootmgr limine man-db networkmanager openssh reflector sudo terminus-font $UCODE $EDIT </span></code></pre> 5. Configure the System</h2> Fstab</h3> Generate an fstab</a> file:</p> genfstab -L /mnt >> /mnt/etc/fstab && cat /mnt/etc/fstab </span></code></pre> Inspect the results for any possible errors.</p> Chroot</h3> Chroot into the newly-installed base system:</p> arch-chroot /mnt /bin/bash </span></code></pre> Zram swap</h3> Load the module at boot:</p> echo "zram" > /etc/modules-load.d/zram.conf </span></code></pre> Create the following udev rule</a> adjusting the disksize</strong> attribute (1/2 of physical RAM is a good benchmark) as necessary:</p> $EDIT /etc/udev/rules.d/99-zram.rules </span></code></pre> Add rule:</p> ACTION=="add", KERNEL=="zram0", ATTR{initstate}=="0", ATTR{comp_algorithm}="zstd", ATTR{disksize}="4G", TAG+="systemd" </span></code></pre> Save changes and exit.</p> Add zram0</code> to fstab</code> with a higher than default priority and the x-systemd.makefs</code> option:</p> echo -e "/dev/zram0\tnone\tswap\tdefaults,discard,pri=100,x-systemd.makefs\t0 0" >> /etc/fstab </span></code></pre> After rebooting the system, check status with:</p> zramctl </span></code></pre> Time</h3> Timezones are located in /usr/share/zoneinfo</code>.</p> List the timezones:</p> timedatectl list-timezones </span></code></pre> Set the desired timezone:</p> timedatectl set-timezone [Region]/[City] </span></code></pre> …where [Region]</code> is the geographical region (Africa</code>, America</code>, Europe</code>, …) and the [City]</code> within that region.</p> Example: Timezone where Toronto</code> is located:</p> timedatectl set-timezone America/Toronto </span></code></pre> Update the system clock:</p> hwclock --systohc </span></code></pre> Enable network time synchronization:</p> timedatectl set-ntp true </span></code></pre> Show current time settings:</p> timedatectl </span></code></pre> Localization</h3> Open the list of locales:</p> $EDIT /etc/locale.gen </span></code></pre> … and uncomment any desired locales.</p> Save changes and exit.</p> Generate the locales by running:</p> locale-gen </span></code></pre> Set the LANG</code> variable:</p> echo "LANG=[locale]" > /etc/locale.conf </span></code></pre> … where [locale]</code> is one of the generated locales (example: en_CA.UTF-8</code>):</p> echo "LANG=en_CA.UTF-8" > /etc/locale.conf </span></code></pre> Console keymap and font</h3> If earlier during the installation a different console keyboard layout than us</code> was selected, make the change persistent by writing the choice to vconsole.conf</code>:</p> echo "KEYMAP=[keyboard]" >> /etc/vconsole.conf </span></code></pre> …where [keyboard]</code> is your desired keymap (example: colemak</code>):</p> echo "KEYMAP=colemak" >> /etc/vconsole.conf </span></code></pre> Same process if the default font was changed:</p> echo "FONT=[font]" >> /etc/vconsole.conf </span></code></pre> … which in this HOWTO would be ter-122b</code>:</p> echo "FONT=ter-122b" >> /etc/vconsole.conf </span></code></pre> Hostname</h3> Create the hostname</code> file:</p> echo [hostname] > /etc/hostname </span></code></pre> …where [hostname]</code> is the desired name of the system (single word, no spaces):</p> echo "archlinux" > /etc/hostname </span></code></pre> Network configuration</h3> Enable NetworkManager</a> to start at boot:</p> systemctl enable NetworkManager </span></code></pre> Enable sshd</code> to start at boot:</p> systemctl enable sshd </span></code></pre> Initramfs</h3> Configure the initramfs</code> image to be generated by opening the mkinitcpio.conf</code> file for editing:</p> $EDIT /etc/mkinitcpio.conf </span></code></pre> Set the necessary MODULES</code>:</p> MODULES=(btrfs) </span></code></pre> … and BINARIES</code>:</p> BINARIES=(/usr/bin/btrfs) </span></code></pre> NOTE</strong> Order of the hooks matters. See Hook List</a>.</p> HOOKS</code> control the modules and scripts added to the image and what happens at boot time:</p> HOOKS=(base udev keyboard autodetect microcode modconf kms keymap consolefont block encrypt filesystems fsck) </span></code></pre> Save changes and exit.</p> Recreate the initramfs image with mkinitcpio</code>:</p> mkinitcpio -P </span></code></pre> Root password</h3> Set a password for root:</p> passwd </span></code></pre> Superuser</h3> Create a user account with superuser privileges:</p> useradd -m -G wheel -s /bin/bash [username] </span></code></pre> …where [username]</code> is the desired name for the account.</p> Set a password for [username]</code>:</p> passwd [username] </span></code></pre> Activate wheel</a> group access for the sudo</code> command:</p> sed -i "s/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/" /etc/sudoers </span></code></pre> Boot loader</h3> Create the /boot/EFI/BOOT</code> directory and copy the Limine</a> BOOT file there:</p> mkdir -p /boot/EFI/BOOT </span>cp /usr/share/limine/BOOTX64.EFI /boot/EFI/BOOT/ </span></code></pre> Limine does not add an entry for the boot loader in the NVRAM. Use efibootmgr</code> to create an entry:</p> efibootmgr --create --disk $DISK --part $ESP_PART --label "Arch Linux Limine Boot Loader" --loader '\EFI\BOOT\BOOTX64.EFI' --unicode </span></code></pre> Limine does not provide a default configuration file, it is therefore necessary to create one.</p> Firstly, make note of the LUKS device UUID required by the config file, which is retrieved by running:</p> cryptsetup luksUUID $ROOT_DISK </span></code></pre> Create the limine.conf</a>:</p> $EDIT /boot/limine.conf </span></code></pre> Add entry:</p> timeout: 3 </span> </span>/Arch Linux </span> protocol: linux </span> path: boot():/vmlinuz-linux </span> cmdline: cryptdevice=UUID=[device-UUID]:root root=/dev/mapper/root rootflags=subvol=@ rw rootfstype=btrfs </span> module_path: boot():/initramfs-linux.img </span></code></pre> Replace the [device-UUID]</code> above with the UUID of the LUKS device.</p> Save changes and exit.</p> 6. Finish Up</h2> Exit chroot:</p> exit </span></code></pre> Unmount partitions:</p> umount /mnt/boot </span>umount -l -n -R /mnt </span></code></pre> Remove encrypted device mapping:</p> cryptsetup close root </span></code></pre> Reboot system:</p> reboot </span></code></pre> User is prompted for the passphrase to unlock the encrypted root</code> partition. Upon success, boot resumes…</p> archlinux login: </span></code></pre> Welcome to Arch!</strong></p> 7. Resources</h2> Not just for Arch Linux, but for Linux in general, the Arch Wiki</a> is a tremendous resource.</li> </ul> You can like, share, or comment on this post on the Fediverse</a> 💬 </p> Minimal Alpine Linux Wed, 04 Feb 2026 00:00:00 +0000 Alpine Linux</a> is a lightweight and delightful community-driven Linux distribution that does things a bit differently than the standard defaults (musl</code> vs glibc</code> for C library, openrc</code> vs systemd</code> for init). I use an Alpine installation image to create an encrypted, console-only minimal system</strong> that provides a solid foundation while I explore building it up bit by bit to a workstation, laptop, and server configuration.</p> 1. Start Here</a> Acquire an installation image</a></li> Prepare the USB installation medium</a></li> </ul> </li> 2. Configure the Live Environment</a> Set the console keyboard</a></li> Verify the boot mode</a></li> Connect to the internet</a></li> Remote login to the installer</a></li> </ul> </li> 3. Initial System Setup</a></li> 4. Prepare the DISK</a> Install extra tools</a></li> Define disk variables</a></li> Erase DISK</a></li> Partition DISK</a></li> Encrypt the root partition</a></li> Encrypt the data partition</a></li> Format and mount the root device</a></li> Format and mount the data device</a></li> Format and mount the ESP partition</a></li> </ul> </li> 5. Installation</a></li> 6. Configure the System</a> Chroot</a></li> Zram swap</a></li> Auto-mount DATA_DISK</a></li> Mkinitfs</a></li> Bootloader</a></li> </ul> </li> 7. Finish Up</a></li> 8. Resources</a></li> </ul> 1. Start Here</h2> This guide makes a few assumptions:</p> Target device is x86_64</code> architecture and uses UEFI to boot.</li> Alpine will be installed as the sole operating system on a single disk.</li> Network access during install uses a wired interface.</li> </ul> Alpine includes a setup-alpine</a> script in the installer that can quickly get a system up-and-running. I will use the script to set a few basic settings, then skip the disk setup stage and proceed to manually create a custom partition layout, followed by chroot</code>-ing into the newly-installed system to complete the setup.</p> This custom partition layout includes:</p> Separate root</code> and data</code> partitions encrypted with LUKS2 and formatted with the ext4</code> file system. I like to keep my user data in a separate partition to preserve its contents and make things simpler if/when I wipe root</code> and re-install Linux.</li> An EFI partition formatted with the fat32</code> file system and mounted to boot</code>. Because this partition will also be storing kernels and initramfs in addition to EFI-related files - and to future-proof it for whatever else Linux might want to store here - I assign it a generous 2GB of storage.</li> In lieu of creating a partition for swap</code> memory, I use the Linux zram</code> kernel module to configure a compressed block device in RAM to provide swapspace.</li> </ul> NOTE</strong> Throughout this guide, square brackets []</code> in code blocks indicates the word of code (square brackets included) should be replaced with something else. This is detailed in the instructions before or after the code block.</p> Acquire an installation image</h3> The latest official installation images are available here: Downloads</a></p> Download alpine-standard-[RELEASE]-x86_64.iso</code> and alpine-standard-[RELEASE]-x86_64.iso.sha256</code>. As of 2026-02-04 the latest RELEASE is 3.23.3</code>.</p> On a Linux system, verify the integrity of the image with sha256sum</code>:</p> sha256sum -c --ignore-missing alpine-standard-3.23.3-x86_64.iso.sha256 </span></code></pre> Prepare the USB installation medium</h3> WARNING</strong> Be very careful to note the proper device (which can be identified with the lsblk</code> command). All contents on the device will be lost!</strong></p> Write the installer to an unmounted</strong> USB storage device running the dd</code> command as root.</p> Example: On a Linux system, if a USB stick appears as sdx1</code>, then write the installer to sdx</code> (omit partition number):</p> sudo dd if=alpine-standard-3.23.3-x86_64.iso of=/dev/sdx bs=4M conv=fsync oflag=direct status=progress; sync </span></code></pre> 2. Configure the Live Environment</h2> Boot the target device from the Alpine installation media. Login as root</code> with no password.</p> Set the console keyboard</h3> Default console keymap is us</code>. Available layouts are located in /usr/share/bkeymaps</code>.</p> If some other keymap is desired, set a different one using the setup-keymap</code> script:</p> setup-keymap [LAYOUT] [VARIANT] </span></code></pre> Example: I configure the system to use the us</code> layout with my preferred colemak</code> variant:</p> setup-keymap us us-colemak </span></code></pre> Or run setup-keymap</code> in interactive mode:</p> # setup-keymap </span>Select keyboard layout: `us` </span>Select variant: `us-colemak` </span></code></pre> Verify the boot mode</h3> Confirm target device is using UEFI boot mode:</p> cat /sys/firmware/efi/fw_platform_size </span></code></pre> If the command returns 64</code>, then system is booted in UEFI with 64-bit x64 UEFI and we are good to go.</p> NOTE</strong> If the file does not exist, the device is not using UEFI.</p> Connect to the internet</h3> Configure the wired interface by running the setup-interfaces</a> script in interactive mode:</p> setup-interfaces </span></code></pre> Example: I configure the ethernet interface device identified as eth0</code>:</p> Interface: eth0</code></li> Ip address: dhcp</code></li> Manual configuration: n</code></li> </ul> Bring up the interface:</p> ifup eth0 </span></code></pre> Verify the network interface is active, has been assigned an address, and the internet is reachable:</p> ip addr </span>ping -c 5 alpinelinux.org </span></code></pre> If this fails, or a wireless interface is required, consult the User Handbook: Networking</a> page.</p> Remote login to the installer</h3> One option to make this manual installation process easier (i.e. cut-n-paste commands) is to remotely log into the installer via ssh</code> from another computer.</p> On the installer, add the sshd</code> daemon using setup-sshd</a>:</p> setup-sshd -c openssh </span></code></pre> NOTE</strong> Editor vi</code> is used for modifying files, or install nano</code> with:</p> apk add nano </span></code></pre> Modify /etc/ssh/sshd_config</code> by setting PermitRootLogin</code> to allow root logins:</p> PermitRootLogin yes </span></code></pre> Reload the daemon:</p> rc-service sshd reload </span></code></pre> Set a password for root</code>:</p> passwd </span></code></pre> Switch to the other computer and ssh</code> into the target device:</p> ssh root@[ip_address] </span></code></pre> …where [ip_address]</code> is the target device’s address obtained with the ip addr</code> command above.</p> 3. Initial System Setup</h2> Begin the system configuration using the setup-alpine</a> script:</p> setup-alpine </span></code></pre> Example configuration steps:</p> Keyboard layout: us</code> ## skipped if set above</li> Keyboard variant: us-colemak</code> ## skipped if set above</li> Enter system hostname: alpinebox.home.arpa</code></li> Interface: eth0</code></li> Ip address: dhcp</code></li> Manual network configuration? n</code></li> Root password: xxxxxxxx</code></li> Timezone: Canada</code></li> Sub-timezone: Eastern</code></li> Proxy: none</code></li> Network Time Protocol: chrony</code> ## skipped if running in a virtual machine; defaults to built-in busybox</code></li> APK Mirror: c</code> ## enable community repository</li> APK Mirror: f</code> ## find and use fastest mirror</li> Setup user: foo</code></li> Full name: foo</code></li> User password: xxxxxxxx</code></li> SSH key: none</code></li> SSH server: openssh</code></li> </ul> At the Disk & Install</code> step, enter Ctrl-C</code> to exit script.</strong></p> 4. Prepare the DISK</h2> Setup a custom partition layout on a single disk before implementing the Alpine base installation.</p> Install extra tools</h3> apk update && apk add cryptsetup dosfstools e2fsprogs lsblk sgdisk wipefs </span></code></pre> Define DISK variables</h3> Identify the disk where Alpine will be installed by listing block devices:</p> lsblk -f </span></code></pre> Set DISK variables for either a SATA or NVMe device:</p> SATA (example device: sda</code>)</h4> export DISK="/dev/sda" </span>export ESP_PART="1" </span>export ROOT_PART="2" </span>export DATA_PART="3" </span>export ESP_DISK="${DISK}${ESP_PART}" </span>export ROOT_DISK="${DISK}${ROOT_PART}" </span>export DATA_DISK="${DISK}${DATA_PART}" </span></code></pre> NVMe (example device: nvme0n1</code>)</h4> export DISK="/dev/nvme0n1" </span>export ESP_PART="1" </span>export ROOT_PART="2" </span>export DATA_PART="3" </span>export ESP_DISK="${DISK}p${ESP_PART}" </span>export ROOT_DISK="${DISK}p${ROOT_PART}" </span>export DATA_DISK="${DISK}p${DATA_PART}" </span></code></pre> Erase DISK</h3> Erase existing file systems and partition table on DISK</code>:</p> wipefs -af $DISK && sgdisk --zap-all --clear $DISK </span></code></pre> Notify the system of the changes to the partition table:</p> partprobe $DISK </span></code></pre> NOTE</strong> If the Logical Volume Manager (LVM) framework was previously installed on DISK</code>, the above might fail with an error such as Device or resource busy</code>. This is because the LVM volume group might have gotten set up at boot.</p> If so, bring down the volume group:</p> vgchange -an </span></code></pre> After that, wipefs</code> should work as expected.</p> Partition DISK</h3> Create a custom GPT partition table on DISK with the following layout:</p> Number</th> Size</th> Code</th> Format</th> Use as</th></tr></thead> 1</td> 2g</td> EF00</td> vfat</td> ESP partition</td></tr> 2</td> 48g</td> 8309</td> luks</td> Encrypted root partition</td></tr> 3</td> ->END</td> 8309</td> luks</td> Encrypted data partition</td></tr> </tbody></table> Create the ESP partition:</p> sgdisk -n "${ESP_PART}:1m:+2g" -t "${ESP_PART}:ef00" -c 0:esp $DISK </span></code></pre> Create the encrypted root partition:</p> sgdisk -n "${ROOT_PART}:0:+48g" -t "${ROOT_PART}:8309" -c 0:root $DISK </span></code></pre> Create the encrypted data partition:</p> sgdisk -n "${DATA_PART}:0:0" -t "${DATA_PART}:8309" -c 0:data $DISK </span></code></pre> NOTE</strong> Run command mdev -s</code> to create partition nodes in /dev</code>.</p> Notify the system of changes to the partition table and display layout:</p> partprobe $DISK && mdev -s && sgdisk -p $DISK </span></code></pre> Encrypt the root partition</h3> Load the encryption kernel module:</p> modprobe dm-crypt </span></code></pre> Encrypt the partition using cryptsetup</code>:</p> cryptsetup luksFormat -y --type luks2 $ROOT_DISK </span></code></pre> Open the newly-created root device and map to /dev/mapper/root</code>:</p> cryptsetup open $ROOT_DISK root </span></code></pre> Define a variable for this device:</p> export ROOT_DEV="/dev/mapper/root" </span></code></pre> Encrypt the data partition</h3> Encrypt the partition:</p> cryptsetup luksFormat -y --type luks2 $DATA_DISK </span></code></pre> Open the newly-created data device and map to /dev/mapper/data</code>:</p> cryptsetup open $DATA_DISK data </span></code></pre> Define a variable for this device:</p> export DATA_DEV="/dev/mapper/data" </span></code></pre> Format and mount the root device</h3> NOTE</strong> Labels on file systems are optional, but helpful. They allow for easy identification/mounting without a UUID.</p> Create a ext4</code> file system on the device:</p> mkfs.ext4 -L rootfs $ROOT_DEV </span></code></pre> Mount the device:</p> mount -t ext4 $ROOT_DEV /mnt </span></code></pre> Format and mount the data device</h3> Create a ext4</code> file system on the device:</p> mkfs.ext4 -L datafs $DATA_DEV </span></code></pre> Create the data</code> mountpoint and mount the device:</p> mkdir /mnt/data && mount -t ext4 $DATA_DEV /mnt/data </span></code></pre> Format and mount the ESP partition</h3> Create a fat32</code> file system on the partition:</p> mkfs.fat -n ESP -F 32 $ESP_DISK </span></code></pre> Create the boot</code> mountpoint and mount the partition:</p> mkdir /mnt/boot && mount -t vfat $ESP_DISK /mnt/boot && df -h </span></code></pre> 5. Installation</h2> Use the setup-disk</a> script to install an Alpine base system to the root</code> device currently mounted on /mnt</code>:</p> setup-disk -m sys /mnt </span></code></pre> 6. Configure the System</h2> Before chroot</code>-ing into the system to configure it, a number of directories must be mounted:</p> mount --rbind /dev /mnt/dev </span>mount --make-rslave /mnt/dev </span>mount -t proc /proc /mnt/proc </span>mount --rbind /sys /mnt/sys </span>mount --make-rslave /mnt/sys </span>mount --rbind /tmp /mnt/tmp </span>mount --bind /run /mnt/run </span></code></pre> Chroot</h3> Enter the newly-installed base system:</p> chroot /mnt </span></code></pre> Zram swap</h3> Install zram-init</code>, a wrapper script for the zram</code> kernel module:</p> apk update && apk add zram-init </span></code></pre> The configuration file /etc/conf.d/zram-init</code> is well-commented. These are the settings I modify/verify are set as follows:</p> load_on_start=yes </span>unload_on_stop=yes </span>num_devices=1 </span>type0=swap </span>size0=`LC_ALL=C free -m \| awk '/^Mem:/{print int($2/4)}'` ## use a fourth of available memory </span>algo0=zstd </span></code></pre> Enable the service:</p> rc-update add zram-init </span></code></pre> After rebooting the system, check status with:</p> zramctl </span></code></pre> Auto-mount DATA_DISK</h3> Decrypt and auto-mount DATA_DISK</code> at boot by using a keyfile securely stored on the encrypted ROOT_DISK</code>.</p> Create the keyfile:</p> dd if=/dev/urandom of=/root/crypt-data-keyfile.bin bs=1024 count=4 </span></code></pre> Restrict permissions so only root</code> can read it:</p> chmod 400 /root/crypt-data-keyfile.bin </span></code></pre> Add the keyfile to a LUKS key slot on DATA_DISK</code>:</p> cryptsetup luksAddKey $DATA_DISK /root/crypt-data-keyfile.bin </span>cryptsetup luksDump $DATA_DISK \| grep luks2 </span></code></pre> Original passphrase for DATA_DISK</code> occupies slot 0</code> and the keyfile has been added to slot 1</code>.</p> Make note of the device-UUID</code> required by the dmcrypt</code> config file, which can be obtained using blkid</code> or cryptsetup</code>:</p> cryptsetup luksUUID $DATA_DISK </span></code></pre> Edit /etc/conf.d/dmcrypt</code>:</p> ## Definition for /dev/mapper/data (for /data) with keyfile </span>target=data </span>source=UUID="[device-UUID]" </span>key=/root/crypt-data-keyfile.bin </span></code></pre> … where [device-UUID]</code> is replaced with the UUID of DATA_DISK</code>.</p> Enable the dmcrypt</code> service to start on boot:</p> rc-update add dmcrypt boot </span></code></pre> NOTE</strong> Verify an entry for /data</code> exists in /etc/fstab</code>. Otherwise, add it:</p> /dev/mapper/data /data ext4 rw,relatime 0 2 </span></code></pre> Mkinitfs</h3> Edit /etc/mkinitfs/mkinitfs.conf</code>, adding cryptsetup</code> and keymap</code> to the features list:</p> features="ata base ide scsi usb virtio ext4 cryptsetup keymap" </span></code></pre> Generate a new initramfs</code>:</p> mkinitfs $(ls /lib/modules) </span></code></pre> Bootloader</h3> Install packages:</p> apk add grub-efi efibootmgr </span></code></pre> Install boot loader:</p> grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=ALPINE </span></code></pre> Make note of the device-UUID</code> required by the grub</code> config file:</p> cryptsetup luksUUID $ROOT_DISK </span></code></pre> Edit /etc/default/grub</code>:</p> GRUB_CMDLINE_LINUX_DEFAULT="modules=sd-mod,usb-storage,ext4 cryptroot=UUID=[device-UUID] cryptdm=root quiet rootfstype=ext4" </span></code></pre> … where [device-UUID]</code> is replaced with the UUID of ROOT_DISK</code>.</p> Run:</p> update-grub </span></code></pre> 7. Finish Up</h2> Exit chroot:</p> exit </span></code></pre> Unmount partitions:</p> umount /mnt/boot && umount /mnt/data && umount -l /mnt </span></code></pre> Remove encrypted device mapping:</p> cryptsetup close data && cryptsetup close root </span></code></pre> Reboot system:</p> reboot </span></code></pre> User is prompted for the passphrase to unlock the encrypted root</code> partition. Upon success, boot resumes:</p> . </span>. </span>. </span>alpinebox.home.arpa login: </span></code></pre> Welcome to Alpine!</strong></p> 8. Resources</h2> Alpine Linux Wiki</a>, particularly: Installation</a></li> FAQ</a></li> Setting up disks manually</a></li> Setting up encrypted volumes with LUKS</a></li> Mounting encrypted filesystems at boot</a></li> Zram</a></li> </ul> </li> Gentoo Linux Wiki</a>, particularly: Dm-crypt</a></li> Chroot</a></li> </ul> </li> </ul> You can like, share, or comment on this post on the Fediverse</a> 💬 </p> Real-time File Synchronization Across Devices Using Syncthing Wed, 29 Oct 2025 00:00:00 +0000 Syncthing</a> is a real-time, continuous file synchronization program. Once installed and configured, it will keep files synced between multiple computers (known as “devices”) in real time.</p> I have the program installed and configured for syncing on:</p> Desktop running LMDE</a></li> Pixel 6a phone running GrapheneOS</a></li> </ul> 1. Start Here</a></li> 2. Apt Sources</a></li> 3. Apt Pin</a></li> 4. Install and Autostart</a></li> 5. Administration</a></li> 6. Add Devices and Folders</a></li> 7. Resources</a></li> </ul> 1. Start Here (Desktop)</h2> Syncthing is under active development and hosts a dedicated [Debian package repository](apt.syncthing.net](https://apt.syncthing.net/) for the latest stable release. Verify the authenticity of Syncthing’s packages by adding the release PGP key:</p> sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg </span></code></pre> 2. Apt Sources</h2> The stable channel</strong> is updated with stable release builds, usually every first Tuesday of the month.</p> Add to apt sources:</p> echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" \| sudo tee /etc/apt/sources.list.d/syncthing.list </span></code></pre> 3. Apt Pin</h2> Set a preference for installing Syncthing’s own packaged version over the default Debian package by increasing its pin-priority</strong>:</p> printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" \| sudo tee /etc/apt/preferences.d/syncthing.pref </span></code></pre> Update and display the new priorities:</p> $ sudo apt update && apt-cache policy syncthing </span>syncthing: </span> Installed: (none) </span> Candidate: 1.30.0 </span> Version table: </span> 1.30.0 990 </span> 990 https://apt.syncthing.net syncthing/stable amd64 Packages </span> 1.29.7 990 </span> 990 https://apt.syncthing.net syncthing/stable amd64 Packages </span> 1.29.5~ds1-2 500 </span> 500 https://deb.debian.org/debian trixie/main amd64 Packages </span></code></pre> 4. Install and Autostart</h2> sudo apt install syncthing </span></code></pre> Autostart syncthing as a user without requiring root privileges by setting up a systemd user service</strong>.</p> Create a folder to hold user</code> services:</p> mkdir -p ~/.config/systemd/user </span></code></pre> Copy the syncthing.service</code> file into the load path of the user instance:</p> cp /usr/lib/systemd/user/syncthing.service ~/.config/systemd/user/ </span></code></pre> Enable and start the service:</p> systemctl --user enable syncthing.service </span>systemctl --user start syncthing.service </span></code></pre> A default ~/Sync</code> folder for synchronization is automatically created.</p> Check the status:</p> systemctl --user status syncthing.service </span></code></pre> View the logs for the user service:</p> journalctl -e --user-unit=syncthing.service </span></code></pre> 5. Administration</h2> 5.1 Localhost</h3> The administration GUI starts automatically and remains available on localhost:8384</a>.</p> Go to Actions->Settings->GUI</code> and add a username and password to the web interface.</p> 5.2 Remote hosts</h3> By default, we can’t connect to the GUI running on a remote computer. Syncthing is only listening for connections from 127.0.0.1</code>.</p> Allow connections to the GUI from network devices by first logging into the remote host, then editing ~/.local/state/syncthing/config.xml</code>.</p> Change the line:</p> <gui enabled="true" tls="false" debugging="false" sendBasicAuthPrompt="false"> </span> <address>127.0.0.1:8384</address> </span></code></pre> to</p> <gui enabled="true" tls="true" debugging="false" sendBasicAuthPrompt="false"> </span> <address>0.0.0.0:8384</address> </span></code></pre> Restart the service:</p> systemctl --user restart syncthing.service </span></code></pre> Remote host is now accessible at <ip_address>:8384</code>.</p> Go to Actions->Settings-GUI</code> and add a username and password to the web interface.</p> 6. Add Devices and Folders</h2> See this video tutorial</a> for adding devices and folders for synchronization.</p> 6.1 Syncthing on Android</h3> Install the Syncthing-Fork</a> application on the phone.</p> Enable syncing between the phone and desktop:</p> On the desktop: Actions->Show ID</code> to display QR code</li> On the phone: Devices</code>, click +</code> to Add Device</code>, click QR icon for Device ID</code> to launch camera app and scan remote device’s QR code</li> On the desktop: Click accept to add new device, set config options</li> </ul> Share a folder (example: the phone’s camera folder at /storage/emulated/0/DCIM</code>):</p> On the phone: Click on folder, enable file sharing to the remote device</li> On the desktop: Click accept to add new folder, set config options</li> </ul> 7. Resources</h2> Syncthing Docs: Getting Started</a></li> Syncthing Docs: Starting Syncthing Automatically on Linux</a></li> Syncthing on Debian/Ubuntu</a></li> Syncthing-Fork on Android</a></li> Syncthing Tutorial: Open Source & Private File Sync Made Simple</a> (video)</li> </ul> You can like, share, or comment on this post on Mastodon</a> 💬 </p> Install Linux Mint Debian Edition (LMDE 7) in Expert Mode Mon, 27 Oct 2025 00:00:00 +0000 I like to create encrypted storage space to hold the contents of my home</code> directory that is separate from the space that contains the root</code> filesystem. This makes it easier if I decide to re-install Linux on the target system while preserving user data.</p> During an install of LMDE 7 aka “Gigi”</a> - if you select the option to automatically erase and partition the disk using LUKS (Linux Unified Key Setup</em>) - the installer creates a single encrypted partition formatted with LVM (Logical Volume Manager</em>) containing two “virtual partitions” (Logical Volumes</em> or LVs): a swap</code> LV, and a root</code> LV that uses all remaining disk storage. There is no option to add a home</code> LV to the automatic schema.</p> Previously I would resize the root</code> LV to make room for a home LV</a>, but in my daily use I’ve found LVM to be an extra layer of complexity whose benefits - such as resizing existing LVs and creating new ones - I never end up using. More significantly, LVM makes re-installing the OS while preserving the contents of home</code> more complicated on LMDE (which again is different than how its done on the Ubuntu-based Linux Mint).</p> My preferred alternative:</strong> LMDE offers an expert-mode</strong> install option that is considerably more flexible in handling a custom partition layout of disk storage. I use live-installer-expert-mode</code> to create 3 partitions</strong>: a small EFI system partition, a root</code> partition, and a LUKS encrypted home</code> partition.</p> 1. Start Here</a> 1.1 Download install image</a></li> 1.2 Prepare USB install media</a></li> </ul> </li> 2. Live Environment</a> 2.1 Switch to root</a></li> 2.2 Confirm EFI support</a></li> 2.3 Define DISK variables</a></li> </ul> </li> 3. Prepare DISK</a> 3.1 Wipe DISK</a></li> 3.2 Partition DISK</a></li> </ul> </li> 4. Encryption and File Systems</a> 4.1 Encrypt home partition</a></li> 4.2 Create file systems</a></li> </ul> </li> 5. Install LMDE</a> 5.1 Expert mode</a></li> 5.2 Mount file systems</a></li> 5.3 Install</a></li> 5.4 Fstab</a></li> 5.5 Crypttab</a></li> 5.6 Complete installation</a></li> </ul> </li> 6. Configuration</a> 6.1 Mount virtual file systems</a></li> 6.2 Chroot</a></li> 6.3 Add packages</a></li> 6.4 Zram swap</a></li> </ul> </li> 7. Finish Up</a> 7.1 Unmount virtual file systems and partitions</a></li> 7.2 Remove encrypted home mapping</a></li> 7.3 First boot</a></li> </ul> </li> 8. Resources</a></li> </ul> 1. Start Here</h2> This guide makes a few assumptions:</p> Target device is 64-bit</code> architecture</li> System use UEFI to boot with GRUB as bootloader</li> LMDE install media prepared on a Linux system</li> LMDE is the sole OS on a single disk (example: sda</strong>)</li> Network access during install uses a (LMDE supported) wired interface</li> GPT partition table with 3 partitions:</li> </ul> Partition</th> Size</th> Format</th> Use as</th></tr></thead> sda1</td> 256MB</td> vfat</td> EFI system partition</td></tr> sda2</td> 64GB</td> ext4</td> root partition</td></tr> sda3</td> ->END</td> luks</td> encrypted partition (home device)</td></tr> </tbody></table> In lieu of creating a separate swap</code> partition, after the install I configure zram swap</a></li> </ul> 1.1 Download install image</h3> The latest live ISO install images are available here: Torrents and download mirrors</a></p> Download lmde-7-cinnamon-64bit.iso</code> and sha256sum.txt</code>.</p> Verify the image by running:</p> sha256sum -c --ignore-missing sha256sum.txt </span></code></pre> 1.2 Prepare USB install media</h3> Prepare a USB storage drive as an installer using one of these two methods:</p> Method 1: dd</h4> Write the installer to an unmounted</strong> USB storage device using the dd</code> command as root.</p> WARNING</strong> Be very careful to note the proper device. All contents on the device will be lost!</strong></p> Example: On a Linux system, if a USB stick appears as sdx1</code>, then write the installer to sdx</code> (no partition number):</p> sudo dd if=/path/to/lmde-7-cinnamon-64bit.iso of=/dev/sdx bs=4M conv=fsync oflag=direct status=progress </span>sync </span></code></pre> Method 2: Ventoy</h4> Use Ventoy</strong> to setup a USB device to be a multiboot installer</strong>. Simply copy an iso to the device, reboot, and the auto-generated menu lists all the disk images available to boot. Read more</a></p> 2. Live Environment</h2> Insert the USB install stick into the target device and boot to desktop.</p> 2.1 Switch to root</h3> Open a terminal and switch to a root shell:</p> sudo -i </span></code></pre> 2.2 Confirm EFI support</h3> cat /sys/firmware/efi/fw_platform_size </span></code></pre> If the command returns 64</code>, then system is booted in 64-bit x64 UEFI and we are good to go.</p> If the file does not exist, the device is not using UEFI. Stop here and search online for instructions on how to install LMDE in BIOS boot mode. The partition layout detailed below assumes UEFI boot and will need to be modified accordingly if this is not so.</p> 2.3 Define DISK variables</h3> Identify the disk where LMDE will be installed by listing block devices:</p> lsblk -f </span></code></pre> Set DISK variables for either a SATA or NVMe device:</p> SATA (example: sda)</h4> DISK=/dev/sda </span>EFI_PART=1 </span>ROOT_PART=2 </span>HOME_PART=3 </span>EFI_DISK=${DISK}${EFI_PART} </span>ROOT_DISK=${DISK}${ROOT_PART} </span>HOME_DISK=${DISK}${HOME_PART} </span></code></pre> NVMe (example: nvme0n1)</h3> DISK=/dev/nvme0n1 </span>EFI_PART=1 </span>ROOT_PART=2 </span>HOME_PART=3 </span>EFI_DISK=${DISK}p${EFI_PART} </span>ROOT_DISK=${DISK}p${ROOT_PART} </span>HOME_DISK=${DISK}p${HOME_PART} </span></code></pre> 3. Prepare DISK</h2> 3.1 Wipe DISK</h3> Before creating the new partition layout, wipe the DISK:</p> wipefs -af $DISK </span>sgdisk --zap-all --clear $DISK </span>partprobe $DISK && sgdisk -p $DISK </span></code></pre> NOTE</strong> If LVM was previously used on the drive, this might fail with an error such as Device or resource busy</code>. This is because the volume group might have gotten set up on boot. In such cases, bring it down with:</em></p> vgchange -an </span></code></pre> After that, wipefs -af</code> should work.</em></p> 3.2 Partition DISK</h3> List partition type codes:</p> sgdisk --list-types </span></code></pre> Create EFI system partition:</p> sgdisk -n "${EFI_PART}:1m:+256m" -t "${EFI_PART}:ef00" -c 0:esp $DISK </span></code></pre> Create root partition:</p> sgdisk -n "${ROOT_PART}:0:+64g" -t "${ROOT_PART}:8300" -c 0:root $DISK </span></code></pre> Create home partition:</p> sgdisk -n "${HOME_PART}:0:0" -t "${HOME_PART}:8309" -c 0:home $DISK </span></code></pre> Display layout:</p> partprobe $DISK && sgdisk -p $DISK </span></code></pre> 4. Encryption and File Systems</h2> 4.1 Encrypt home partition</h3> cryptsetup luksFormat --type luks2 -y $HOME_DISK </span></code></pre> Unlock the newly-created home</code> device:</p> cryptsetup open $HOME_DISK home </span></code></pre> Set variable for home</code> device:</p> HOME_DEV=/dev/mapper/home </span></code></pre> 4.2 Create file systems</h3> Labels are optional, but helpful. They allow for easy mounting without a UUID:</p> mkfs.vfat -n ESP $EFI_DISK </span>mkfs.ext4 -L rootfs $ROOT_DISK </span>mkfs.ext4 -L homefs $HOME_DEV </span></code></pre> 5. Install LMDE</h2> 5.1 Expert Mode</h3> Open a new tab in the terminal.</p> Launch the LMDE installer in expert-mode</code>:</p> sudo live-installer-expert-mode </span></code></pre> Proceed as normal up to Installation Type</code>. Select Manual Partitioning</code>.</p> In the Partitioning</code> window, click Expert mode</code>.</p> Before continuing, we mount our target filesystems on /target</code>.</p> 5.2 Mount file systems</h3> Switch back to the root terminal.</p> Mount the previously created filesystems:</p> mount --mkdir LABEL=rootfs /target </span>mount --mkdir LABEL=homefs /target/home </span>mount --mkdir LABEL=ESP /target/boot/efi </span></code></pre> 5.3 Install</h3> Switch back to the installer window and click Next</code>.</p> Proceed to Summary</code> and confirm:</p> Home encryption: disabled</code> (entire partition is LUKS-encrypted)</li> Install bootloader on /dev/<storage_device></code> (example: /dev/sda</code> with no partition number)</li> Use already mounted /target</code></li> </ul> When satisfied, click Install</code>.</p> LMDE install proceeds as per usual up to Installation paused</code>.</p> Do the following before continuing the install:</p> 5.4 Fstab</h3> Set filesystems that will be mounted at boot:</p> echo "LABEL=ESP /boot/efi vfat defaults 0 1" >> /target/etc/fstab </span>echo "LABEL=rootfs / ext4 defaults 0 1" >> /target/etc/fstab </span>echo "LABEL=homefs /home ext4 defaults 0 2" >> /target/etc/fstab </span></code></pre> 5.5 Crypttab</h3> Set home</code> to be opened at boot:</p> echo "home PARTLABEL=home none luks,discard" >> /target/etc/crypttab </span></code></pre> 5.6 Complete installation</h3> Switch back to installer window and click Next</code> to complete installation.</p> When prompted Do you want to restart your computer to use the new system?</code> choose No</code>.</p> 6. Configuration</h2> 6.1 Mount virtual file systems</h3> Mount virtual file systems for the new install environment:</p> mount --bind /dev /target/dev </span>mount --bind /dev/pts /target/dev/pts </span>mount -t proc /proc /target/proc </span>mount -t sysfs /sys /target/sys </span></code></pre> 6.2 Chroot</h3> Copy resolv.conf</code> to enable network access inside chroot environment:</p> cp /etc/resolv.conf /target/etc/resolv.conf </span></code></pre> Make changes inside the local installed system by accessing it from the LMDE live installer:</p> chroot /target/ /bin/bash </span></code></pre> Change the prompt to highlight actions inside chroot</code>:</p> export PS1="(chroot) $PS1" </span></code></pre> 6.3 Add packages</h3> Update the package repository contents and install extra packages:</p> apt update && apt install systemd-cryptsetup zram-tools </span></code></pre> 6.4 Zram swap</h3> Settings are modified in /etc/default/zramswap</code>.</p> Uncomment PERCENT</code> and set amount of RAM used by zram as a percentage of total memory available:</p> PERCENT=25 </span></code></pre> Uncomment PRIORITY</code> and set the priority of the swap device:</p> PRIORITY=100 </span></code></pre> 7. Finish Up</h2> Exit the chroot</code> environment:</p> exit </span></code></pre> 7.1 Unmount virtual file systems and partitions</h3> NOTE</strong> Partition /target/boot/efi</code> is auto-unmounted by the installer.</em></p> umount /target/dev/pts </span>umount /target/dev </span>umount /target/proc </span>umount /target/sys </span>umount /target/home </span>umount -l -n -R /target </span></code></pre> 7.2 Remove encrypted home mapping</h3> cryptsetup close home </span></code></pre> Reboot system.</p> 7.3 First boot</h3> User is prompted for the passphrase to unlock the encrypted home</code> partition. Upon success, boot resumes…</p> Welcome to LMDE!</strong></p> NOTE</strong> The default plymouth (boot) theme mint-logo</code> fails to display properly rendered text for the password prompt on the splash screen to unlock home</code> partition (except for this detail it otherwise works correctly). After a successful first boot, possible workarounds are to switch to another built-in plymouth theme or (my choice) disable plymouth and use a text-based password prompt. To do so, edit</em> /etc/default/grub.d/50_lmde.cfg</code> and remove splash</code> from</em> GRUB_CMDLINE_LINUX_DEFAULT</code>. Save changes and run update-grub</code>.</em></p> 8. Resources</h2> Release notes for LMDE 7</a> and upstream Debian 13 “Trixie”</a>. Pay particular attention to 5. Issues to be aware of for trixie</a>.</li> I created a shell script that automates the above work in preparing the target device for the install: lmde-expert-mode-assist</a></li> </ul> You can like, share, or comment on this post on Mastodon</a> 💬 </p>

Just Enough Arch Linux

Sun, 22 Feb 2026 00:00:00 +0000

Using the Arch Linux</a> installation image and working my way through the excellent installation guide</a>, I show the choices I make to create an encrypted, minimal Linux system with “just enough” to provide a solid foundation to build upon further: whether that be setting up a desktop, laptop, or server.

1. Start Here</a>
- Acquire an installation image</a></li>
- Prepare the USB installation medium</a></li> </ul> </li>
- 2. Configure the Live Environment</a>
 - Set the console keyboard</a></li>
 - Set the console font</a></li>
 - Verify the boot mode</a></li>
 - Connect to the internet</a></li>
 - Remote login to the installer</a></li>
 - Update the system clock</a></li> </ul> </li>
 - 3. Prepare the DISK</a>
 - Define DISK variables</a></li>
 - Erase DISK</a></li>
 - Partition DISK</a></li>
 - Format the ESP partition</a></li>
 - Encrypt the root partition</a></li>
 - Format the root device</a></li>
 - Create subvolumes</a></li>
 - Define variable for subvolume mount options</a></li>
 - Mount the subvolumes</a></li>
 - Mount the ESP partition</a></li> </ul> </li>
 - 4. Installation</a>
 - Select the mirrors</a></li>
 - Install</a></li> </ul> </li>
 - 5. Configure the System</a>
 
 Fstab</a></li>
 Chroot</a></li>
 Zram swap</a></li>
 Time</a></li>
 Localization</a></li>
 Console keymap and font</a></li>
 Hostname</a></li>
 Network configuration</a></li>
 Initramfs</a></li>
 Root password</a></li>
 Superuser</a></li>
 Boot loader</a></li> </ul> </li>
 6. Finish Up</a></li>
 7. Resources</a></li> </ul>
 
 1. Start Here</h2>
 Throughout this HOWTO, if you see square brackets []</code> in code blocks, that means the word of code (square brackets included) should be replaced with something else. This is detailed in the instructions before or after the code block.
 Arch Linux will be installed as the sole operating system on a single disk using a two-partition layout:
 Partition root</code> is encrypted with LUKS2</a> and formatted with the BTRFS</a> file system using subvolumes.</li> Partition esp</code> is formatted with the FAT32</a> file system and mounted to boot</code>. Because this partition will also be storing kernels and initramfs in addition to EFI-related files - and to future-proof it for whatever else Linux might want to store there - I assign it a generous 4GB of storage.</li> In lieu of creating a partition for swap</code>, the zram</a> kernel module is used to create a compressed block device in RAM to provide swap space.</li> </ul> A few assumptions: Target device is x86_64</code> architecture using UEFI to boot.</li> Network access during install uses a wired interface.</li> Limine</a> will be used as the system bootloader.</li> </ul> Acquire an installation image</h3> The latest official installation images are available here: Torrents and download mirrors</a> Download archlinux-[RELEASE]-x86_64.iso</code> and sha256sums.txt</code>. As of February 2026 the latest RELEASE is 2026.02.01</code>. On a Linux system, verify the integrity of the image by running: sha256sum -c --ignore-missing sha256sums.txt </code></pre> Prepare the USB installation medium</h3> Write the installer to an unmounted USB storage device running the dd</code> command as root. WARNING Be very careful to note the proper device (which can be identified with lsblk</code>). All contents on the device will be lost! Example: On a Linux system, if a USB stick appears as sdx1</code>, then write the installer to sdx</code> (omit partition number): sudo dd if=archlinux-2026.02.01-x86_64.iso of=/dev/sdx bs=4M conv=fsync oflag=direct status=progress; sync </code></pre> 2. Configure the Live Environment</h2> Boot the target device from the Arch installation media. User is automatically logged in as root</code> to the first virtual console. Set the console keyboard</h3> Default console keymap is us</code>. List available layouts: localectl list-keymaps </code></pre> If some other keymap is desired, set a different keymap temporarily: loadkeys [keymap] </code></pre> …where [keymap]</code> is the desired keyboard layout. Example: I configure the system to use my preferred colemak</code> layout: loadkeys colemak </code></pre> Set the console font</h3> If the existing font size appears too small, running: setfont -d </code></pre> … will double the size. Console fonts are located in /usr/share/kbd/consolefonts/</code> and a different font can be set with setfont</code> omitting the path and file extension: setfont [FONT]-[X][SIZE][STYLE] </code></pre> …where [FONT]</code> is font name, [X]</code> is a character identifying the code page, [SIZE]</code> is font height, and [STYLE]</code> is n</code> for normal, b</code> for bold, v</code> for CRT VGA bold. Example: Temporarily load the terminus</code> font in bold: setfont ter-122b </code></pre> See /usr/share/terminus-font/README</code> and Fonts</a> for more details. Verify the boot mode</h3> Confirm target device is using UEFI boot mode: cat /sys/firmware/efi/fw_platform_size </code></pre> If the command returns 64</code>, then system is booted in UEFI with 64-bit x64 UEFI and we are good to go. NOTE If the file does not exist, the device is not using UEFI. Stop here and consult the official Installation Guide</a> on how to proceed with the install on a device using BIOS boot mode. Connect to the internet</h3> Wired network interfaces should be auto-enabled and connected at boot. Verify the network interface is active, has been assigned an address, and the internet is reachable using ip-address</code> and ping</code> commands: ip addr ping -c 5 archlinux.org </code></pre> If this fails, or a wireless interface is required, see the Installation Guide</a>. Remote login to the installer</h3> Make this manual installation process easier (i.e. cut-n-paste commands) by remotely logging into the installer via ssh</code> from another computer. Confirm sshd</code> daemon was started at boot: systemctl status sshd </code></pre> … otherwise, start the service: systemctl start sshd.service </code></pre> Set a password for root</code>: passwd </code></pre> Switch to the other computer and ssh</code> into the target device: ssh root@[ip_address] </code></pre> …where [ip_address]</code> is the target device’s address obtained with the ip addr</code> command above. Update the system clock</h3> The systemd-timesyncd</a> service is enabled by default by the installer and the time and date will be synchronized automatically once access to the internet is established. Verify the system clock is synchronized: timedatectl </code></pre> 3. Prepare the DISK</h2> Setup a custom partition layout on a single disk before implementing the Arch base installation. Define DISK variables</h3> Identify the disk where Arch will be installed by listing block devices: lsblk -f </code></pre> Set DISK variables for either a SATA or NVMe disk: SATA</h4> Example disk: sda</code> export DISK="/dev/sda" export ESP_PART="1" export ROOT_PART="2" export ESP_DISK="${DISK}${ESP_PART}" export ROOT_DISK="${DISK}${ROOT_PART}" </code></pre> NVMe</h4> Example disk: nvme0n1</code> export DISK="/dev/nvme0n1" export ESP_PART="1" export ROOT_PART="2" export ESP_DISK="${DISK}p${ESP_PART}" export ROOT_DISK="${DISK}p${ROOT_PART}" </code></pre> Erase DISK</h3> Erase existing file systems and partition table on DISK</code>: wipefs -af $DISK && sgdisk --zap-all --clear $DISK </code></pre> Notify the system of changes to the partition table: partprobe $DISK </code></pre> NOTE If DISK</code> was previously configured with LVM</a>, this operation might fail with an error such as Device or resource busy</code>. This is because the volume group might have been set up on boot. In such cases, first bring down the volume group: vgchange -an </code></pre> After that, wipefs</code> and sgdisk</code> should work as expected. Partition DISK</h3> Create a GPT partition table on DISK with the following layout: Number</th> Size</th> Code</th> Format</th> Use as</th></tr></thead> 1</td> 4g</td> ef00</td> vfat</td> ESP partition</td></tr> 2</td> ->END</td> 8309</td> luks</td> Encrypted root partition</td></tr> </tbody></table> Create the ESP partition: sgdisk -n "${ESP_PART}:1m:+4g" -t "${ESP_PART}:ef00" -c 0:esp $DISK </code></pre> Create the encrypted root partition: sgdisk -n "${ROOT_PART}:0:0" -t "${ROOT_PART}:8309" -c 0:root $DISK </code></pre> Display layout: partprobe $DISK && sgdisk -p $DISK </code></pre> Format the ESP partition</h3> NOTE Labels on file systems are optional, but helpful. They allow for easy mounting without a UUID. Create a FAT32 file system: mkfs.fat -n ESP -F 32 $ESP_DISK </code></pre> Encrypt the root partition</h3> Encrypt the partition using luks2</code>: cryptsetup luksFormat -y --type luks2 $ROOT_DISK </code></pre> The newly-created LUKS device is opened and mapped to /dev/mapper/root</code>, as suggested by the Discoverable Partitions Specification</a>: cryptsetup open $ROOT_DISK root </code></pre> Define a variable for the root device: export ROOT_DEV="/dev/mapper/root" </code></pre> Format the root device</h3> Create a BTRFS file system: mkfs.btrfs -L arch $ROOT_DEV </code></pre> Mount the root device: mount $ROOT_DEV /mnt </code></pre> Create subvolumes</h3> Changing BTRFS subvolume layouts is made simpler by not mounting the top-level subvolume as /</code> (which is the default). As an alternative, create a BTRFS subvolume that contains the actual data, and mount that to /</code>. Use @</code> for the name of this new subvolume (which is the default name used by Snapper</a>, a tool for making file system snapshots): btrfs subvolume create /mnt/@ </code></pre> Create additional subvolumes to facilitate system rollbacks that leave logs, databases, and home files untouched: btrfs subvolume create /mnt/@home btrfs subvolume create /mnt/@cache btrfs subvolume create /mnt/@log btrfs subvolume create /mnt/@tmp btrfs subvolume create /mnt/@srv btrfs subvolume create /mnt/@snapshots </code></pre> Define variable for subvolume mount options</h3> For an installation on a NVMe disk, these are the subvolume mount options I use: noatime</code>: Disables writing “last accessed” timestamps. Extends SSD lifespan and improves read speeds.</li> compress=zstd:1</code>: Compression algorithm/setting “sweet spot” for NVMe (default is 3</code>). For non-NVMe disks, omit this setting and accept the default.</li> space_cache=v2</code>: Method to track free blocks. Significantly more efficient than v1</code>.</li> commit=120</code>: Default commit interval is 30 seconds. Increasing the interval allows BTRFS to bundle small writes in memory into fewer, larger sequential writes. If the system is connected to a UPS or healthy battery, the commit interval can be increased because the risk of a sudden power-loss shutdown is much lower.</li> </ul> Define a variable with these options: export SUB_OPTS="noatime,compress=zstd:1,space_cache=v2,commit=120" </code></pre> For more options and details, see the BTRFS Administration</a> page. Mount the subvolumes</h3> Unmount the previously mounted root</code> device: umount /mnt </code></pre> Mount the subvolumes: mount -o ${SUB_OPTS},subvol=@ $ROOT_DEV /mnt mount --mkdir -o ${SUB_OPTS},subvol=@home $ROOT_DEV /mnt/home mount --mkdir -o ${SUB_OPTS},subvol=@cache $ROOT_DEV /mnt/var/cache mount --mkdir -o ${SUB_OPTS},subvol=@log $ROOT_DEV /mnt/var/log mount --mkdir -o ${SUB_OPTS},subvol=@tmp $ROOT_DEV /mnt/var/tmp mount --mkdir -o ${SUB_OPTS},subvol=@srv $ROOT_DEV /mnt/srv mount --mkdir -o ${SUB_OPTS},subvol=@snapshots $ROOT_DEV /mnt/.snapshots </code></pre> Mount the ESP partition</h3> mount --mkdir $ESP_DISK /mnt/boot && df -h </code></pre> 4. Installation</h2> Select the mirrors</h3> Packages to be installed must be downloaded from mirror servers, which are defined in /etc/pacman.d/mirrorlist</code>. Generate a new mirrorlist using reflector</a>. Backup the existing mirrorlist: cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak </code></pre> Example: This command will select the 5 most recently synchronized HTTPS mirrors located in Canada, sort them by download speed, and overwrite the mirrorlist with the new links: reflector --verbose --protocol https --latest 5 --sort rate --country Canada --save /etc/pacman.d/mirrorlist </code></pre> Synchronize the pacman</a> package databases using the new mirror list: pacman -Syy </code></pre> Install</h3> Identify the processor vendor: grep vendor_id /proc/cpuinfo </code></pre> Create a variable for an appropriate microcode package to load updates and security fixes: UCODE="[vendor]-ucode" </code></pre> …where [vendor]</code> for Intel processors is intel</code> and AMD processors is amd</code>. Create a variable for an editor (nano</code>, vim</code>, etc.) used to modify configuration files after we chroot</code> into the new system: export EDIT="nano" </code></pre> Use pacstrap</a> to install the base package, Linux kernel, firmware for common hardware, crypt and file utilities, and some nice extras: pacstrap -K /mnt base base-devel linux linux-firmware btrfs-progs cryptsetup efibootmgr limine man-db networkmanager openssh reflector sudo terminus-font $UCODE $EDIT </code></pre> 5. Configure the System</h2> Fstab</h3> Generate an fstab</a> file: genfstab -L /mnt >> /mnt/etc/fstab && cat /mnt/etc/fstab </code></pre> Inspect the results for any possible errors. Chroot</h3> Chroot into the newly-installed base system: arch-chroot /mnt /bin/bash </code></pre> Zram swap</h3> Load the module at boot: echo "zram" > /etc/modules-load.d/zram.conf </code></pre> Create the following udev rule</a> adjusting the disksize attribute (1/2 of physical RAM is a good benchmark) as necessary: $EDIT /etc/udev/rules.d/99-zram.rules </code></pre> Add rule: ACTION=="add", KERNEL=="zram0", ATTR{initstate}=="0", ATTR{comp_algorithm}="zstd", ATTR{disksize}="4G", TAG+="systemd" </code></pre> Save changes and exit. Add zram0</code> to fstab</code> with a higher than default priority and the x-systemd.makefs</code> option: echo -e "/dev/zram0\tnone\tswap\tdefaults,discard,pri=100,x-systemd.makefs\t0 0" >> /etc/fstab </code></pre> After rebooting the system, check status with: zramctl </code></pre> Time</h3> Timezones are located in /usr/share/zoneinfo</code>. List the timezones: timedatectl list-timezones </code></pre> Set the desired timezone: timedatectl set-timezone [Region]/[City] </code></pre> …where [Region]</code> is the geographical region (Africa</code>, America</code>, Europe</code>, …) and the [City]</code> within that region. Example: Timezone where Toronto</code> is located: timedatectl set-timezone America/Toronto </code></pre> Update the system clock: hwclock --systohc </code></pre> Enable network time synchronization: timedatectl set-ntp true </code></pre> Show current time settings: timedatectl </code></pre> Localization</h3> Open the list of locales: $EDIT /etc/locale.gen </code></pre> … and uncomment any desired locales. Save changes and exit. Generate the locales by running: locale-gen </code></pre> Set the LANG</code> variable: echo "LANG=[locale]" > /etc/locale.conf </code></pre> … where [locale]</code> is one of the generated locales (example: en_CA.UTF-8</code>): echo "LANG=en_CA.UTF-8" > /etc/locale.conf </code></pre> Console keymap and font</h3> If earlier during the installation a different console keyboard layout than us</code> was selected, make the change persistent by writing the choice to vconsole.conf</code>: echo "KEYMAP=[keyboard]" >> /etc/vconsole.conf </code></pre> …where [keyboard]</code> is your desired keymap (example: colemak</code>): echo "KEYMAP=colemak" >> /etc/vconsole.conf </code></pre> Same process if the default font was changed: echo "FONT=[font]" >> /etc/vconsole.conf </code></pre> … which in this HOWTO would be ter-122b</code>: echo "FONT=ter-122b" >> /etc/vconsole.conf </code></pre> Hostname</h3> Create the hostname</code> file: echo [hostname] > /etc/hostname </code></pre> …where [hostname]</code> is the desired name of the system (single word, no spaces): echo "archlinux" > /etc/hostname </code></pre> Network configuration</h3> Enable NetworkManager</a> to start at boot: systemctl enable NetworkManager </code></pre> Enable sshd</code> to start at boot: systemctl enable sshd </code></pre> Initramfs</h3> Configure the initramfs</code> image to be generated by opening the mkinitcpio.conf</code> file for editing: $EDIT /etc/mkinitcpio.conf </code></pre> Set the necessary MODULES</code>: MODULES=(btrfs) </code></pre> … and BINARIES</code>: BINARIES=(/usr/bin/btrfs) </code></pre> NOTE Order of the hooks matters. See Hook List</a>. HOOKS</code> control the modules and scripts added to the image and what happens at boot time: HOOKS=(base udev keyboard autodetect microcode modconf kms keymap consolefont block encrypt filesystems fsck) </code></pre> Save changes and exit. Recreate the initramfs image with mkinitcpio</code>: mkinitcpio -P </code></pre> Root password</h3> Set a password for root: passwd </code></pre> Superuser</h3> Create a user account with superuser privileges: useradd -m -G wheel -s /bin/bash [username] </code></pre> …where [username]</code> is the desired name for the account. Set a password for [username]</code>: passwd [username] </code></pre> Activate wheel</a> group access for the sudo</code> command: sed -i "s/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/" /etc/sudoers </code></pre> Boot loader</h3> Create the /boot/EFI/BOOT</code> directory and copy the Limine</a> BOOT file there: mkdir -p /boot/EFI/BOOT cp /usr/share/limine/BOOTX64.EFI /boot/EFI/BOOT/ </code></pre> Limine does not add an entry for the boot loader in the NVRAM. Use efibootmgr</code> to create an entry: efibootmgr --create --disk $DISK --part $ESP_PART --label "Arch Linux Limine Boot Loader" --loader '\EFI\BOOT\BOOTX64.EFI' --unicode </code></pre> Limine does not provide a default configuration file, it is therefore necessary to create one. Firstly, make note of the LUKS device UUID required by the config file, which is retrieved by running: cryptsetup luksUUID $ROOT_DISK </code></pre> Create the limine.conf</a>: $EDIT /boot/limine.conf </code></pre> Add entry: timeout: 3 /Arch Linux protocol: linux path: boot():/vmlinuz-linux cmdline: cryptdevice=UUID=[device-UUID]:root root=/dev/mapper/root rootflags=subvol=@ rw rootfstype=btrfs module_path: boot():/initramfs-linux.img </code></pre> Replace the [device-UUID]</code> above with the UUID of the LUKS device. Save changes and exit. 6. Finish Up</h2> Exit chroot: exit </code></pre> Unmount partitions: umount /mnt/boot umount -l -n -R /mnt </code></pre> Remove encrypted device mapping: cryptsetup close root </code></pre> Reboot system: reboot </code></pre> User is prompted for the passphrase to unlock the encrypted root</code> partition. Upon success, boot resumes… archlinux login: </code></pre> Welcome to Arch! 7. Resources</h2> Not just for Arch Linux, but for Linux in general, the Arch Wiki</a> is a tremendous resource.</li> </ul> You can like, share, or comment on this post on the Fediverse</a> 💬 Minimal Alpine Linux Wed, 04 Feb 2026 00:00:00 +0000 Alpine Linux</a> is a lightweight and delightful community-driven Linux distribution that does things a bit differently than the standard defaults (musl</code> vs glibc</code> for C library, openrc</code> vs systemd</code> for init). I use an Alpine installation image to create an encrypted, console-only minimal system that provides a solid foundation while I explore building it up bit by bit to a workstation, laptop, and server configuration. 1. Start Here</a> Acquire an installation image</a></li> Prepare the USB installation medium</a></li> </ul> </li> 2. Configure the Live Environment</a> Set the console keyboard</a></li> Verify the boot mode</a></li> Connect to the internet</a></li> Remote login to the installer</a></li> </ul> </li> 3. Initial System Setup</a></li> 4. Prepare the DISK</a> Install extra tools</a></li> Define disk variables</a></li> Erase DISK</a></li> Partition DISK</a></li> Encrypt the root partition</a></li> Encrypt the data partition</a></li> Format and mount the root device</a></li> Format and mount the data device</a></li> Format and mount the ESP partition</a></li> </ul> </li> 5. Installation</a></li> 6. Configure the System</a> Chroot</a></li> Zram swap</a></li> Auto-mount DATA_DISK</a></li> Mkinitfs</a></li> Bootloader</a></li> </ul> </li> 7. Finish Up</a></li> 8. Resources</a></li> </ul> 1. Start Here</h2> This guide makes a few assumptions: Target device is x86_64</code> architecture and uses UEFI to boot.</li> Alpine will be installed as the sole operating system on a single disk.</li> Network access during install uses a wired interface.</li> </ul> Alpine includes a setup-alpine</a> script in the installer that can quickly get a system up-and-running. I will use the script to set a few basic settings, then skip the disk setup stage and proceed to manually create a custom partition layout, followed by chroot</code>-ing into the newly-installed system to complete the setup. This custom partition layout includes: Separate root</code> and data</code> partitions encrypted with LUKS2 and formatted with the ext4</code> file system. I like to keep my user data in a separate partition to preserve its contents and make things simpler if/when I wipe root</code> and re-install Linux.</li> An EFI partition formatted with the fat32</code> file system and mounted to boot</code>. Because this partition will also be storing kernels and initramfs in addition to EFI-related files - and to future-proof it for whatever else Linux might want to store here - I assign it a generous 2GB of storage.</li> In lieu of creating a partition for swap</code> memory, I use the Linux zram</code> kernel module to configure a compressed block device in RAM to provide swapspace.</li> </ul> NOTE Throughout this guide, square brackets []</code> in code blocks indicates the word of code (square brackets included) should be replaced with something else. This is detailed in the instructions before or after the code block. Acquire an installation image</h3> The latest official installation images are available here: Downloads</a> Download alpine-standard-[RELEASE]-x86_64.iso</code> and alpine-standard-[RELEASE]-x86_64.iso.sha256</code>. As of 2026-02-04 the latest RELEASE is 3.23.3</code>. On a Linux system, verify the integrity of the image with sha256sum</code>: sha256sum -c --ignore-missing alpine-standard-3.23.3-x86_64.iso.sha256 </code></pre> Prepare the USB installation medium</h3> WARNING Be very careful to note the proper device (which can be identified with the lsblk</code> command). All contents on the device will be lost! Write the installer to an unmounted USB storage device running the dd</code> command as root. Example: On a Linux system, if a USB stick appears as sdx1</code>, then write the installer to sdx</code> (omit partition number): sudo dd if=alpine-standard-3.23.3-x86_64.iso of=/dev/sdx bs=4M conv=fsync oflag=direct status=progress; sync </code></pre> 2. Configure the Live Environment</h2> Boot the target device from the Alpine installation media. Login as root</code> with no password. Set the console keyboard</h3> Default console keymap is us</code>. Available layouts are located in /usr/share/bkeymaps</code>. If some other keymap is desired, set a different one using the setup-keymap</code> script: setup-keymap [LAYOUT] [VARIANT] </code></pre> Example: I configure the system to use the us</code> layout with my preferred colemak</code> variant: setup-keymap us us-colemak </code></pre> Or run setup-keymap</code> in interactive mode: # setup-keymap Select keyboard layout: `us` Select variant: `us-colemak` </code></pre> Verify the boot mode</h3> Confirm target device is using UEFI boot mode: cat /sys/firmware/efi/fw_platform_size </code></pre> If the command returns 64</code>, then system is booted in UEFI with 64-bit x64 UEFI and we are good to go. NOTE If the file does not exist, the device is not using UEFI. Connect to the internet</h3> Configure the wired interface by running the setup-interfaces</a> script in interactive mode: setup-interfaces </code></pre> Example: I configure the ethernet interface device identified as eth0</code>: Interface: eth0</code></li> Ip address: dhcp</code></li> Manual configuration: n</code></li> </ul> Bring up the interface: ifup eth0 </code></pre> Verify the network interface is active, has been assigned an address, and the internet is reachable: ip addr ping -c 5 alpinelinux.org </code></pre> If this fails, or a wireless interface is required, consult the User Handbook: Networking</a> page. Remote login to the installer</h3> One option to make this manual installation process easier (i.e. cut-n-paste commands) is to remotely log into the installer via ssh</code> from another computer. On the installer, add the sshd</code> daemon using setup-sshd</a>: setup-sshd -c openssh </code></pre> NOTE Editor vi</code> is used for modifying files, or install nano</code> with: apk add nano </code></pre> Modify /etc/ssh/sshd_config</code> by setting PermitRootLogin</code> to allow root logins: PermitRootLogin yes </code></pre> Reload the daemon: rc-service sshd reload </code></pre> Set a password for root</code>: passwd </code></pre> Switch to the other computer and ssh</code> into the target device: ssh root@[ip_address] </code></pre> …where [ip_address]</code> is the target device’s address obtained with the ip addr</code> command above. 3. Initial System Setup</h2> Begin the system configuration using the setup-alpine</a> script: setup-alpine </code></pre> Example configuration steps: Keyboard layout: us</code> ## skipped if set above</li> Keyboard variant: us-colemak</code> ## skipped if set above</li> Enter system hostname: alpinebox.home.arpa</code></li> Interface: eth0</code></li> Ip address: dhcp</code></li> Manual network configuration? n</code></li> Root password: xxxxxxxx</code></li> Timezone: Canada</code></li> Sub-timezone: Eastern</code></li> Proxy: none</code></li> Network Time Protocol: chrony</code> ## skipped if running in a virtual machine; defaults to built-in busybox</code></li> APK Mirror: c</code> ## enable community repository</li> APK Mirror: f</code> ## find and use fastest mirror</li> Setup user: foo</code></li> Full name: foo</code></li> User password: xxxxxxxx</code></li> SSH key: none</code></li> SSH server: openssh</code></li> </ul> At the Disk & Install</code> step, enter Ctrl-C</code> to exit script. 4. Prepare the DISK</h2> Setup a custom partition layout on a single disk before implementing the Alpine base installation. Install extra tools</h3> apk update && apk add cryptsetup dosfstools e2fsprogs lsblk sgdisk wipefs </code></pre> Define DISK variables</h3> Identify the disk where Alpine will be installed by listing block devices: lsblk -f </code></pre> Set DISK variables for either a SATA or NVMe device: SATA (example device: sda</code>)</h4> export DISK="/dev/sda" export ESP_PART="1" export ROOT_PART="2" export DATA_PART="3" export ESP_DISK="${DISK}${ESP_PART}" export ROOT_DISK="${DISK}${ROOT_PART}" export DATA_DISK="${DISK}${DATA_PART}" </code></pre> NVMe (example device: nvme0n1</code>)</h4> export DISK="/dev/nvme0n1" export ESP_PART="1" export ROOT_PART="2" export DATA_PART="3" export ESP_DISK="${DISK}p${ESP_PART}" export ROOT_DISK="${DISK}p${ROOT_PART}" export DATA_DISK="${DISK}p${DATA_PART}" </code></pre> Erase DISK</h3> Erase existing file systems and partition table on DISK</code>: wipefs -af $DISK && sgdisk --zap-all --clear $DISK </code></pre> Notify the system of the changes to the partition table: partprobe $DISK </code></pre> NOTE If the Logical Volume Manager (LVM) framework was previously installed on DISK</code>, the above might fail with an error such as Device or resource busy</code>. This is because the LVM volume group might have gotten set up at boot. If so, bring down the volume group: vgchange -an </code></pre> After that, wipefs</code> should work as expected. Partition DISK</h3> Create a custom GPT partition table on DISK with the following layout: Number</th> Size</th> Code</th> Format</th> Use as</th></tr></thead> 1</td> 2g</td> EF00</td> vfat</td> ESP partition</td></tr> 2</td> 48g</td> 8309</td> luks</td> Encrypted root partition</td></tr> 3</td> ->END</td> 8309</td> luks</td> Encrypted data partition</td></tr> </tbody></table> Create the ESP partition: sgdisk -n "${ESP_PART}:1m:+2g" -t "${ESP_PART}:ef00" -c 0:esp $DISK </code></pre> Create the encrypted root partition: sgdisk -n "${ROOT_PART}:0:+48g" -t "${ROOT_PART}:8309" -c 0:root $DISK </code></pre> Create the encrypted data partition: sgdisk -n "${DATA_PART}:0:0" -t "${DATA_PART}:8309" -c 0:data $DISK </code></pre> NOTE Run command mdev -s</code> to create partition nodes in /dev</code>. Notify the system of changes to the partition table and display layout: partprobe $DISK && mdev -s && sgdisk -p $DISK </code></pre> Encrypt the root partition</h3> Load the encryption kernel module: modprobe dm-crypt </code></pre> Encrypt the partition using cryptsetup</code>: cryptsetup luksFormat -y --type luks2 $ROOT_DISK </code></pre> Open the newly-created root device and map to /dev/mapper/root</code>: cryptsetup open $ROOT_DISK root </code></pre> Define a variable for this device: export ROOT_DEV="/dev/mapper/root" </code></pre> Encrypt the data partition</h3> Encrypt the partition: cryptsetup luksFormat -y --type luks2 $DATA_DISK </code></pre> Open the newly-created data device and map to /dev/mapper/data</code>: cryptsetup open $DATA_DISK data </code></pre> Define a variable for this device: export DATA_DEV="/dev/mapper/data" </code></pre> Format and mount the root device</h3> NOTE Labels on file systems are optional, but helpful. They allow for easy identification/mounting without a UUID. Create a ext4</code> file system on the device: mkfs.ext4 -L rootfs $ROOT_DEV </code></pre> Mount the device: mount -t ext4 $ROOT_DEV /mnt </code></pre> Format and mount the data device</h3> Create a ext4</code> file system on the device: mkfs.ext4 -L datafs $DATA_DEV </code></pre> Create the data</code> mountpoint and mount the device: mkdir /mnt/data && mount -t ext4 $DATA_DEV /mnt/data </code></pre> Format and mount the ESP partition</h3> Create a fat32</code> file system on the partition: mkfs.fat -n ESP -F 32 $ESP_DISK </code></pre> Create the boot</code> mountpoint and mount the partition: mkdir /mnt/boot && mount -t vfat $ESP_DISK /mnt/boot && df -h </code></pre> 5. Installation</h2> Use the setup-disk</a> script to install an Alpine base system to the root</code> device currently mounted on /mnt</code>: setup-disk -m sys /mnt </code></pre> 6. Configure the System</h2> Before chroot</code>-ing into the system to configure it, a number of directories must be mounted: mount --rbind /dev /mnt/dev mount --make-rslave /mnt/dev mount -t proc /proc /mnt/proc mount --rbind /sys /mnt/sys mount --make-rslave /mnt/sys mount --rbind /tmp /mnt/tmp mount --bind /run /mnt/run </code></pre> Chroot</h3> Enter the newly-installed base system: chroot /mnt </code></pre> Zram swap</h3> Install zram-init</code>, a wrapper script for the zram</code> kernel module: apk update && apk add zram-init </code></pre> The configuration file /etc/conf.d/zram-init</code> is well-commented. These are the settings I modify/verify are set as follows: load_on_start=yes unload_on_stop=yes num_devices=1 type0=swap size0=`LC_ALL=C free -m | awk '/^Mem:/{print int($2/4)}'` ## use a fourth of available memory algo0=zstd </code></pre> Enable the service: rc-update add zram-init </code></pre> After rebooting the system, check status with: zramctl </code></pre> Auto-mount DATA_DISK</h3> Decrypt and auto-mount DATA_DISK</code> at boot by using a keyfile securely stored on the encrypted ROOT_DISK</code>. Create the keyfile: dd if=/dev/urandom of=/root/crypt-data-keyfile.bin bs=1024 count=4 </code></pre> Restrict permissions so only root</code> can read it: chmod 400 /root/crypt-data-keyfile.bin </code></pre> Add the keyfile to a LUKS key slot on DATA_DISK</code>: cryptsetup luksAddKey $DATA_DISK /root/crypt-data-keyfile.bin cryptsetup luksDump $DATA_DISK | grep luks2 </code></pre> Original passphrase for DATA_DISK</code> occupies slot 0</code> and the keyfile has been added to slot 1</code>. Make note of the device-UUID</code> required by the dmcrypt</code> config file, which can be obtained using blkid</code> or cryptsetup</code>: cryptsetup luksUUID $DATA_DISK </code></pre> Edit /etc/conf.d/dmcrypt</code>: ## Definition for /dev/mapper/data (for /data) with keyfile target=data source=UUID="[device-UUID]" key=/root/crypt-data-keyfile.bin </code></pre> … where [device-UUID]</code> is replaced with the UUID of DATA_DISK</code>. Enable the dmcrypt</code> service to start on boot: rc-update add dmcrypt boot </code></pre> NOTE Verify an entry for /data</code> exists in /etc/fstab</code>. Otherwise, add it: /dev/mapper/data /data ext4 rw,relatime 0 2 </code></pre> Mkinitfs</h3> Edit /etc/mkinitfs/mkinitfs.conf</code>, adding cryptsetup</code> and keymap</code> to the features list: features="ata base ide scsi usb virtio ext4 cryptsetup keymap" </code></pre> Generate a new initramfs</code>: mkinitfs $(ls /lib/modules) </code></pre> Bootloader</h3> Install packages: apk add grub-efi efibootmgr </code></pre> Install boot loader: grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=ALPINE </code></pre> Make note of the device-UUID</code> required by the grub</code> config file: cryptsetup luksUUID $ROOT_DISK </code></pre> Edit /etc/default/grub</code>: GRUB_CMDLINE_LINUX_DEFAULT="modules=sd-mod,usb-storage,ext4 cryptroot=UUID=[device-UUID] cryptdm=root quiet rootfstype=ext4" </code></pre> … where [device-UUID]</code> is replaced with the UUID of ROOT_DISK</code>. Run: update-grub </code></pre> 7. Finish Up</h2> Exit chroot: exit </code></pre> Unmount partitions: umount /mnt/boot && umount /mnt/data && umount -l /mnt </code></pre> Remove encrypted device mapping: cryptsetup close data && cryptsetup close root </code></pre> Reboot system: reboot </code></pre> User is prompted for the passphrase to unlock the encrypted root</code> partition. Upon success, boot resumes: . . . alpinebox.home.arpa login: </code></pre> Welcome to Alpine! 8. Resources</h2> Alpine Linux Wiki</a>, particularly: Installation</a></li> FAQ</a></li> Setting up disks manually</a></li> Setting up encrypted volumes with LUKS</a></li> Mounting encrypted filesystems at boot</a></li> Zram</a></li> </ul> </li> Gentoo Linux Wiki</a>, particularly: Dm-crypt</a></li> Chroot</a></li> </ul> </li> </ul> You can like, share, or comment on this post on the Fediverse</a> 💬 Real-time File Synchronization Across Devices Using Syncthing Wed, 29 Oct 2025 00:00:00 +0000 Syncthing</a> is a real-time, continuous file synchronization program. Once installed and configured, it will keep files synced between multiple computers (known as “devices”) in real time. I have the program installed and configured for syncing on: Desktop running LMDE</a></li> Pixel 6a phone running GrapheneOS</a></li> </ul> 1. Start Here</a></li> 2. Apt Sources</a></li> 3. Apt Pin</a></li> 4. Install and Autostart</a></li> 5. Administration</a></li> 6. Add Devices and Folders</a></li> 7. Resources</a></li> </ul> 1. Start Here (Desktop)</h2> Syncthing is under active development and hosts a dedicated [Debian package repository](apt.syncthing.net](https://apt.syncthing.net/) for the latest stable release. Verify the authenticity of Syncthing’s packages by adding the release PGP key: sudo curl -L -o /etc/apt/keyrings/syncthing-archive-keyring.gpg https://syncthing.net/release-key.gpg </code></pre> 2. Apt Sources</h2> The stable channel is updated with stable release builds, usually every first Tuesday of the month. Add to apt sources: echo "deb [signed-by=/etc/apt/keyrings/syncthing-archive-keyring.gpg] https://apt.syncthing.net/ syncthing stable" | sudo tee /etc/apt/sources.list.d/syncthing.list </code></pre> 3. Apt Pin</h2> Set a preference for installing Syncthing’s own packaged version over the default Debian package by increasing its pin-priority: printf "Package: *\nPin: origin apt.syncthing.net\nPin-Priority: 990\n" | sudo tee /etc/apt/preferences.d/syncthing.pref </code></pre> Update and display the new priorities: $ sudo apt update && apt-cache policy syncthing syncthing: Installed: (none) Candidate: 1.30.0 Version table: 1.30.0 990 990 https://apt.syncthing.net syncthing/stable amd64 Packages 1.29.7 990 990 https://apt.syncthing.net syncthing/stable amd64 Packages 1.29.5~ds1-2 500 500 https://deb.debian.org/debian trixie/main amd64 Packages </code></pre> 4. Install and Autostart</h2> sudo apt install syncthing </code></pre> Autostart syncthing as a user without requiring root privileges by setting up a systemd user service. Create a folder to hold user</code> services: mkdir -p ~/.config/systemd/user </code></pre> Copy the syncthing.service</code> file into the load path of the user instance: cp /usr/lib/systemd/user/syncthing.service ~/.config/systemd/user/ </code></pre> Enable and start the service: systemctl --user enable syncthing.service systemctl --user start syncthing.service </code></pre> A default ~/Sync</code> folder for synchronization is automatically created. Check the status: systemctl --user status syncthing.service </code></pre> View the logs for the user service: journalctl -e --user-unit=syncthing.service </code></pre> 5. Administration</h2> 5.1 Localhost</h3> The administration GUI starts automatically and remains available on localhost:8384</a>. Go to Actions->Settings->GUI</code> and add a username and password to the web interface. 5.2 Remote hosts</h3> By default, we can’t connect to the GUI running on a remote computer. Syncthing is only listening for connections from 127.0.0.1</code>. Allow connections to the GUI from network devices by first logging into the remote host, then editing ~/.local/state/syncthing/config.xml</code>. Change the line: <gui enabled="true" tls="false" debugging="false" sendBasicAuthPrompt="false"> <address>127.0.0.1:8384</address> </code></pre> to <gui enabled="true" tls="true" debugging="false" sendBasicAuthPrompt="false"> <address>0.0.0.0:8384</address> </code></pre> Restart the service: systemctl --user restart syncthing.service </code></pre> Remote host is now accessible at <ip_address>:8384</code>. Go to Actions->Settings-GUI</code> and add a username and password to the web interface. 6. Add Devices and Folders</h2> See this video tutorial</a> for adding devices and folders for synchronization. 6.1 Syncthing on Android</h3> Install the Syncthing-Fork</a> application on the phone. Enable syncing between the phone and desktop: On the desktop: Actions->Show ID</code> to display QR code</li> On the phone: Devices</code>, click +</code> to Add Device</code>, click QR icon for Device ID</code> to launch camera app and scan remote device’s QR code</li> On the desktop: Click accept to add new device, set config options</li> </ul> Share a folder (example: the phone’s camera folder at /storage/emulated/0/DCIM</code>): On the phone: Click on folder, enable file sharing to the remote device</li> On the desktop: Click accept to add new folder, set config options</li> </ul> 7. Resources</h2> Syncthing Docs: Getting Started</a></li> Syncthing Docs: Starting Syncthing Automatically on Linux</a></li> Syncthing on Debian/Ubuntu</a></li> Syncthing-Fork on Android</a></li> Syncthing Tutorial: Open Source & Private File Sync Made Simple</a> (video)</li> </ul> You can like, share, or comment on this post on Mastodon</a> 💬 Install Linux Mint Debian Edition (LMDE 7) in Expert Mode Mon, 27 Oct 2025 00:00:00 +0000 I like to create encrypted storage space to hold the contents of my home</code> directory that is separate from the space that contains the root</code> filesystem. This makes it easier if I decide to re-install Linux on the target system while preserving user data. During an install of LMDE 7 aka “Gigi”</a> - if you select the option to automatically erase and partition the disk using LUKS (Linux Unified Key Setup) - the installer creates a single encrypted partition formatted with LVM (Logical Volume Manager) containing two “virtual partitions” (Logical Volumes or LVs): a swap</code> LV, and a root</code> LV that uses all remaining disk storage. There is no option to add a home</code> LV to the automatic schema. Previously I would resize the root</code> LV to make room for a home LV</a>, but in my daily use I’ve found LVM to be an extra layer of complexity whose benefits - such as resizing existing LVs and creating new ones - I never end up using. More significantly, LVM makes re-installing the OS while preserving the contents of home</code> more complicated on LMDE (which again is different than how its done on the Ubuntu-based Linux Mint). My preferred alternative: LMDE offers an expert-mode install option that is considerably more flexible in handling a custom partition layout of disk storage. I use live-installer-expert-mode</code> to create 3 partitions: a small EFI system partition, a root</code> partition, and a LUKS encrypted home</code> partition. 1. Start Here</a> 1.1 Download install image</a></li> 1.2 Prepare USB install media</a></li> </ul> </li> 2. Live Environment</a> 2.1 Switch to root</a></li> 2.2 Confirm EFI support</a></li> 2.3 Define DISK variables</a></li> </ul> </li> 3. Prepare DISK</a> 3.1 Wipe DISK</a></li> 3.2 Partition DISK</a></li> </ul> </li> 4. Encryption and File Systems</a> 4.1 Encrypt home partition</a></li> 4.2 Create file systems</a></li> </ul> </li> 5. Install LMDE</a> 5.1 Expert mode</a></li> 5.2 Mount file systems</a></li> 5.3 Install</a></li> 5.4 Fstab</a></li> 5.5 Crypttab</a></li> 5.6 Complete installation</a></li> </ul> </li> 6. Configuration</a> 6.1 Mount virtual file systems</a></li> 6.2 Chroot</a></li> 6.3 Add packages</a></li> 6.4 Zram swap</a></li> </ul> </li> 7. Finish Up</a> 7.1 Unmount virtual file systems and partitions</a></li> 7.2 Remove encrypted home mapping</a></li> 7.3 First boot</a></li> </ul> </li> 8. Resources</a></li> </ul> 1. Start Here</h2> This guide makes a few assumptions: Target device is 64-bit</code> architecture</li> System use UEFI to boot with GRUB as bootloader</li> LMDE install media prepared on a Linux system</li> LMDE is the sole OS on a single disk (example: sda)</li> Network access during install uses a (LMDE supported) wired interface</li> GPT partition table with 3 partitions:</li> </ul> Partition</th> Size</th> Format</th> Use as</th></tr></thead> sda1</td> 256MB</td> vfat</td> EFI system partition</td></tr> sda2</td> 64GB</td> ext4</td> root partition</td></tr> sda3</td> ->END</td> luks</td> encrypted partition (home device)</td></tr> </tbody></table> In lieu of creating a separate swap</code> partition, after the install I configure zram swap</a></li> </ul> 1.1 Download install image</h3> The latest live ISO install images are available here: Torrents and download mirrors</a> Download lmde-7-cinnamon-64bit.iso</code> and sha256sum.txt</code>. Verify the image by running: sha256sum -c --ignore-missing sha256sum.txt </code></pre> 1.2 Prepare USB install media</h3> Prepare a USB storage drive as an installer using one of these two methods: Method 1: dd</h4> Write the installer to an unmounted USB storage device using the dd</code> command as root. WARNING Be very careful to note the proper device. All contents on the device will be lost! Example: On a Linux system, if a USB stick appears as sdx1</code>, then write the installer to sdx</code> (no partition number): sudo dd if=/path/to/lmde-7-cinnamon-64bit.iso of=/dev/sdx bs=4M conv=fsync oflag=direct status=progress sync </code></pre> Method 2: Ventoy</h4> Use Ventoy to setup a USB device to be a multiboot installer. Simply copy an iso to the device, reboot, and the auto-generated menu lists all the disk images available to boot. Read more</a> 2. Live Environment</h2> Insert the USB install stick into the target device and boot to desktop. 2.1 Switch to root</h3> Open a terminal and switch to a root shell: sudo -i </code></pre> 2.2 Confirm EFI support</h3> cat /sys/firmware/efi/fw_platform_size </code></pre> If the command returns 64</code>, then system is booted in 64-bit x64 UEFI and we are good to go. If the file does not exist, the device is not using UEFI. Stop here and search online for instructions on how to install LMDE in BIOS boot mode. The partition layout detailed below assumes UEFI boot and will need to be modified accordingly if this is not so. 2.3 Define DISK variables</h3> Identify the disk where LMDE will be installed by listing block devices: lsblk -f </code></pre> Set DISK variables for either a SATA or NVMe device: SATA (example: sda)</h4> DISK=/dev/sda EFI_PART=1 ROOT_PART=2 HOME_PART=3 EFI_DISK=${DISK}${EFI_PART} ROOT_DISK=${DISK}${ROOT_PART} HOME_DISK=${DISK}${HOME_PART} </code></pre> NVMe (example: nvme0n1)</h3> DISK=/dev/nvme0n1 EFI_PART=1 ROOT_PART=2 HOME_PART=3 EFI_DISK=${DISK}p${EFI_PART} ROOT_DISK=${DISK}p${ROOT_PART} HOME_DISK=${DISK}p${HOME_PART} </code></pre> 3. Prepare DISK</h2> 3.1 Wipe DISK</h3> Before creating the new partition layout, wipe the DISK: wipefs -af $DISK sgdisk --zap-all --clear $DISK partprobe $DISK && sgdisk -p $DISK </code></pre> NOTE If LVM was previously used on the drive, this might fail with an error such as Device or resource busy</code>. This is because the volume group might have gotten set up on boot. In such cases, bring it down with: vgchange -an </code></pre> After that, wipefs -af</code> should work. 3.2 Partition DISK</h3> List partition type codes: sgdisk --list-types </code></pre> Create EFI system partition: sgdisk -n "${EFI_PART}:1m:+256m" -t "${EFI_PART}:ef00" -c 0:esp $DISK </code></pre> Create root partition: sgdisk -n "${ROOT_PART}:0:+64g" -t "${ROOT_PART}:8300" -c 0:root $DISK </code></pre> Create home partition: sgdisk -n "${HOME_PART}:0:0" -t "${HOME_PART}:8309" -c 0:home $DISK </code></pre> Display layout: partprobe $DISK && sgdisk -p $DISK </code></pre> 4. Encryption and File Systems</h2> 4.1 Encrypt home partition</h3> cryptsetup luksFormat --type luks2 -y $HOME_DISK </code></pre> Unlock the newly-created home</code> device: cryptsetup open $HOME_DISK home </code></pre> Set variable for home</code> device: HOME_DEV=/dev/mapper/home </code></pre> 4.2 Create file systems</h3> Labels are optional, but helpful. They allow for easy mounting without a UUID: mkfs.vfat -n ESP $EFI_DISK mkfs.ext4 -L rootfs $ROOT_DISK mkfs.ext4 -L homefs $HOME_DEV </code></pre> 5. Install LMDE</h2> 5.1 Expert Mode</h3> Open a new tab in the terminal. Launch the LMDE installer in expert-mode</code>: sudo live-installer-expert-mode </code></pre> Proceed as normal up to Installation Type</code>. Select Manual Partitioning</code>. In the Partitioning</code> window, click Expert mode</code>. Before continuing, we mount our target filesystems on /target</code>. 5.2 Mount file systems</h3> Switch back to the root terminal. Mount the previously created filesystems: mount --mkdir LABEL=rootfs /target mount --mkdir LABEL=homefs /target/home mount --mkdir LABEL=ESP /target/boot/efi </code></pre> 5.3 Install</h3> Switch back to the installer window and click Next</code>. Proceed to Summary</code> and confirm: Home encryption: disabled</code> (entire partition is LUKS-encrypted)</li> Install bootloader on /dev/<storage_device></code> (example: /dev/sda</code> with no partition number)</li> Use already mounted /target</code></li> </ul> When satisfied, click Install</code>. LMDE install proceeds as per usual up to Installation paused</code>. Do the following before continuing the install: 5.4 Fstab</h3> Set filesystems that will be mounted at boot: echo "LABEL=ESP /boot/efi vfat defaults 0 1" >> /target/etc/fstab echo "LABEL=rootfs / ext4 defaults 0 1" >> /target/etc/fstab echo "LABEL=homefs /home ext4 defaults 0 2" >> /target/etc/fstab </code></pre> 5.5 Crypttab</h3> Set home</code> to be opened at boot: echo "home PARTLABEL=home none luks,discard" >> /target/etc/crypttab </code></pre> 5.6 Complete installation</h3> Switch back to installer window and click Next</code> to complete installation. When prompted Do you want to restart your computer to use the new system?</code> choose No</code>. 6. Configuration</h2> 6.1 Mount virtual file systems</h3> Mount virtual file systems for the new install environment: mount --bind /dev /target/dev mount --bind /dev/pts /target/dev/pts mount -t proc /proc /target/proc mount -t sysfs /sys /target/sys </code></pre> 6.2 Chroot</h3> Copy resolv.conf</code> to enable network access inside chroot environment: cp /etc/resolv.conf /target/etc/resolv.conf </code></pre> Make changes inside the local installed system by accessing it from the LMDE live installer: chroot /target/ /bin/bash </code></pre> Change the prompt to highlight actions inside chroot</code>: export PS1="(chroot) $PS1" </code></pre> 6.3 Add packages</h3> Update the package repository contents and install extra packages: apt update && apt install systemd-cryptsetup zram-tools </code></pre> 6.4 Zram swap</h3> Settings are modified in /etc/default/zramswap</code>. Uncomment PERCENT</code> and set amount of RAM used by zram as a percentage of total memory available: PERCENT=25 </code></pre> Uncomment PRIORITY</code> and set the priority of the swap device: PRIORITY=100 </code></pre> 7. Finish Up</h2> Exit the chroot</code> environment: exit </code></pre> 7.1 Unmount virtual file systems and partitions</h3> NOTE Partition /target/boot/efi</code> is auto-unmounted by the installer. umount /target/dev/pts umount /target/dev umount /target/proc umount /target/sys umount /target/home umount -l -n -R /target </code></pre> 7.2 Remove encrypted home mapping</h3> cryptsetup close home </code></pre> Reboot system. 7.3 First boot</h3> User is prompted for the passphrase to unlock the encrypted home</code> partition. Upon success, boot resumes… Welcome to LMDE! NOTE The default plymouth (boot) theme mint-logo</code> fails to display properly rendered text for the password prompt on the splash screen to unlock home</code> partition (except for this detail it otherwise works correctly). After a successful first boot, possible workarounds are to switch to another built-in plymouth theme or (my choice) disable plymouth and use a text-based password prompt. To do so, edit /etc/default/grub.d/50_lmde.cfg</code> and remove splash</code> from GRUB_CMDLINE_LINUX_DEFAULT</code>. Save changes and run update-grub</code>. 8. Resources</h2> Release notes for LMDE 7</a> and upstream Debian 13 “Trixie”</a>. Pay particular attention to 5. Issues to be aware of for trixie</a>.</li> I created a shell script that automates the above work in preparing the target device for the install: lmde-expert-mode-assist</a></li> </ul> You can like, share, or comment on this post on Mastodon</a> 💬

Create Public and Private Keys</h2>

Disable Password Logins</h2>

Create An Alias</h2>

Keychain</h2>

2. Configure the Live Environment</h2>
Boot the target device from the Arch installation media. User is automatically logged in as `root</code> to the first virtual console.</p>`

3. Prepare the DISK</h2>
Setup a custom partition layout on a single disk before implementing the Arch base installation.</p>

4. Installation</h2>

5. Configure the System</h2>

Minimal Alpine Linux

2. Configure the Live Environment</h2>
Boot the target device from the Alpine installation media. Login as `root</code> with no password.</p>`

Real-time File Synchronization Across Devices Using Syncthing

5. Administration</h2>

5.1 Localhost</h3>
The administration GUI starts automatically and remains available on localhost:8384</a>.</p>
Go to `Actions->Settings->GUI</code> and add a username and password to the web interface.</p>`

Install Linux Mint Debian Edition (LMDE 7) in Expert Mode

1.2 Prepare USB install media</h3>
Prepare a USB storage drive as an installer using one of these two methods:</p>

Method 2: Ventoy</h4>
Use Ventoy</strong> to setup a USB device to be a multiboot installer</strong>. Simply copy an iso to the device, reboot, and the auto-generated menu lists all the disk images available to boot. Read more</a></p>

3. Prepare DISK</h2>

4. Encryption and File Systems</h2>

5. Install LMDE</h2>

5.6 Complete installation</h3>
Switch back to installer window and click `Next</code> to complete installation.</p>`
`When prompted Do you want to restart your computer to use the new system?</code> choose No</code>.</p>`

Daniel Wayne Armstrong

Configure SSH on Linux for Passwordless Logins to Servers

Start Here</h2>

Just Enough Arch Linux

Daniel Wayne Armstrong

Configure SSH on Linux for Passwordless Logins to Servers

Start Here</h2>

On the CLIENT and the SERVER</h3> Create the .ssh</code> directory and authorized_keys</code> file in $HOME</code>:</p>

Create Public and Private Keys</h2>

On the CLIENT</h3> Create the SSH public/private key pair protected with a passphrase using ssh-keygen</code>:</p>

Share Public Key</h2>

On the CLIENT</h3> Upload the public key using ssh-copy-id</code> to the SERVER and append to the SERVER authorized_keys</code> file:</p>

Disable Password Logins</h2>

On the CLIENT</h3> While remaining logged into SERVER, open another terminal and verify the changes by attempting a new login using password authentication (which should fail</strong>):</p>

Create An Alias</h2>

Keychain</h2>

Just Enough Arch Linux

2. Configure the Live Environment</h2> Boot the target device from the Arch installation media. User is automatically logged in as root</code> to the first virtual console.</p>

3. Prepare the DISK</h2> Setup a custom partition layout on a single disk before implementing the Arch base installation.</p>

4. Installation</h2>

5. Configure the System</h2>

Minimal Alpine Linux

2. Configure the Live Environment</h2> Boot the target device from the Alpine installation media. Login as root</code> with no password.</p>

Real-time File Synchronization Across Devices Using Syncthing

1. Start Here (Desktop)</h2> Syncthing is under active development and hosts a dedicated [Debian package repository](apt.syncthing.net](https://apt.syncthing.net/) for the latest stable release. Verify the authenticity of Syncthing’s packages by adding the release PGP key:</p>

2. Apt Sources</h2> The stable channel</strong> is updated with stable release builds, usually every first Tuesday of the month.</p> Add to apt sources:</p>

3. Apt Pin</h2> Set a preference for installing Syncthing’s own packaged version over the default Debian package by increasing its pin-priority</strong>:</p>

5. Administration</h2>

5.1 Localhost</h3> The administration GUI starts automatically and remains available on localhost:8384</a>.</p> Go to Actions->Settings->GUI</code> and add a username and password to the web interface.</p>

Install Linux Mint Debian Edition (LMDE 7) in Expert Mode

1.2 Prepare USB install media</h3> Prepare a USB storage drive as an installer using one of these two methods:</p>

3. Prepare DISK</h2>

4. Encryption and File Systems</h2>

5. Install LMDE</h2>

5.6 Complete installation</h3> Switch back to installer window and click Next</code> to complete installation.</p> When prompted Do you want to restart your computer to use the new system?</code> choose No</code>.</p>

2. Configure the Live Environment</h2>
Boot the target device from the Arch installation media. User is automatically logged in as `root</code> to the first virtual console.</p>`

3. Prepare the DISK</h2>
Setup a custom partition layout on a single disk before implementing the Arch base installation.</p>

2. Configure the Live Environment</h2>
Boot the target device from the Alpine installation media. Login as `root</code> with no password.</p>`

5.1 Localhost</h3>
The administration GUI starts automatically and remains available on localhost:8384</a>.</p>
Go to `Actions->Settings->GUI</code> and add a username and password to the web interface.</p>`

1.2 Prepare USB install media</h3>
Prepare a USB storage drive as an installer using one of these two methods:</p>

5.6 Complete installation</h3>
Switch back to installer window and click `Next</code> to complete installation.</p>`
`When prompted Do you want to restart your computer to use the new system?</code> choose No</code>.</p>`