FAQ/Howto

From GalliumOS Wiki
< FAQ
Revision as of 20:17, 20 June 2017 by Kafran (talk | contribs) (Generate an encryption key)

Jump to: navigation, search

Some frequently useful configuration options:

Move your /home to a flash drive

It is not recommended to mount your /home to an external USB Flash Drive or a SD Card because if you loose it you gonna be in trouble. However you can move your /home folders to a external place and free some storage.

Encrypt your flash drive

Flash drives are easy to loose. If you don't want anyone looking around your data, you should encrypt your flash drive. I will not detail this part, as data encryption are complex and you have better and complete information at https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system

To encrypt the entire flash drive, do this: 

   $ sudo cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --use-random luksFormat /dev/sda

You should change /dev/sda for your device location. Be carefully, this may lead to data damage.

Add an encryption key to the flashdrive

To automatically mount the flash drive without having to type the password we gonna create an encryption key and add it to the flash drive

Step 1: Generate the key 

   $ sudo dd if=/dev/urandom of=/etc/keys/GaOS-Home.key bs=1024 count=4

This will create a file with random content with the size of 4096 bits. You can use any file to act as keyfile. A 4kb file with random content is good enough.

Step 2: Make the keyfile read-only to root: 

   $ sudo chmod 0400 /root/keyfile

I'm assuming the keyfile gonna be stored at /etc/keys folder. Alternatively you can chown your keyfile to root:root and move it into the /root folder or other place.

Step 3: Add the keyfile to LUKS 

   $ sudo cryptsetup luksAddKey /dev/sdX /etc/keys/keyfile

Source: https://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile

Create udev rules

(WIP: pasting content from https://paste.ubuntu.com/24558174/, please improve!) 

   ## /etc/udev/rules.d/10-usbdrive.rules
   KERNEL=="sd*", ATTRS{serial}=="0340918060002807", ATTRS{idVendor}=="090c", ATTRS{idProduct}=="1000" SYMLINK+="usb/samsung%n"
   
   ## /etc/fstab
   /dev/usb/samsung1 /media/usb1 ext4 defaults,discard,relatime,nofail 0 2
   
   ## values for serial, idVendor, and idProduct are visible in dmesg output:
   ## run "dmesg -w" while inserting USB drive

Create systemd service

Move the /home folders to the flashdrive

Create symlinks

Retrieved from "https://wiki.galliumos.org/index.php?title=FAQ/Howto&oldid=1217"