Partitions
Physical
wipe all hard drives
2 × 4 TB
parted /dev/sda mktable gpt
parted /dev/sdb mktable gpt
4 × 2 TB
parted /dev/sda mktable gpt
parted /dev/sdb mktable gpt
parted /dev/sdc mktable gpt
parted /dev/sdd mktable gpt
make raid partitions for luks
2 × 4 TB
parted /dev/sda unit mib mkpart luks1 1 3782423
parted /dev/sdb unit mib mkpart luks2 1 3782423
4 × 2 TB
parted /dev/sda unit mib mkpart luks1 1 1891088
parted /dev/sdb unit mib mkpart luks2 1 1891088
parted /dev/sdc unit mib mkpart luks3 1 1891088
parted /dev/sdd unit mib mkpart luks4 1 1891088
make raid partitions for boot
2 × 4 TB
parted /dev/sda unit mib mkpart boot1 3782423 3815191
parted /dev/sdb unit mib mkpart boot2 3782423 3815191
4 × 2 TB
parted /dev/sda unit mib mkpart boot1 1891088 1907472
parted /dev/sdb unit mib mkpart boot2 1891088 1907472
parted /dev/sdc unit mib mkpart boot3 1891088 1907472
parted /dev/sdd unit mib mkpart boot4 1891088 1907472
make and set BIOS_GRUB
2 × 4 TB
parted /dev/sda unit mib mkpart bios 3815191 3815447
parted /dev/sda set 3 bios_grub on
4 × 2 TB
parted /dev/sda unit mib mkpart bios 1907472 1907728
parted /dev/sda set 3 bios_grub on
make and set ESP
2 × 4 TB
parted /dev/sdb unit mib mkpart esp 3815191 3815447
parted /dev/sdb set 3 esp on
4 × 2 TB
parted /dev/sdd unit mib mkpart esp 1907472 1907728
parted /dev/sdd set 3 esp on
RAID
make raid device for boot
2 × 4 TB
mdadm --create /dev/md/boot \
--name boot \
--uuid 6234a0eb:29a3a847:1dbd5ec4:bada5579 \
--metadata 1 \
--level 0 \
--raid-devices 2 /dev/sd[ab]2
4 × 2 TB
--raid-devices 4 /dev/sd[abcd]2
make raid device for luks
2 × 4 TB
mdadm --create /dev/md/luks \
--name luks \
--uuid 006234a0:eb29a3a8:471dbd5e:c4bada55 \
--metadata 1 \
--level 0 \
--raid-devices 2 /dev/sd[ab]1
4 × 2 TB
--raid-devices 4 /dev/sd[abcd]1
display current configuration
mdadm --detail --brief --scan
make device names persistent
/etc/mdadm/mdadm.conf
ARRAY /dev/md/boot UUID=6234a0eb:29a3a847:1dbd5ec4:bada5579
ARRAY /dev/md/luks UUID=006234a0:eb29a3a8:471dbd5e:c4bada55
rebuild initial RAM disk
update-initramfs -u
Encryption
choose cipher algorithm
cryptsetup benchmark
initialize
cryptsetup \
--verbose \
--verify-passphrase \
--type luks2 \
--pbkdf argon2i \
--cipher aes-xts-plain64 \
--iter-time 4000 \
--key-size 512 \
--hash sha512 \
--use-random \
luksFormat \
/dev/md/luks
open
cryptsetup luksOpen /dev/md/luks luks
zeroize
dd if=/dev/zero of=/dev/mapper/luks \
status=progress bs=512M
close
cryptsetup luksClose luks
reinitialize
check information
cryptsetup \
luksDump \
/dev/md/luks
reopen
LVM
create physical volume
pvcreate /dev/mapper/luks
create volume group
vgcreate luks /dev/mapper/luks
create logical volumes
lvcreate --name swap --size 68719476736b luks
lvcreate --name data --extents 100%FREE luks
deactivate volume group
vgchange --activate n luks
reactivate volume group
vgchange --activate y luks
File systems
format ESP
2 × 4 TB
mkfs.vfat -n esp \
-i BADA5579 \
/dev/sdb3
4 × 2 TB
/dev/sdd3
format boot
mkfs.ext4 -L boot \
-U 6234a0eb-29a3-a847-1dbd-5ec4bada5579 \
/dev/md/boot
mount /dev/md/boot /mnt
chmod 700 /mnt
umount /mnt
format swap
mkswap --label swap \
-U 06234a0e-b29a-3a84-71db-d5ec4bada557 \
/dev/mapper/luks-swap
format data
mkfs.ext4 -L data \
-U 006234a0-eb29-a3a8-471d-bd5ec4bada55 \
/dev/mapper/luks-data