Add a crypt data volume to Alpine 3.17
This is how to setup a data volume on an already configured Alpine 3.17 system.
The disk is at: /dev/sdb
, it also could be /dev/vdb
Creating partitions
You can even skip this step and use all the disk at once.
Just rename sdb1
to sdb
in other commands & scripts.
fdisk /dev/sdb
Enter the keyboard sequence:
# p
# n
# p
# 1
# ENTER
# ENTER
# p
# w
Creating LUKS setup
apk add --update cryptsetup lsblk
Creating the LUKS/LVM/EXT4 partition
Make the LUKS drive:
cryptsetup benchmark --cipher=aes-xts-plain64
# Source: https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encryption_options_with_dm-crypt
# Use --pbkdf=pbkdf2 for Grub to be able to unlock at boot time
cryptsetup luksFormat --cipher=aes-xts-plain64 --key-size=512 --hash=sha512 --pbkdf=pbkdf2 /dev/sdx1
cryptsetup luksDump /dev/sdx1
cryptsetup luksOpen /dev/sdx1 enc_storage
Create LVM and ext4 into it:
mkfs.ext4 /dev/mapper/enc_storage
Mount it:
mkdir /mnt/storage
lsblk
echo -e "/dev/mapper/enc_storage\t/mnt/storage\text4\tdefaults\t0\t0\n" >> /etc/fstab
mount -a
lsblk
df -h
Helper script
I often put this in ~/open.sh
to help unlocking the system when I have forgot the commands.
#!/bin/sh -exu
cryptsetup luksOpen /dev/sdb1 enc_storage
mount -a -v
#echo 'Starting docker'
#rc-service docker start
#echo 'Waiting 4sec for Docker to start'
#sleep 4
echo 'Done !'
Or crypttab
See: https://manpages.ubuntu.com/manpages/focal/en/man5/crypttab.5.html - initramfs
"This option is specific to the Debian crypttab format. It's not supported by systemd." - luks
"Force LUKS mode" - discard
"Allow using of discards (TRIM) requests for device"
Use lsblk -o uuid,mountpoint,path | grep -F "/dev/sdb1"
Add enc_storage UUID=xxx-xxx-xx-xx-xxxx none luks,discard,initramfs
to /etc/crypttab
And update-initramfs -c -k $(uname -r)
See: https://serverfault.com/a/1101450/336084