2019-10-28 03:40:26 -04:00

165 lines
7.7 KiB

<?xml version="1.0" encoding="UTF-8" ?>
<aif xmlns:xsi=""
<disk device="/dev/sda" diskFormat="gpt">
<!-- Partitions are numbered *in the order they are specified*. -->
<part id="boot" name="BOOT" label="/boot" start="0%" stop="10%"
fsType="fat32"/><!-- e.g. this would be /dev/sda1 -->
<part id="secrets1" name="crypted" label="shh" start="10%" stop="20%" fsType="ext4"/>
<part id="lvm_member1" name="jbod" label="dynamic" start="20%" stop="30%" fsType="ext4"/>
<part id="raid1_d1" start="30%" stop="55%" fsType="ext4"/>
<part id="raid1_d2" start="55%" stop="80%" fsType="ext4"/>
<part id="swap" start="80%" stop="100%" fsType="linux-swap(v1)"/>
<!-- "Special" devices are processed *in the order they are specified*. This is important if you wish to
e.g. layer LUKS on top of LVM - you would specify <lvm> before <luks> and reference the
<luksDev id="SOMETHING" ... > as <lvmLogical source="SOMETHING" ... />.
Of course, a limitation of this is you cannot e.g. first assemble a LUKS volume, then an LVM
group, and then another LUKS volume - so plan accordingly and/or perform this in a <post> script. -->
<luksDev id="luks_secrets" name="secrets" source="secrets1">
<!-- You can assign multiple secrets (or "keys") to a LUKS volume. -->
<!-- A simple passphrase. -->
<!-- A key that uses a keyfile on a mounted path. This example uses the passphrase in
a plaintext file, which is in turn read by LUKS. -->
<!-- This will generate a 4096-byte file of random data. -->
<keyFile size="4096">/root/.decrypt.key</keyFile>
<lvmGroup id="vg1" name="GroupName">
<lvmLogical id="lv1" name="LogicalName" source="lvm_member1"/>
<!-- level can be 0, 1, 4, 5, or 6. RAID 10 would be done by creating an array with members of a
previously assembled array. -->
<array id="mdadm1" name="md0" meta="1.2" level="1">
<member source="raid1_d1"/>
<member source="raid1_d2"/>
<fs source="boot" type="vfat">
<!-- Supports mkfs arguments. Leave off the filesystem type and device name, obviously;
those are handled by the above attributes. -->
<opt name="-F">32</opt>
<opt name="-n">ESP</opt>
<fs source="luks_secrets" type="ext4">
<opt name="-L">seekrit</opt>
<!-- And you use the id to reference mountpoints as well. -->
<mount source="luks_secrets" target="/mnt/aif">
<opt name="rw"/>
<opt name="relatime"/>
<opt name="compress">lzo</opt>
<opt name="ssd"/>
<opt name="space_cache"/>
<opt name="subvolid">5</opt>
<opt name="subvol">/</opt>
<mount source="boot" target="/mnt/aif/boot"/>
<mount source="swap" target="swap"/>
<mount source="vg1" target="/mnt/aif/mnt/pool"/>
<mount source="mdadm1" target="/mnt/aif/mnt/raid"/>
<network hostname="">
<iface device="auto">
<system timezone="EST5EDT" chrootPath="/mnt/aif" reboot="0">
<locale name="LANG">en_US.UTF-8</locale>
<!-- Note: The password hashe below is "test"; don't waste your time trying to crack. :) -->
<user name="aifusr"
comment="A test user for AIF.">
<passwordHash hashType="(detect)">
<xGroup name="admins" create="true"/>
<xGroup name="wheel"/>
<xGroup name="users"/>
<service status="1">sshd</service>
<repo name="core" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="extra" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="community" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="multilib" enabled="true" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="multilib-testing" enabled="false" sigLevel="default" mirror="file:///etc/pacman.d/mirrorlist"/>
<repo name="archlinuxfr" enabled="false" sigLevel="Optional TrustedOnly"
<package repo="core">sed</package>
<bootloader type="grub" target="/boot" efi="true"/>