Partitioning (LUKS)

LVM on LUKS

LVM on LUKS has the benefit of being able to encrypt an entire drive (useful for laptops with encrypted swap for resume). The LVM container cannot, however, span multiple disks.

NOTE: This partitioning scheme does NOT include an LVM cache device. However, it is technically possible to add a cache device to it.

This guide assumes the following:

This is used on a laptop computer

There is only one drive: /dev/nvme0n1

To tighten security, this setup assumes a unified kernel image and booting via EFISTUB

Preparing the drive

List available disks
~~with~~
```
fdisk -l
```

Start partitionaing tool for primary disk (cfdisk is a little easier to ~~determine~~use as it has a nice TUI)

WARNING: Make sure to select your ~~drive~~

actually

~~Partition~~desired ~~the~~device!
~~drive with~~
```
cfdisk /dev/nvme0n1
```
~~(assuming~~ /dev/nvme0n1 ~~is your disk)~~
Partition with the following scheme

FS Type Size Mount Point Comment

vfat 1G /~~boot~~efi EFI System

LUKS (remaining) Linux file system

FS Type	Size	Mount Point	Comment
vfat	1G	/~~boot~~efi	EFI System
LUKS	(remaining)		Linux file system

Creating the LUKS container

Create the LUKS ~~container:~~container and enter a passphrase

WARNING: Do NOT forget your passphrase! In case of loss you won't be able to access the data inside the container anymore!
```
cryptsetup luksFormat /dev/nvme0n1p2
```
~~Enter~~ ~~a passphrase for the LUKS container~~ ~~(don't forget it!!)~~

Open the newly created LUKS container
~~(using~~
NOTE: cryptlvm is used as an example ~~mapper~~here. ~~name, choose~~Use whatever you ~~want)~~:like.
```
# Open the container with the name `cryptlvm`
cryptsetup open /dev/nvme0n1p2 cryptlvm   
```

Creating LVM inside the LUKS container

Create an LVM physical volume inside LUKS ~~container:~~container
```
pvcreate /dev/mapper/cryptlvm
```
Create the volume group:
```
vgcreate vg0 /dev/mapper/cryptlvm
```

Create the logical volumes

~~(when~~

NOTE: When using resume, make lv_swap as large as ~~RAM):~~RAM. In this example the machine has 16 GB of RAM.

lvcreate -L 16G -n lv_swap vg0       # Swap as big as RAM (16 GB)
lvcreate -l 100%FREE -n lv_root vg0  # Root file system

Formatting devices

Create partitions

mkfs.fat -F 32 /dev/nvme0n1p1        # EFI System Partition
mkfs.btrfs /dev/mapper/vg0-lv_root   # Btrfs root volume
mkswap /dev/mapper/vg0-lv_swap       # Swap space

Create Btrfs subvolumes

# Activate swap
swapon /dev/mapper/vg0-lv_swap

# First, mount Btrfsthe root volumefile system
mount /dev/mapper/vg0-lv_root /mnt

# Create subvolumes
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@log
btrfs subvolume create /mnt/@pkg

Mount partitions

# Unmount Btrfsthe root volumefile system
umount -R /mnt

# Mount mainthe Btrfs@ subvolume
mount /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@ /mnt

# Create directories for other mount pointsmountpoints
mkdir -p /mnt/{efi,home,var/log,var/cache/pacman/pkg}home}

# Mount EFIthe Systemremaining Partitionpartitions/subvolumes
mount /dev/nvme0n1p1 /mnt/efi

# Mount remaining Btrfs subvolumes
mount /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@home /mnt/home

mount# Activate swap
swapon /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@log /mnt/var/log
mount /dev/mapper/vg0-lv_root -o noatime,compress-force=zstd,space_cache=v2,subvol=@pkg /mnt/var/cache/pacman/pkglv_swap