This is an example of the script execution inside a VirtualBox VM + some examples of using timeshit-autosnap-apt and grub-btrs tools. After all, why install it on BTRFS if one can't use such things?
- Partition the disk. I created the ESP partition (1st one, 512MB), swap (2nd, 4GB), and root (3rd, all the remaining space on the disk). Use GPT partition table:
- Setup crypto devices and create the filesystem on ESP
- Create the filesystem on the root and swap devices. This is required because the ubiquity installer is sketchy and treats LUKS devices as drives, not partitions. It makes no sense to create partition tables on top of them and set BTRFS on partitions. So format them and they will be seen in ubiquity and available for installation
- Start the script and specify the devices. I used this scheme (an explanation if you deal with LUKS for the first time ):
OS partitions:
- EFI filesystem partition
ESP partition: /dev/sda1
- OS data devices:
Crypto device: /dev/mapper/sda3_crypt # This is the block device that appears in the system when you decrypt the LUKS container.
Physical encrypted device: /dev/sda3 # This is where the encrypted data is stored.
- SWAP devices:
Crypto device: /dev/mapper/sda2_crypt # This is the block device that appears in the system when you decrypt the LUKS container.
Physical encrypted device: /dev/sda2 # This is where the encrypted data is stored.
- Go ahead and proceed until the step where you assign the filesystems. Specify swap
- Specify root mount point /. Format it using BTRFS. This is mandatory! Even if you formatted it previously. This is because the installer creates @ and @home subvolumes by default. These subvolumes are required for the timeshift to work (it doesn't work with the other layouts by the way). Also, the script (yes, the very same script you're using right now) mounts /@ too to be used as / mount point.
- Confirm the changes
- Once it is installed do not reboot! Click 'Continue testing' and then return to the script prompt
- Examine the output. You will be asked to enter the password for encrypted devices (two times, yes). I suggest using the same password (it makes no sense to specify different passwords for root and swap devices, it probably makes sense for separate home or other data partitions). When it comes to separate /home (maybe on a different disk) you can set it up later after the installation. Or even change the password for your LUKS devices. The script you're using now configures the system to unlock all LUKS devices (two devices to be specific) with a single password.
- Done. I hope it is alright. Reboot the system
- Success. Enter password.
- It looks like it has been unencrypted successfully
- We were able to boot. Good job!
- The system is encrypted. I suggest you install timeshift-autosnap-apt and grub-btrfs packages to use BTRFS features to the full extent
- Timeshift makes BTRFS snapshots correctly
- The timeshit-autosnap-apt script also creates snapshots before upgrading/removing packages
- grub-btrs also creates entries containing pre-upgrade system state
Looks like it works and the job is done. Good luck with everything else.