Ubuntu 20.04 btrfs-luks full disk encryption including /boot and auto-APT snapshots with Timeshift

admin0

Written Guide: https://mutschler.eu/linux/install-guides/ubuntu-btrfs-20-04/
If you want to support the creation of such videos: https://buymeacoff.ee/mutschler

In this guide I will walk you through the installation procedure to get a Ubuntu or Linux Mint system with the following structure:

– a btrfs-inside-luks partition for the root file system (including /boot) containing a subvolume `@` for `/` and a subvolume `@home` for `/home` with only one passphrase prompt from GRUB
– either an encrypted swap partition or a swapfile
– an unencrypted EFI partition and any other partitions you might want
– the functionality of *zsys* will be equivalently replaced by:
– [Timeshift](https://github.com/teejee2008/timeshift) which will regularly take snapshots of the system
– [timeshift-autosnap-apt](https://github.com/wmutschl/timeshift-autosnap-apt) which will automatically run Timeshift on any APT operation
– [grub-btrfs](https://github.com/Antynea/grub-btrfs) which will automatically create GRUB entries for all your btrfs snapshots

So with this setup you get the same comfort of Ubuntu’s 20.04’s ZFS and zsys initiative, but with much more flexibility and comfort due to the awesome *Timeshift* program.

**Timestamps**
01:24 Step 1: Some preparations, check UEFI mode and open interactive root shell
01:58 Step 2: Prepare partitions manually
03:05 – Create partition table and layout
04:30 – Create luks1 partition
05:50 – Create filesystems for root and EFI System partitions
06:40 Step 3 (optional): Optimize mount options for SSD or NVME drives
09:20 Step 4: Install Ubuntu using the Ubiquity installer without installing the bootloader
11:23 Step 5: Post-Installation steps
11:35 – Mount the btrfs subvolume @ with optimized mount options
12:15 – Create a chroot environment, enter your system and mount everything
13:50 – Add a key-file to type luks passphrase only once (optional, but recommended)
17:05 – Create crypttab
18:35 – Create encrypted swap partition using crypttab
20:25 – Create encrypted swapfile
25:23 – Install the EFI bootloader
28:05 Step 6: Reboot, some checks, and update system
31:40 Automatic snapshots with Timeshift
32:48 Install Timeshift-autosnap-apt
36:14 Check automatic snapshots
37:00 Enable fstrim timer
37:10 Check whether you can boot into the snapshots

———————————————
If you want to support the creation of such videos: https://buymeacoff.ee/mutschler

Source: https://www.youtube.com/watch?v=yRSElRlp7TQ

Leave a Reply

Your email address will not be published. Required fields are marked *