worker
account for public useAt the Windows installation, create your partitons in a way that the hard disk has 50% free space after the Windows partitions.
For the encryption I've downloaded VeraCrypt and used the option "Encrypt System Partition" - it's quite straight forward.
$ sudo fdisk /dev/nvme0n1
p
. You will find the Windows partition Windows recovery environment
, EFI System
, Microsoft reserved
and Microsoft basic data
.n
two new partitions: 512Mb Linux filesystem
for /boot
and the remaining space for the encrypted container (swap
and /
).w
.$ sudo cryptsetup luksFormat --cipher=aes-xts-plain64 --hash=sha512 --key-size=512 --verify-passphrase /dev/nvme0n1p6
$ sudo cryptsetup luksOpen /dev/nvme0n1p6 nvme0n1p6_crypt
$ sudo pvcreate /dev/mapper/nvme0n1p6_crypt Physical volume "/dev/mapper/nvme0n1p6_crypt" successfully created.
$ sudo vgcreate vg-device /dev/mapper/nvme0n1p6_crypt Volume group "vg-device" successfully created
$ sudo lvcreate -n swap -L 16G vg-device
$ sudo lvcreate -n root -l 100%FREE vg-device
sudo lvs
, sudo vgs
and lsblk
.$ sudo mkfs.ext2 /dev/nvme0n1p5 $ sudo mkfs.ext4 /dev/mapper/vg--device-root $ sudo mkswap /dev/mapper/vg--device-swap
Something else
./boot
, the vg--device-swap
to the swap
and the vg--device-root
to /
. The "Device for boot loader installation" can remain at /dev/dm-0
. Then click on "Install Now"Continue Testing
after the installation has finished!$ sudo mount /dev/mapper/vg--device-root /mnt/ $ sudo mount /dev/nvme0n1p5 /mnt/boot/ # the boot partition $ sudo mount /dev/nvme0n1p2 /mnt/boot/efi/ # the EFI partition of Windows $ sudo mount -o bind /dev/ /mnt/dev/ $ sudo mount -o bind /proc/ /mnt/proc/ $ sudo mount -o bind /sys/ /mnt/sys/ $ sudo chroot /mnt/ /bin/bash
/etc/crypttab
# blkid | grep LUKS > /etc/crypttab # vi /etc/crypttab
nvme0n1p6_crypt UUID=ffc9eb9a-e963-3232-a221-3343dcfd922ab none luks, discard
# update-initramfs -u -k all # exit $ sudo umount -R /mnt $ sudo swapoff -a $ sudo vgchange -a n $ sudo cryptsetup close nvme0n1p6_crypt $ sudo reboot
/etc/modules
.
/etc/default/grub
file:
# KKR EDIT: Show boot messages when pressing ESC during splash screen GRUB_CMDLINE_LINUX_DEFAULT="splash" GRUB_GFXPAYLOAD_LINUX="text" # KKR EDIT END
auth_admin
to yes
the
hibernation shall work:
<action id="org.xfce.power.xfce4-pm-helper"> <description>Suspend or hibernate the system</description> <message>Authentication is required to place the system in suspend or hibernate mode</message> <defaults> <allow_any>yes</allow_any> <allow_inactive>yes</allow_inactive> <allow_active>yes</allow_active> </defaults> <annotate key="org.freedesktop.policykit.exec.path">/usr/sbin/xfce4-pm-helper</annotate> </action>Source: linuxmint.com
#!/bin/bash -ue # # Script to open VPN connection # if ! which openvpn &> /dev/null ; then echo "ERROR: Openvpn is not installed!" echo echo "Perform 'sudo apt install openvpn' to fix this." echo exit 1 fi if [ ! -d RoadRunner69 ] ; then echo "ERROR: Directory 'RoadRunner69' does not exist!" echo echo "You have to extract the company's VPN ZIP here" echo exit 1 fi set -x # Needed for NAS' Ubuntu if [ ! -e /dev/net/tun ] ; then sudo mkdir /dev/net sudo mknod /dev/net/tun c 10 200 sudo chmod 0666 /dev/net/tun fi cd RoadRunner69/ GATEWAY=$(cat RoadRunner69.ovpn | grep "dhcp-option DNS" | awk 'NF{ print $NF }') cat RoadRunner69.ovpn | \ sed 's/^redirect-gateway/#redirect-gateway/' | \ sed 's/^dhcp-option DNS/#dhcp-option DNS/' | \ sed 's/^block-outside-dns$/#block-outside-dns/' > ${USER}_RoadRunner69.ovpn sudo openvpn --config ${USER}_RoadRunner69.ovpn --route 10.10.0.0 255.255.0.0 $GATEWAYYou can add the line
%sudo ALL=(ALL) NOPASSWD: /usr/sbin/openvpn
to the file /etc/sudoers
that you don't need to enter the password every time.
CTRL+ALT+F2
) and kill the vncviewer (killall vncviewer
).