diff --git a/README.md b/README.md index 1e0711a..35d84ea 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ Secure Fedora Server setup with LUKS encryption, TPM, and BTRFS RAID1 for Hetzne - TPM-based boot verification - BTRFS RAID1 for data redundancy - Dedicated database subvolume with `nodatacow` and `noatime` -- Enhanced shell environment with zsh, Oh My Zsh, Powerlevel10k, and an amazing custom theme - SSH key-only access with early boot SSH via dropbear If you need a dead man's switch to go along with it check out [raven](https://git.dominik-roth.eu/dodox/raven). @@ -69,14 +68,25 @@ After firmware updates (UEFI/BIOS), the TPM bindings need to be updated: ```bash ssh root@your-server ``` - - Make it executable and run: + - Make it executable and run: ```bash chmod +x install.sh ./install.sh ``` - - If the script tells you that no TPM is avaible you probably have to make a support ticket to get a KVM attached and toggle TPM yourself in the BIOS. - - Wait for installation to complete - - Reboot the server + - If the script tells you that no TPM is available, you'll need to make a support ticket to get KVM access and enable TPM in the BIOS. + - The script will: + - Generate and display a LUKS passphrase (save this!) + - Download and prepare the Fedora installer + - Configure networking for Hetzner's unusual setup + - Start the Fedora installer + - You can monitor the installation via SSH on port 2222: + ```bash + ssh -p 2222 root@your-server + ``` + - During the Fedora installation: + - Disk encryption and RAID will be configured + - TPM and Tang bindings will be set up + - Network configuration will be applied 3. **Verify Installation** ```bash @@ -84,5 +94,5 @@ After firmware updates (UEFI/BIOS), the TPM bindings need to be updated: systemctl status clevis-luks-askpass lsblk btrfs filesystem show # Check RAID1 status - clevis-luks-list -d /dev/sda2 + clevis-luks-list -d /dev/sda3 # Note: sda3 is the LUKS partition ``` \ No newline at end of file