Install Debian on a bare metal system with v-i

You need:

• a USB drive, at least 4 GB
• a PC that supports UEFI
• backups: all drives in the PC will be wiped from data

The steps:

1. Download the installer image from https://files.liw.fi/v-i/v-i.img.xz. You can use curl or wget or your web browser. Use one of the following commands:

   curl https://files.liw.fi/v-i/v-i.img.xz > v-i.img.xz
   wget -c https://files.liw.fi/v-i/v-i.img.xz

2. Unpack the image.

   unxz v-i.img.xz

3. Insert USB drive and write the image to the stick. I prefer GNOME Disks for this, but dd will work. Look up the device of the USB stick: run sudo dmsg -T and look for relevant kernel message, or use GNOME Disks, or something else. Replace the actual device for sdx below, then run the following command:

   dd if=v-i.img bs=1M oflag=direct status=progress of=/dev/sdx

4. Configure the installer. Create a YAML file like the one below, but with valued customized for you. You need one of authorized_keys_file or user_ca_pub_file, the others are only necessary to avoid the SSH prompt for a new host.

   user_ca_pub_file: ~liw/.ssh/ca/userca.pub
   authorized_keys_file: ~liw/.ssh/id_personal.pub
   host_key_file: host.key
   host_cert_file: host.key-cert.pub

   Then run sudo ./configure-installer your-config.yaml /dev/sdx (it should be quite fast).

   Alternatively, create a second stick with a file system with the label v-i-config and a file called authorized_keys, and have that in another USB port when you boot from the v-i USB drive

5. Make sure everything has been written to the USB drive. Again, I prefer GNOME Disks for this, but from the command line:

   sync
   eject /dev/sdx

6. Move the USB drive to the target machine and boot off the drive. How this happens varies from machine to machine. On my Thinkpad, I press F12 at the POST screen and then choose the right drive from the boot menu.

7. Wait for the system to boot. Log in as root, either from the virtual console (no password), or via SSH.

8. Create a target specification file foo-target.yaml. The name can be anything, but it must be valid YAML. In the example below, there is one NVMe drive that will get the system installed. The primary All drives will be encrypted using LUKS, with the password "hunter2".

   drive: /dev/nvme0n1
   luks: hunter2

9. Install. Add the --verbose option to ./v-i if you want to know what's happening. The first time you run this on a given v-i USB drive, it takes a while: it runs vmdebootstrap and that is just slow. However, the output is cached, so further runs are faster.

   rm -f install.log
   ./v-i --verbose foo-target.yaml

10. Reboot into the installed system.

11. Finish configuring the system in whatever way you like to do that. You can log into it via SSH as root. I use Ansible.

    Remember to change the LUKS password for each drive.

12. Optional: Let me know how it went.