Installation: The Recommended Setup

At the current stage Split Linux is still bare bones. This guides walk you from the initial hard disk preparation all the way through to starting your first container session.

At the beginning of every essential section there's a link to a screencast that may help spot potential errors in your process.

If you're running into any issues come and ask your questions over at our Reddit r/splitlinux.

Hard disk preparation

Click here to watch the steps for "Hard disk preparation" as ASCII Cast

  1. Create two primary partitions on your hard disk using your preferred partitioning tool (cfdisk /dev/<DEVICE>). The first is reserved for a decoy OS. This guide uses the second for Split.
  2. Make the second partition a LUKS device (cryptsetup luksFormat /dev/<DEVICE>).
  3. Open the device (cryptsetup open /dev/<DEVICE> split).
  4. Create a "physical volume" on the device (pvcreate /dev/mapper/split).
  5. Create a "volume group" named split (vgcreate split /dev/mapper/split).
  6. Create a "logical volume" named swap (lvcreate -L 8GB -n swap split).
  7. Create a "logical volume" named horde (lvcreate -l 100%FREE -n horde split).
  8. Initialize the swap volume (mkswap /dev/mapper/split-swap).
  9. Create a file system on the "horde" volume (mkfs.ext4 /dev/mapper/split-horde).
  10. Reboot (reboot).

Replace <DEVICE> with the path to your disk.

Container setup

Click here to watch the steps for "Container setup" as ASCII Cast

Boot your system from the Split Linux pendrive. Split will detect the partition you just created, ask for its password and mount it.

  1. Switch to the second terminal (Ctrl+Alt+F2) and log in as root. (Currently, the first terminal displays Tor debug output which renders it unfit for interactive use. This will be changed in a future release.)
  2. Ensure that horde is mounted (mount | grep split-horde) and that you're connected to the Internet (ping -c1
  3. Create a container. If this is the first time please follow the example exactly as is. Later you can replace the last row of parameters with your favorite distro as shown at
    lxc-create --config /usr/share/splitlinux/config/splitlinux-default.conf \
               --name v --template download -- \
               --release current --dist voidlinux --arch amd64 --variant musl
  4. Remove superfluous includes from newly created container configuration (sed 's#^lxc.*lxc/config.*##g' /var/lib/lxc/v/config).
  5. Set a unique IP address for the container (sed -i 's#100#122#g' /var/lib/lxc/v/config).
  6. Start the container (lxc-start v) and step into it (lxc-attach v).
  7. In the container create a user. Its name must match the container name! (useradd --create-home v).
  8. Set a password for that user (passwd v).

We named the container v as in Void Linux. Using single letters for container- and user names is generally a great way to save time typing.

Container package installation

Click here to watch the steps for "Container package installation" as ASCII Cast

  1. Make the container use Void's Tor mirror for packages (echo 'repository=http://lysator7eknrfl47rlyxvgeamrv7ucefgrrlhk7rouv3sna25asetwid.onion/pub/voidlinux/current/musl' > /etc/xbps.d/00-repository-main.conf).
  2. Fetch the package index (SOCKS_PROXY="socks5://" xbps-install -Su).
  3. Install a basic graphical environment (SOCKS_PROXY="socks5://" xbps-install -S dwm st xorg-minimal xorg-fonts monero curl torsocks).
  4. Configure dwm to start as graphical environment (echo 'exec dwm' >> /home/v/.xinitrc).
  5. Exit the container (exit) and verify that you're back in the host system (hostname).
  6. Reboot (reboot).


Container connection test

After restarting the host system once again when you log in as v on the host you should end up within the container's graphical environment.

If your host is correctly connected to the Internet you should be able to access it via Tor. Try it:

  1. Bring up a terminal (Alt+Shift+Enter) and check your Tor IP by telling curl to use the Tor router as proxy:
    curl --proxy socks5h://
  2. Check your Tor IP transparently by wrapping curl within the torsocks command:
    torsocks -a -P 9050 --isolate curl

Note that your IP displays differently on every invocation as every connection establishes a new Tor circuit.

And this is where the journey begins.

Continue at Configuration: Internet for Applications to learn how to connect your applications through Tor.