Fix LUKS btrfs installation and reduce ISO size

- Fix GRUB cryptodisk: configure_grub() heredoc was overwriting LUKS settings added by configure_luks_grub(). Moved LUKS GRUB config (GRUB_ENABLE_CRYPTODISK=y, cryptdevice cmdline) into configure_grub() after the heredoc writes the base config. - Fix ISO bloat: archsetup copy was including vm-images (17GB). Changed from cp -r to rsync with exclusions for vm-images, test-results, .qcow2, and .iso files. ISO now 2.0GB. - btrfs-luks VM test now passes.
author: Craig Jennings <c@cjennings.net> 2026-01-24 12:23:45 -0600
committer: Craig Jennings <c@cjennings.net> 2026-01-24 12:23:45 -0600
commit: 3fc34866ab9092445039f1da3c9f71c60f30f2ee (patch)
tree: beb1babf521f80962095ff93c2f1740a0216b6b2
parent: 94af83c1c8446ef1a564cff8aec5487afa47693e (diff)
download: archangel-3fc34866ab9092445039f1da3c9f71c60f30f2ee.tar.gz
archangel-3fc34866ab9092445039f1da3c9f71c60f30f2ee.zip
3 files changed, 61 insertions, 60 deletions
diff --git a/build.sh b/build.sh
index b3546bb..65043ca 100755
--- a/build.sh
+++ b/build.sh
@@ -424,12 +424,17 @@ if grep -q "file_permissions=" "$PROFILE_DIR/profiledef.sh"; then
     }' "$PROFILE_DIR/profiledef.sh"
 fi
 
-# Copy archsetup into airootfs
+# Copy archsetup into airootfs (exclude large/unnecessary directories)
 if [[ -d /home/cjennings/code/archsetup ]]; then
     info "Copying archsetup into ISO..."
-    cp -r /home/cjennings/code/archsetup "$PROFILE_DIR/airootfs/code/"
-    rm -rf "$PROFILE_DIR/airootfs/code/archsetup/.git"
-    rm -rf "$PROFILE_DIR/airootfs/code/archsetup/.claude"
+    mkdir -p "$PROFILE_DIR/airootfs/code"
+    rsync -a --exclude='.git' \
+             --exclude='.claude' \
+             --exclude='vm-images' \
+             --exclude='test-results' \
+             --exclude='*.qcow2' \
+             --exclude='*.iso' \
+             /home/cjennings/code/archsetup "$PROFILE_DIR/airootfs/code/"
 fi
 
 # Pre-populate tealdeer (tldr) cache for offline use
diff --git a/custom/lib/btrfs.sh b/custom/lib/btrfs.sh
index 47c6f42..90c5e6d 100644
--- a/custom/lib/btrfs.sh
+++ b/custom/lib/btrfs.sh
@@ -105,11 +105,14 @@ configure_luks_grub() {
     local uuid
     uuid=$(blkid -s UUID -o value "$partition")
 
+    # Enable GRUB cryptodisk support (required for encrypted /boot)
+    echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/etc/default/grub
+
     # Add cryptdevice to GRUB cmdline
     sed -i "s|^GRUB_CMDLINE_LINUX=\"|GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$uuid:$LUKS_MAPPER_NAME:allow-discards |" \
         /mnt/etc/default/grub
 
-    info "GRUB configured with cryptdevice parameter."
+    info "GRUB configured with cryptdevice parameter and cryptodisk enabled."
 }
 
 #############################
@@ -399,6 +402,25 @@ GRUB_DISABLE_OS_PROBER=true
 GRUB_BTRFS_OVERRIDE_BOOT_PARTITION_DETECTION=true
 EOF
 
+    # Add LUKS encryption settings if enabled
+    if [[ "$NO_ENCRYPT" != "yes" && -n "$LUKS_PASSPHRASE" ]]; then
+        echo "" >> /mnt/etc/default/grub
+        echo "# LUKS encryption support" >> /mnt/etc/default/grub
+        echo "GRUB_ENABLE_CRYPTODISK=y" >> /mnt/etc/default/grub
+
+        # Get UUID of encrypted partition and add cryptdevice to cmdline
+        # Find the LUKS partition (partition 2 of the first disk)
+        local luks_part
+        luks_part=$(echo "$DISKS" | cut -d',' -f1)2
+        if [[ -b "$luks_part" ]]; then
+            local uuid
+            uuid=$(blkid -s UUID -o value "$luks_part")
+            sed -i "s|^GRUB_CMDLINE_LINUX=\"|GRUB_CMDLINE_LINUX=\"cryptdevice=UUID=$uuid:$LUKS_MAPPER_NAME:allow-discards |" \
+                /mnt/etc/default/grub
+            info "Added cryptdevice parameter for LUKS partition."
+        fi
+    fi
+
     # Create /boot/grub directory
     mkdir -p /mnt/boot/grub
 
diff --git a/docs/session-context.org b/docs/session-context.org
index b193721..714cb31 100644
--- a/docs/session-context.org
+++ b/docs/session-context.org
@@ -1,67 +1,41 @@
 #+TITLE: Session Context - Active Session
 #+DATE: 2026-01-24
 
-* Session: Friday 2026-01-23 @ 14:08 CST (continued 2026-01-24)
+* Session: Saturday 2026-01-24 @ 10:07 CST
 
-** Key Decisions This Session
+** Key Accomplishments
 
-*** Project Rename: archangel
-- Decided to rename project from "archzfs" to "archangel"
+*** Phase 2.8 LUKS Btrfs: COMPLETE
+- Fixed GRUB_ENABLE_CRYPTODISK bug (heredoc was overwriting settings)
+- Consolidated LUKS GRUB config into configure_grub() function
+- VM test PASSED for btrfs-luks configuration
 
-*** Btrfs Implementation Approach
-- Phase 2: Single-disk btrfs, no encryption (test first)
-- Phase 2.7: Test basic btrfs before adding encryption
-- Phase 2.8: LUKS encryption after basic btrfs works
-- Phase 3: Multi-disk (stripe, mirror, raidX) + encrypted/unencrypted
+*** ISO Build Size Fix
+- Diagnosed 15G bloated ISO (vm-images from archsetup being copied)
+- Fixed build.sh to use rsync with exclusions
+- ISO now 2.0G (proper size)
 
-** Work Completed
+** Files Modified This Session
 
-*** Phase 1: Refactor (COMPLETE)
-- [X] lib/common.sh, config.sh, disk.sh, zfs.sh created
-- [X] Filesystem selection prompt
-- [X] Renamed to archangel
-- [X] VM test passed
+- build.sh - rsync with exclusions for archsetup copy
+- custom/lib/btrfs.sh - LUKS GRUB config fix in configure_grub()
 
-*** Phase 2.1-2.6: Btrfs Support (COMPLETE)
-- [X] Created lib/btrfs.sh with full implementation
-- [X] 10 subvolumes matching ZFS dataset layout
-- [X] Mount functions with proper options
-- [X] fstab generation (subvol= NOT subvolid!)
-- [X] GRUB + grub-btrfs configuration with serial console
-- [X] Snapper firstboot service (configures on first boot)
+** Commits Pending
+- build.sh change (archsetup rsync exclusions)
+- custom/lib/btrfs.sh change (LUKS GRUB fix)
 
-*** Phase 2.7: Basic Btrfs Testing (COMPLETE @ 05:23 CST)
-- [X] VM boots from installed btrfs disk
-- [X] GRUB menu shows and auto-boots
-- [X] All 10 subvolumes mount correctly
-- [X] Snapper works when configured
-- [X] Genesis snapshot can be created
-- [X] grub-btrfs detects snapshots
-
-*** Phase 2.8: LUKS Encryption (IMPLEMENTED @ 05:36 CST)
-- [X] LUKS functions in btrfs.sh (create, open, close containers)
-- [X] crypttab configuration
-- [X] encrypt hook for mkinitcpio
-- [X] GRUB cryptdevice parameter
-- [X] Encryption prompts in archangel
-- [X] LUKS_PASSPHRASE config variable
-- [X] btrfs-luks.conf test config
-- [ ] VM test pending
-
-** Commits This Session
-- a49f4b1: Phase 2.1: Implement btrfs support
-- 35a661c: Fix btrfs bugs from VM testing
-- bd0616c: Fix btrfs GRUB boot and snapper firstboot
-- 4a7b6c3: Update session context: Phase 2.7 complete
-- (pending): Phase 2.8: Add LUKS encryption for btrfs
+** Overall Progress
+| Phase | Description          | Status   |
+|-------|----------------------|----------|
+| 1     | Refactor/Modularize  | COMPLETE |
+| 2     | Btrfs Single-disk    | COMPLETE |
+| 2.8   | LUKS Encryption      | COMPLETE |
+| 3     | Multi-disk Btrfs     | Not started |
+| 4     | Testing Infrastructure | Partial |
+| 5     | CLI Tools            | Not started |
+| 6     | Documentation        | Not started |
 
 ** Next Steps
-1. VM test LUKS btrfs installation
-2. Rebuild ISO with all fixes
-3. Full end-to-end automated test
-4. Phase 3: Multi-disk support
-
-** Notes
-- Craig on remote console: 30 lines tall, ~145 columns wide
-- Testing approach: syntax first, then full VM test
-- Snapper requires D-Bus - can't configure in chroot, needs firstboot
+1. Commit changes (build.sh, lib/btrfs.sh)
+2. Phase 3: Multi-disk btrfs support
+3. Or other priorities as Craig directs
author	Craig Jennings <c@cjennings.net>	2026-01-24 12:23:45 -0600
committer	Craig Jennings <c@cjennings.net>	2026-01-24 12:23:45 -0600
commit	3fc34866ab9092445039f1da3c9f71c60f30f2ee (patch)
tree	beb1babf521f80962095ff93c2f1740a0216b6b2
parent	94af83c1c8446ef1a564cff8aec5487afa47693e (diff)
download	archangel-3fc34866ab9092445039f1da3c9f71c60f30f2ee.tar.gz archangel-3fc34866ab9092445039f1da3c9f71c60f30f2ee.zip