Objectives
The goal of this guide is to install Arch Linux
This guide is base on the following documentation:
https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install
https://www.vultr.com/docs/install-arch-linux-with-btrfs-snapshotting
Remote Installation (Optional)
iwctlstation wlan0 scan
station wlan0 get-networks
station wlan0 connect SSID
exitpasswd
systemctl start sshd.service
ip addrVariables
Set some variable
DRIVE=/dev/nvme0n1
o=defaults,x-mount.mkdir
o_btrfs=$o,compress=zstd,ssd,noatimePartition Disk
sgdisk --clear \
--new=1:0:+260MiB --typecode=1:ef00 --change-name=1:EFI \
--new=2:0:+240MiB --typecode=2:8309 --change-name=2:cryptboot \
--new=3:0:+32GiB --typecode=3:8309 --change-name=3:cryptswap \
--new=4:0:0 --typecode=4:8309 --change-name=4:cryptsystem \
$DRIVEEncrypt Disk
cryptsetup luksFormat --type luks1 --align-payload=8192 -s 512 -h sha512 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptboot
cryptsetup luksFormat --align-payload=8192 -s 512 -h sha512 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem
cryptsetup luksFormat --align-payload=8192 -s 512 -h sha512 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptswap
cryptsetup open /dev/disk/by-partlabel/cryptboot boot
cryptsetup open /dev/disk/by-partlabel/cryptsystem system
cryptsetup open /dev/disk/by-partlabel/cryptswap swapFormat disk
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
mkfs.ext4 -L boot /dev/mapper/boot
mkfs.btrfs --label system /dev/mapper/system
mkswap -L swap /dev/mapper/swap
swapon -L swapCreate btrfs Subvolume
mount -t btrfs LABEL=system /mnt
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@log
btrfs subvolume create /mnt/@pkg
btrfs subvolume create /mnt/@srv
btrfs subvolume create /mnt/@tmp
btrfs subvolume create /mnt/@root
btrfs subvolume create /mnt/@snapshots
umount -R /mntMount Partition
mount -t btrfs -o subvol=@,$o_btrfs LABEL=system /mnt
mount -t btrfs -o subvol=@home,$o_btrfs LABEL=system /mnt/home
mount -t btrfs -o subvol=@log,$o_btrfs LABEL=system /mnt/var/log
mount -t btrfs -o subvol=@pkg,$o_btrfs LABEL=system /mnt/var/cache/pacman/pkg
mount -t btrfs -o subvol=@srv,$o_btrfs LABEL=system /mnt/srv
mount -t btrfs -o subvol=@tmp,$o_btrfs LABEL=system /mnt/var/tmp
mount -t btrfs -o subvol=@root,$o_btrfs LABEL=system /mnt/root
mount -t vfat -o $o LABEL=EFI /mnt/efi
mount -t ext4 -o $o LABEL=boot /mnt/bootPacstrap System
pacstrap /mnt base linux linux-firmware nanoFstab
genfstab -L -p /mnt >> /mnt/etc/fstabChroot
arch-chroot /mntSet Locale
nano /etc/locale.gen
[...]
#en_SG.UTF-8 UTF-8
#en_SG ISO-8859-1
en_US.UTF-8 UTF-8
#en_US ISO-8859-1
#en_ZA.UTF-8 UTF-8
[...]
locale-gen
nano /etc/locale.conf
LANG=en_US.UTF-8Set Timezone
ln -sf /usr/share/zoneinfo/America/Montreal /etc/localtime
timedatectl set-ntp true
hwclock --systohcSet Hostname
nano /etc/hostname
wks-lpt01
nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
127.0.1.1 wks-lpt01.mpilote.com wks-lpt01Set Keymap
nano /etc/vconsole.conf
KEYMAP=usInstall Packages
pacman -Syu base-devel btrfs-progs gptfdisk zsh intel-ucode efibootmgrCrypttab
dd bs=512 count=8 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock
chmod 600 /crypto_keyfile.bin
cryptsetup luksDump /dev/disk/by-partlabel/cryptsystem | grep UUID
cryptsetup luksDump /dev/disk/by-partlabel/cryptboot | grep UUID
cryptsetup luksDump /dev/disk/by-partlabel/cryptswap | grep UUID
cryptsetup -v luksAddKey /dev/disk/by-partlabel/cryptsystem /crypto_keyfile.bin
cryptsetup -v luksAddKey /dev/disk/by-partlabel/cryptswap /crypto_keyfile.bin
cryptsetup -v luksAddKey /dev/disk/by-partlabel/cryptboot /crypto_keyfile.bin
nano /etc/crypttab
# Configuration for encrypted block devices.
# See crypttab(5) for details.
# NOTE: Do not list your root (/) partition here, it must be set up
# beforehand by the initramfs (/etc/mkinitcpio.conf).
#
boot UUID=e0e548f9-f504-4461-942b-e897959c5c3e /crypto_keyfile.bin
swap UUID=5bd410bc-cd2c-4901-834f-fcc643cfd868 /crypto_keyfile.bin Configure mkinitcpio
rm /etc/mkinitcpio.conf
nano /etc/mkinitcpio.conf
MODULES=""
BINARIES=""
FILES="/crypto_keyfile.bin"
HOOKS="base systemd sd-vconsole modconf keyboard block filesystems btrfs sd-encrypt fsck"
mkinitcpio -p linuxConfigure & Install Grub
pacman -Syu grub
lsblk --nodeps --noheadings -oUUID /dev/disk/by-partlabel/cryptsystem
nano /etc/default/grub
# GRUB boot loader configuration
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet"
GRUB_CMDLINE_LINUX="rd.luks.name=425c4549-88c0-432f-a2ff-c1cf73de426d=cryptsystem rd.luks.key=425c4549-88c0-432f-a2ff-c1cf73de426d=/crypto_keyfile.bin"
# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"
# Uncomment to enable booting from LUKS encrypted devices
GRUB_ENABLE_CRYPTODISK=y
[..]
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB
grub-mkconfig -o /boot/grub/grub.cfgPassword
passwdCreate User
useradd -m -s /usr/bin/zsh -g users -G wheel martin
passwd martinGnome
pacman -Syu pipewire pipewire-jack pipewire-alsa pipewire-pulse wireplumber noto-fonts-emoji gnome networkmanager