Skip to content

Instantly share code, notes, and snippets.

@Akorian

Akorian/archv1.md

Last active October 14, 2024 06:45
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Akorian/7f3e7f308ffa2e40fe26a3889f654910 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Akorian/7f3e7f308ffa2e40fe26a3889f654910 to your computer and use it in GitHub Desktop.
Download ZIP
Arch Setup
Raw
archv1.md

https://wiki.archlinux.org/title/Installation_guide#Fstab

Set keymap

localectl list-keymaps loadkeys de-latin1 # sets german keymap

Update System Clock

timedatectl set-timezone Europe/Berlin

partition disks

list devices: fdisk -l

use parted tool.

# Start parted interactive on that devide
parted /dev/nvme0n1

# print all partitions
print

# delete current partitions
rm 1
rm 2
...

quit

# Create new partition table (GPT)
parted /dev/nvme0n1 mklabel gpt

# Create EFI partition
parted /dev/nvme0n1 mkpart primary fat32 1MiB 513MiB
parted /dev/nvme0n1 set 1 esp on

# Create Boot partition 
parted /dev/nvme0n1 mkpart primary ext4 513MiB 1.5GiB

# Create root partition
parted /dev/nvme0n1 mkpart primary ext4 513MiB 100%

# Format EFI partition
mkfs.fat -F32 /dev/nvme0n1p1  

# Format Boot partition 
mkfs.ext4 /dev/nvme0n1p2

# Format root partition
mkfs.ext4 /dev/nvme0n1p3

[!info] Info SWAP partition is ignored in this setup since it is not needed

Setup LUKS encryption

This step assumes you have a partition (e.g., /dev/sdaX) that you want to encrypt and use as your root partition.

1. Install necessary tools: Before proceeding, ensure you have cryptsetup installed in your live environment (it should already be installed in the Arch ISO): pacman -S cryptsetup

2. Initialize LUKS on the partition: Replace /dev/sdaX with your root partition. cryptsetup luksFormat /dev/sdaX (sdaX is now nvme0n1p3)

  • You will be asked to confirm and provide a strong passphrase. This passphrase will be required at every boot to unlock the drive.

3. Open the LUKS container: After setting up LUKS, open the encrypted partition and give it a name (e.g., cryptroot). cryptsetup open /dev/sdaX cryptroot

4. Format the LUKS container: Once the LUKS partition is opened, you can format it with your desired file system (e.g., ext4): mkfs.ext4 /dev/mapper/cryptroot 5. Mount partitions mount /dev/mapper/cryptroot /mnt mount /dev/nvme0n1p2 /mnt/boot mount /dev/nvme0n1p1 /mnt/boot/efi

Install base system and other apps

At least run this command, but better include many other packages you will need on your system.

pacstrap -K /mnt base linux linux-firmware efibootmgr grub cryptsetup vim

More tools: (VERY MUCH RECOMMENDED)

  • net-tools
  • dnsutils
  • sudo
  • intel-ucode/ amd-ucode
  • sof-firmware (sound)
  • networkmanager
  • man-db, man-pages and texinfo
  • alacrity
  • mtr
  • gcc
  • make

Generate fstab

genfstab -U /mnt >> /mnt/etc/fstab

Configure System

Chroot into the system

arch-chroot /mnt

Localization

Edit /etc/locale.gen and uncomment en_US.UTF-8 UTF-8 and other needed UTF-8 locales. Generate the locales by running:

locale-gen

Create the locale.conf(5) file, and set the LANG variable accordingly:

/etc/locale.conf

LANG=en_US.UTF-8

/etc/vconsole.conf

KEYMAP=de-latin1

Network configuration

Create the hostname file: /etc/hostname

yourhostname

Complete the network configuration for the newly installed environment. That may include installing suitable network management software, configuring it if necessary and enabling its systemd unit so that it starts at boot.

Root password

Set the root password: passwd

Setup Grub

Mount these: Mount the boot partition (check if already done):

mount /dev/nvme0n1p2 /boot
mount /dev/nvme0n1p1 /boot/efi

Edit mkinitcpio.conf: Open /etc/mkinitcpio.conf and make sure the HOOKS array contains encrypt before filesystems. Example:

HOOKS=(base udev autodetect modconf block encrypt filesystems keyboard fsck)

Creating a new initramfs is usually not required, because mkinitcpio was run on installation of the kernel package with pacstrap. For LVMsystem encryption or RAID, modify mkinitcpio.conf(5) and recreate the initramfs image:

mkinitcpio -P

Edit /etc/default/grub: You need to pass the encryption details to GRUB. Find the GRUB_CMDLINE_LINUX line and add cryptdevice=/dev/sdaX:cryptroot to the kernel parameters:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/nnvme0n1p3:cryptroot root=/dev/mapper/cryptroot"
GRUB_PRELOAD_MODULES="part_gpt part_msdos cryptodisk luks"

Make sure that /boot/efi is mounted. mount /dev/nvme0n1p1 /boot/efi

Install GRUB to the drive: Install GRUB to your disk (not a partition, so if using /dev/sdaX, install to /dev/sda):

grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB

Generate the GRUB configuration: Generate the grub.cfg file:

grub-mkconfig -o /boot/grub/grub.cfg

Make sure that the fstab looks like this:

# EFI system partition
UUID=XXXX-XXXX  /boot/efi  vfat  defaults  0  1

# Boot partition
/dev/nvme0n1p2  /boot  ext4  defaults  0  2

# Root partition (encrypted)
/dev/mapper/cryptroot  /  ext4  defaults  0  1

Finalize and Reboot

exit the chroot umount -R /mnt the mnt mount for safety reboot (remove install media)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment