Arch Linux Install

Boot into the installation media

Set keyboard layout

loadkeys uk
or
loadkeys colemak

Get a nice font

pacman -Sy terminus-font
pacman -Ql terminus-font # List the fonts
setfont ter-v24n

Verify EFI

efivar -l

ls /sys/firmware/efi/efivars

Network

Hopefully use ethernet

Otherwise try wifi-menu for the installation

Might need to activate interfaces with

ip link set {interface} up

Hard Drives

Make sure you get the right one!

lsblk

Assuming /dev/sda

Gdisk

I am almost certain that we are in uefi mode. We will want to use gdisk to make the partitions. Pretty simple to use.

gdisk /dev/sda

Make the first Partition 512M for the boot partition and with a code of EF00 which means an EFI Partition.

Commands to use:

n - New
d - Delete
w - Write to disk

I don’t know how many hard disks I will have but if we have more than 1, we probably want to create partitions on all of them.

The EFI partition only needs to be present on the first.

Verify with

lsblk

Encrypt Drives

Root Partition

Encrypting the boot drive is hard and I won’t bother for this.

Make sure dm_crypt kernal module is installed.

modprobe dm_crypt

Use cryptsetup to perpare the root partition

cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sda2
# Verify with
cryptsetup luksDump /dev/sda2

c specifies the algorithm (here AES with XTS)
s specifies the length of the encryption key (XTS uses two keys, therefore the key size here is 256)
h specifies the hashing algorithm
i specifies the number of milliseconds to spend with PBKDF2 passphrase processing (our hashing algorithm is stronger than sha1, thus this number should be higher than the default 1000)
y asks for the passphrase two times (as confirmation)

dm_crypt maps the block device to a fake block device that is decrypted. To mount the drive at /dev/mapper/cryptroot, run this:

cryptsetup open /dev/sda2 cryptroot

You then create and mount the file system as normal but using /dev/mapper/cryptroot instead of /dev/sda1.

Other Drive

For the other drive we want a single partition that we will encrypt with a keyfile so we don’t need to add 2 passwords.

Create a keyfile that is 20K, then use it to encrypt /dev/sdb1, and map it to /dev/mapper/cryptdrive2.

dd if=/dev/urandom of=keyfile bs=1024 count=20
cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file keyfile luksFormat /dev/sdb1
cryptsetup --key-file keyfile open /dev/sdb1 crypthome

You should see something like this:

root@archiso ~ # lsblk
NAME            MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
loop0             7:0    0 502.4M  1 loop  /run/archiso/sfs/airootfs
sda               8:0    0    20G  0 disk
├─sda1            8:1    0   512M  0 part
└─sda2            8:2    0  19.5G  0 part
  └─cryptroot   254:0    0  19.5G  0 crypt
sdb               8:16   0    20G  0 disk
└─sdb1            8:17   0    20G  0 part
  └─crypthome   254:1    0    20G  0 crypt
sr0              11:0    1   615M  0 rom   /run/archiso/bootmnt

You could set up LVM if you want but there is no need to unless you want to create further partitions

Create file systems

Probably want FAT32 on the EFI partition

mkfs.fat -F 32 /dev/sda1

Probably want everything else to be ext4

mkfs.ext4 /dev/sda2
#or
mkfs.ext4 /dev/mapper/cryptroot
mkfs.ext4 /dev/mapper/crypthome

Mount file systems

Mount the newly created partition on the host system

mount /dev/sda2 /mnt
# or
mount /dev/mapper/cryptroot /mnt

mkdir /mnt/boot
mkdir /mnt/home

mount /dev/sda1 /mnt/boot

mount /dev/sdb1 /mnt/home
mount /dev/mapper/crypthome /mnt/home

Install

Choose the Mirrors

Edit the /etc/pacman.d/mirrorlist file and make sure that the top has local-ish mirrors.

Pacstrap

pacstrap /mnt base base-devel

base-devel is opional here although probably wanted

FSTAB

This will create the entries for the new fstab file from the devices mounted under /mnt

genfstab -U /mnt >> /mnt/etc/fstab

Cryptsetup

If you have an encrypted second drive, edit /mnt/etc/crypttab.

You will want to put the keyfile on the root drive

cp keyfile /mnt/root/

crypthome   UUID={UUID of the second drive partition}   /root/keyfile   luks

Get the uuid with blkid. You want the UUID of /dev/sdb1

Chroot

arch-chroot /mnt

Arch chroot is a wrapper around chroot that makes /proc, /etc/reslov.conf etc available.

Timezone

symlink the timezone to /etc/localtime

ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
hwclock --systohc

Install Vim

pacman -S vim

Locale

Edit /etc/locale.gen and uncomment en_US.UTF-8 and en_GB.UTF-8

locale-gen

Then create and edit /etc/locale.conf

Note If using the us colemak layout, the double quote symbol is where @ is on uk qwerty

echo "LANG=en_GB.UTF-8" > /etc/locale.conf

Keyboard

echo "KEYMAP=colemak" > /etc/vconsole.conf

Font

pacman -S terminus-font
echo "FONT=ter-v24n" >> /etc/vconsole.conf

Network

echo "{hostname}" > /etc/hostname

Hosts

Add relevant entries to hosts file /etc/hosts

127.0.0.1   localhost
::1     localhost
127.0.1.1   {hostname}.localdomain  {hostname}

Root Password

passwd

Mkinitcpio

Edit the mkinitcpio.conf file so that we can decrypt the root filesystem.

HOOKS=(base udev autodetect modconf block keyboard keymap consolefont encrypt filesystems fsck)

Then run

mkinitcpio -p linux

Microcode

You only need one of these (although installing both won’t hurt)

pacman -S amd-ucode intel-ucode

Bootloader

If uefi, go with systemd-boot as it’s already installed

Install it:

bootctl --path=/boot install

The loader is at /boot/loader/loader.conf.

Edit it as needed. For now, probably add a timeout and allow editing as it makes fixing issues with boot easier. Don’t leave it like that though

default  arch
timeout  4
console-mode max
editor yes

Then create an entry file called /boot/loader/entries/arch.conf

You will need the UUID of the root drive (probably /dev/sda2)

You can get it with blkid

I suggest running :r !blkid in vim and copying

Although remember to remove it aftewards

Again, you will only want the *-ucode entry for the processor in use

title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /amd-ucode.img
initrd  /initramfs-linux.img
options root=UUID={uuid-of-drive} rw
#or
options rw cryptdevice=UUID={uuid-of-drive}:cryptroot root=/dev/mapper/cryptroot

Reboot

Exit chroot

Use ctrl+d or exit

Unmount

umount -R /mnt

Reboot

reboot

Post Install

Start dhcpcd

sytemctl start dhcpcd.service

Create Users

# optionally install zsh
pacman -S zsh
groupadd jonathan
useradd -m -g jonathan -G users,wheel,storage,power -s /bin/zsh jonathan
passwd jonathan

Add user to alowed sudoers

visudo

Add the line

jonathan ALL(ALL) ALL

Install git

pacman -S git

Logout of root and login as jonathan

Copy ssh keys

This will depend where they are kept

Clone dotfiles

git clone git@github.com:jab2870/dotfiles.git .dotfiles

Setup x

sudo pacman -S xorg-server xorg-xinit

Arch Linux Install

Set keyboard layout

Get a nice font

Verify EFI

Network

Hard Drives

Encrypt Drives

Root Partition

Other Drive

Create file systems

Mount file systems

Install

Choose the Mirrors

Pacstrap

FSTAB

Cryptsetup

Chroot

Timezone

Install Vim

Locale

Keyboard

Font

Network

Hosts

Root Password

Mkinitcpio

Microcode

Bootloader

Reboot

Exit chroot

Unmount

Reboot

Post Install

Start dhcpcd

Create Users

Add user to alowed sudoers

Install git

Copy ssh keys

Clone dotfiles

Setup x

Tags