Amar1729/arch-linux-install.sh

## arch-linux-install.sh
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# boot loaders (helpful when dual-booting): https://wiki.archlinux.org/index.php/Arch_boot_process#Boot_loader
#  - GRUB and rEFInd are quite popular
# General recommendations (after install): https://wiki.archlinux.org/index.php/General_recommendations

# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

# Set your keymap, e.g. swedish keymap
loadkeys sv-latin1

# This assumes a wifi only system...
wifi-menu

# Sync timedatectl using ntp (later, setup timezones in chroot)
timedatectl set-ntp true
timedatectl status

# Create partitions
cgdisk /dev/sdX
# note: when attempting to dual boot (e.g. with windows), you can use the windows EFI system partition rather than creating a new one.
# however, newer Windows EFI partitions are usually quite small and don't have enough extra space for e.g. GRUB,
# so during a dual boot I usually create a second EFI partition, tell Windows UEFI to boot that first, and tell the linux
# bootloader where Windows EFI is so it can be chainloaded when booting into Windows.
1 100MB EFI partition # Hex code ef00
2 250MB Boot partition # Hex code 8300
3 100% size partiton # (to be encrypted) Hex code 8300

mkfs.vfat -F32 /dev/sdX1
mkfs.ext2 /dev/sdX2

# Setup the encryption of the system
cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3
cryptsetup luksOpen /dev/sdX3 luks

# Create encrypted partitions
# This creates one partions for root, modify if /home or other partitions should be on separate partitions
pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate --size 8G vg0 --name swap
lvcreate -l +100%FREE vg0 --name root

# Create filesystems on encrypted partitions
mkfs.ext4 /dev/mapper/vg0-root
mkswap /dev/mapper/vg0-swap

# Mount the new system
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
mkdir /mnt/boot
mount /dev/sdX2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/sdX1 /mnt/boot/efi

# Install the system
# install other required packages (e.g. netctl for wifi) later during chroot
pacstrap /mnt base base-devel linux linux-firmware man-db man-pages texinfo

# 'install' fstab
genfstab -pU /mnt >> /mnt/etc/fstab

## 2019? Don't do this, had some errors booting
#    # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
#    tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0

# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

# Fix hanging issues caused by upstream changes in lvm2:
# https://bbs.archlinux.org/viewtopic.php?id=242594
# https://unix.stackexchange.com/questions/105389/arch-grub-asking-for-run-lvm-lvmetad-socket-on-a-non-lvm-disk
mkdir /mnt/hostrun
mount --bind /run /mnt/hostrun

# Enter the new system
arch-chroot /mnt /bin/bash

# Link lvm:
mkdir /run/lvm
mount --bind /hostrun/lvm /run/lvm

# move your country's mirrorlist to the top of the file
vim /etc/pacman.d/mirrorlist

# system: for intel processors
pacman -S intel-ucode

# system: for amd processors
pacman -S amd-ucode

# system: for wifi
pacman -S dialog wpa_supplicant netctl dhcpcd

# install these if you want GRUB as bootloader
pacman -S grub-efi-x86_64 efibootmgr os-prober

# use rEFInd as bootloader instead
pacman -S refind-efi

# general quality of life
pacman -S zsh vim git

# Setup system clock
timedatectl set-timezone "America/New_York"
ln -sv /usr/share/zoneinfo/America/New_York /etc/localtime
hwclock --systohc --utc

# Set the hostname
echo MYHOSTNAME > /etc/hostname
# add following lines to /etc/hosts:
vim /etc/hosts
# 127.0.1.1 	<myhostname>.localdomain	<myhostname>
# b. Ensure <myhostname> is at the end of the other lines
# 127.0.0.1 	... 	localhost	myhostname
# ::1 		... 	localhost	myhostname

# Update locale
# uncomment your preferred locale (e.g. en_US.UTF-8)
vim /etc/locale.gen
locale-gen
echo LANG=en_US.UTF-8 >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.conf

# Set password for root
passwd

# Add real user remove -s flag if you don't whish to use zsh
# useradd -m -g users -G wheel -s /usr/bin/zsh MYUSERNAME
# passwd MYUSERNAME

# Configure mkinitcpio with modules needed for the initrd image
vim /etc/mkinitcpio.conf
# Add 'ext4' to MODULES
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems

# Regenerate initrd image
mkinitcpio -p linux

#### using GRUB bootloader

# Setup grub
grub-install --target=x86_64-efi --efi-directory=/boot/

# when using encryption:
# In /etc/default/grub edit the line:
# GRUB_CMDLINE_LINUX -> GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards"
# I also uncommented:
# GRUB_ENABLE_CRYPTODISK=y

# if dual-booting with MORE THAN ONE EFI partition, mount the Windows EFI partition, e.g.
mkdir /winefi
mount /dev/sda2 /winefi  # get the correct block device from fdisk -l
# when running grub-mkconfig, GRUB should output a line about finding a Windows EFI partition as well.

# then run:
grub-mkconfig -o /boot/grub/grub.cfg

#### Using rEFInd bootloader
# TODO
# see: https://sidsbits.com/Arch-Install/#Boot-Managers-and-Kernels

# unmount lvm first
umount /run/lvm

# Exit new system and go into the cd shell
exit

# Unmount all partitions
umount -R /mnt
swapoff -a

# Reboot into the new system, don't forget to remove the cd/usb
reboot
	# Install ARCH Linux with encrypted file-system and UEFI
	# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
	# boot loaders (helpful when dual-booting): https://wiki.archlinux.org/index.php/Arch_boot_process#Boot_loader
	# - GRUB and rEFInd are quite popular
	# General recommendations (after install): https://wiki.archlinux.org/index.php/General_recommendations

	# Download the archiso image from https://www.archlinux.org/
	# Copy to a usb-drive
	dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

	# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

	# Set your keymap, e.g. swedish keymap
	loadkeys sv-latin1

	# This assumes a wifi only system...
	wifi-menu

	# Sync timedatectl using ntp (later, setup timezones in chroot)
	timedatectl set-ntp true
	timedatectl status

	# Create partitions
	cgdisk /dev/sdX
	# note: when attempting to dual boot (e.g. with windows), you can use the windows EFI system partition rather than creating a new one.
	# however, newer Windows EFI partitions are usually quite small and don't have enough extra space for e.g. GRUB,
	# so during a dual boot I usually create a second EFI partition, tell Windows UEFI to boot that first, and tell the linux
	# bootloader where Windows EFI is so it can be chainloaded when booting into Windows.
	1 100MB EFI partition # Hex code ef00
	2 250MB Boot partition # Hex code 8300
	3 100% size partiton # (to be encrypted) Hex code 8300

	mkfs.vfat -F32 /dev/sdX1
	mkfs.ext2 /dev/sdX2

	# Setup the encryption of the system
	cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3
	cryptsetup luksOpen /dev/sdX3 luks

	# Create encrypted partitions
	# This creates one partions for root, modify if /home or other partitions should be on separate partitions
	pvcreate /dev/mapper/luks
	vgcreate vg0 /dev/mapper/luks
	lvcreate --size 8G vg0 --name swap
	lvcreate -l +100%FREE vg0 --name root

	# Create filesystems on encrypted partitions
	mkfs.ext4 /dev/mapper/vg0-root
	mkswap /dev/mapper/vg0-swap

	# Mount the new system
	mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
	swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
	mkdir /mnt/boot
	mount /dev/sdX2 /mnt/boot
	mkdir /mnt/boot/efi
	mount /dev/sdX1 /mnt/boot/efi

	# Install the system
	# install other required packages (e.g. netctl for wifi) later during chroot
	pacstrap /mnt base base-devel linux linux-firmware man-db man-pages texinfo

	# 'install' fstab
	genfstab -pU /mnt >> /mnt/etc/fstab

	## 2019? Don't do this, had some errors booting
	# # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
	# tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0

	# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

	# Fix hanging issues caused by upstream changes in lvm2:
	# https://bbs.archlinux.org/viewtopic.php?id=242594
	# https://unix.stackexchange.com/questions/105389/arch-grub-asking-for-run-lvm-lvmetad-socket-on-a-non-lvm-disk
	mkdir /mnt/hostrun
	mount --bind /run /mnt/hostrun

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Link lvm:
	mkdir /run/lvm
	mount --bind /hostrun/lvm /run/lvm

	# move your country's mirrorlist to the top of the file
	vim /etc/pacman.d/mirrorlist

	# system: for intel processors
	pacman -S intel-ucode

	# system: for amd processors
	pacman -S amd-ucode

	# system: for wifi
	pacman -S dialog wpa_supplicant netctl dhcpcd

	# install these if you want GRUB as bootloader
	pacman -S grub-efi-x86_64 efibootmgr os-prober

	# use rEFInd as bootloader instead
	pacman -S refind-efi

	# general quality of life
	pacman -S zsh vim git

	# Setup system clock
	timedatectl set-timezone "America/New_York"
	ln -sv /usr/share/zoneinfo/America/New_York /etc/localtime
	hwclock --systohc --utc

	# Set the hostname
	echo MYHOSTNAME > /etc/hostname
	# add following lines to /etc/hosts:
	vim /etc/hosts
	# 127.0.1.1 <myhostname>.localdomain <myhostname>
	# b. Ensure <myhostname> is at the end of the other lines
	# 127.0.0.1 ... localhost myhostname
	# ::1 ... localhost myhostname

	# Update locale
	# uncomment your preferred locale (e.g. en_US.UTF-8)
	vim /etc/locale.gen
	locale-gen
	echo LANG=en_US.UTF-8 >> /etc/locale.conf
	echo LANGUAGE=en_US >> /etc/locale.conf
	echo LC_ALL=C >> /etc/locale.conf

	# Set password for root
	passwd

	# Add real user remove -s flag if you don't whish to use zsh
	# useradd -m -g users -G wheel -s /usr/bin/zsh MYUSERNAME
	# passwd MYUSERNAME

	# Configure mkinitcpio with modules needed for the initrd image
	vim /etc/mkinitcpio.conf
	# Add 'ext4' to MODULES
	# Add 'encrypt' and 'lvm2' to HOOKS before filesystems

	# Regenerate initrd image
	mkinitcpio -p linux

	#### using GRUB bootloader

	# Setup grub
	grub-install --target=x86_64-efi --efi-directory=/boot/

	# when using encryption:
	# In /etc/default/grub edit the line:
	# GRUB_CMDLINE_LINUX -> GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards"
	# I also uncommented:
	# GRUB_ENABLE_CRYPTODISK=y

	# if dual-booting with MORE THAN ONE EFI partition, mount the Windows EFI partition, e.g.
	mkdir /winefi
	mount /dev/sda2 /winefi # get the correct block device from fdisk -l
	# when running grub-mkconfig, GRUB should output a line about finding a Windows EFI partition as well.

	# then run:
	grub-mkconfig -o /boot/grub/grub.cfg

	#### Using rEFInd bootloader
	# TODO
	# see: https://sidsbits.com/Arch-Install/#Boot-Managers-and-Kernels

	# unmount lvm first
	umount /run/lvm

	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt
	swapoff -a

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot