Psycosy/parabola-gnu-linux-libre-installation

## parabola-gnu-linux-libre-installation
# Install Parabola GNU/Linux-libre with "LVM on LUKS"-encryption
# The official installation guide (https://wiki.parabola.nu/Installation_Guide) contains a more verbose version of the installation process

# We will not write over (erase) old data on the drive with random data and we will not encrypt the boot partition (I will keep this short)
# This is an installation for a wired connection, and mostly notes for my own use

# If you run into errors/problems during the installation, check out https://wiki.parabola.nu/Installation_Guide

# Download the ISO image from https://www.parabola.nu/
# Copy to an USB-drive using GNU/Linux:
# dd if=[iso file] of=[usb device file] bs=1M && sync

# Boot from the USB. If the USB fails to boot, make sure that secure boot is disabled in the BIOS configuration

# Set Norwegian keymap (or whichever you use)
loadkeys no-latin1

# Create partitions
cgdisk /dev/sda
/dev/sda1 -> 300MB boot partition # Hex code 8300
/dev/sda2 -> The rest of the disk (LVM) # To be encrypted, hex code 8e00

# Configuring LUKS
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 luksFormat /dev/sda2
# --cipher: Defines the cipher type
# --key-size: Defines the key size
# --hash sha512: Hash algorithm used for key derivation

# Unlock the LUKS partition
cryptsetup open /dev/sda2 lvm

# Create a physical volume on top of the opened LUKS container
pvcreate /dev/mapper/lvm

# Create the volume group, adding the physical volume to it
vgcreate lvmvg /dev/mapper/lvm

# Create logical volumes on the volume group (the size of the volumes are meant as examples)
lvcreate -L 10G -n root lvmvg
lvcreate -L 500M -n swap lvmvg
lvcreate -l 100%FREE -n home lvmvg

# Format the filesystems on each logical volume
mkfs.ext4 /dev/mapper/lvmvg-root
mkfs.ext4 /dev/mapper/lvmvg-home
mkswap /dev/mapper/lvmvg-swap

# Mount the filesystems
mount /dev/mapper/lvmvg-root /mnt
mkdir /mnt/home
mount /dev/mapper/lvmvg-home /mnt/home
swapon /dev/mapper/lvmvg-swap

# Prepare the boot partition
mkfs.ext4 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

# Verification of package signatures
# Upgrade the package parabola-keyring
pacman -Sy parabola-keyring

# Select installation mirror by editing the mirrorlist
nano /etc/pacman.d/mirrorlist

# Install the base system using pacstrap
pacstrap /mnt

# Generate a fstab file
genfstab -p /mnt >> /mnt/etc/fstab

# Enter the new system
arch-chroot /mnt /bin/bash

# Edit /etc/rc.conf
nano /etc/rc.conf
# Add:
USELVM="yes"

# Set the hostname
echo MYHOSTNAME > /etc/hostname

# Update locale
echo LANG=en_US.UTF-8 >> /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.conf

# Set up system clock
ln -s /usr/share/zoneinfo/Europe/Oslo /etc/localtime
hwclock --systohc --utc

# Choose the locale(s) from /etc/locale.gen and uncomment them
nano /etc/locale.gen # en_US.UTF-8 UTF-8 for example
locale-gen

# Set up system-wide locale
echo LANG=en_US.UTF-8 > /etc/locale.conf
echo LC_TIME=en_US.UTF-8 >> /etc/locale.conf

# Set the LANG variable for the ramdisk creation
export LANG=en_US.UTF-8

# Configure /etc/mkinitcpio.conf for encryption and LVM
nano /etc/mkinitcpio.conf
# Add "encrypt lvm2" (in this order) in the HOOKS section, before "filesystems", so that the kernel will find the LVM volumes at boot time

# Recreate the initrd image
mkinitcpio -p linux-libre

# Install and configure GRUB
pacman -S grub-bios os-prober
grub-install /dev/sda
grub-mkconfig -o /boot/grub/grub.cfg
nano /boot/grub/grub.cfg
# Add "cryptdevice=/dev/sda2:lvmvg" between "root=..." and "rw" in the line that starts with linux
# This needs to be done for "linux-libre" and "linux-libre-fallback"

# Set password for root
passwd

# Add a user
useradd -m -g users -G wheel -s /bin/bash MYUSERNAME
passwd MYUSERNAME

# Exit from chroot, unmount the partitions, and close the device
exit
umount -R /mnt
cryptsetup close lvm

# Reboot into the new system (don't forget to remove the CD/USB/ISO image)
reboot
	# Install Parabola GNU/Linux-libre with "LVM on LUKS"-encryption
	# The official installation guide (https://wiki.parabola.nu/Installation_Guide) contains a more verbose version of the installation process

	# We will not write over (erase) old data on the drive with random data and we will not encrypt the boot partition (I will keep this short)
	# This is an installation for a wired connection, and mostly notes for my own use

	# If you run into errors/problems during the installation, check out https://wiki.parabola.nu/Installation_Guide

	# Download the ISO image from https://www.parabola.nu/
	# Copy to an USB-drive using GNU/Linux:
	# dd if=[iso file] of=[usb device file] bs=1M && sync

	# Boot from the USB. If the USB fails to boot, make sure that secure boot is disabled in the BIOS configuration

	# Set Norwegian keymap (or whichever you use)
	loadkeys no-latin1

	# Create partitions
	cgdisk /dev/sda
	/dev/sda1 -> 300MB boot partition # Hex code 8300
	/dev/sda2 -> The rest of the disk (LVM) # To be encrypted, hex code 8e00

	# Configuring LUKS
	cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 luksFormat /dev/sda2
	# --cipher: Defines the cipher type
	# --key-size: Defines the key size
	# --hash sha512: Hash algorithm used for key derivation

	# Unlock the LUKS partition
	cryptsetup open /dev/sda2 lvm

	# Create a physical volume on top of the opened LUKS container
	pvcreate /dev/mapper/lvm

	# Create the volume group, adding the physical volume to it
	vgcreate lvmvg /dev/mapper/lvm

	# Create logical volumes on the volume group (the size of the volumes are meant as examples)
	lvcreate -L 10G -n root lvmvg
	lvcreate -L 500M -n swap lvmvg
	lvcreate -l 100%FREE -n home lvmvg

	# Format the filesystems on each logical volume
	mkfs.ext4 /dev/mapper/lvmvg-root
	mkfs.ext4 /dev/mapper/lvmvg-home
	mkswap /dev/mapper/lvmvg-swap

	# Mount the filesystems
	mount /dev/mapper/lvmvg-root /mnt
	mkdir /mnt/home
	mount /dev/mapper/lvmvg-home /mnt/home
	swapon /dev/mapper/lvmvg-swap

	# Prepare the boot partition
	mkfs.ext4 /dev/sda1
	mkdir /mnt/boot
	mount /dev/sda1 /mnt/boot

	# Verification of package signatures
	# Upgrade the package parabola-keyring
	pacman -Sy parabola-keyring

	# Select installation mirror by editing the mirrorlist
	nano /etc/pacman.d/mirrorlist

	# Install the base system using pacstrap
	pacstrap /mnt

	# Generate a fstab file
	genfstab -p /mnt >> /mnt/etc/fstab

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Edit /etc/rc.conf
	nano /etc/rc.conf
	# Add:
	USELVM="yes"

	# Set the hostname
	echo MYHOSTNAME > /etc/hostname

	# Update locale
	echo LANG=en_US.UTF-8 >> /etc/locale.conf
	echo LANGUAGE=en_US >> /etc/locale.conf
	echo LC_ALL=C >> /etc/locale.conf

	# Set up system clock
	ln -s /usr/share/zoneinfo/Europe/Oslo /etc/localtime
	hwclock --systohc --utc

	# Choose the locale(s) from /etc/locale.gen and uncomment them
	nano /etc/locale.gen # en_US.UTF-8 UTF-8 for example
	locale-gen

	# Set up system-wide locale
	echo LANG=en_US.UTF-8 > /etc/locale.conf
	echo LC_TIME=en_US.UTF-8 >> /etc/locale.conf

	# Set the LANG variable for the ramdisk creation
	export LANG=en_US.UTF-8

	# Configure /etc/mkinitcpio.conf for encryption and LVM
	nano /etc/mkinitcpio.conf
	# Add "encrypt lvm2" (in this order) in the HOOKS section, before "filesystems", so that the kernel will find the LVM volumes at boot time

	# Recreate the initrd image
	mkinitcpio -p linux-libre

	# Install and configure GRUB
	pacman -S grub-bios os-prober
	grub-install /dev/sda
	grub-mkconfig -o /boot/grub/grub.cfg
	nano /boot/grub/grub.cfg
	# Add "cryptdevice=/dev/sda2:lvmvg" between "root=..." and "rw" in the line that starts with linux
	# This needs to be done for "linux-libre" and "linux-libre-fallback"

	# Set password for root
	passwd

	# Add a user
	useradd -m -g users -G wheel -s /bin/bash MYUSERNAME
	passwd MYUSERNAME

	# Exit from chroot, unmount the partitions, and close the device
	exit
	umount -R /mnt
	cryptsetup close lvm

	# Reboot into the new system (don't forget to remove the CD/USB/ISO image)
	reboot