ArchLinux Installation

archlinux-install.md

Arch Linux Installation process memo

基本: https://wiki.archlinux.org/title/Installation_guide

1. Pre-Installation

# Connect wireless network
iwctl

# Create partition table
# -> ref <1.1. Partition>
gdisk /dev/nvme0n1

# Create FileSystem
## boot
mkfs.fat -F 32 -n BOOT /dev/nvme0n1p1

## swap
mkswap -L SWAP /dev/nvme0n1p2

## system
### Create dm-crypt partition
### -> ref <1.2 Disk Encryption>
cryptsetup luksFormat /dev/nvme0n1p3
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/nvme0n1p3
cryptsetup open /dev/nvme0n1p3 cryptsystem
mkfs.btrfs -L SYSTEM /dev/mapper/cryptsystem

### Create btrfs subvolume
### -> ref <1.1. Partition>
mount /dev/mapper/cryptsystem /mnt
btrfs subvolume create /mnt/@root
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@tmp
btrfs subvolume create /mnt/@var
btrfs subvolume create /mnt/@snapshots
umount /mnt

# Mount partition
mount -o discard=async,compress=zstd,noatime,ssd,subvol=@root /dev/mapper/cryptsystem /mnt
mkdir -p /mnt/{boot,home,tmp,var}
mount -o discard=async,compress=zstd,noatime,ssd,subvol=@home /dev/mapper/cryptsystem /mnt/home
mount -o discard=async,compress=zstd,noatime,ssd,subvol=@tmp /dev/mapper/cryptsystem /mnt/tmp
mount -o discard=async,compress=zstd,noatime,ssd,subvol=@var /dev/mapper/cryptsystem /mnt/var
mkdir -p /mnt/var/snapshots
mount -o discard=async,compress=zstd,noatime,ssd,subvol=@snapshots /dev/mapper/cryptsystem /mnt/var/snapshots
mount /dev/nvme0n1p1 /mnt/boot

# Enable swap
swapon /dev/nvme0n1p2

1.1. Partition

• Label: boot:
  • EFI Partition (ef00)
  • Size: 1GiB
  • Format: Fat32
• Label: swap:
  • Swap Partition (8200)
  • Size: RAM Size (16 or 32 GiB)
• Label: system:
  • Root Partition (8300)
  • Format: Btrfs
    • SubVolumes:
      • @root -> /
      • @home -> /home
      • @tmp -> /tmp
      • @var -> /var
      • @snapshots -> /var/snapshots
    • Mount Options:
      • 参考: https://man.archlinux.org/man/btrfs.5#MOUNT_OPTIONS
      • discard=async
      • compress=zstd
      • noatime
      • ssd
      • subvol=<btrfs subvolume>

1.2. Disk Encryption

Use dm-crypt.

• Target: system
• Label: cryptsystem
• Mode: LUKS
• Key:
  • passphrase
  • TPM
    • required: tpm2-tss
    • https://wiki.archlinux.org/title/Trusted_Platform_Module#Data-at-rest_encryption_with_LUKS

2. Installation

pacstrap -K /mnt <packages>

2.1. Required packages

• Core package
  • base
  • base-devel
• Kernel
  • linux-zen
  • linux-zen-headers
  • linux-firmware
  • <cpu-type>-ucode
• Editor
  • helix
• Network
  • iwd
  • networkmanager
• File system
  • btrfs-progs
• System Encryption
  • sbctl
  • tpm2-tss
• Shell
  • zsh

3. Configure

3.1. Disk Encryption

Create /etc/crypttab.initramfs:

cryptsystem UUID=<root block uuid> none discard,tpm2-device=auto

3.3. mkinitcpio config

Add hook to /etc/mkinitcpio.conf:

MODULES=(<modules>)
...
HOOKS=(base systemd autodetect microcode modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
...

Create /etc/vconsole.conf:

KEYMAP=us

3.4. Boot Loader

Use systemd-boot.

Edit /boot/loader/loader.conf:

default archlinux.conf
timeout 3
console-mode auto
editor no

Create /boot/loader/entries/archlinux.conf:

title Arch Linux
linux /vmlinuz-linux-zen
initrd /<cpu-type>-ucode.img
initrd /initramfs-linux-zen.img
options <options>

3.4.1. Kernel options

• rw
• root="/dev/mapper/cryptsystem"
• rootflags="subvol=@root"

3.5. Secure Boot

Use sbctl

Require reboot.

sbctl status
sbctl create-keys
sbctl enroll-keys -m

And re-create dm-crypt key.

systemd-cryptenroll --wipe-slot=tpm2 /dev/nvme0n1p3
systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 /dev/nvme0n1p3

4. Post-Installation

4.1. Applications

4.1.1 Package Manager

Use yay.

4.1.2 Desktop Environment

Use KDE-Plasma.

• Group :plasma
  • bluedevil
  • breeze
  • drkongi
  • kgamma
  • kscreen
  • kwallet-pam
  • kwrited
  • ocean-sound-theme
  • plasma-browser-integration
  • plasma-desktop
    • kwayland-integration
  • plasma-disks
  • plasma-firewall
  • plasma-integration
  • plasma-nm
    • Wireless backend: iwd
  • plasma-pa
    • Pipewire clients
      • pipewire-alsa
      • pipewire-jack
      • pipewire-pulse
  • plasma-systemmonitor
  • plasma-thunderbolt
  • plasma-workspace-wallpapers
  • plymouth-kcm
  • powerdevil
    • DBus backend: power-profiles-daemon
  • sddm-kcm
  • xdg-desktop-portal-kde
• Group: kde-applications
  • ark
  • audiocd-kio (If CD drive using)
  • dolphin
  • dolphin-plugins
  • elisa
  • ffmpegthumbs
  • filelight
  • gwenview
  • kalk
  • kate
    • Spell Checker: hunspell
  • kclock
  • kcolorchooser
  • kde-inotify-survey
  • kdeconnect
    • Remote Filesystem: sshfs
  • kdegraphics-thumbnailers
  • kio-admin
  • kio-extras
  • kjournald
  • kleopatra
  • konsole
  • kwalletmanager
  • markdownpart
  • okular
  • spectacle
  • yakuake (optional)
• Desktop Environment Integration
  • appmenu-gtk-module
  • kde-gtk-config
  • libdbusmenu-glib
  • libdbusmenu-gtk2
  • libdbusmenu-gtk3
  • libdbusmenu-qt5
  • xdg-desktop-portal-gtk
• Input Method
  • fcitx5
  • fcitx5-mozc-ext-neologd
• Theme
  • kvantum
  • kvantum-qt5
  • whitesur-gtk-theme-git
  • whitesur-icon-theme-git
  • whitesur-cursor-theme-git
  • plasma5-themes-whitesur-git

4.1.3 Web Browser

• firefox
• PWA Support: firefox-pwa

4.1.4 Editor

• CLI Editor: helix
• Text Editor: kwrite
• Code Editor: visual-studio-code-bin

4.1.5 Utility

• Remap Keyboard: keyd-git