This Tutorial is based on the - via (Bit)Torrent - downloadable ISO (Version 2016-10-01) in the download overview (https://www.archlinux.org/download/) and installation via USB.
! Please do not use an older ISO than the possible downloadable listed one at the time of your Arch Linux installation.
Note: This tutorial describes only one way and might not be valid any more for further versions of Arch Linux. There are many other ways how to do it.
Note2: The Arch Linux Wiki is the best documentation I have ever seen so far so I totally recommend it in case of need: https://wiki.archlinux.org/index.php/Main_page
Note3: The Lenovo Yoga 2 Pro Arch Linux Wiki Page: https://wiki.archlinux.org/index.php/Lenovo_Ideapad_Yoga_2_Pro
Note4: This guide includes GRUB2 and systemd partition encryption on a higher security default.
Replace values within brackets including the brackets with what you prefer.
First - if you whish to change your keyboard layout (de-latin1):
loadkeys [keySchema]
wifi-menu
sucked so I refered to the wpa_
* commands which worked out of the box.
You might want to refer to https://wiki.archlinux.org/index.php/Network_configuration#Static_IP_address before executing the dhcpcd
command.
Unblock WLAN Switch
rfkill unblock wlan
wpa_passphrase [SSID] [password] > [filePath1][fileName1].conf
wpa_supplicant -B -i wlp1s0 -c [filePath1][fileName1].conf
systemctl start rfkill-unblock@wlp1s0.service
ip link set wlp1s0 up
dhcpcd
-
Get the list of all current packages online and install fish shell (fish shell is optional)
pacman -Sy fish
-
Use fish shell
fish
-
Wipe the HDD
dd if=/dev/zero of=/dev/[device] bs=4M status=progress oflag=sync
-
Create partitioning 1 (boot)
fdisk /dev/[device]
Type as following:
n
[ENTER]
[ENTER]
[ENTER]
+768M
- Create partition 2 (root) Type:
n
[ENTER]
[ENTER]
[ENTER]
[ENTER]
- Write changes
Type:
w
-
Encrypt root partition
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 1000 --use-urandom --verify-passphrase luksFormat /dev/[device]2
-
Open the encrypted partition
cryptsetup luksOpen /dev/[device]2 [mappingName]
-
Create physical volume, volume groupe and logical volumes root / swap (you might want to variate in the partition amount, etc. ) ! Please look up how big your swap should be
pvcreate /dev/mapper/[mappingName]
vgcreate [groupName] /dev/mapper/[mappingName]
lvcreate -L [amount]GB -n swap [groupName]
lvcreate -l 100%FREE -n root [groupName]
-
Setup swap
mkswap -L swap /dev/mapper/[groupName]-swap
-
Format FS of encrypted root partition (in
bash
)
mkfs.ext4 -F -O metadata_csum,64bit /dev/mapper/[groupName]-root
- Format FS of unencrypted boot partition (in
bash
)
mkfs.ext4 -F -O metadata_csum,64bit /dev/[device]1
-
Root
mount /dev/mapper/[groupName]-root /mnt
-
Boot
mkdir /mnt/boot
mount /dev/[device]1 /mnt/boot
mkdir /mnt/hostrun
mount --bind /run /mnt/hostrun
-
Install core packages + additional core pkgs (change if you need others)
pacstrap /mnt base base-devel fish python python2 docker clamav firejail fail2ban rsync btrfs-progs grub efibootmgr snapper git etckeeper reflector acpid cpupower ldns bind unbound expat sshfs intel-ucode
-
Gen fstab
bash
genfstab -pU /mnt >> /mnt/etc/fstab
exit
- Setting up fstab automatically sucks most of the times
nano /mnt/etc/fstab
Edit and replace options for SSDs with the following: rw,async,noatime,discard,data=ordered
- Save settings
arch-chroot /mnt
ln -s /usr/share/zoneinfo/[Region]/[City] /etc/localtime
hwclock --systohc
nano /etc/locale.gen
-
uncomment en_US.UTF-8 (and e.g. de_DE.UTF-8)
-
Save, then generate
locale-gen
-
Replace content (for convenience) in
nano /etc/locale.conf
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
LL_CTYPE=de_DE.UTF-8
LL_NUMERIC=de_DE.UTF-8
LL_COLLATE=de_DE.UTF-8
LL_MONETARY=de_DE.UTF-8
LL_MESSAGES=de_DE.UTF-8
LL_PAPER=de_DE.UTF-8
LL_NAME=de_DE.UTF-8
LL_ADDRESS=de_DE.UTF-8
LL_TELEPHONE=de_DE.UTF-8
LL_MEASUREMENT=de_DE.UTF-8
- and
nano /etc/vconsole.conf
KEYMAP=de-latin1
FONT=lat9w-16
-
Set hostname
nano /etc/hostname
-
Edit hosts
nano /etc/hosts
2.1. and add a line
127.0.1.1 [hostname].localdomain [hostname]
nano /etc/mkinitcpio.conf
- First check the following content:
1.1. MODULES
MODULES=(i915)
1.2. HOOKS - Comment original line out and add:
HOOKS=(keyboard systemd modconf block sd-encrypt sd-lvm2 filesystems fsck)
1.3.1. IF Intel CPU
pacman -S intel-ucode
1.3.2. IF AMD CPU
pacman -S amd-ucode
- Generate
mkinitcpio -p linux
-
Install needed packages
pacman -S grub dosfstools os-prober
-
Mount LVM, in any case
mkdir /run/lvm
mount --bind /hostrun/lvm /run/lvm
-
Execute
grub-install
grub-install --target=i386-pc /dev/[device]
-
Check out UUIDs and copy all /dev/[device]* and /dev/mapper/[Name]* UUIDs to external file (best case)
blkid
-
Edit Grub
nano /etc/default/grub
5.1. Edit/Replace Resolution
GRUB_GFXMODE="1024x768"
5.2. Preload LVM
Add lvm
to GRUB_PRELOAD_MODULES=(...)
.
5.3. lower timeout (optional)
GRUB_TIMEOUT=3
5.4. Replace the existing line with something like this (check params at the end if necessary for your CPU):
GRUB_CMDLINE_LINUX="rd.luks.uuid=[device]2 luks.options=discard rd.lvm.lv=main/main-root rd.lvm.lv=main/main-swap resume=UUID=[enc_swap] root=UUID=[enc_root] fsck.mode=force acpi_osi='!Windows 2012' i915.enable_psr=1 i915.enable_fbc=1 i915.lvds_downclock=1"
5.5.1. Re-Generate
grub-mkconfig -o /boot/grub/grub.cfg
5.5.2. Alternatives
If you do not install on sda-drives but use the newer nvme0n1-ish (m.2) drives, try grub-install /dev/nvme0n1
instead
5.6. Re-Edit root=UUID=[UUID]
at the beginning of every linux
line if it needs to be done (old grub)
nano /boot/grub/grub.cfg
- In the End - repeat (dunno if needed, though)
mkinitcpio -p linux
Missing Points:
- User + Groups
- Sudores
- Secure SSH Setup
- Make Firefox fit for the web, again
- Exit chroot and unmount /mnt
exit
umount -R /mnt
- Reboot your freshly configured Arch Linux device and hope it runs OOB and nobody - wether you nor me - screwed up :P
reboot