| id | aliases | tags | |
|---|---|---|---|
arch_linux_installation_guide |
|
It explains how to install Arch:
- on btrfs with swapfile
- based on LUKS container
- with single device (SSD in my case)
- using systemd-boot as boot loader
- and systemd-networkd + iwd to manage the network
- + some features
All commands you run at your own risk, double-check them!
I would like to thank my friend @wthoutanymmries. This guide wouldn't have appeared if not for his help. I'm glad I have him!
This guide is up to date for 07.2022. It's based on best practices, we thought, as well as many articles from ArchWiki and other official resources.
For me, the main goal was to put together a set of links for each step of the installation. So that this guide can always be easily updated or adapted to other hardware.
- Arch LUKS Btrfs Systemd-boot Systemd-networkd + iwd
- Secret keys
- USB flash installation medium
- Pre-installation
- Connect to the internet
- Verify the boot mode
- Update the system clock
- Select device
- Solid drive clearing
- Define device sector size
- Wipe on an empty disk
- Partition the disks
- Encrypt System Partition
- Format the filesystem
- Create btrfs subvolumes
- Mounting Btrfs subvolumes
- Installation of the main packages
- Configure the system
- Reboot
- Domain name resolution
- Subvolume for user
- References
- TODO
Before a clean install, don't forget to backup your secret keys.
# GPG
gpg --export-secret-keys --armor --output privkey.asc $username
# SSH
cp -r $HOME/.ssh $pathTo import the backup of your private key:
# GPG
gpg --import privkey.asc
# SSH
chmod go-w ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
chown -R $USER ~/.ssharch#GnuPG#Backup your private key
Download archiso and archiso.sig.
archiso=$HOME/Downloads/archlinux-2022.07.01-x86_64.iso
archiso_sig=$HOME/Downloads/archlinux-2022.07.01-x86_64.iso.sig
gpg --auto-key-locate clear,wkd -v --locate-external-key pierre@archlinux.de
gpg --verify $archiso_sig $archiso$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sdc 8:32 1 14.9G 0 disk
...
$ device=/dev/sdc
$ sudo wipefs --all $device
$ sudo dd bs=4M if=$archiso of=$device conv=fsync oflag=direct status=progressarch#USB flash installation medium
iwctl
[iwd] device list
# assume device name is wlan0
[iwd] station wlan0 scan
[iwd] station wlan0 get-networks
# you can skip previous steps if you know your device name and SSID
[iwd] station wlan0 connect CooLWiFi5GIt might be a good idea to create ssh access:
# this is root pswd only for arch.iso
passwd
ip a
ssh root@192.168...$ ls /sys/firmware/efi/efivars
AcpiGlobalVariable-c020489e-6db2-4ef2-9aa5-ca06fc11d36a
ActiveVgaDev-59d1c24f-50f1-401a-b101-f33e0daed443
...# set the time so that later wouldn't find out that the FSs were created in the future
timedatectl set-ntp true && timedatectl set-timezone Europe/Moscow
# recheck
timedatectl status$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 689.8M 1 loop /run/archiso/airootfs
sda 8:0 0 465.8G 0 disk
# set device var for future operations
device=/dev/sda
# recheck
echo $device# tip: clearly formatted summary of all block devices, their partition labels, filesystem lables, UUIDs and partition UUIDS
$ lsblk -o +LABEL,PARTLABEL,UUID,PARTUUIDIf you have an nvme/ssd device, it would be nice to check the article arch#Solid state drive.
In case of SATA drive:
Warning:
- Triple check that the correct drive designation is used. There is no turning back once the command is confirmed. You have been warned.
- Ensure that the drive is not mounted when this is ran. If a secure erase command is issued while the device is mounted, it will not erase properly.
# make sure the drive security is not frozen
$ hdparm -I $device | grep frozen
not frozen
# enable security by setting a user password
$ hdparm --user-master u --security-set-pass PasSWorD $device
security_password: "PasSWorD"
/dev/sda:
Issuing SECURITY_SET_PASS command, password="PasSWorD", user=user, mode=high
# as a sanity check, issue the following command
# the command output should display "enabled"
$ hdparm -I $device
...
Security:
Master password revision code = 65534
supported
**enabled**
not locked
not frozen
not expired: security count
supported: enhanced erase
Security level high
4min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
...
# issue the ATA Secure Erase command
$ time hdparm --user-master u --security-erase PasSWorD $device
security_password: "PasSWorD"
/dev/sda:
Issuing SECURITY_ERASE command, password="PasSWorD", user=user
# recheck the drive security is set to disabled
$ hdparm -I $device
...
Security:
Master password revision code = 65534
supported
**not enabled**
not locked
not frozen
not expired: security count
supported: enhanced erase
4min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
...
$ time xxd -a $device
0000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................
...rebootarch#Solid state drive/Memory cell clearing
ubuntu#best way to wipe a drive
Check that the device report correct sector size. Compare the result with the documentation for the device.
$ device=/dev/sda
$ LC_ALL=C.UTF-8 fdisk -l $device | grep 'Sector size'
Sector size (logical/physical): 512 bytes / 512 bytes
# Ok! It's correct for my Samsung SSD 860 EVO M.2
$ sectorsize=512
$ echo $sectorsizesectorsize used only in boot filesystem (fat32) creation.
Important:
- LUKS2 and btrfs define the sector size automatically if device report it correctly. If not you must define it manually or change it for the device.
- It's possible to change sector size on nvme if needed.
arch#Advanced Format#Setting native sector size
arch#Talk:Advanced Format#Rewrite Advanced Format to a new Sector Sizes page + and related articles to this section
Tip: This step doesn't seem to be necessary if you have already cleaned the drive using the previous method.
Important: MAY BE DESTRUCTIVE TO SOLID DRIVES, need to check related articles
# create a temporary encrypted container on the device/partition
#
# -d
# read the passphrase from file
$ cryptsetup open --type plain -d /dev/urandom $device to_be_wiped
# recheck
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
...
vda 254:0 0 20G 0 disk
└─to_be_wiped 252:0 0 20G 0 crypt
# wipe the container with zeros
$ dd if=/dev/zero of=/dev/mapper/to_be_wiped status=progress
# finally, close the temporary container
$ cryptsetup close to_be_wipedarch#dm-crypt/Drive preparation
The EFI partition can't be encrypted, it can only be signed using Secure Boot, so you must separate it.
# --clear
# clear out all partition data (just in case) :)
$ sgdisk --clear \
--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
--new=2:0:0 --typecode=2:8300 --change-name=2:cryptsystem \
$device
# recheck
$ lsblk -o +PARTLABEL
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS PARTLABEL
...
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 550M 0 part EFI
└─sda2 8:2 0 465.2G 0 part cryptsystemef00— EFI system partition8300— Linux filesystem
Info: reddit#Full disk encryption on an ssd
arch#Encrypting devices with cryptsetup
# formatting LUKS partition
$ cryptsetup luksFormat /dev/disk/by-partlabel/cryptsystem
# Unlocking/Mapping LUKS partitions with the device mapper
$ cryptsetup \
--perf-no_read_workqueue --perf-no_write_workqueue \
--persistent \
open \
/dev/disk/by-partlabel/cryptsystem \
system
# recheck
$ cryptsetup luksDump /dev/disk/by-partlabel/cryptsystem | grep Flags
Flags: no-read-workqueue no-write-workqueue--persistent — to set below flags as device default flags
important! bad! --allow-discards — arch#Discard/TRIM support for solid state drives (SSD) enable periodic TRIM instead
--perf-no_read_workqueue --perf-no_write_workqueue — arch#Disable workqueue for increased solid state drive (SSD) performance
arch#Persistent block device naming:
# tip
$ ls -l /dev/disk/by-partlabel/
total 0
lrwxrwxrwx 1 root root 10 Jun 30 23:31 EFI -> ../../vda1
lrwxrwxrwx 1 root root 10 Jun 30 23:31 cryptsystem -> ../../vda2# recheck
$ lsblk -o +PARTLABEL
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS PARTLABEL
loop0 7:0 0 689.8M 1 loop /run/archiso/airootfs
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 550M 0 part EFI
└─sda2 8:2 0 465.2G 0 part cryptsystem
└─system 254:0 0 465.2G 0 crypt
# `-n` — sets the volume name (label) of the filesystem
$ mkfs.fat -F32 -S $sectorsize -n EFI /dev/disk/by-partlabel/EFI
$ mkfs.btrfs -L system /dev/mapper/system
# recheck
$ blkid
...
/dev/mapper/system: LABEL="system" UUID="e7b7e02a-b671-4725-afab-ca578a88711d" UUID_SUB="e8d65a84-2a8b-492b-9eba-c5481848fd5f" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/sda2: UUID="122f84f9-d51b-4d58-b40d-10706ebfcd6e" TYPE="crypto_LUKS" PARTLABEL="cryptsystem" PARTUUID="3002a751-a48a-4dba-a026-9f4d2a3ce41d"
/dev/sda1: LABEL_FATBOOT="EFI" LABEL="EFI" UUID="4517-7348" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="EFI" PARTUUID="5db1228b-293d-482b-be58-48d6062af92c"arch#btrfs#File system on a single device
My flat layout:
toplevel (volume root directory, to be mounted at /)
+-- _root (subvolume root directory, to be mounted at /)
+-- _srv (subvolume root directory, to be mounted at /srv)
+-- usr/_local (subvolume root directory, to be mounted at /local)
+-- var (directory)
|-- _tmp (subvolume root directory)
|-- _cache (subvolume root directory)
|-- _crash (subvolume root directory)
\-- _log (subvolume root directory)
+-- _swap (subvolume root directory, to be mounted at /swap)
+-- _home (subvolume root directory, to be mounted at /home)
+-- home (directory)
+-- dl2718 (directory)
\-- _cache (subvolume root directory, to be mounted at /home/dl2718/.cache)
Info: User's subvolumes will be created after user. Because it's not a good idea to create $HOME's folders manually. The whole process is described here: Subvolume for user.
Info: Alias for the subvolumes are needed to create an flat layout. I use underscores because I'm annoyed by the "at sign" in naming. But you need to use "at sign" to use Snapper.
# run the bash shell because not all loops work in zsh
# don't forgret `exit` twice at the end of installation
bashmntpoints=( \
'/mnt/' \
'/mnt/srv' \
'/mnt/usr/local' \
'/mnt/var/tmp' \
'/mnt/var/cache' \
'/mnt/var/crash' \
'/mnt/var/log' \
'/mnt/home' \
)
subvols=( \
'_root' \
'_srv' \
'usr/_local' \
'var/_tmp' \
'var/_cache' \
'var/_crash' \
'var/_log' \
'_home' \
)# -t
# fstype
# -L
# mount partition with specified label
mount -t btrfs -L system /mnt
mkdir /mnt/{usr,var}
for subvol in ${subvols[@]}; do
btrfs subvolume create /mnt/$subvol
done
btrfs subvolume create /mnt/_swap
umount -R /mntarch#Snapper#Preventing slowdowns
web#[systemd-devel] systemd and nested Btrfs subvolumes
web#Re: How to rollback a snapshot of a subvolume with nested subvolumes?
archinstall#Consider changing the BTRFS subvolume layout
arch#questions about btrfs cow nocow and tmpfs
reddit#What is the advantage of nodatacow/disabling CoW? And when to use it?
# ssd option just in case
$ btrfsoptions=defaults,noatime,compress=zstd:1,ssd
# recheck
$ echo $btrfsoptions
defaults,noatime,compress=zstd:1,ssd
# not work in archiso's zsh shell
$ for i in ${!mntpoints[@]}; do
echo Mount \'${subvols[$i]}\' to \'${mntpoints[$i]}\'
mount --mkdir \
-t btrfs \
-o subvol=${subvols[$i]},$btrfsoptions \
-L system \
${mntpoints[$i]}
done
$ mount --mkdir \
-t btrfs \
-o subvol=_swap,defaults,ssd \
-L system \
/mnt/swap
# don't forget mount boot device
$ mount --mkdir \
-L EFI \
/mnt/boot
# recheck
$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 465.8G 0 disk
├─sda1 8:1 0 550M 0 part /mnt/boot
└─sda2 8:2 0 465.2G 0 part
└─system 254:0 0 465.2G 0 crypt /mnt/swap
/mnt/home
/mnt/var/log
/mnt/var/crash
/mnt/var/cache
/mnt/var/tmp
/mnt/usr/local
/mnt/srv
/mnt
...noatime — no new access time information (btrfs#NOTES ON GENERIC MOUNT OPTIONS)
compress=zstd:1 — fedora#Changes/BtrfsTransparentCompression
compress=lzo — fastest (btrfs#compression)
reddit#What are optimal btrfs mount options / best practices
pacstrap /mnt base linux linux-firmwareCreate an arch#fstab filesystem table file.
# -L
# using labels to identify the filesystems
# -p
# exclude pseudofs mounts
$ genfstab -L -p /mnt >> /mnt/etc/fstab
# recheck
$ cat /mnt/etc/fstab
...
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system / btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=256,subvol=/_root 0 0
# /dev/sda1 UUID=BDB9-B057
LABEL=EFI /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /srv btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=257,subvol=/_srv 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /usr/local btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=258,subvol=/usr/_local 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /var/tmp btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=261,subvol=/var/_tmp 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /var/cache btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=262,subvol=/var/_cache 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /var/crash btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=263,subvol=/var/_crash 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /var/log btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=264,subvol=/var/_log 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /home btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvolid=259,subvol=/_home 0 0
# /dev/mapper/system UUID=50e93849-c198-4808-91c5-cb9e1dba53cc
LABEL=system /swap btrfs rw,relatime,compress=zstd:1,ssd,space_cache=v2,subvolid=260,subvol=/_swap 0 0arch-chroot /mnt# enabling the timer will activate the service weekly
systemctl enable fstrim.timer
# recheck after reboot
systemctl list-timersdigitalocean#How To Configure Periodic TRIM for SSD Storage on Linux Servers
$ pacman -S btrfs-progs
$ swapfilepath=/swap/swapfile
# clear /swapfile to 0 bytes
$ truncate -s 0 $swapfilepath
# set the No_COW attribute
$ chattr +C $swapfilepath
# preallocate space to /swapfile (determine the size from the link below)
# $ fallocate -l 24G /swapfile # not good approach
$ size_in_MiB=24576
$ dd if=/dev/zero of=$swapfilepath bs=1M count=$size_in_MiB status=progress
# tighten up permissions to -rwx------
$ chmod 0700 /swap
# tighten up permissions to -rw-------
$ chmod 0600 $swapfilepath
# recheck
$ ls -lsh $swapfilepath
24G -rw------- 1 root root 24G Jul 14 18:22 /swap/swapfile
# recheck
$ lsattr $swapfilepath
---------------C------ /swap/swapfile
# format it to swap
$ mkswap -U clear $swapfilepath
# activate the swap file
$ swapon $swapfilepath
# edit the fstab configuration to add an entry for the swap file
$ cat << EOF >> /etc/fstab
$swapfilepath none swap defaults 0 0
EOF
# recheck
$ cat /etc/fstab
...
/swap/swapfile none swap defaults 0 0
# recheck
$ cat /proc/swaps
Filename Type Size Used Priority
/swap/swapfile file 25165820 0 -2# set th time zone
ln -sf /usr/share/zoneinfo/Europe/Moscow /etc/localtime
# run `hwclock` to generate `/etc/adjtime`
hwclock --systohcarch#hwclock(8) assumes the hardware clock is set to UTC. See arch#System time#Time standard for details.
# edit `/etc/locale.gen`
cat << EOF >> /etc/locale.gen
en_US.UTF-8 UTF-8
ru_RU.UTF-8 UTF-8
EOF
# generate the locales
locale-gencat << EOF > /etc/locale.conf
LANG=en_US.UTF-8
EOF
# recheck
cat /etc/locale.conf# @wthoutanymmries has good taste in fonts
# it will show on load due to the sd-vconsole HOOK
pacman -S terminus-font
cat << EOF > /etc/vconsole.conf
KEYMAP=ru
FONT=ter-u14n
EOF
# recheck
cat /etc/vconsole.confcat << EOF
Hello
World
EOFstackoverflow#How does "<<" operator work in linux shell?
stackoverflow#How to cat <<EOF >> a file containing code?
# create the hostname file
$ cat << EOF > /etc/hostname
machine
EOF
# local hostname resolution
$ cat << EOF > /etc/hosts
127.0.0.1 localhost
::1 localhost
127.0.1.1 machine
EOF
# recheck
$ getent hosts
127.0.0.1 localhost
127.0.0.1 localhost
127.0.1.1 machine# WLAN
pacman -S iwd
mkdir /etc/iwd
cat << EOF > /etc/iwd/main.conf
[General]
EnableNetworkConfiguration=true
[Network]
NameResolvingService=systemd
[Service]
ExecStartPre=/usr/bin/sleep 2
EOF
# recheck
cat /etc/iwd/main.conf
# Wireless device is not renamed by udev
cat << EOF > /usr/lib/systemd/network/80-iwd.link
[Match]
Type=wlan
[Link]
NamePolicy=keep kernel
EOF
# recheck
cat /usr/lib/systemd/network/80-iwd.linksystemctl enable iwd
systemctl enable systemd-networkd
systemctl enable systemd-resolved# LAN
# to list the devices on the system
networkctl list
# set your lan device name
lan_device=enp2s0
cat << EOF > /etc/systemd/network/20-wired.network
[Match]
Name=$lan_device
[Network]
DHCP=yes
EOF
# recheck
cat /etc/systemd/network/20-wired.networkreddit#Network Configuration recommendation
arch#Local hostname resolution
arch#systemd-networkd (Русский)
# delete old HOOKS
sed -e '/^HOOKS/d' /etc/mkinitcpio.conf -i
# btrfs hook is not required for using Btrfs on a single device
# take this list from arch#dm-crypt/System configuration#mkinitcpio
cat << EOF >> /etc/mkinitcpio.conf
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
EOF
# recheck
cat /etc/mkinitcpio.conf
mkinitcpio -Parch#dm-crypt/System configuration#mkinitcpio
arch#Btrfs#Multi-device file system
arch#Power management/Suspend and hibernate#Configure the initramfs
pacman -S gcc wget
wget -q https://raw.githubusercontent.com/osandov/osandov-linux/master/scripts/btrfs_map_physical.c
gcc -O2 -o btrfs_map_physical btrfs_map_physical.c
physical_offset=$(./btrfs_map_physical $swapfilepath | sed -n '2p' | grep -Eo '[0-9]+$')
pagesize=$(getconf PAGESIZE)
resume_offset=$(expr $physical_offset / $pagesize)
# recheck
echo $resume_offset
rm btrfs_map_physical btrfs_map_physical.c$ bootctl install
$ systemctl enable systemd-boot-update.service
$ pacman -S intel-ucode
$ cat << EOF > /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=$(blkid /dev/disk/by-partlabel/cryptsystem -s UUID -o value)=cryptsystem rd.luks.options=password-echo=no resume=LABEL=system resume_offset=$resume_offset root=LABEL=system rootflags=subvol=_root rw nowatchdog
EOF
# recheck
cat /boot/loader/entries/arch.conf# options
# LUCKS
# rd.luks.name=$(blkid /dev/disk/by-partlabel/cryptsystem -s UUID -o value)=cryptsystem
# rd.luks.options=password-echo=no
# HIBERNATION
# resume=LABEL=system
# resume_offset=$resume_offset
# KERNEL
# root=LABEL=system
# rootflags=subvol=root
# quiet splash
# rw
# nowatchdogLoader configuration — loader.conf
# console-mode
# This option configures the resolution of the console.
# 1
# 80x50 mode, not supported by all devices
# max
# Pick the highest-numbered available mode
# ...
cat << EOF > /boot/loader/loader.conf
default arch.conf
timeout 4
console-mode 1
editor no
EOF
# recheck
cat /boot/loader/loader.confcat << EOF > /etc/modprobe.d/nowatchdog.conf
blacklist iTCO_wdt
EOF
# recheck new configuration after reboot
cat /proc/sys/kernel/watchdog
# OR
wdctlarch#dm-crypt/System configuration#Using sd-encrypt hook
- arch#systemd-cryptsetup-generator
- arch#crypttab
- bad!
discard— allow discard requests to be passed through the encrypted block device. This improves performance on SSD storage but has security implications. password-echo=no
- bad!
arch#Hibernation into swap file
arch#Hibernation into swap file on Btrfs
arch#Kernel parameters#systemd-boot
arch#Btrfs#Mounting subvolume as root
arch#Improving performance#Watchdogs
# root password
$ passwd
# user
username=dl2718
# -m
# create with home dir
$ useradd -m $username
$ passwd $username
$ usermod -aG wheel $username# sudo
pacman -S sudo
cat << EOF | EDITOR='tee -a' visudo
%wheel ALL=(ALL:ALL) ALL
Defaults timestamp_timeout=0
Defaults insults
EOF
# recheck
cat /etc/sudoersinsults give you some motivation :)
pacman -S openssh vim man-dbWarning: Attempting to unmount with umount -l in this situation will break your session, requiring a reboot (arch#chroot#Using arch-chroot).
# exit twice because of bash shell in zsh shell
exit && exit
umount -R /mnt
# OR (if the swapfile is busy)
umount -Rl /mnt
#recheck
lsblk
rebootImportant: It makes no sense to do it in arch-chroot.
# to provide domain name resolution for software
# that reads `/etc/resolv.conf` directly
ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf# root user
su
# set user's home dir
username=dl2718
# ssd option just in case
btrfs_cache_options=defaults,noatime,ssd
# recheck
echo $btrfsoptions
mntpoints=( \
'/home/'$username'/.cache' \
)
subvols=( \
'home/'$username'/_cache' \
)
mount -t btrfs -L system /mnt
mkdir -p /mnt/home/$username
for subvol in ${subvols[@]}; do
btrfs subvolume create /mnt/$subvol
done
umount -R /mnt
# recheck
btrfs subvolume list /# -d
# treat all arguments as directory names
# -o
# set ownership
# -g
# set group ownership
# -m
# set permission mode
for mntpoint in ${mntpoints[@]}; do
install -d -o $username -g $username -m 700 $mntpoint
done
for i in ${!mntpoints[@]}; do
echo Mount \'${subvols[$i]}\' to \'${mntpoints[$i]}\'
mount \
-t btrfs \
-o subvol=${subvols[$i]},$btrfs_cache_options \
-L system \
${mntpoints[$i]}
done
pacman -S arch-install-scripts
# this command will rewrite your fstab
genfstab -L -p / > /etc/fstab
# reload system files to apply new /etc/fstab
systemctl daemon-reload-
arch#dm-crypt articles overview
Suspend and hibernate:
# hibernation should work
sudo systemctl hibernateSecure Boot:
ⓒ all rights not reserved