Last active
March 5, 2020 14:37
-
-
Save aknackd/ca8a741194f5229a6b116f4a25a074e0 to your computer and use it in GitHub Desktop.
Install Arch Linux on UEFI system with an encrypted LVM
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## | |
## Parts taken from | |
## https://gist.github.com/mattiaslundberg/8620837 | |
## https://gist.github.com/binaerbaum/535884a7f5b8a8697557 | |
## | |
## Prefixes: | |
## archiso> - While booted in the Arch ISO | |
## chroot> - During setup after `arch-chroot` | |
## sh> - In shell, after setup has been completed (and Arch ISO unmounted) | |
## Create partitions for a 60GiB drive | |
archiso> parted /dev/sda | |
archiso> parted -- mklabel gpt | |
archiso> parted -- mkpart ESP fat32 1MiB 512MiB # /boot (/dev/sda1 - ~ 536 MiB) | |
archiso> parted -- set 1 boot on | |
archiso> parted -- mkpart primary ext4 513MiB -0 # LVM (/dev/sda2 - ~ 54.5 GiB) | |
archiso> mkfs.vfat -F32 /dev/sda1 | |
## Setup /dev/sda2 to be encrypted LVM that holds our LVM | |
archiso> cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sda2 | |
archiso> cryptsetup luksOpen /dev/sda2 luks | |
## Create physical volume, volume group, and logical volumes | |
archiso> pvcreate /dev/mapper/luks | |
archiso> vgcreate vg0 /dev/mapper/luks | |
archiso> lvcreate --size 2G vg0 --name swap | |
archiso> lvcreate --size 15G vg0 --name home | |
archiso> lvcreate --size 20G vg0 --name docker | |
archiso> lvcreate -l +100%FREE vg0 --name root | |
## Format partitions | |
archiso> mkfs.ext4 /dev/mapper/vg0-home | |
archiso> mkfs.btrfs /dev/mapper/vg0-docker | |
archiso> mkfs.ext4 /dev/mapper/vg0-root | |
archiso> mkswap /dev/mapper/vg0-swap | |
archiso> swapon /dev/mapper/vg0-swap | |
## Mount partitions into /mnt for setup | |
archiso> mount /dev/mapper/vg0-root /mnt | |
archiso> mkdir -p /mnt/{boot,home,var/lib/docker} | |
archiso> mount /dev/sda1 /mnt/boot | |
archiso> mount /dev/mapper/vg0-home /mnt/home | |
archiso> mount /dev/mapper/vg0-docker /mnt/var/lib/docker | |
## Bootstrap installation and generate fstab | |
archiso> pacstrap -i /mnt base linux linux-firmware lvm2 vim sudo | |
archiso> genfstab -pU /mnt >> /mnt/etc/fstab | |
#### change `relatime` to `noatime` for all partitions *except* /boot and /boot/efi | |
archiso> vim /mnt/etc/fstab | |
archiso> printf "\ntmpfs /tmp tmpfs nodev,noexec,nosuid,noatime,size=2G,mode=1700 0 0\n" >> /mnt/etc/fstab | |
## Chroot into installation and finish setup | |
archiso> arch-chroot /mnt /bin/bash | |
## Setup locale | |
chroot> vim /etc/locale.gen # uncomment "en_US.UTF-8 UTF-8" | |
chroot> locale-gen | |
chroot> echo LANG=en_US.UTF-8 >> /etc/locale.conf | |
chroot> echo LC_ALL= >> /etc/locale.conf | |
## Setup timezone | |
chroot> ln -nfs /usr/share/zoneinfo/America/Chicago /etc/localtime | |
chroot> hwclock --systohc --utc | |
## Setup hostname | |
chroot> echo $HOSTNAME > /etc/hostname | |
## Generate initrd image - Add `ext4 btrfs` to MODULES, `encrypt lvm2` to HOOKS before `filesystems` | |
chroot> vim /etc/mkinitcpio.conf | |
chroot> mkinitcpio -p linux | |
## install bootloader | |
chroot> pacman -Syu efibootmgr | |
chroot> efivar -l | |
chroot> bootctl --path=/boot install | |
chroot> cat << __EOF__ > /boot/loader/entries/arch.conf | |
title Arch Linux | |
linux /vmlinuz-linux | |
initrd /initramfs-linux.img | |
options cryptdevice=PARTUUID=$(blkid -s PARTUUID -o value /dev/sda2):vg0 root=/dev/mapper/vg0-root quiet rw | |
__EOF__ | |
chroot> cat << __EOF__ > /boot/loader/loader.conf | |
default arch | |
timeout 5 | |
editor 0 | |
> __EOF__ | |
## If installing as VirtualBox guest | |
chroot> pacman -Syu virtualbox-guest-utils virtualbox-guest-modules-arch | |
chroot> systemctl enable vboxservice.service | |
## enable dhcpcd for internet connectivity on bootup | |
chroot> pacman -Syu dhcpcd inetutils | |
chroot> ip link | |
chroot> systemctl enable dhcpcd@${INTERFACE} # $INTERFACE is likely enp0s3 | |
## Set root password and create user | |
chroot> passwd | |
chroot> useradd -m -d /home/$USER $USER | |
chroot> passwd $USER | |
chroot> usermod -G wheel $USER | |
chroot> cat << __EOF__ > /etc/sudoers.d/wheel | |
%wheel ALL=(ALL) ALL | |
__EOF__ | |
## Cleanup and shutdown | |
chroot> exit | |
archiso> umount -R /mnt | |
archiso> swapoff -a | |
archiso> shutdown -r now | |
## -- On reboot -- ## | |
## Setup reflector to automatically update after pacman-mirrorlist is updated | |
sh> sudo pacman -Syu reflector | |
sh> sudo cp -p /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig | |
sh> sudo reflector --verbose -l 20 -p https --sort rate --country 'United States' --save /etc/pacman.d/mirrorlist | |
sh> mkdir -p /etc/pacman.d/hooks | |
sh> cat << __EOF__ > /etc/pacman.d/hooks/mirrorupgrade.hook | |
> [Trigger] | |
> Operation = Upgrade | |
> Type = Package | |
> Target = pacman-mirrorlist | |
> | |
> [Action] | |
> Description = Updating pacman-mirrorlist with reflector and removing pacnew... | |
> When = PostTransaction | |
> Depends = reflector | |
> Exec = /usr/bin/env sh -c "reflector --country 'United States' -l 20 --age 24 -p https --sort rate --save /etc/pacman.d/mirrorlist; rm -f /etc/pacman.d/mirrorlist.pacnew" | |
> __EOF__ | |
## Setup xorg | |
sh> sudo pacman -Syu xorg xorg-xinit rofi i3lock ttf-{inconsolata,droid,anonymous-pro,hack,fira-{mono,sans}} | |
## Install packages from AUR using yay | |
sh> mkdir -p $HOME/packages | |
sh> git clone https://aur.archlinux.org/yay.git $HOME/Packages/yay | |
sh> cd $HOME/Packages/yay | |
sh> makepkg -s | |
sh> sudo pacman -U yay-*.pkg.tar.xz |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment