ZFSRoot installation over a dm-crypt volume for Arch Linux (UEFI)

Arch-ZFSRoot-on-dm-crypt-UEFI.md

Install Arch Linux on root ZFS filesystem

Pre-installation

Download Arch linux

https://archlinux.org

Create bootable USB (don't add partition number!)

# dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync

Reboot into newly created Arch USB

Installation

Load keymap

# loadkeys be-latin1

Connect to the internet (if not using wired cable)

# wifi-menu

Add the ZFS repo to pacman configuration

# vim /etc/pacman.conf
----------------------
[archzfs]
Server = http://archzfs.com/$repo/$arch

Add the ZFS repo gpg keys to pacman's keyring

# pacman-key -r 0ee7a126
# pacman-key --lsign-key 0ee7a126

Install the zfs-linux and spl-linux packages inside archiso environment

# pacman -Sy linux-headers zfs-dkms spl-dkms

Load the ZFS kernel module and create empty ZFS pool cache file

# modprobe zfs
# touch /etc/zfs/zpool.cache

Partition the disk

# parted /dev/sdx
-----------------
(parted) mklabel gpt
(parted) mkpart ESP fat32 1MiB 513MiB
(parted) set 1 boot on
(parted) mkpart primary ext2 513MiB 99%

Create and open encrypted container on system partition

# cryptsetup luksFormat --type luks2 -v -s 512 /dev/sdx2
# cryptsetup open /dev/sdx2 cryptroot

Create the ZFS pool and base datasets onto encrypted container

canmount=off makes it so actual data is stored inside the parent dataset; but the hierarchical structure exists for possible children.

Double check before you run any of these; not all are necessarily required either

# zpool create -o ashift=12 -o cachefile=/etc/zfs/zpool.cache -m none -R /mnt zroot /dev/mapper/cryptroot
# zfs create -o mountpoint=none -o compression=lz4 zroot/ROOT
# zfs create -o mountpoint=/ zroot/ROOT/default
# zfs create -o canmount=off -o mountpoint=/var -o xattr=sa zroot/ROOT/var
# zfs create -o canmount=off -o mountpoint=/var/lib zroot/ROOT/var/lib
# zfs create -o canmount=off -o mountpoint=/var/lib/systemd zroot/ROOT/var/lib/systemd
# zfs create -o canmount=off -o mountpoint=/usr zroot/ROOT/usr
# zfs create -o mountpoint=/opt zroot/ROOT/opt
# zfs create -o mountpoint=/var/lib/systemd/coredump zroot/ROOT/var/lib/systemd/coredump
# zfs create -o mountpoint=/var/log zroot/ROOT/var/log
# zfs create -o acltype=posixacl -o mountpoint=/var/log/journal zroot/ROOT/var/log/journal
# zfs create -o mountpoint=/home zroot/home
# zfs create -o mountpoint=/root zroot/home/root
# zfs create -o mountpoint=/home/<username> zroot/home/<username>
# zpool set bootfs=zroot zroot
# zfs set relatime=on zroot
# zfs set compression=lz4 zroot

Create swap zvol

# zfs create -V 16G -b 4096 -o logbias=throughput -o sync=always -o primarycache=metadata -o com.sun:auto-snapshot=false zroot/swap
# mkswap -f /dev/zvol/zroot/swap

Export and import (and mount) the new ZFS filesystem into /mnt

# zpool export zroot
# zpool import -R /mnt zroot

Mount /boot into /mnt/boot

# mkdir /mnt/boot
# mount /dev/sdx1 /mnt/boot

Install base Arch Linux system into /mnt

# pacstrap -i /mnt base base-devel

Generate /boot mount options and pipe them into fstab

# loadkeys us
# genfstab -U -p /mnt | grep boot >> /mnt/etc/fstab
# loadkeys be-latin1

Add the swap volume to fstab

# vim /mnt/etc/fstab
--------------------
/dev/zvol/zroot/swap none swap discard 0 0

Chroot into the Arch installation on /mnt

# arch-chroot /mnt /bin/bash

Set locale

# vi /etc/locale.gen
--------------------
Uncomment en_US.UTF-8 UTF-8

# locale-gen

# vi /etc/locale.conf
---------------------
LANG=en_US.UTF-8

Set timezone and time

# rm /etc/localtime
# ln -s /usr/share/zoneinfo/Europe/Brussels /etc/localtime
# hwclock --systohc --utc
# pacman -S ntp
# ntpd -q
# hwclock -w

Install vim

# pacman -S vim

Set console font and keymap more permanently

# pacman -S terminus-font
# vim /etc/vconsole.conf
------------------------
KEYMAP=be-latin1
FONT=ter-112n

Add the ZFS repository to pacman configuration in the actual install too

# vim /etc/pacman.conf
----------------------
[archzfs]
Server = http://archzfs.com/$repo/$arch

Add the ZFS repository gpg keys to pacman's keyring

# pacman-key -r 0ee7a126
# pacman-key --lsign-key 0ee7a126

Update pacman's mirrorlist and prioritize closer mirrors

# vim /etc/pacman.d/mirrorlist
------------------------------
Move i3d.net up to top (with https)

Update package repositories

# pacman -Syu

Install ZFS into new install

# pacman -S linux-headers zfs-dkms spl-dkms

Enable the ZFS system services

# systemctl enable zfs.target
# systemctl enable zfs-import-cache
# systemctl enable zfs-mount

Set max ZFS arc memory usage to 2GB

# vim /etc/modprobe.d/zfs.conf
------------------------------
options zfs zfs_arc_max="2147483648"

Update mkinitcpio hooks to include LUKS disk encryption and ZFS

# vim /etc/mkinitcpio.conf
--------------------------
HOOKS=(base udev autodetect modconf keyboard keymap consolefont block encrypt zfs filesystems)

Regenerate kernel image with the new hooks

# mkinitcpio -p linux

Set root user password

# passwd

Set machine hostname

# vim /etc/hostname
-------------------
<hostname>

Install bootloader

# bootctl --path=/boot install

# vim /boot/loader/loader.conf
------------------------------
default arch
timeout 4
editor 0

Temporarily save system partition UUID into a file for easy copying in vim

# loadkeys us
# blkid /dev/sdx2 > partitionid.txt
# loadkeys be-latin1

Create the main boot entry (add UUID from partitionid.txt)

# vim /boot/loader/entries/arch.conf
------------------------------------
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID>:cryptroot:allow-discards zfs=zroot/ROOT/default rw pcie_aspm=force

Create fallback boot entry (add UUID from partitionid.txt)

# vim /boot/loader/entries/arch-fallback.conf
---------------------------------------------
title Arch Linux Fallback
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options cryptdevice=UUID=<UUID>:cryptroot:allow-discards zfs=zroot/ROOT/default rw

Install some other necessary packages for network, etc, and enable their services

# pacman -S networkmanager openssh tlp smartmontools ethtool networkmanager-openvpn x86_energy_perf_policy
# systemctl enable NetworkManager
# systemctl enable tlp
# systemctl enable tlp-sleep
# systemctl enable fstrim.timer

Fix XPS 13 9343 sound (otherwise linux loads the HDMI sound driver)

# vim /etc/modprobe.d/alsa-base.conf
------------------------------------
options snd_hda_intel index=1,0

Leave chroot environment

# exit

Copy the ZFS cache file into system

# cp /etc/zfs/zpool.cache /mnt/etc/zfs/

Unmount /boot and export the ZFS filesystem

# umount /mnt/boot
# zpool export zroot

Reboot into new install

# reboot

Post-installation

Set up NetworkManager wifi connection

# nmcli d wifi list
# nmcli dev wifi connect <SSID> password <password>
# ping google.com

Install zsh (optional) and create user account

# pacman -S zsh
# useradd -m -G wheel -s /bin/zsh <username>
# zfs allow <username> create,mount,mountpoint,snapshot zroot/home/<username>
# chown -R <username> /home/<username>

Set password for new user

# passwd <username>

Allow users in wheel group to use sudo

# visudo
--------
Uncomment %wheel ALL=(ALL) ALL

Install xorg and other useful packages

# pacman -S rsync xorg-server xf86-video-intel xorg-xinit xorg-xrandr i3 pulseaudio pavucontrol termite conky git libyaml gcc6 imagemagick xorg-xbacklight mpv notify-osd ttf-inconsolata ttf-bitstream-vera ttf-dejavu ttf-droid ttf-fira-mono ttf-fira-sans ttf-freefont ttf-liberation ttf-roboto ttf-ubuntu-font-family

Log out as root and log back in as user

# exit

Copy system xinitrc to home directory and run i3 instead

$ cp /etc/X11/xinit/xinitrc .xinitrc

$ vim .xinitrc
--------------
exec i3

Fix HiDPI scaling

$ gsettings set org.gnome.desktop.interface scaling-factor 2

$ vim .Xresources
-----------------
Xft.dpi: 166
Xft.autohint: false
Xft.hintstyle: hintslight
Xft.lcdfilter: lcddefault
Xft.hinting: true
Xft.antialias: true
Xft.rgba: rgb

Start X11

$ startx

Start a terminal with Alt+Enter

Set keyboard layout

$ setxkbmap be

etc.