Skip to content

Instantly share code, notes, and snippets.

@fervic

fervic/luks_btrfs.sh

Forked from gutoandreollo/arch_setup.sh
Last active April 6, 2022 19:02
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save fervic/c0a5eea4cf31a0a31fa5af57ba38f8ab to your computer and use it in GitHub Desktop.
Save fervic/c0a5eea4cf31a0a31fa5af57ba38f8ab to your computer and use it in GitHub Desktop.
Download ZIP
Installing Arch Linux with an encrypted btrfs root, with GPT and UEFI support
Raw
luks_btrfs.sh
# Install arch linux in an encrypted btrfs partition with GPT and UEFI support, gummiboot and hibernate/resume support
# sources:
# http://hole.tuziwo.info/install-arch-linux-on-uefi-gpt-computer-with-btrfs-support.html
# http://www.brunoparmentier.be/blog/how-to-install-arch-linux-on-an-encrypted-btrfs-partition.html
# https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption
# Take note of this:
# - The first thing you need is to identify which disk you're going to use. For the purpose of this guide, it will be /dev/sdX
# Be VERY CAREFUL if you have more than one disk on your computer, and DOUBLE CAREFUL if one of them is the one with your backups
# - Since btrfs does not support swapfiles (yet), we'll create a swap partition. In this guide, it will NOT be encrypted
# This means that, if you hibernate your notebook, even if you have your whole root encrypted, when you resume,
# it will come back ALREADY UNLOCKED.
# - This doc expects you kinda know what you're doing already, and just needs the steps to guide you thru it.
# 1 - set the setup environment how we like it
loadkeys br-abnt2
setfont Lat2-Terminus16
# 2 - wipe your existing disk with random data
# Wiping your disk is an optional step. This is supposed to make your data harder to eventually recover via cryptoanalysis.
# If you're not worried about this, and just want to make sure that whoever steals your notebook doesn't look into your
# cat pictures, then feel free to skip to Partitioning below.
# Relevant XKCD: https://xkcd.com/538/
# wipe the SSD with randomness
cryptsetup open --type plain /dev/sdX container
dd if=/dev/zero of=/dev/mapper/container
# go grab yourself some coffee or watch an episode of Doctor Who, this WILL take a while.
cryptsetup luksClose container
# 3 - Partitioning:
gdisk /dev/sdX
# sdX1 = /boot, sdX2 = SWAP, sdX3 = encrypted root
# for the SWAP partition below, try and make it a bit bigger than your RAM, for hybernating
# o ,
# n , [enter] , [enter], +512M , EF00 ,
# n , [enter] , [enter], +8G, 8200,
# n , [enter] , [enter], [enter] , [enter] ,
# w
# 4 - Formatting the partitions:
# the first one is our ESP partition, so for now we just need to format it
mkfs.vfat -F32 -n "EFI" /dev/sdX1
# the second one will be our swap partition:
mkswap -L swap /dev/sdX2
# the third one one will be our encrypted root
# first, we need to prepare the encrypted (outer) volume
cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/sdX3
# I really hope I don't have to lecture you on NOT LOSING this password, lest all of your data will be forever inaccessible, right?
# then, we actually open it as a block device, and format the inner volume
cryptsetup luksOpen /dev/sdX3 root
mkfs.btrfs -L "Arch Linux" /dev/mapper/root
# 5 - Mount the partition
mkdir -p /mnt/btrfs-root
mount -o defaults,relatime,space_cache /dev/mapper/root /mnt/btrfs-root
mkdir -p /mnt/btrfs-root/__active
mkdir -p /mnt/btrfs-root/__snapshot
# 6 - Create btrfs subvolumes
cd /mnt/btrfs-root
btrfs subvolume create __active/rootvol
btrfs subvolume create __active/home
btrfs subvolume create __active/var
btrfs subvolume create __active/opt
# 7 - Create mountpoints and mount the btrfs subvolumes on the correct hierarchy
mkdir -p /mnt/btrfs-active
mount -o defaults,nodev,relatime,space_cache,subvol=__active/rootvol /dev/mapper/root /mnt/btrfs-active
# create the mountpoints and mount separately /home, /opt, /var and /var/lib
mkdir -p /mnt/btrfs-active/{home,opt,var,var/lib,boot}
mount -o defaults,nosuid,nodev,relatime,subvol=__active/home /dev/mapper/root /mnt/btrfs-active/home
mount -o defaults,nosuid,nodev,relatime,subvol=__active/opt /dev/mapper/root /mnt/btrfs-active/opt
mount -o defaults,nosuid,nodev,noexec,relatime,subvol=__active/var /dev/mapper/root /mnt/btrfs-active/var
# /var/lib is special, since it's very useful for snapshots of it to be part of the active root volume.
# To manage that, we bind-mount the directory from the "rootvol" subvolume back inside the var subvolume
mkdir -p /mnt/btrfs-active/var/lib
mount --bind /mnt/btrfs-root/__active/rootvol/var/lib /mnt/btrfs-active/var/lib
# you need to make sure that this directory exists, there's a step below for that
# 8 - Mount the EFI partition
# we're using /boot here, not /boot/efi as some suggest, since our / is encrypted.
# apparently, grub2 can manage this, but I haven't been able to replicate it.
mount -o defaults,nosuid,nodev,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro /dev/sdX1 /mnt/btrfs-active/boot
# 9 - now that the filesystem layout is of our liking, we install arch
# (this is the time where you change the mirrorlist, if that's your thing)
# for simplicity, I'm just installing what's really needed at this point.
pacstrap /mnt/btrfs-active base base-devel btrfs-progs
# 10 - generate the fstab and then manually edit it
# genfstab doesn't really understand the bind-mount
genfstab -U -p /mnt/btrfs-active >> /mnt/btrfs-active/etc/fstab
vi /mnt/btrfs-active/etc/fstab
# it should look kinda like this:
"""
# /dev/sdX1 LABEL=EFI
UUID=1234-ABCD /boot vfat rw,nosuid,nodev,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro,discard 0 2
# /dev/sdX2 LABEL=Arch\x20Linux
UUID=44444444-4444-4444-4444-4444444444444 / btrfs rw,nodev,relatime,ssd,discard,space_cache,subvol=__active/rootvol 0 0
UUID=44444444-4444-4444-4444-4444444444444 /home btrfs rw,nodev,nosuid,relatime,ssd,discard,space_cache,subvol=__active/home 0 0
UUID=44444444-4444-4444-4444-4444444444444 /opt btrfs rw,nodev,nosuid,relatime,ssd,discard,space_cache,subvol=__active/opt 0 0
UUID=44444444-4444-4444-4444-4444444444444 /var btrfs rw,nodev,nosuid,noexec,relatime,ssd,discard,space_cache,subvol=__active/var 0 0
UUID=44444444-4444-4444-4444-4444444444444 /run/btrfs-root btrfs rw,nodev,nosuid,noexec,relatime,ssd,discard,space_cache 0 0
/run/btrfs-root/__active/rootvol/var/lib /var/lib none bind 0 0
tmpfs /tmp tmpfs rw,nodev,nosuid 0 0
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec 0 0
"""
# 11 - chroot into the newly installed system:
arch-chroot /mnt/btrfs-active bash
# 12 - Set up your minimum environment as you wish (as per the Beginner's Guide)
# 12a - timezone
ln -sf /usr/share/zoneinfo/America/Costa_Rica /etc/localtime
hwclock --systohc
# 12b - locale
# Uncomment en_US.UTF-8 UTF-8 in /etc/locale.gen, then
locale-gen
vi /etc/locale.conf
"""
LANG=en_US.UTF-8
"""
# 12c - hostname
vi /etc/hostname
"""
<myhostname>
"""
vi /etc/hosts
"""
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
127.0.1.1 <myhostname>.localdomain <myhostname>
"""
# 12d - root password
passwd
# 12e - networks
pacman -S connman wpa_supplicant
# 12f - console
# follow the Beginner's Guide up until 'Install and configure a bootloader'. You know the drill.
# 13 - now, create the /run directory where btrfs-root will eventually be mounted
# this is the step that (7) above was refering.
mkdir -p /run/btrfs-root
# 14 - fix the mkinitcpio.conf to contain what we actually need.
vi /etc/mkinitcpio.conf
# on the MODULES section, add "vfat aes_x86_64 crc32c-intel" (and whatever else you know your hardware needs. Mine needs i915 too)
# on the BINARIES section, add "/usr/bin/btrfsck", since it's useful to have in case your filesystem has troubles
# on the HOOKS section:
# - add "resume" after "udev" (IF and ONLY IF you want to enable resume support)
# - add "encrypt" before "filesystems"
# - remove "fsck" and
# - add "btrfs" at the end
# 15 - re-generate your initrd images:
mkinitcpio -p linux
# 16 - use bootctl as a bootloader
bootctl --path=/boot install
# 17 - set the bootloader global options
vi /boot/loader/loader.conf
# it should contain:
"""
default arch
timeout 4
editor 0
"""
# 18 - set the bootloader entries
# "arch.conf" is related to "arch" above.. if you your default in /boot/loader/loader.conf is called "bob", this should be "entries/bob.conf"
vi /boot/loader/entries/arch.conf
# now, for this one, a little bit of explaining is needed
# first, get your hands of the output of blkid, specifically the UUIDs of each block device.
# (the easy way to do this is lsblk -f > /boot/loader/entries/arch.conf, and then edit the file and leave it out as comments)
# for this example, I'm going to mark them like this:
# /dev/sdX1 LABEL="EFI" UUID=11111111-1111-1111-1111-111111111111
# /dev/sdX2 LABEL="SWAP" UUID=22222222-2222-2222-2222-222222222222
# /dev/sdX3 LABEL="encrypted root" UUID=33333333-3333-3333-3333-333333333333
# /dev/mapper/root LABEL="Arch Linux" UUID=44444444-4444-4444-4444-444444444444
# now, keep these in mind:
# - 444444... should be the UUID that is present on your fstab, identifying the volume you're mounting. this is your inner encrypted volume
# - 33333... is the OUTER UUID of your encrypted volume, the actual primary partition on your disk
# - your DECRYPTED (inner) volume will show as /dev/mapper/luks-3333... . This way, you know which inner volume is inside which outer volume
# - 2222.... is the swap partition, where you'll be resuming from
"""
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=33333333-3333-3333-3333-333333333333:luks-33333333-3333-3333-3333-333333333333 root=UUID=44444444-4444-4444-4444-444444444444 rootflags=subvol=__active/rootvol quiet resume=UUID=22222222-2222-2222-2222-222222222222 ro
"""
# 19 - Proceed with the configuration as from the beginner's guide, if you still need anything
# 20 - reboot into your new install
reboot
# 21 - after rebooting and entering your password, finish setting up arch the way you want it.
# 22 - ????
# 23 - Profit
Raw
luks_lvm_btrfs.sh
# Install arch linux in an encrypted btrfs partition with GPT and UEFI support, bootctl and hibernate/resume support
# sources:
# http://hole.tuziwo.info/install-arch-linux-on-uefi-gpt-computer-with-btrfs-support.html
# http://www.brunoparmentier.be/blog/how-to-install-arch-linux-on-an-encrypted-btrfs-partition.html
# https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption
# https://fogelholk.io/installing-arch-with-lvm-on-luks-and-btrfs/
# Take note of this:
# - The first thing you need is to identify which disk you're going to use. For the purpose of this guide, it will be /dev/sdX
# Be VERY CAREFUL if you have more than one disk on your computer and DOUBLE CAREFUL if one of them is the one with your backups
# - Since btrfs does not support swapfiles (yet), we'll create a swap partition.
# - This doc expects you kinda know what you're doing already and you just need the steps to guide you thru it.
# 1 - Check the disks to find out which is the one we want to install to
lsblk
# 2 - Wipe your existing disk with random data
# Wiping your disk is an optional step. This is supposed to make your data harder to eventually recover via cryptoanalysis.
# If you're not worried about this, and just want to make sure that whoever steals your notebook doesn't look into your
# cat pictures, then feel free to skip to Partitioning below.
# Relevant XKCD: https://xkcd.com/538/
# wipe the SSD with randomness
cryptsetup open --type plain /dev/sdX container
dd if=/dev/zero of=/dev/mapper/container
# go grab yourself some coffee or watch an episode of Doctor Who, this WILL take a while.
cryptsetup luksClose container
# 3 - Partitioning:
gdisk /dev/sdX
# sdX1 = /boot, sdX2 = encrypted root with LVM mounted on top
# > Command (? for help): o (Create a new empty GUID partition table (GPT))
# > Proceed? (Y/N): Y
#
# > Command (? for help): n (Add a new partition)
# Partition number (1-128, default 1): 1
# First sector: 2048 (default)
# Last sector: +512M
# Hex code or GUID: EF00
#
# > Command (? for help): n (Add a new partition)
# Partition number (2-128, default 2): 2
# First sector: 1050624 (default)
# Last sector: (press Enter to use remaining disk)
# Hex code or GUID: 8E00
#
# And it looks like this:
# > Command (? for help): p (Print):
# Number Start (sector) End (sector) Size Code Name
# 1 2048 1050623 512.0 MiB EF00 EFI System
# 2 1050624 XXXXXXXXX XXX.X GiB 8E00 Linux LVM
#
# Then save and quit:
# > Command (? for help): w (Write)
# > Do you want to proceed? (Y/N): Y
# 4 - Set up the encrypted container
cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/sdX2
cryptsetup luksOpen /dev/sdX2 lvm
# 5 - Create the LVM physical volume:
pvcreate /dev/mapper/lvm
# 6 - Create the LVM volume group:
vgcreate lvmvg /dev/mapper/lvm
# 7 - Create the LVM logical volumes:
lvcreate -L 8G lvmvg -n swapvol
lvcreate -l 100%Free lvmvg -n rootvol
# The result should look something like this (lsblk)
# sdX 8:16 1 57.7G 0 disk
# ├─sdX1 8:17 1 512M 0 part
# └─sdX2 8:18 1 57.2G 0 part
# └─lvm 254:1 0 57.2G 0 crypt
# ├─lvmvg-swapvol 254:2 0 8G 0 lvm
# └─lvmvg-rootvol 254:3 0 49.2G 0 lvm
# 8 - Formatting the partitions:
# The first one is our ESP partition, so for now we just need to format it
mkfs.vfat -F32 -n "EFI" /dev/sdX1
# The second one will be our swap logical volume:
mkswap -L swap /dev/mapper/lvmvg-swapvol
swapon /dev/mapper/lvmvg-swapvol
# The third one one will be root logical volume:
mkfs.btrfs -L "Arch Linux" /dev/mapper/lvmvg-rootvol
# 9 - Mount the partition
mkdir -p /mnt/btrfs-root
mount -o defaults,relatime,space_cache,ssd,compress=lzo /dev/mapper/lvmvg-rootvol /mnt/btrfs-root
mkdir -p /mnt/btrfs-root/__active
mkdir -p /mnt/btrfs-root/__snapshot
# 10 - Create btrfs subvolumes
cd /mnt/btrfs-root
btrfs subvolume create __active/rootvol
btrfs subvolume create __active/home
btrfs subvolume create __active/var
btrfs subvolume create __active/opt
# 11 - Create mountpoints and mount the btrfs subvolumes on the correct hierarchy
mkdir -p /mnt/btrfs-active
mount -o compress=lzo,defaults,nodev,relatime,space_cache,ssd,subvol=__active/rootvol /dev/mapper/lvmvg-rootvol /mnt/btrfs-active
# create the mountpoints and mount separately /home, /opt, /var and /var/lib
mkdir -p /mnt/btrfs-active/{home,opt,var,var/lib,boot}
mount -o defaults,nodev,nosuid,relatime,ssd,subvol=__active/home /dev/mapper/lvmvg-rootvol /mnt/btrfs-active/home
mount -o defaults,nodev,nosuid,relatime,ssd,subvol=__active/opt /dev/mapper/lvmvg-rootvol /mnt/btrfs-active/opt
mount -o defaults,nodev,noexec,nosuid,relatime,ssd,subvol=__active/var /dev/mapper/lvmvg-rootvol /mnt/btrfs-active/var
# /var/lib is special, since it's very useful for snapshots of it to be part of the active root volume.
# To manage that, we bind-mount the directory from the "rootvol" subvolume back inside the var subvolume
mkdir -p /mnt/btrfs-active/var/lib
mount --bind /mnt/btrfs-root/__active/rootvol/var/lib /mnt/btrfs-active/var/lib
# you need to make sure that this directory exists, there's a step below for that
# 12 - Mount the EFI partition
# we're using /boot here, not /boot/efi as some suggest, since our / is encrypted.
# apparently, grub2 can manage this, but I haven't been able to replicate it.
mount -o defaults,nosuid,nodev,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro /dev/sdX1 /mnt/btrfs-active/boot
# 13 - Now that the filesystem layout is of our liking, we install arch
# (this is the time where you change the mirrorlist, if that's your thing)
# for simplicity, I'm just installing what's really needed at this point.
pacstrap /mnt/btrfs-active base base-devel btrfs-progs neovim sudo wpa_supplicant
# Note: you should also add 'intel-ucode' for Intel processors.
# 14 - generate the fstab and then manually edit it
# genfstab doesn't really understand the bind-mount
genfstab -U -p /mnt/btrfs-active >> /mnt/btrfs-active/etc/fstab
vi /mnt/btrfs-active/etc/fstab
# it should look kinda like this:
"""
# LABEL=EFI
UUID=YYYY-YYYY /boot vfat rw,nosuid,nodev,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 2
# /dev/mapper/lvmvg-rootvol LABEL=Arch\134x20Linux
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / btrfs rw,nodev,relatime,compress=lzo,ssd,space_cache,subvolid=257,subvol=__active/rootvol 0 0
# /dev/mapper/lvmvg-rootvol LABEL=Arch\134x20Linux
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /home btrfs rw,nosuid,nodev,relatime,compress=lzo,ssd,autodefrag,space_cache,subvolid=258,subvol=__active/home 0 0
# /dev/mapper/lvmvg-rootvol LABEL=Arch\134x20Linux
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /opt btrfs rw,nosuid,nodev,relatime,compress=lzo,ssd,space_cache,subvolid=260,subvol=__active/opt 0 0
# /dev/mapper/lvmvg-rootvol LABEL=Arch\134x20Linux
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /var btrfs rw,nosuid,nodev,noexec,relatime,compress=lzo,ssd,space_cache,subvolid=259,subvol=__active/var 0 0
# /dev/mapper/lvmvg-rootvol LABEL=Arch\134x20Linux (Manually added)
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /run/btrfs-root btrfs rw,nosuid,nodev,noexec,relatime,compress=lzo,ssd,space_cache 0 0
# Bound /var/lib (Manually edited)
/run/btrfs-root/__active/rootvol/var/lib /var/lib none bind 0 0
# /dev/mapper/lvmvg-swapvol LABEL=swap
UUID=zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz none swap defaults,pri=-2 0 0
# Temporary (Manually added)
tmpfs /tmp tmpfs rw,nodev,nosuid 0 0
tmpfs /dev/shm tmpfs rw,nodev,nosuid,noexec 0 0
"""
# 15 - chroot into the newly installed system:
arch-chroot /mnt/btrfs-active bash
# 16 - Set up your minimum environment as you wish (as per the Beginner's Guide)
# 16a - timezone
ln -sf /usr/share/zoneinfo/America/Costa_Rica /etc/localtime
hwclock --systohc
# 16b - locale
sed -i 's/#\(en_US.UTF-8 UTF-8\)/\1/' /etc/locale.gen
locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
# 16c - hostname
echo '<myhostname>' > /etc/hostname
sed -i 's/\(::1.*\)/\1\n127.0.0.1 <myhostname>.localdomain <myhostname>/' /etc/hosts
# 16d - root password
passwd
# 16e - console
# follow the Beginner's Guide up until 'Install and configure a bootloader'. You know the drill.
# 17 - now, create the /run directory where btrfs-root will eventually be mounted
# this is the step that (7) above was refering.
mkdir -p /run/btrfs-root
# 18 - fix the mkinitcpio.conf to contain what we actually need.
nvim /etc/mkinitcpio.conf
# on the MODULES section, add "vfat aes_x86_64 crc32c-intel" (and whatever else you know your hardware needs. Mine needs i915 too)
# on the BINARIES section, add "/usr/bin/btrfsck", since it's useful to have in case your filesystem has troubles
# on the HOOKS section:
# - If installing to USB move "block" to right after udev for appropriate module loading in early userspace
# - add "keyboard" before "autodetect"
# - add "encrypt lvm2 btrfs resume" before "filesystems"
# - remove "fsck"
# - add "shutdown" to the end (https://bbs.archlinux.org/viewtopic.php?pid=1204644)
# 19 - re-generate your initrd images:
mkinitcpio -p linux
# 20 - use bootctl as a bootloader
bootctl --path=/boot install
# 21 - set the bootloader global options
nvim /boot/loader/loader.conf
# it should contain:
"""
default arch
timeout 4
editor 0
"""
# 22 - set the bootloader entries
# "arch.conf" is related to "arch" above.. if your default in /boot/loader/loader.conf is called "bob", this should be "entries/bob.conf"
# Now, for this one, a little bit of explaining is needed because the values need to be set based on the disks' UUIDs.
# 22a - Obtain UUID information of the disks (IMPORTANT: run this from the host you're installing the new system from, not inside the new Arch)
exit # from the newly installed Arch
lsblk -f | grep 'sdX' -A 5 | sed 's/^/# /' > /mnt/btrfs-active/boot/loader/entries/arch.conf
# 22b - Edit the file that has been generated
arch-chroot /mnt/btrfs-active bash # go back to the new installation
nvim /boot/loader/entries/arch.conf
"""
# sdX
# ├─sdX1 vfat EFI 1111-1111 /mnt/btrfs-active/boot
# └─sdX2 crypto_LUKS 22222222-2222-2222-2222-222222222222
# └─lvm LVM2_member 333333-3333-3333-3333-3333-3333-333333
# ├─lvmvg-swapvol swap swap 44444444-4444-4444-4444-444444444444 [SWAP]
# └─lvmvg-rootvol btrfs Arch Linux 55555555-5555-5555-5555-555555555555 /mnt/btrfs-root
# Manually added based on the above UUIDs
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=22222222-2222-2222-2222-222222222222:luks-22222222-2222-2222-2222-222222222222 root=UUID=55555555-5555-5555-5555-555555555555 rootflags=subvol=__active/rootvol quiet resume=UUID=44444444-4444-4444-4444-444444444444 ro
"""
# Now, keep these in mind:
# - 22222222-... is the OUTER UUID of your encrypted volume, the actual primary partition on your disk.
# - 55555555-... should be the UUID that is present on your fstab, identifying the volume you're mounting. This is your inner encrypted volume.
# - 333333-... your DECRYPTED (inner) LVM volume. This way, you know which inner volume is inside which outer volume.
# - 44444444-... is the swap volume, where you'll be resuming from.
# 22c - Add an entry for loading the Intel microcode before the initial ramdisk.
"""
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
"""
# 23 - Store journald journals in RAM - to prevent shutdown error (and minimize disk writes)
mkdir -p /etc/systemd/journald.conf.d
nvim /etc/systemd/journald.conf.d/write-in-ram.conf
"""
[Journal]
Storage=volatile
RuntimeMaxUse=30M
"""
# 24 - Proceed with the configuration as from the beginner's guide (if you still need anything)
# 24a - Add the first non-root user:
useradd -m -G wheel -s /bin/bash <username>
passwd <username>
# 24b - configure systemd-networkd
# Let it manage your wired network
nvim /etc/systemd/network/20-wired.network
"""
[Match]
Name=en*
[Network]
DHCP=yes
RouteMetric=10
IPv6PrivacyExtensions=true
## to use static IP uncomment these instead of DHCP
#DNS=192.168.1.254
#Address=192.168.1.87/24
#Gateway=192.168.1.254
"""
# Let it manage your wireless network
nvim /etc/systemd/network/25-wireless.network
"""
[Match]
Name=wl*
[Network]
DHCP=yes
RouteMetric=20
IPv6PrivacyExtensions=true
## to use static IP uncomment these instead of DHCP
#DNS=192.168.1.254
#Address=192.168.1.87/24
#Gateway=192.168.1.254
"""
# wpa_supplicant - the device name is determined with `ip a`
nvim /etc/wpa_supplicant/wpa_supplicant-<device>.conf
"""
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
update_config=1
eapol_version=1
ap_scan=1
fast_reauth=1
"""
# Setup systemd-resolved
rm /etc/resolv.conf
ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
systemctl enable systemd-resolved
# Setup systemd-networkd
systemctl enable systemd-networkd
# Set hook for having dhcpcd start wpa_supplicant
ln -s /usr/share/dhcpcd/hooks/10-wpa_supplicant /usr/lib/dhcpcd/dhcpcd-hooks/
# These actions need to be done after rebooting in the new install (it is
# suggested to copy this information into the new installation for having it at
# hand after reboot).
#
# Add wireless network profile
# set +o history
# sudo wpa_passphrase <ESSID> '<passphrase>' >> /etc/wpa_supplicant/wpa_supplicant-<device>.conf
# set -o history
# /etc/wpa_supplicatn/wpa_supplicant-<defice>.conf can be manually edited for removing plain text passprhase
#
# Enable and start dhcpd:
# sudo systemctl enable dhcpcd
# sudo systemctl start dhcpcd
# 25 - reboot into your new install
reboot
# 26 - keyboard (English with altgr-intl)
# Once logged in as the user:
localectl --no-convert set-x11-keymap us pc104 altgr-intl
###############################################################################
# In case something goes wrong, this mounts everything again:
cryptsetup luksOpen /dev/sdX2 lvm
# First check the lvm volumes are active: lsblk
# sdX
# ├─sdX1 8:33 1 512M 0 part
# └─sdX2 8:34 1 XX.XG 0 part
# └─lvm 254:1 0 XX.XG 0 crypt
# ├─lvmvg-swapvol 254:2 0 XG 0 lvm
# └─lvmvg-rootvol 254:3 0 XX.XG 0 lvm
# If they aren't, then run:
vgscan
vgchange -ay
# Once you're sure they are active
swapon /dev/mapper/lvmvg-swapvol
mount -o defaults,relatime,space_cache,ssd,compress=lzo /dev/mapper/lvmvg-rootvol /mnt/btrfs-root
mount -o defaults,nodev,relatime,space_cache,ssd,subvol=__active/rootvol /dev/mapper/lvmvg-rootvol /mnt/btrfs-active
mount -o defaults,nodev,nosuid,relatime,ssd,subvol=__active/home /dev/mapper/lvmvg-rootvol /mnt/btrfs-active/home
mount -o defaults,nodev,nosuid,relatime,ssd,subvol=__active/opt /dev/mapper/lvmvg-rootvol /mnt/btrfs-active/opt
mount -o defaults,nodev,noexec,nosuid,relatime,ssd,subvol=__active/var /dev/mapper/lvmvg-rootvol /mnt/btrfs-active/var
mount --bind /mnt/btrfs-root/__active/rootvol/var/lib /mnt/btrfs-active/var/lib
mount -o defaults,nosuid,nodev,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro /dev/sdX1 /mnt/btrfs-active/boot
# Then umount
umount /mnt/btrfs-active/boot
umount /mnt/btrfs-active/var/lib
umount /mnt/btrfs-active/var
umount /mnt/btrfs-active/opt
umount /mnt/btrfs-active/home
umount /mnt/btrfs-active
umount /mnt/btrfs-root
swapoff /dev/mapper/lvmvg-swapvol
lvchange -a n lvmvg
cryptsetup luksClose lvm
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment