Arch install in progress
# Installation on Lenovo X1 5th Generation
# Installation guide:
# Encryption:
# LVM:
# Set large font, if necessary
setfont latarcyrheb-sun32
# Connect to Internet
# Sync clock
timedatectl set-ntp true
# Create three partitions:
# 1 1G EFI partition # Hex code ef00
# 2 1.5xRAM SWAP # Hex code 8200 (for the intellij users :D)
# 3 100% Linux partiton (to be encrypted) # Hex code 8300
cgdisk /dev/nvme0n1
# EFI part
mkfs.fat -F32 /dev/nvme0n1p1
# Enable swap
mkswap /dev/nvme0n1p1
swapon /dev/nvme0n1p2
# Encryption
# Encrypt - *uppercase* the yes...
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 4000 --use-random luksFormat /dev/nvme0n1p3
# Open encrypted
cryptsetup open --type luks /dev/nvme0n1p3 encryptedroot #encryptroot
# Create a physical volume
pvcreate /dev/mapper/encryptedroot
# Create volume group
vgcreate vg0 /dev/mapper/encryptedroot
# Create logical volumes
lvcreate -L 100G vg0 --name root
lvcreate -l +80%FREE vg0 -- name home
# Check
# Create filesystem
mkfs.ext4 /dev/mapper/vg0-root
mkfs.ext4 /dev/mapper/vg0-home
# Mount the system
mkdir /mnt
mount /dev/mapper/vg0-root /mnt
mkdir /mnt/boot
mkdir /mnt/home
mount /dev/mapper/vg0-home /mnt/home
mount /dev/nvme0n1p1 /mnt/boot
# Sort by fastest mirror
rankmirror -n 10 /etc/pacman.d/mirrorlist > /etc/pacman.d/mirrorlist.sorted
# Check and replace files, I mostly don't trust certain mirrors :P
# Install the base system plus a few packages
pacstrap /mnt base zsh vim git sudo efibootmgr wpa_supplicant dialog iw
# generate fstab
# double check fstab for stuff like the EFI partition... it will blow up, when you install a new kernel :D
genfstab -U -p /mnt >> /mnt/etc/fstab
## Change...
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
# Add discard to swap
# Enter the new system
arch-chroot /mnt
# Set local time
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
# Generate required locales
vim /etc/locale.gen # Uncomment desired locales, e.g. "en_US.UTF-8", "de_DE.UTF-8"
# Set desired locale
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
# Set desired keymap and font if necessary
echo 'KEYMAP=us' > /etc/vconsole.conf
# echo 'FONT=latarcyrheb-sun32' >> /etc/vconsole.conf
# Set hostname
echo 'myhostname' > /etc/hostname
#Consider adding a matching entry to hosts(5):
# localhost.localdomain localhost
#::1 localhost.localdomain localhost
# myhostname.localdomain myhostname
# Set password for root
# Add real user
useradd -m -g users -G wheel -s /bin/zsh <username>
passwd <username>
echo '<username> ALL=(ALL) ALL' > /etc/sudoers.d/<username>
# Configure mkinitcpio with modules needed for the initrd image
vi /etc/mkinitcpio.conf
# Add 'ext4 dm_snapshot' to MODULES
# Change: HOOKS="base systemd autodetect modconf block keyboard sd-vconsole sd-encrypt sd-lvm2 fsck filesystems"
# Change: HOOKS="base udev resume autodetect modconf block keyboard keymap consolefont encrypt lvm2 fsck filesystems"
# Regenerate initrd image
# if this fails, you most probably have a typo :)
mkinitcpio -p linux
# Setup systemd-boot
bootctl --path=/boot install
# Enable Intel microcode updates
pacman -S intel-ucode
# Create bootloader entry
# Get luks-uuid with: `cryptsetup luksUUID /dev/nvme0n1p3`
/boot/loader/entries/arch.conf # if this file does not exit, you might not have executed bootctl properly
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options luks.uuid=<uuid><uuid>=luks root=/dev/mapper/vg0-root rw
# Set default bootloader entry
default arch
# Exit and reboot
## login
# setup wifi
# identify wlan interface
ip link
sudo wpa_passphrase <SSID> <PASSWORD> > /etc/wpa_supplicant/wpa_supplicant-<wifi interface>.conf
## remove psk from file
## add to the top:
## ctrl_interface=/run/wpa_supplicant.conf
## update_config=1
# enable wpa_supplicant on boot
sudo systemctl enable wpa_supplicant@<wifi interface>.service
# enable wpa_supplicant now
sudo systemctl start wpa_supplicant@<wifi interface>.service
# check status, if not running, execute sudo wpa_supplicant -B -i <wifi interface> -c /etc/wpa_supplicant/wpa_supplicant-<wifi interface>.conf and check error
sudo systemctl status wpa_supplicant@<wifi interface>.service
# enable getting ip address on boot
sudo systemctl enable dhcpcd@<wifi interface>.service
# do it now
sudo systemctl start dhcpcd@<wifi interface>.service
# check, if errors, execute sudo dhcpcd <wifi interface> and check error
sudo systemctl start dhcpcd@<wifi interface>.service
# if it does not work: most probably you failed at typing your SSID or PASSWORD
## X11 Variation for i3
sudo pacman -S xorg-server xorg-xinit
## Shotgut approach for display driver :S
sudo pacman -S xorg-drivers
# i3
sudo pacman -S i3
# i3 menu
sudo pacman -S dmenu
# add "exec i3" to .xinitrc
# ---------------------------------
## Wayland Variation for gnome
sudo pacman -S gnome
## enable login manager
sudo systemctl enable gdm.service
# Audio
## I guess ALSA is there, but throw this in
sudo pacman -S alsa-utils
## Most distros also use Pule
sudo pacman -S pulseaudio pulseaudio-alsa
# ACPID for additional Notebook support like sleep n stuff
sudo pacman -S acpid
sudo pacman -S firefox thunderbird
# Terminal stuff # guake too if not i3 :D
sudo pacman -S awesome-terminal-fonts terminator
ibihim commented Mar 26, 2023

packstrap -K seems to be a thing (initialises a keyring). Otherwise I ran into PGP issues.

For issues with it:

  1. Verify you time is set correctly with date.
  2. Install on pacstrap the archlinux-keyring, I think it should be inbase.
  3. pacman -Syu.

If you ran pacstrap without -K before, you need to remove the previous gnupg dir.

  1. Remove previous gnupg keys: rm -r /etc/pacman.d/gnupg
  2. If you don't want to re-run pacstrap, do pacman-key --init, pacman-key --populate archlinux and pacman-key --refresh-keys.
  3. pacman -Syu.

ibihim commented Mar 26, 2023

If there is a preference for fonts, they can be set in /etc/vconsole.conf. The available list is in ls /usr/share/kbd/consolefonts/.
TTF fonts are not supported, they must be PSF. So don't wonder if you can't find ttf-jetbrains-mono-nerd.



ibihim commented Mar 26, 2023

To start of with more useful groups:

sudo useradd -m -s /usr/bin/fish -G wheel,video,audio,optical,storage,docker,lp,scanner ibihim

  • wheel: For granting sudo access (requires configuration in the sudoers file).
  • video: For access to video devices and hardware acceleration.
  • audio: For access to audio devices.
  • optical: For access to optical drives (CD/DVD).
  • storage: For access to removable storage devices.
  • docker: For access to Docker daemon and containers (requires Docker to be installed).
  • lp: For access to printers.
  • scanner: For access to scanners.

Add docker with groupadd docker.

ibihim commented Mar 26, 2023

sd-lvm2 > lvm2, install it with pacstrap.

