= Arch Linux step-by-step installation =
== Boot the installation CD ==
== Create partition ==
cfdisk /dev/sda
* Create a partition with code 8300 (Linux)
== Format the partition ==
mkfs.btrfs -L "Arch Linux" /dev/sda1
== Mount the partition ==
mkdir /mnt/btrfs-root
mount -o defaults,relatime,discard,ssd,nodev,nosuid /dev/sda1 /mnt/btrfs-root
== Create the subvolumes ==
mkdir -p /mnt/btrfs/__snapshot
mkdir -p /mnt/btrfs/__current
btrfs subvolume create /mnt/btrfs-root/__current/root
btrfs subvolume create /mnt/btrfs-root/__current/home
== Mount the subvolumes ==
mkdir -p /mnt/btrfs-current
mount -o defaults,relatime,discard,ssd,nodev,subvol=__current/root /dev/sda1 /mnt/btrfs-current
mkdir -p /mnt/btrfs-current/home
mount -o defaults,relatime,discard,ssd,nodev,nosuid,subvol=__current/home /dev/sda1 /mnt/btrfs-current/home
== Install Arch Linux ==
nano /etc/pacman.d/mirrorlist
* Select the mirror to be used
pacstrap /mnt/btrfs-current base base-devel
genfstab -U -p /mnt/btrfs-current >> /mnt/btrfs-current/etc/fstab
nano /mnt/btrfs-current/etc/fstab
* copy the partition info for / and mount it on /run/btrfs-root (remember to remove subvol parameter! and add nodev,nosuid,noexec parameters)
== Configure the system ==
arch-chroot /mnt/btrfs-current /bin/bash
pacman -S btrfs-progs
nano /etc/locale.gen
* Uncomment en_US.UTF-8
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8
ln -s /usr/share/zoneinfo/Europe/Kiev /etc/localtime
hwclock --systohc --utc
echo 'idv-HP-EliteBook-840-G1' > /etc/hostname
nano /etc/nsswitch
* set the hostname
pacman -S wicd
systemctl enable wicd.service
nano /etc/mkinitcpio.conf
* Remove fsck and add btrfs to HOOKS
mkinitcpio -p linux
groupadd idv
useradd -m -g idv -G users,wheel,storage,power,network -s /bin/bash -c "Ihor Dvoretskyi" idv
passwd idv
== Install boot loader ==
pacman -S grub-bios
grub-install --target=i386-pc --recheck /dev/sda
nano /etc/default/grub
* Edit settings (e.g., disable gfx, quiet, etc.)
grub-mkconfig -o /boot/grub/grub.cfg
== Unmount and reboot ==
umount /mnt/btrfs-current/home
umount /mnt/btrfs-current
umount /mnt/btrfs-root
== Post installation configuration ==
=== Power management ===
nano /etc/modprobe.d/blacklist.conf
* blacklist nouveau
Download and compile bbswitch from
nano /etc/mkinitcpio.conf
* Add "i915 bbswitch" to MODULES
* Add "/etc/modprobe.d/i915.conf /etc/modprobe.d/bbswitch.conf" to FILES
nano /etc/modprobe.d/i915.conf
options i915 modeset=1
options i915 i915_enable_rc6=1
options i915 i915_enable_fbc=1
options i915 lvds_downclock=1
nano /etc/modprobe.d/bbswitch.conf
options bbswitch load_state=0
options bbswitch unload_state=1
mkinitcpio -p linux
=== Hardening ===
chmod 700 /boot /etc/{iptables,arptables}
nano /etc/securetty
* Comment tty1
nano /etc/iptables/iptables.rules
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp --sport 53 -j ACCEPT
-A INPUT -p icmp -j REJECT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-proto-unreachable
systemctl enable iptables.service
nano /etc/sysctl.conf
* net.ipv4.conf.all.log_martians = 1
* net.ipv4.conf.all.rp_filter = 1
* net.ipv4.icmp_echo_ignore_broadcasts = 1
* net.ipv4.icmp_ignore_bogus_error_responses = 1
=== Snapshot ===
echo `date "+%Y%m%d-%H%M%S"` > /run/btrfs-root/__current/ROOT/SNAPSHOT
echo "Fresh install" >> /run/btrfs-root/__current/ROOT/SNAPSHOT
btrfs subvolume snapshot -r /run/btrfs-root/__current/ROOT /run/btrfs-root/__snapshot/ROOT@`head -n 1 /run/btrfs-root/__current/ROOT/SNAPSHOT`
cd /run/btrfs-root/__snapshot/
ln -s ROOT@`cat /run/btrfs-root/__current/ROOT/SNAPSHOT` fresh-install
rm /run/btrfs-root/__current/ROOT/SNAPSHOT
==== Software Installation ===
* Enable sudo for wheel

