Skip to content

Instantly share code, notes, and snippets.

@jeremyjjbrown

jeremyjjbrown/install-arch.md

Last active March 27, 2019 20:50
Show Gist options
  • Save jeremyjjbrown/79c41d07809f041b9fefd2d3d52bfc7b to your computer and use it in GitHub Desktop.
Save jeremyjjbrown/79c41d07809f041b9fefd2d3d52bfc7b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install-arch.md

dd if=archlinux-2016.07.01-dual.iso of=/dev/sdb

If on 4k screen raise font size

setfont /usr/share/kdb/consolefonts/latarcyrheb-sun32.psfu.gz

turn on wifi

wifi-menu netctl switch-to ***

Create partitions

cgdisk /dev/nvme0n1
1 512MB EFI partition # Hex code ef00
2 100% size partiton # (to be encrypted) Hex code 8300

check it out

lsblk

Encrypt

cryptsetup --verbose --key-size 512 --hash sha512 --iter-time 5000
--use-random luksFormat /dev/sda2

cryptsetup open --type luks /dev/sda2 cryptroot

format

mkfs.ext4 /dev/sda1 mkfs.ext4 /dev/mapper/cryptroot

mount

mkdir -p mnt mount -t ext4 /dev/mapper/cryptroot mnt mkdir -p mnt/boot mount -t ext4 /dev/sda1 mnt/boot

pacstrap

pacstrap -i mnt base base-devel vim curl wget netctl

create fstab

genfstab -U -p mnt >> mnt/etc/fstab less mnt/etc/fstb

chroot into new install

arch-chroot mnt

locale

sed -i 's/^#(en_US.UTF-8 UTF-8)//g' /etc/locale.gen locale-gen

echo LANG=en_US.UTF-8 > /etc/locale.conf export LANG=en_US.UTF-8

Setup time

ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime hwclock --systohc --utc

hostname

echo kochi > /etc/hostname

users

passwd useradd -m -g users -G wheel -s /bin/bash penny passwd jeremybr visudo # uncomment wheel

GRUB

pacman -S grub-bios

$ sed -i 's#^(GRUB_CMDLINE_LINUX=")#cryptdevice=/dev/sda2:cryptroot#'
/etc/default/grub

$ grub-install --recheck /dev/sda $ grub-mkconfig --output /boot/grub/grub.cfg

initramfs

The kernel needs to know about your encrypted setup, so you must instruct mkinitcpio to do some extra work.

$ sed -i 's/^(HOOKS=".)(filesystems.)/ encrypt /'
/etc/mkinitcpio.conf $ mkinitcpio -p linux

Reboot

At this point, your minimal setup is complete and your entire system, save for /boot, is encrypted. You can exit the install environment and reboot into GRUB and your new install.

$ exit $ umount -R mnt/boot $ umount -R mnt $ cryptsetup close cryptroot $ reboot

If you get locked out

If locked out of your system, for whatever reason, you’ll need to manually decrypt your drives. You can do this by just manually opening and closing through cryptsetup, like you did for the install.

$ cryptsetup open --type luks /dev/sda2 cryptroot $ mkdir -p mnt $ mount -t ext4 /dev/mapper/cryptroot mnt $ mkdir -p mnt/boot $ mount -t ext4 /dev/sda1 mnt/boot

Do your work ...

$ umount -R mnt/boot $ umount -R mnt $ cryptsetup close cryptroot

What now?

A starting point for filling out your new system would be the Arch General Recommendations.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment