joekiller/arch-linux-install dell precision 3510

## arch-linux-install dell precision 3510
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

# This assumes a wifi only system...
wifi-menu

# sync the clock
timedatectl set-ntp true

# Create partitions
sgdisk --zap-all /dev/nvme0n1
# Create partitions
cgdisk /dev/nvme0n1
1 512MB EFI partition # Hex code ef00
2 512MB Boot partition # Hex code 8300
3 100% size partiton # (to be encrypted) Hex code 8300

# Create EFI partition
mkfs.vfat -F32 /dev/nvme0n1p1
mkfs.ext2 /dev/nvme0n1p2

# Setup the encryption of the system
# cryptsetup -c aes-xts-plain64:sha256 -y --use-random luksFormat /dev/nvme0n1p3
cryptsetup luksFormat /dev/nvme0n1p3
cryptsetup luksOpen /dev/nvme0n1p3 luks

# Create encrypted partitions
# This creates one partions for root, modify if /home or other partitions should be on separate partitions
pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate -L 18G vg0 -n swap
lvcreate -L 30G vg0 -n root
lvcreate -L 300G vg0 -n var
lvcreate -l +100%FREE vg0 -n home
#check to ensure the volumes are there
lvscan

# Create filesystems on encrypted partitions
mkfs.ext4 /dev/mapper/vg0-root
mkfs.ext4 /dev/mapper/vg0-var
mkfs.ext4 /dev/mapper/vg0-home
mkswap /dev/mapper/vg0-swap

# Mount the new system
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
mkdir /mnt/var
mount /dev/mapper/vg0-var /mnt/var
mkdir /mnt/home
mount /dev/mapper/vg0-home /mnt/home
mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/nvme0n1p1 /mnt/boot/efi

# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
# Unless vim and zsh are desired these can be removed from the command
pacstrap /mnt base base-devel vim less sudo grub efibootmgr dialog wpa_supplicant

# 'install' fstab
genfstab -pU /mnt > /mnt/etc/fstab
# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

# Enter the new system
arch-chroot /mnt /bin/bash

# Setup system clock
ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
hwclock --systohc --utc

# Set the hostname
echo myhostname > /etc/hostname

# Update hosts
vim /etc/hosts
...
127.0.0.1	localhost
::1		localhost
127.0.1.1	myhostname.localdomain	myhostname

# Update locale
vi /etc/locale.gen
locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_ALL=C >> /etc/locale.conf

# Set password for root
passwd

# Setup crypto_keyfile so no retyping

dd if=/dev/urandom of=/crypto_keyfile.bin bs=512 count=4
cryptsetup luksAddKey /dev/nvme0n1p1 /crypto_keyfile.bin

# Configure mkinitcpio with modules needed for the initrd image
vim /etc/mkinitcpio.conf
# Add 'ext4 nvme' to MODULES
# Add FILES=/crypto_keyfile.bin
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems
# Add 'resume' after 'lvm2'

# Regenerate initrd image
mkinitcpio -p linux

# Add real user remove -s flag if you don't whish to use zsh
# useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME
# passwd MYUSERNAME

# In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to:
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=/dev/nvme0n1p6:luks:allow-discards"
# GRUB_ENABLE_CRYPTODISK=y
# then run:
grub-mkconfig -o /boot/grub/grub.cfg
grub-install

chmod 000 /crypto_keyfile.bin
chmod -R g-rwx,o-rwx /boot

# Exit new system and go into the cd shell
exit

# Unmount all partitions
umount -R /mnt
swapoff -a

# Reboot into the new system, don't forget to remove the cd/usb
reboot
	# Install ARCH Linux with encrypted file-system and UEFI
	# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

	# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

	# This assumes a wifi only system...
	wifi-menu

	# sync the clock
	timedatectl set-ntp true

	# Create partitions
	sgdisk --zap-all /dev/nvme0n1
	# Create partitions
	cgdisk /dev/nvme0n1
	1 512MB EFI partition # Hex code ef00
	2 512MB Boot partition # Hex code 8300
	3 100% size partiton # (to be encrypted) Hex code 8300

	# Create EFI partition
	mkfs.vfat -F32 /dev/nvme0n1p1
	mkfs.ext2 /dev/nvme0n1p2

	# Setup the encryption of the system
	# cryptsetup -c aes-xts-plain64:sha256 -y --use-random luksFormat /dev/nvme0n1p3
	cryptsetup luksFormat /dev/nvme0n1p3
	cryptsetup luksOpen /dev/nvme0n1p3 luks

	# Create encrypted partitions
	# This creates one partions for root, modify if /home or other partitions should be on separate partitions
	pvcreate /dev/mapper/luks
	vgcreate vg0 /dev/mapper/luks
	lvcreate -L 18G vg0 -n swap
	lvcreate -L 30G vg0 -n root
	lvcreate -L 300G vg0 -n var
	lvcreate -l +100%FREE vg0 -n home
	#check to ensure the volumes are there
	lvscan

	# Create filesystems on encrypted partitions
	mkfs.ext4 /dev/mapper/vg0-root
	mkfs.ext4 /dev/mapper/vg0-var
	mkfs.ext4 /dev/mapper/vg0-home
	mkswap /dev/mapper/vg0-swap

	# Mount the new system
	mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
	swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
	mkdir /mnt/var
	mount /dev/mapper/vg0-var /mnt/var
	mkdir /mnt/home
	mount /dev/mapper/vg0-home /mnt/home
	mkdir /mnt/boot
	mount /dev/nvme0n1p2 /mnt/boot
	mkdir /mnt/boot/efi
	mount /dev/nvme0n1p1 /mnt/boot/efi

	# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
	# Unless vim and zsh are desired these can be removed from the command
	pacstrap /mnt base base-devel vim less sudo grub efibootmgr dialog wpa_supplicant

	# 'install' fstab
	genfstab -pU /mnt > /mnt/etc/fstab
	# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
	tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
	# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Setup system clock
	ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
	hwclock --systohc --utc

	# Set the hostname
	echo myhostname > /etc/hostname

	# Update hosts
	vim /etc/hosts
	...
	127.0.0.1 localhost
	::1 localhost
	127.0.1.1 myhostname.localdomain myhostname

	# Update locale
	vi /etc/locale.gen
	locale-gen
	echo LANG=en_US.UTF-8 > /etc/locale.conf
	echo LANGUAGE=en_US >> /etc/locale.conf
	echo LC_ALL=C >> /etc/locale.conf

	# Set password for root
	passwd

	# Setup crypto_keyfile so no retyping

	dd if=/dev/urandom of=/crypto_keyfile.bin bs=512 count=4
	cryptsetup luksAddKey /dev/nvme0n1p1 /crypto_keyfile.bin

	# Configure mkinitcpio with modules needed for the initrd image
	vim /etc/mkinitcpio.conf
	# Add 'ext4 nvme' to MODULES
	# Add FILES=/crypto_keyfile.bin
	# Add 'encrypt' and 'lvm2' to HOOKS before filesystems
	# Add 'resume' after 'lvm2'

	# Regenerate initrd image
	mkinitcpio -p linux

	# Add real user remove -s flag if you don't whish to use zsh
	# useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME
	# passwd MYUSERNAME

	# In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to:
	GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=/dev/nvme0n1p6:luks:allow-discards"
	# GRUB_ENABLE_CRYPTODISK=y
	# then run:
	grub-mkconfig -o /boot/grub/grub.cfg
	grub-install

	chmod 000 /crypto_keyfile.bin
	chmod -R g-rwx,o-rwx /boot

	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt
	swapoff -a

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot