Last active
September 26, 2022 16:38
-
-
Save kwesthaus/2819d9dccf7cc314dc3ad7b8b5bddea7 to your computer and use it in GitHub Desktop.
Notes for my Arch Linux installation in UEFI mode with LVM on LUKS encryption on an HP Pavilion x360 laptop. Works best when paired with the official installation guide and other people's arch-linux-install gists.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # With thanks to the arch wiki ("the wiki") and many individuals in the open source community who have shared their arch-linux-install gists on github | |
| # Instead of listing the full install, this gist details extra notes I want to remember for next time as well as any choices I made for my system | |
| # Installed on an HP Pavilion x360 14-dh2034nr | |
| # I had the arch install guide and other pages open on my ipad next to me during the install | |
| # Verify the ISO | |
| # gpg (on linux) or gpg4win | |
| # Can check developer signing keys at https://www.archlinux.org/people/developers/ | |
| # Burn to USB | |
| # Normally using dd from linux as recommended in the wiki but this time rufus from windows was easiest | |
| # Thankfully the rtl8822ce has drivers in the kernel (unlike some rtl wifi cards) so wifi could work in the live environment | |
| # But I think it's easier to just plug in ethernet at this point and use it until after wifi works in the graphical environment | |
| # First boot into the live environment to change NVMe SSD sector size to be more performant - for me, from 512 to 4096 bytes | |
| # The first time I went most of the way through an install then changed this which broke everything and I had to start over | |
| # So, do this first lol | |
| # Reference the arch wiki SSD page | |
| pacman -S nvme-cli | |
| # Check using | |
| nvme id-ns /dev/nvme0n1 | |
| # Look at lbaf lines, choose one with lowest rp (relative performance) | |
| nvme format --lbaf=1 /dev/nvme0n1 | |
| # Turn off secure boot in the BIOS/UEFI | |
| # Set hardware clock to UTC in the BIOS/UEFI | |
| # Enable battery reporting in BIOS/UEFI | |
| # Spam the appropriate key on boot to enter the boot device selection menu - F9 on this laptop | |
| # Partition scheme | |
| # Reference the "dm-crypt/Encrypting an entire system" page in the wiki, "LVM on LUKS" section | |
| # Wipe first - cryptsetup commands in wiki | |
| # Use gdisk for partitioning | |
| # o to clear partitions, n for new partition, p to print | |
| # 1024M for the combined boot and EFI system partition (code EF00) | |
| # All defaults (rest of disk) for the LVM LUKS encryption (code 8300) | |
| # 20G for swap (with 16G RAM), 128G for /, rest for /home/ | |
| # Making the filesystem for the EFI system partition failed at first with the error below because of the earlier SSD sector size change | |
| # WARNING: Not enough clusters for a 32 bit FAT! | |
| # Solution is to add the "-s" option to change the number of sectors per cluster | |
| mkfs.fat -F32 -s 1 /dev/nvme0n1p1 | |
| # Come back to LVM on LUKS section later for mkinitcpio and boot loader sections | |
| # Adjusted the mirrorlist - I put the top 2 US first, then the next highest (up to date) was in Canada, then 1 more US below | |
| # pacstrap with some extra packages to make working in the new environment easier | |
| pacstrap /mnt base linux linux-firmware lvm2 intel-ucode man-db man-pages texinfo vim networkmanager git | |
| # America/Detroit for time zone | |
| # Check the LVM on LUKS page and the hibernation page for mkinitcpio options | |
| # modules - ext4, hooks - keyboard, keymap, encrypt, lvm2, resume | |
| # Setting up new user and sudo before reboot is easiest | |
| # Chose systemd-boot for boot loader | |
| # It seemed simple for this kind of setup and many people use it nowadays | |
| # 3 steps - install with bootctl, configure /boot/loader/loader.conf, configure /boot/loader/entries/arch.conf | |
| # Come back later for automatic updates with AUR package | |
| # Reference microcode, LVM on LUKS, and hibernation page for arch.conf | |
| # When unmounting partitions before boot, also "unmount" swap | |
| swapoff -a | |
| reboot | |
| # AFTER checking that sudo works for user, lock/disable root login as specified on sudo page | |
| # If need to connect to wifi before graphical environment, can use nmcli d | |
| # But have to specify password on command line, so make sure to remove from ~/.bash_history with vim | |
| # Then wipe ~/.viminfo | |
| # This completes the Installation Guide from the wiki | |
| # Next up is the General Recommendations for a more complete system | |
| # Enable multilib for pacman | |
| # Prep for building AUR packages | |
| pacman -S --needed base-devel | |
| # Prep for yay | |
| pacman -S go | |
| # Use git to download the yay package from AUR | |
| # Then install with makepkg -si | |
| # Grab the package for automatic systemd-boot updates from the AUR | |
| yay -S systemd-boot-pacman-hook | |
| # xorg for display server | |
| pacman -S xorg xorg-apps | |
| # mesa for intel display driver | |
| pacman -S mesa | |
| # xfce for desktop environment (and window manager) | |
| pacman -S xfce4 xfce4-goodies | |
| # lightdm for display manager | |
| pacman -S lightdm lightdm-gtk-greeter | |
| systemctl enable lightdm.service | |
| # Make wifi usable in graphical mode | |
| pacman -S network-manager-applet | |
| reboot | |
| # Change power settings, enable hibernating/suspending in xfce settings | |
| # Audio | |
| # Install alsa-utils, pulseaudio, pulseaudio-alsa, pavucontrol | |
| # Chrony for NTP - good for laptops | |
| # Install chrony | |
| # Modify the default config at /etc/chrony.conf - get servers from https://www.ntppool.org/zone/us | |
| # Disable systemd-timesyncd.service and enable chronyd.service | |
| # Install networkmanager-dispatcher-chrony from AUR to change to offline/online mode automatically | |
| # I setup DNSSEC, then it was super slow so I disabled it | |
| # But now I can re-enable the setup quickly if needed | |
| # Initial setup instructions below | |
| # Decide on DNS provider using "Alternative DNS services" wiki page | |
| # Add DNS provider to /etc/systemd/resolved.conf | |
| # Enable DNSSEC, also in /etc/systemd/resolved.conf | |
| # Make /etc/resolv.conf a symbolic link as described on systemd-resolved wiki page | |
| # Start and enable systemd-resolved.service | |
| # Verify with resolvectl status and resolvectl query | |
| # Just enabling and starting systemd-resolved.service is supposed to help because DNS can be cached locally | |
| # But I had trouble with it taking forever to resolve, so I left it disabled | |
| # iptables is installed by default so I chose that for a firewall | |
| # Enable/configure by checking the "Simple stateful firewall" page | |
| # Quickest method is to copy the provided iptables.rules and ip6tables.rules to /etc/iptables/ | |
| iptables-restore < /etc/iptables/iptables.rules | |
| ip6tables-restore < /etc/iptables/ip6tables.rules | |
| # Then add rules to the TCP and UDP chains as necessary for hosted services | |
| # Note: this assumes that you have already set port forwarding options on your modem/router if | |
| # your local network is NAT'd | |
| # Change keyboard and touchpad settings in xfce settings | |
| # Enable periodic TRIM for the SSD as specified on the SSD wiki page | |
| # Reference CUPS wiki page | |
| # Install cups | |
| # Enable the SOCKET instead of the service so CUPS only starts when needed | |
| # Switch to a vim package which can interface with the system clipboard | |
| # (has +xterm_clipboard listed in vim --version) | |
| pacman -Rns vim | |
| pacman -S gvim | |
| # Install other useful packages | |
| # I use the below as a starting point | |
| # | |
| # android-tools | |
| # bash-completion | |
| # ctags | |
| # ffmpegthumbnailer | |
| # firefox | |
| # gnome-keyring | |
| # gnu-netcat | |
| # gvfs | |
| # gvfs-afc | |
| # gvfs-gphoto2 | |
| # gvfs-mtp | |
| # gvfs-smb | |
| # ifuse | |
| # keepassxc | |
| # libreoffice-still | |
| # lsof | |
| # ltrace | |
| # namcap | |
| # networkmanager-openvpn | |
| # nmap | |
| # ntfs-3g | |
| # nvme-cli | |
| # pdftk | |
| # perl-image-exiftool | |
| # python-pip | |
| # python-virtualenv | |
| # python-virtualenvwrapper | |
| # qpdfview | |
| # raw-thumbnailer | |
| # restic | |
| # ripgrep | |
| # rsync | |
| # stow | |
| # strace | |
| # testdisk | |
| # thunderbird | |
| # tmux | |
| # traceroute | |
| # usbutils | |
| # vlc | |
| # wget | |
| # whois | |
| # wireshark-qt | |
| # yubikey-manager | |
| # zsh | |
| # zsh-completions | |
| # zsh-syntax-highlighting | |
| # This is enough to get the system decently usable, beyond this point is mostly personal configuration | |
| # I copied over my documents and configuration files from a previous Manjaro install to make things pretty | |
| # gnu stow is a wonderful tool for managing dotfiles and other configuration files! | |
| # | |
| # See also my: | |
| # config-files repo https://github.com/kwesthaus/config-files | |
| # windows-setup-notes gist https://gist.github.com/kwesthaus/44c2e2f6d82596e1570876d66bde2829 | |
| # odroid-server-config repo https://github.com/kwesthaus/odroid-server-config |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment