Installing Arch

install.md

this is my incomplete list on installing arch recently with an encrypted disc

Boot the Live Env

archwiki

• Verify it's EFI:

# ls /sys/firmware/efi/efivars

• Connect to the net:

  • Hard wired ethernet - probably just works
  • wifi - wifi-menu (assumes the device is in the standard linux drivers)

• Update the system clock:

# timedatectl set-ntp true

Partition

• Determine which disk(s) you want to use: fdisk -l
• Partition (just a /boot and /)

# fdisk /dev/sdX

-- first create a new partition table
# <new guid partition table>

-- then add the /boot partition (this won't be encrypted)
# n
# p
# 1
# [enter]
# +512M

-- set the partition type to be EFI System Partition
# t
# ef (double check with `L[enter]`)

-- add the / partition (this will be encrypted)
# n
# p
# 2
# [enter]
# [enter]

-- set the type to linux extended
# t
# 85

-- write the changes
# w

Create the Filesystems

Boot Partition

# mkfs.fat -F32 /dev/sdX1

Encrypted Partition

# cryptsetup --verbose --key-size 512 --hash sha512 --iter-time 5000 --use-urandom luksFormat /dev/sdX2
>>> Some warning about breaking things...: YES

>>> Now type your encryptions passphrase (twice)...

# cryptsetup open --type luks /dev/sdX2 cryptroot
>>> Now type your passphrase
-- this will have the unencrypted partition mounted at /dev/mapper/cryptroot

# mkfs.ext4 /dev/mapper/cryptroot

Mount them up

# mount /dev/mapper/cryptroot /mnt
# mkdir /mnt/boot
# mount /dev/sdX1 /mnt/boot

Back to the Arch guide for a bit

• Install the essentials:

# pacstrap /mnt base linux linux-firmware ...[other packages like neovim]

• Create the file system table

# genfstab -U /mnt >> /mnt/etc/fstab

• Chroot

# arch-chroot /mnt

• Timezone

# ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime
# hwclock --systohc

• Localization

  • uncomment en_US.UTF-8 in /etc/locale.gen
  • run locale-gen
  • echo "LANG=en_US.UTF-8" >> /etc/locale.conf

• Networking

  • echo "beast" >> /etc/hostname
  • echo "127.0.0.1 localhost\n::1 localhost\n127.0.1.1 beast.local beast\n" >> /etc/hosts

Tell the initial ramdisk that a drive is encrypted

• Edit /etc/mkinitcpio.conf to add the encrypt hook before filesystems
• Run mkinitcpio -P

Back to ArchWiki...

• Set the root user's password: passwd
• Install your CPU's microde updates: pacman -S {intel,amd}-ucode
• Install grub pacman -S grub efibootmgr
• Run the grub installation: grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB

Tell Grub that you are using an encrypted disk

• Edit /etc/default/grub
  • Change GRUB_CMDLINE_LINUX="" to GRUB_CMDLINE_LINUX="cryptdevice:/dev/sdX2:cryptroot"
  • Uncomment GRUB_ENABLE_CRYPTODISK=y
• Have grub generate the config: grub-mkconfig -o /boot/grub/grub.cfg

You should be good to now do the standard stuffs, and reboot to see if everything is happy. If it is, you will be prompted for your encryption phrase at boot.

Getting back into the Live Environment

In case you need to get back to the live environment, you can do the following after booting the live env:

# cryptfs open --type luks /dev/sdX2 cryptroot
(enter your pw)
# mount /dev/mapper/cryptroot /mnt
# mount /dev/sdX1 /mnt/boot
# arch-chroot /mnt

You're now back in the live env with your discs mounted.

post_install.md

After the install, you'll need basic stuff, here's my list.

• Networking:

  • # systemctl {enable,start} systemd-resolved: wiki

• Display:

  • XOrg:
    • # pacman -S xorg-server xorg-apps xorg-xinit xterm
    • Check with # startx
  • Graphics Card:
    • # pacman -S xf86-video-{intel,amdgpu,nouveau}
  • KDE:
    • # pacman -S plasma-meta kde-applications-meta kdegraphics-thumbnailers ffmpegthumbs
    • After KDE start: Right Click -> Configure Desktop -> Icons -> Configure Preview Plugins ...
    • In Dolphin: Control -> Configure Dolphin -> General -> Previews
  • Display Manager (login windows)
    • pacman -S sddm sddm-kcm
    • systemctl enable display-manager

• Printing:

  • pacman -S print-manager cups