maykonchagas/arch-linux-install

## arch-linux-install
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

## Download the archiso image from https://www.archlinux.org/
## Copy to a usb-drive
$ dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

## Set brazilian portuguese keymap
loadkeys br-abnt2

## Create partitions

$ cgdisk /dev/sdX
1 100MB EFI partition # Hex code ef00
2 100% size partiton # (to be encrypted) Hex code 8300

$ mkfs.vfat -F32 /dev/sdX1

## Setup the encryption of the system
$ cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sdX2
cryptsetup luksOpen /dev/sdX2 archie

## Create encrypted partitions
## This creates one partions for root, modify if /home or other partitions should be on separate partitions
$ pvcreate /dev/mapper/archie
$ vgcreate ecnryptd /dev/mapper/archie
$ lvcreate --size 1G encryptd --name swap
$ lvcreate --size 96G encryptd --name root
$ lvcreate -l +100%FREE encryptd --name home

## Create filesystems on encrypted partitions
$ mkfs.ext4 /dev/mapper/encryptd-root
$ mkfs.ext4 /dev/mapper/encryptd-home
$ mkswap /dev/mapper/encryptd-swap

## Mount the new system
$ mount /dev/mapper/encryptd-root /mnt # /mnt is the installed system
$ swapon /dev/mapper/encryptd-swap # Not needed but a good thing to test
$ mkdir /mnt/boot
$ mount /dev/sdX1 /mnt/boot


# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
# Unless vim and zsh are desired these can be removed from the command
pacstrap /mnt base base-devel linux linux-firmware mkinitcpio cryptsetup lvm2 zsh vim git efibootmgr dialog wpa_supplicant

# 'install' fstab
$ genfstab -pU /mnt >> /mnt/etc/fstab

## Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
$ tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

## Enter the new system
$ arch-chroot /mnt /bin/bash

## Setup system clock
$ ln -s /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime
$ hwclock --systohc --utc

# Set the hostname
$ echo $MYHOSTNAME > /etc/hostname # choose an hostname and change on MYHOSTNAME variable

## Update locale
$ echo LANG=pt_BR.UTF-8 >> /etc/locale.conf
$ echo LANGUAGE=pt_BR >> /etc/locale.conf
$ echo LC_ALL=C >> /etc/locale.conf

## Set password for root
$ passwd

# Add real user remove -s flag if you don't whish to use zsh
$ useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME
$ passwd MYUSERNAME

# Configure mkinitcpio with modules needed for the initrd image
$ vim /etc/mkinitcpio.conf

## Add 'ext4' to MODULES
MODULES=(ext4)
## Add 'encrypt' and 'lvm2' and 'keymap' to HOOKS before filesystems
HOOKS=(base udev autodetect modconf block encrypt lvm2 keymap filesystems keyboard fsck)

# Regenerate initrd image
mkinitcpio -p linux

# Setup systemd-boot (bootctl)
`bootctl --path=/boot/ install`

Create bootloader. Edit `/boot/loader/loader.conf`. Replace the file's contents with:
```
default arch
timeout 3
editor 0
```

The editor 0 ensures the configuration can't be changed on boot.

Next create a bootloader entry in /boot/loader/entries/arch.conf
```
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID={UUID}:encryptd root=/dev/volume/root quiet rw
```
Replace {UUID} with the UUID of /dev/sda2ornvme0n1p2. In order to get the UUID run the following command:
`blkid`

Or, while stil in vim, run the following command (replacing /dev/sda2 with the relevant partition):

`:read ! blkid /dev/sda2`

# Exit new system and go into the cd shell
exit

# Unmount all partitions
umount -R /mnt
swapoff -a

# Reboot into the new system, don't forget to remove the cd/usb
reboot


## Broken configuration

If something went go wrong you need to open the LVM VG
cryptsetup luksOpen /dev/nvme0n1p2 arch
vgscan --mknodes
vgchange -ay
lvscan

# Post-installation

## Install i3
pacman -S dialog wpa_supplicant openssl xorg xorg-xinit xorg-server lightdm lightdm-gtk-greeter i3-gaps

### Create xinitrc

`exec i3`

## Install nvidia-drivers
pacman -S nvidia nvidia-utils nvidia-settings
	# Install ARCH Linux with encrypted file-system and UEFI
	# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.

	## Download the archiso image from https://www.archlinux.org/
	## Copy to a usb-drive
	$ dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux

	# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.

	## Set brazilian portuguese keymap
	loadkeys br-abnt2

	## Create partitions

	$ cgdisk /dev/sdX
	1 100MB EFI partition # Hex code ef00
	2 100% size partiton # (to be encrypted) Hex code 8300

	$ mkfs.vfat -F32 /dev/sdX1

	## Setup the encryption of the system
	$ cryptsetup -v --type luks --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --verify-passphrase luksFormat /dev/sdX2
	cryptsetup luksOpen /dev/sdX2 archie

	## Create encrypted partitions
	## This creates one partions for root, modify if /home or other partitions should be on separate partitions
	$ pvcreate /dev/mapper/archie
	$ vgcreate ecnryptd /dev/mapper/archie
	$ lvcreate --size 1G encryptd --name swap
	$ lvcreate --size 96G encryptd --name root
	$ lvcreate -l +100%FREE encryptd --name home

	## Create filesystems on encrypted partitions
	$ mkfs.ext4 /dev/mapper/encryptd-root
	$ mkfs.ext4 /dev/mapper/encryptd-home
	$ mkswap /dev/mapper/encryptd-swap

	## Mount the new system
	$ mount /dev/mapper/encryptd-root /mnt # /mnt is the installed system
	$ swapon /dev/mapper/encryptd-swap # Not needed but a good thing to test
	$ mkdir /mnt/boot
	$ mount /dev/sdX1 /mnt/boot


	# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system
	# Unless vim and zsh are desired these can be removed from the command
	pacstrap /mnt base base-devel linux linux-firmware mkinitcpio cryptsetup lvm2 zsh vim git efibootmgr dialog wpa_supplicant

	# 'install' fstab
	$ genfstab -pU /mnt >> /mnt/etc/fstab

	## Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
	$ tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)

	## Enter the new system
	$ arch-chroot /mnt /bin/bash

	## Setup system clock
	$ ln -s /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime
	$ hwclock --systohc --utc

	# Set the hostname
	$ echo $MYHOSTNAME > /etc/hostname # choose an hostname and change on MYHOSTNAME variable

	## Update locale
	$ echo LANG=pt_BR.UTF-8 >> /etc/locale.conf
	$ echo LANGUAGE=pt_BR >> /etc/locale.conf
	$ echo LC_ALL=C >> /etc/locale.conf

	## Set password for root
	$ passwd

	# Add real user remove -s flag if you don't whish to use zsh
	$ useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME
	$ passwd MYUSERNAME

	# Configure mkinitcpio with modules needed for the initrd image
	$ vim /etc/mkinitcpio.conf

	## Add 'ext4' to MODULES
	MODULES=(ext4)
	## Add 'encrypt' and 'lvm2' and 'keymap' to HOOKS before filesystems
	HOOKS=(base udev autodetect modconf block encrypt lvm2 keymap filesystems keyboard fsck)

	# Regenerate initrd image
	mkinitcpio -p linux

	# Setup systemd-boot (bootctl)
	`bootctl --path=/boot/ install`

	Create bootloader. Edit `/boot/loader/loader.conf`. Replace the file's contents with:
	```
	default arch
	timeout 3
	editor 0
	```

	The editor 0 ensures the configuration can't be changed on boot.

	Next create a bootloader entry in /boot/loader/entries/arch.conf
	```
	title Arch Linux
	linux /vmlinuz-linux
	initrd /initramfs-linux.img
	options cryptdevice=UUID={UUID}:encryptd root=/dev/volume/root quiet rw
	```
	Replace {UUID} with the UUID of /dev/sda2ornvme0n1p2. In order to get the UUID run the following command:
	`blkid`

	Or, while stil in vim, run the following command (replacing /dev/sda2 with the relevant partition):

	`:read ! blkid /dev/sda2`

	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt
	swapoff -a

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot


	## Broken configuration

	If something went go wrong you need to open the LVM VG
	cryptsetup luksOpen /dev/nvme0n1p2 arch
	vgscan --mknodes
	vgchange -ay
	lvscan

	# Post-installation

	## Install i3
	pacman -S dialog wpa_supplicant openssl xorg xorg-xinit xorg-server lightdm lightdm-gtk-greeter i3-gaps

	### Create xinitrc

	`exec i3`

	## Install nvidia-drivers
	pacman -S nvidia nvidia-utils nvidia-settings