Skip to content

Instantly share code, notes, and snippets.

@tolbrino

tolbrino/archlinux_setup_guide.md

Last active August 29, 2015 14:22
Show Gist options
  • Save tolbrino/5c8a10805aaff3939fc7 to your computer and use it in GitHub Desktop.
Save tolbrino/5c8a10805aaff3939fc7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
archlinux_setup_guide.md

Archlinux setup guide

This guide is based on the official Archlinux Installation Guide, Beginners' Guide and my personal experience.

Partition layout

HDD fs size mountpoint
/dev/sda1 LUKS MAX -
/dev/sda1 LVM MAX /dev/mapper/lvm
/dev/lvm/arch btrfs MAX -
/dev/lvm/swap swap = RAM -
partition subvolume mountpoint
/dev/lvm/arch @ /
/dev/lvm/arch @home /home
/dev/lvm/arch @log /var/log

Load correct key layout if needed

# loadkeys de-latin1-nodeadkeys

Setup partitions

For a MBR setup use cfdisk to create one partition and make it bootable. Set the filesystem type to LVM (8E).

# cfdisk

For an UEFI setup use gdisk to create a 512MB EFI System partition and the LUKS container after that.

# gdisk /dev/sda
o
n
<enter>
<enter>
+512M
ef00
n
<enter>
<enter>
<enter>
8300
w

Then format the EFI partition as FAT32:

mkfs.fat -F32 /dev/sda1

The rest of this howto will assume that your LUKS container is /dev/sda1, so keep in mind to change that to /dev/sda2 if you have an UEFI setup.

Create the crypto container

# cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda1

Open the crypto container

# cryptsetup luksOpen /dev/sda1 lvm

Add --allow-discards for SSDs:

# cryptsetup luksOpen --allow-discards /dev/sda1 lvm

Setup LVM

  • Create the physical volume and the volume group

    # pvcreate /dev/mapper/lvm
# vgcreate vg /dev/mapper/lvm

  • Create the volume for swap and the btrfs partition. Make the swap partition as big as your RAM, here 8G.

    # lvcreate -L 8G vg -n swap
# lvcreate -l +100%FREE vg -n arch

Format the partitions

# mkfs.btrfs -L arch /dev/mapper/vg-arch
# mkswap -L swap /dev/mapper/vg-swap

Create BTRFS subvolumes

  • Mount btrfs volume and cd into it

    # mount /dev/mapper/vg-arch /mnt && cd /mnt

  • Add subvolumes

    # btrfs subvolume create @
# btrfs subvolume create @home
# btrfs subvolume create @log

  • Unmount

    # cd && umount /mnt

Mount everything

You can enable compression with lzo or zlib on btrfs and enable auto defragmentation.

# mount /dev/mapper/vg-arch /mnt -o subvol=@,compress=lzo,autodefrag
# mkdir -p /mnt/{home,var/log}
# mount /dev/mapper/vg-arch /mnt/var/log -o subvol=@log,compress=lzo,autodefrag
# mount /dev/mapper/vg-arch /mnt/home -o subvol=@home,compress=lzo,autodefrag
# swapon /dev/mapper/vg-swap

For SSDs add the -d param (discard) to swapon and discard,ssd to btrfs subvolumes.

# mount /dev/mapper/vg-arch /mnt -o subvol=@,discard,ssd,compress=lzo,autodefrag
# mkdir -p /mnt/{home,var/log}
# mount /dev/mapper/vg-arch /mnt/var/log -o subvol=@log,discard,ssd,compress=lzo,autodefrag
# mount /dev/mapper/vg-arch /mnt/home -o subvol=@home,discard,ssd,compress=lzo,autodefrag
# swapon -d /dev/mapper/vg-swap

Install rootfs with pacstrap

# pacstrap -i /mnt base base-devel bash-completion vim

Generate fstab

# genfstab -U -p /mnt >> /mnt/etc/fstab

Change defaults to defaults,discard for swap partition entry in fstab if you have a SSD.

Chroot into the new system

# arch-chroot /mnt

Install grub

  • Install the package:

    • using BIOS:
    # pacman -S grub-bios
    • using EFI:
    # pacman -S grub efibootmgr

  • Add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub

  • Set cryptdevice and resume partition

    • For a HDD: GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm resume=/dev/mapper/vg-swap"
    • For a SSD: GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:lvm:allow-discards resume=/dev/mapper/vg-swap"

  • Install grub to harddrive:

    • UEFI:

      # grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck

    • BIOS:

      # grub-install --target=i386-pc --recheck /dev/sda

Create keyfile for the LUKS partition

Generate 4096 bit key and add it to LUKS:

# dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
# cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin

Nobody except GRUB should read this file. Not even root.

# chmod 000 /crypto_keyfile.bin

Edit /etc/mkinitcpio.conf:

  • Add crc32c (or crc32c-intel for Intel machines) to the MODULES array
MODULES="crc32c-intel"
  • Add btrfs to the end and encrypt and resume between keyboard and filesystems in the HOOKS array.
HOOKS="... keyboard encrypt lvm2 resume filesystems ... fsck btrfs"
  • Add the keyfile for the LUKS partition to the initfamfs so that you only have to unlock the root partition once
FILES="/crypto_keyfile.bin"

Install btrfs-progs to use the btrfs hook:

# pacman -S btrfs-progs

Generate initramfs:

# mkinitcpio -p linux

Generate grub.cfg:

# grub-mkconfig -o /boot/grub/grub.cfg

Seting up the base system

  • Edit /etc/locale.conf:

    LANG=en_US.UTF-8
LANGUAGE=en_US:en_GB:en

  • Edit /etc/locale.gen and uncomment the needed locales:

    de_DE.UTF-8 UTF-8
[..]
en_GB.UTF-8 UTF-8
[..]
en_US.UTF-8 UTF-8

  • Generate locales

    # locale-gen

  • Edit /etc/vconsole.conf and set keymap and font:

    #KEYMAP=us
KEYMAP=de-latin1-nodeadkeys
#FONT=lat2-16
#FONT_MAP=8859-2

  • Set timezone:

    # ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime

  • Set hostname:

    # hostnamectl set-hostname archbox

Configure network with dynamic IP

This is not needed if you install a graphical network manager.

Get the example config file that fits your config best and edit it.

# cp /etc/netctl/examples/ethernet-dhcp /etc/netctl/

Enable and start netctl profile at boot:

# netctl enable ethernet-dhcp

Deactivate new udev naming scheme

# ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules

Install dependencies for wifi connection (optional)

# pacman -S dialog wpa_supplicant

Configure pacman and add a user

Edit /etc/pacman.conf and uncomment [multilib].

Update packages and db:

# pacman -Sy

Add an user and set the password:

# useradd -m -g users -G wheel -s /bin/bash bob
# passwd bob

Run:

# visudo

and uncomment %wheel ALL=(ALL:ALL) ALL or %wheel ALL=(ALL:ALL) NOPASSWD: ALL if you don't want to enter your password again when using sudo.

Now remove the root password so that root cannot login (don't lock the account with passwd -l because than the recovery root login doesn't work anymore):

# passwd -d root

Finishing

Exit chroot environment.

Umounting devices:

# umount /mnt/var/log
# umount /mnt/home
# umount /mnt
# swapoff /dev/mapper/vg-swap
# cryptsetup luksClose /dev/mapper/lvm

Reboot:

# reboot

Finished! You now have an encrypted Archlinux up and running. If you want to build a server you're pretty much finished and can continue to setup the services you want to host. For a more desktop like setup continue.

Now setup the system

Setup audio

Install ALSA and unmute the master volume.

# pacman -S alsa-utils
# alsamixer

Setup X

  • You need at least one font and the X server

    # pacman -S ttf-dejavu xorg-server xorg-server-utils xorg-xinit mesa xorg-twm xorg-xclock xterm

  • Find your video driver and install it. (here intel is used):

    $ pacman -Ss xf86-video | less
# pacman -S xf86-video-intel

  • Test X and exit all X-terminals if it works

    $ startx

Setup your prefered system

  • Checkout the wiki and look how to install your favorite desktop environment: Desktop_Environment
  • Or choose just one of these window managers (Window Manager) and look how to start X at boot here: Start_X_at_Login
  • Use the Archlinux wiki extensively! It's beautiful and full of wonderful pages that can help you in every situation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment