525 lines
7.5 KiB
Markdown
525 lines
7.5 KiB
Markdown
---
|
|
title: Arch
|
|
visible: true
|
|
---
|
|
|
|
[toc]
|
|
|
|
Last modified: 2023-11-17
|
|
|
|
## Keyboard layout
|
|
|
|
[shroot]
|
|
|
|
```
|
|
loadkeys de_CH-latin1
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Check UEFI mode
|
|
|
|
If the following command works, the system is booted in EFI.
|
|
|
|
[shroot]
|
|
|
|
```
|
|
ls /sys/firmware/efi/efivars
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Verify internet connection
|
|
|
|
[shroot]
|
|
|
|
```
|
|
ping wiki.exu.li
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Update system clock
|
|
|
|
[shroot]
|
|
|
|
```
|
|
timedatectl set-ntp true
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Creating partitions
|
|
|
|
[shroot]
|
|
|
|
```
|
|
cfdisk
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Use `EFI System` for EFI partition
|
|
Use `Linux filesystem` for other partitions
|
|
|
|
## (LUKS) Create encrypted partition
|
|
|
|
_Note: Do not put your /efi partition on an encrypted partition!_
|
|
|
|
Create encrypted Partition with a label. This label will later be used to identified the bootdevice as a simpler alternative to UUIDs.
|
|
|
|
[shroot]
|
|
|
|
```
|
|
cryptsetup luksFormat --label=(label) /dev/(partition)
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Open the partition and specify a name
|
|
|
|
[shroot]
|
|
|
|
```
|
|
cryptsetup open /dev/(partition) (name)
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Check if this worked with `ls /dev/mapper/`
|
|
The name should show up there
|
|
|
|
## Format partitions
|
|
|
|
Fat 32:
|
|
|
|
[shroot]
|
|
|
|
```
|
|
mkfs.fat -F32 /dev/(partition)
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
_For EFI or BOOT partition_
|
|
|
|
Ext4:
|
|
|
|
[shroot]
|
|
|
|
```
|
|
mkfs.ext4 /dev/(partition)
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
_All other partitions_
|
|
|
|
Btrfs:
|
|
|
|
[shroot]
|
|
|
|
```
|
|
mkfs.btrfs /dev/(partition)
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
_All other partitions_
|
|
|
|
## Mounting partitions
|
|
|
|
Generally partitions have to be mounted where you will later use them in your system.
|
|
BTRFS with its subvolumes is a special case, see the additional chapter below.
|
|
Be careful in choosing you EFI mountpoint when using full disk encryption.
|
|
Using `/efi` will lead to much longer boot times in GRUB and be completely unsupported in other bootloaders.
|
|
See [this feature comparison](https://wiki.archlinux.org/title/Arch_boot_process#Boot_loader) for details.
|
|
For `/efi` size really doesn't matter much and can be 1 or 2 megabytes. 16MB is probably a good size.
|
|
If you're using `/boot`, the kernel and initramfs will also be stored on this partition among others. Recommended sizes range from 256MB to 512MB
|
|
|
|
```
|
|
Root: /mnt
|
|
EFI: /mnt/efi or /mnt/boot
|
|
Home: /mnt/home
|
|
etc...
|
|
```
|
|
|
|
### (BTRFS) Btrfs preparation of subvolumes and mounting
|
|
|
|
Mount root partition
|
|
|
|
[shroot]
|
|
|
|
```
|
|
mount /dev/(partition) /mnt
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Root subvolume
|
|
|
|
[shroot]
|
|
|
|
```
|
|
btrfs subv create /mnt/@
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Home subvolume
|
|
|
|
[shroot]
|
|
|
|
```
|
|
btrfs subv create /mnt/@home
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Snapshots subvolume for snapper
|
|
|
|
[shroot]
|
|
|
|
```
|
|
btrfs subv create /mnt/@snapshots
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Var subvolume
|
|
|
|
[shroot]
|
|
|
|
```
|
|
btrfs subv create /mnt/@var_log
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
_If you want to use a swapfile with Snapper, create a new subvolume now_
|
|
Swap subvolume
|
|
|
|
[shroot]
|
|
|
|
```
|
|
btrfs subv create /mnt/@swap
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
[shroot]
|
|
|
|
```
|
|
umount /mnt
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Mount root
|
|
`mount -o noatime,compress-force=zstd,subvol=@ /dev/(partition) /mnt`
|
|
|
|
With /efi
|
|
`mkdir -p /mnt/{efi,home,.snapshots,var/log,swap}`
|
|
With /boot
|
|
`mkdir -p /mnt/{boot,home,.snapshots,var/log,swap}`
|
|
|
|
Mount home
|
|
`mount -o noatime,compress-force=zstd,subvol=@home /dev/(partition) /mnt/home`
|
|
|
|
Mount snapshots for snapper
|
|
`mount -o noatime,compress-force=zstd,subvol=@snapshots /dev/(partition) /mnt/.snapshots`
|
|
|
|
Mount var
|
|
`mount -o noatime,compress-force=zstd,subvol=@var_log /dev/(partition) /mnt/var/log`
|
|
|
|
Swap subvolume
|
|
`mount -o noatime,subvol=@swap /dev/(partition) /mnt/swap`
|
|
|
|
**Don't forget mounting other partitions!!**
|
|
|
|
## Swap
|
|
|
|
### Swapfile
|
|
|
|
#### Normal way
|
|
|
|
**NOT FOR BTRFS!**
|
|
|
|
[shroot]
|
|
|
|
```
|
|
dd if=/dev/zero of=/mnt/swapfile bs=1M count=(size) status=progress
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
#### (BTRFS) Swapfile in btrfs
|
|
|
|
_Use a separate subvolume to work with snapper_
|
|
|
|
[shroot]
|
|
|
|
```
|
|
btrfs fi mkswapfile --size [SIZE]g --uuid clear /mnt/swap/swapfile
|
|
swapon /mnt/swap/swapfile
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Essential packages
|
|
|
|
Install a few essential packages using `pacstrap`.
|
|
Additional packages might also be necessary, see the list below.
|
|
|
|
[shroot]
|
|
|
|
```
|
|
pacstrap /mnt base base-devel linux linux-firmware linux-headers vim git openssh networkmanager dialog
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
### Microcode
|
|
|
|
`amd-ucode`
|
|
|
|
`intel-ucode`
|
|
|
|
### Filesystems
|
|
|
|
Fat32:
|
|
`dosfstools mtools`
|
|
|
|
Ext4:
|
|
`e2fsprogs`
|
|
|
|
Btrfs:
|
|
`btrfs-progs compsize`
|
|
|
|
### Wifi
|
|
|
|
`wpa_supplicant`
|
|
|
|
### Snapper
|
|
|
|
`snapper`
|
|
|
|
### Certificates
|
|
|
|
`ca-certificates ca-certificates-mozilla`
|
|
|
|
### other
|
|
|
|
`cups hplip xdg-utils xdg-user-dirs inetutils`
|
|
|
|
## Generate fstab
|
|
|
|
[shroot]
|
|
|
|
```
|
|
genfstab -U /mnt >> /mnt/etc/fstab
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
**Make sure the fstab file has everything included**
|
|
|
|
## Chroot into the system
|
|
|
|
[shroot]
|
|
|
|
```
|
|
arch-chroot /mnt
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Set timezone
|
|
|
|
`ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime`
|
|
|
|
## Set hardware clock
|
|
|
|
`hwclock --systohc`
|
|
|
|
## Set locale
|
|
|
|
`vim /etc/locale.gen`
|
|
Uncomment the locales that should be generated.
|
|
Make sure to use a UTF-8 entry.
|
|
|
|
`locale-gen`
|
|
|
|
`echo "LANG=de_CH.UTF-8" > /etc/locale.conf`
|
|
|
|
## Set keymap permanently
|
|
|
|
`echo "KEYMAP=de_CH-latin1" > /etc/vconsole.conf`
|
|
|
|
## Set hostname
|
|
|
|
`echo "(hostname)" > /etc/hostname`
|
|
|
|
Edit `/etc/hosts`
|
|
|
|
```
|
|
127.0.0.1 localhost (hostname)
|
|
::1 localhost
|
|
```
|
|
|
|
## Change root password
|
|
|
|
[shroot]
|
|
|
|
```
|
|
passwd
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Bootloader installation
|
|
|
|
### rEFInd
|
|
|
|
[shroot]
|
|
|
|
```
|
|
pacman -S refind
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
Use the rEFInd installation script. In most cases no specific configuration is necessary
|
|
|
|
[shroot]
|
|
|
|
```
|
|
refind-install
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
**Manual editing of the generated configuration file is necessary when installing rEFInd from the Arch boot ISO**
|
|
|
|
_TODO insert config here_
|
|
```
|
|
"Boot with standard options" "rw loglevel=3 quiet cryptdevice=LABEL=(label):(name) root=/dev/mapper/(name) rootflags=subvol=@"
|
|
```
|
|
|
|
### mkinitcpio with LUKS
|
|
|
|
Some additional settings are necessary in `/etc/mkinitcpio.conf` in order to enable booting from LUKS-encrypted disks.
|
|
|
|
Edit the `HOOKS` section in `/etc/mkinitcpio.conf` by adding `encrypt` after `block` and before `filesystems`
|
|
|
|
Also ensure `keyboard keymap` are present before `encrypt` in order to allow the loading of the default keyboard language from `/etc/vconsole.conf` to enter the decryption password.
|
|
|
|
Regenerate all initramfs presets
|
|
|
|
[shroot]
|
|
|
|
```
|
|
mkinitcpio -P
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## Networking
|
|
|
|
`systemctl enable NetworkManager`
|
|
|
|
## (CUPS) Printing
|
|
|
|
`systemctl enable cups`
|
|
|
|
## Add user
|
|
|
|
`useradd -mG wheel (user)`
|
|
|
|
Set password
|
|
`passwd (user)`
|
|
|
|
### Enable sudo
|
|
|
|
`visudo`
|
|
Uncomment `%wheel ALL=(ALL) ALL`
|
|
|
|
## Finishing installation
|
|
|
|
`exit`
|
|
`poweroff`
|
|
Remove the installation cd
|
|
|
|
## (Snapper) Setup
|
|
|
|
`# umount /.snapshots`
|
|
|
|
`# rm -r /.snapshots`
|
|
|
|
Create snapper config
|
|
`# snapper -c root create-config /`
|
|
|
|
Delete unneeded volume
|
|
`# btrfs subv del /.snapshots/`
|
|
|
|
`# mkdir /.snapshots`
|
|
|
|
Mount snapshots volume
|
|
`# mount -a`
|
|
|
|
`# chmod 750 /.snapshots`
|
|
|
|
`# vim /etc/snapper/configs/root`
|
|
|
|
Change these things:
|
|
`ALLOW_USERS="(user)"`
|
|
|
|
```
|
|
TIMELINE_LIMIT_HOURLY="5"
|
|
TIMELINE_LIMIT_DAILY="7"
|
|
TIMELINE_LIMIT_WEEKLY="4"
|
|
TIMELINE_LIMIT_MONTHLY="0"
|
|
TIMELINE_LIMIT_YEARLY="0"
|
|
```
|
|
|
|
Enable snapper
|
|
`# systemctl enable --now snapper-timeline.timer`
|
|
`# systemctl enable --now snapper-cleanup.timer`
|
|
|
|
Allow user to access snapshots
|
|
`# chmod a+rx /.snapshots`
|
|
`# chown :(user) /.snapshots`
|
|
|
|
## Install AUR helper
|
|
|
|
### paru
|
|
|
|
[shuser]
|
|
|
|
```
|
|
cd $(mktemp -d)
|
|
git clone https://aur.archlinux.org/paru-bin.git
|
|
cd paru-bin
|
|
makepkg -si
|
|
```
|
|
|
|
[/shuser]
|
|
|
|
## Automatic snapshots on package changes
|
|
|
|
[shroot]
|
|
|
|
```
|
|
pacman -S snap-pac
|
|
```
|
|
|
|
[/shroot]
|
|
|
|
## (rEFInd) Show snapshots in bootmenu
|
|
|
|
_WIP_
|
|
|
|
`paru -S refind-btrfs`
|
|
|
|
`systemctl enable --now refind-btrfs.service`
|