skywhi@dreamland:/var/log$ _

ArchLinux installation

Below are some quickly-written notes on installing ArchLinux for a standard workstation (desktop, laptop or VM). The setup is quite simple: GRUB will boot a single system partition encrypted with LUKS which hosts LVM volumes for more flexibility.

Disclaimer: This content is intended for my own personal documentation, I cannot guarantee that it is working out-of-the-box or will be maintained up-to-date. If you are curious about the installation process or looking for troubleshooting tips, I highly recommend that you start by visiting the excellent ArchWiki, in particular the Installation guide and General recommendations pages. Everything here is taken from the amazing wiki anyway ;)

Installation media

I tend to simply write the latest installation image on a USB drive (here /dev/sdb): 

curl -s -o - http://mir.archlinux.fr/iso/$(date +%Y.%m.01)/archlinux-$(date +%Y.%m.01)-x86_64.iso \
    | sudo dd of=/dev/sdb bs=4M status=progress

Getting comfortable

After booting onto the installation media, I ensure that the right keymap is set and that there is a proper network connection. For LAN it should work out-of-the-box and I use iwd with NetworkManager for WLAN connections lol. 

# Set keymap
loadkeys fr-latin9

# Configure network, here wireless with iwd
iwctl
[iwd]
[iwd] station wlan0 get-networks
[iwd] station wlan0 connect <ssid>
[iwd] exit
ping -c3 archlinux.org

# Time over the network with ntp
timedatectl set-ntp true

Disk partition

Now we are ready for disk partitioning. The scheme I use for a desktop or laptop is quite simple (replace the names of the disks when appropriate). Replace /dev/sda by your actual device (/dev/nvme0n1 for example).

  • sda1 (256M) is the un-encrypted /boot partition.

  • sda2 is passphrase-encrypted with LUKS. It will host 3 LVM logical volumes:

    • / (usually something like 30-50G, depending on usage) the filesystem's root for our installation.
    • /home (rest of disk space) on a separate volume in case things get south.
    • swap (a few Gigabytes) for swapping purposes (duh!).

    We will boot bare-metal installations over UEFI because we are modern people. I am perfectly fine with having sda1 un-encrypted and the whole system data on sda2 encrypted with a single passphrase. The use of LVM gives the flexibility to create or resize partitions / logical volumes later if needed.

    The wiki pages EFI system partition and Encrypting an entire system (section "LVM on LUKS") cover the required steps. The usual warning message applies: note that from here on data will be actually written to the given disks. Make sure to triple-check that everything is in order before executing a command or you might regret it! 

    # Partition the disk
fdisk -l
fdisk /dev/sda # fdisk /dev/nvme0n1
Command (m for help): n # Make EFI partition sda1: +256M - type "EFI System"
Command (m for help): n # Make System partition sda2: type "Linux filesystem"
Command (m for help): w # Write changes to disk

# Format sda1 for EFI
mkfs.fat -F32 /dev/sda1

# LuksFormat sda2
cryptsetup luksFormat /dev/sda2
cryptsetup open /dev/sda2 cryptlvm

# Setup LVM logical volumes
pvcreate /dev/mapper/cryptlvm
vgcreate MyVolGroup /dev/mapper/cryptlvm
lvcreate -L 8G MyVolGroup -n swap
lvcreate -L 50G MyVolGroup -n root
lvcreate -l 100%FREE MyVolGroup -n home

mkfs.ext4 /dev/MyVolGroup/root
mkfs.ext4 /dev/MyVolGroup/home
mkswap /dev/MyVolGroup/swap

# Mount everything
mount /dev/MyVolGroup/root /mnt
mkdir /mnt/{home,boot}
mount /dev/MyVolGroup/home /mnt/home
mount /dev/sda1 /mnt/boot
swapon /dev/MyVolGroup/swap

Diving in!

Let's install the packages that will be needed for a minimal functional base installation. We include the necessary networking (here networkmanager with wpa_supplicant backend) and boot management packages as well as additional drivers and throw in a convenient text editor for good measure. The rest can always be installed later on if needed (note to self: thanks to networking packages, do not forget!). 

# Install all our required packages
pacstrap /mnt base linux linux-firmware \
         sudo nano lvm2 \
         networkmanager wpa_supplicant dhcpcd \
         grub efibootmgr intel-ucode

# Update the new fstab
genfstab -U /mnt >> /mnt/etc/fstab

We can finally chroot into the new installation and start configuring it: 

# Switch to the new installation
arch-chroot /mnt

# Set time info
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
hwclock --systohc

# Edit locale, vconsole and hostname
sed -i 's/#en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen && locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
echo 'KEYMAP=fr-latin9' > /etc/vconsole.conf
echo 'foobaz' > /etc/hostname

# Change root password
passwd

# Add hooks for system encryption and lvm (keymap encrypt lvm2)
nano /etc/mkinitcpio.conf
mkinitcpio -P

# Setup the GRUB bootloader
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
grub-mkconfig -o /boot/grub/grub.cfg
lsblk -f # take note of sda2's UUID
nano /boot/grub/grub.cfg # add sda2's cryptdevice=UUID=<UUID>:cryptlvm

# Exit and reboot
exit
umount -R /mnt
reboot

Final words

The first thing I do after rebooting is setting up an un-priviledge user account that will be used for administrative tasks. It will be added to the wheel user group which will be able to execute command as root via sudo. 

useradd -m -G wheel skywhi
passwd skywhi
visudo
# uncomment line 82 for example: wheel users can run any command with password

Installing yay is never a bad idea if you wish to install package from AUR. 

sudo pacman -Syu base-devel
cd ~ && git clone https://aur.archlinux.org/yay.git && cd yay
makepkg -sirc
cd ~ && rm -rf yay

Here we are! We now enjoy a fully functional ArchLinux workstation with full disk encryption and basic networking capabilities. From here on we should check the General recommendations to complete the setup of users, services, system management and so forth.

Top of the page - Sitemap -