dotfiles/.dotfiles/arch_install.md

12 KiB

Arch Installation

This document describes my ArchLinux installation steps. It skips over the preparation of the installation medium. Otherwise it mostly follows the ArchWiki Installation Guide, but explicitly states some decisions:

  • use systemd-boot as the bootloader
  • use NetworkManager for network configuration
  • use btrfs as the main file system
  • use LUKS for disk encryption
  • use greetd as display manager
  • try to only use native wayland with sway as WM
  • use zram instead of a swap partition/file

My setup is opinionated and so is this doc.

[[TOC]]

Pre-Installation aka things to do in the arch-iso liveboot

Prerequisites

Set keyboard layout

# loadkeys de-latin1

Check if booted in UEFI mode

# ls /sys/firmware/efi/efivars

Check internet connectivity

# ip link
# ping archlinux.org

Update system clock

timedatectl set-ntp true

Disk partitioning

GPT partitioning scheme:

Mount point Partition Partition type Size
/mnt/boot /dev/efi-partition EFI system partition 500MiB
/mnt /dev/root-partition Linux x86-64 root(/) max

Check available disks and start fdisk

fdisk -l
fdisk /dev/<disk-to-install-to>

Create GPT partition table

Command (m for help): _g_

Create efi-partition

Command (m for help): _n_
Partition number (1-128, default 1): _<Return>_
First sector (x-y, default x): _<Return>_
Last sector [...] (x-y, default y): _+500M_

Command (m for help): _t_
Selected partition 1
Partition type or alias: _1_
Changed type of partition 'Linux Filesystem' to 'EFI System'.

Create root-partition

Command (m for help): _n_
Partition number (1-128, default 2): _<Return>_
First sector (x-y, default x): _<Return>_
Last sector [...] (x-y, default y): _<Return>_

Command (m for help): _t_
Partition number (1,2, default 2): _2_
Partition type or alias: _23_
Changed type of partition 'Linux Filesystem' to 'Linux root (x86-64)'.

Write partitions to disk

Command (m for help): _w_

Format partitions / create filesystems

Format the efi partition with Fat32

# mkfs.fat -F 32 /dev/<efi_partition>

Setup the root partition with LUKS

# cryptsetup -v --verify-passphrase --type=luks2 --hash=sha256 --key-size=512 --cipher=aes-xts-plain64 luksFormat /dev/<root-partition>

Note: man cryptsetup is a really nice resource. Especially the section about the LuksHeader and the luksHeaderBackup command are really valuable.

Mount LUKS device

# cryptsetup luksOpen /dev/<root-partition> luks-root

Format luks root partition with btrfs

# mkfs.btrfs -L archlinuxroot /dev/mapper/luks-root

Create btrfs subvolumes

# mount -o compress=zstd /dev/mapper/luks-root /mnt
# btrfs sub create /mnt/@
# btrfs sub create /mnt/@home
# btrfs sub create /mnt/@pkg
# btrfs sub create /mnt/@snapshots
# btrfs sub create /mnt/@tmp
# umount /mnt

Associate subvolumes and filesystem directories

# mount -o noatime,nodiratime,compress=zstd,subvol=@ /dev/mapper/luks-root /mnt
# mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,tmp,.snapshots}
# mount -o noatime,nodiratime,compress=zstd,subvol=@home /dev/mapper/luks-root /mnt/home
# mount -o noatime,nodiratime,compress=zstd,subvol=@pkg /dev/mapper/luks-root /mnt/var/cache/pacman/pkg
# mount -o noatime,nodiratime,compress=zstd,subvol=@tmp /dev/mapper/luks-root /mnt/tmp
# mount -o noatime,nodiratime,compress=zstd,subvol=@snapshots /dev/mapper/luks-root /mnt/.snapshots

Mount EFI partition

# mount /dev/<efi-partition> /mnt/boot

Installation

Bootstrap & filesystemtable

Bootstrap base arch install

# pacstrap /mnt linux linux-firmware base btrfs-progs amd-ucode git vi vim sudo networkmanager zsh

Generate fstab

# genfstab -U /mnt >> /mnt/etc/fstab

Basic system configuration

Chroot into new system

# arch-chroot /mnt

Set hostname

# echo <HOSTNAME> > /etc/hostname

Set and generate locale

# echo LANG=en_US.UTF-8 > /etc/locale.conf
# sed -i -e 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' -e 's/^#de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
# locale-gen

Set keyboard layout

# echo KEYMAP=de-latin1 > /etc/vconsole.conf

Set time zone

# ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# hwclock --systohc

Set root password

# passwd

Add btrfs and encrypt initramfs hooks to /etc/mkinitcpio.conf

e.g.:

HOOKS=(base udev autodetect modconf block encrypt btrfs filesystems keyboard fsck)

Regenerate initramfs

# mkinitcpio -p linux

Configure boot loader

Install systemd-boot

# bootctl --path=/boot install

Fetch UUID of the root partition

# blkid -s UUID -o value /dev/<root-partition>

Create arch boot entry /boot/loader/entries/arch.conf

title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=<UUID-OF-ROOT-PARTITION>=luks-root root=/dev/mapper/luks-root rootflags=subvol=@,x-systemd.device-timeout=0 rw quiet loglevel=0 splash rd.systemd.show_status=0 rd.udev.log_level=0 rd.luks.options=discard,timeout=0

Copy arch boot entry to /boot/loader/entries/arch-fallback.conf and set the initramfs to the fallback one. Resulting in the following

title Arch Linux (fallback)
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux-fallback.img
options rd.luks.name=<UUID-OF-ROOT-PARTITION>=luks-root root=/dev/mapper/luks-root rootflags=subvol=@,x-systemd.device-timeout=0 rw quiet loglevel=0 splash rd.systemd.show_status=0 rd.udev.log_level=0 rd.luks.options=discard,timeout=0

Edit boot loader config /boot/loader/loader.conf

default arch.conf
timeout 3
console-mode max
editor yes

Note: Having editor yes can save you from needing a bootable USB if something goes wrong in the future.

Exit chroot, unmount disk, reboot

# exit
# umount -R /mnt
# reboot

Finish installation

Enable and check networking

Enable and start NetworkManager

# systemctl enable --now NetworkManager

Test network connectivity

# ping archlinux.org

Setup user account

Create a sudo group for sudo access

# groupadd -r sudo

Use visudo to uncomment the following line

# %sudo ALL=(ALL:ALL) ALL

Create user account with sudo and journal access. Also add user to the pipewire group to make use of the configured realtime limits for pipewire.

# useradd -m -G sudo,systemd-journal -s /bin/zsh histalek

Set password for useraccount

# passwd histalek

Exit out of the root session and login as user

Install and setup personal preferences

Setup my dotfiles

$ echo ".dotfiles" >> .gitignore
$ git clone --bare <remote-git-repo-url> $HOME/.dotfiles
$ alias dotfiles='/usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'
$ dotfiles config --local status.showUntrackedFiles no
$ dotfiles checkout

Install and update various packages

$ sudo pacman -Syu --needed - < $HOME/.dotfiles/pkglist.txt

AUR

Install paru as AUR helper

$ sudo pacman -Syu --needed base-devel
$ git clone https://aur.archlinux.org/paru.git
$ cd paru
$ makepkg -si

Install packages from AUR

$ paru -Syua --needed - < $HOME/.dotfiles/pkglist-aur.txt

Flatpak

Install flatpak package

$ sudo pacman -Syu flatpak

Add the flathub repo

$ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

Install Flatseal to manage flatpak permissions via GUI

$ flatpak install flathub com.github.tchx84.Flatseal

Setup zram

Install zram-generator

$ sudo pacman -Syu zram-generator

Create zram config file /etc/systemd/zram-generator.conf, e.g.:

[zram0]
zram-size = min(ram, 8192)

Setup realtime limits for pipewire

Create dedicated group

$ sudo groupadd pipewire

Add user to group

$ sudo usermod -aG pipewire histalek

Create /etc/security/limits.d/95-pipewire.conf with the following content

# Default limits for users of pipewire
@pipewire - rtprio 95
@pipewire - nice -19
@pipewire - memlock 4194304

(optional) Configure boot splash screen

Note: As of early April 2023 plymouth is now in the arch community repo. The logic of the plymouth-encrypt hook has been merged to the encrypt/sd-encrypt hook.

Install plymouth

$ sudo paru -Syu plymouth

Adapt mkinitcpio hooks. Add plymouth after base systemd. Resulting in e.g.

HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole block filesystems plymouth sd-encrypt fsck)

Set theme for plymouth (this also regenerates the initramfs)

$ sudo plymouth-set-default-theme -R script

To get a smoother transition between plymouth and greetd place the following systemd dropin account /etc/systemd/system/display-manager.service.d/plymouth.conf:

[Unit]
Conflicts=plymouth-quit.service
After=plymouth-quit.service rc-local.service plymouth-start.service systemd-user-sessions.service
OnFailure=plymouth-quit.service

[Service]
ExecStartPre=-/usr/bin/plymouth deactivate
ExecStartPost=-/usr/bin/sleep 30
ExecStartPost=-/usr/bin/plymouth quit --retain-splash

NOTE: After updating to Kernel 6.0 plymouth didn't show up on boot. I could still type my luks passwort and proceed, but looking at a black screen was not particularly fun. I solved this by configuring early Kernel modesetting. Effectively adding amdgpu to the mkinitcpio modules in /etc/mkinitcpio.conf:

MODULES=( ... amdgpu ... )

(optional) Configure display manager

These steps will use greetd with the gtkgreet greeter and will use sway as compositor.

Install greetd and greetd-gtkgreet-git

$ sudo paru -Syua greetd greetd-gtkgreet-git

Create greetd config directory

$ sudo mkdir -p /etc/greetd

Create /etc/greetd/environments file with all environments that gtkgreet should be able to start, e.g.:

sway
bash

Create greetd config file /etc/greetd/config.toml, e.g.:

[terminal]
# The VT to run the greeter on. Can be "next", "current" or a number
# designating the VT.
vt = 1

# The default session, also known as the greeter.
[default_session]
command = "sway --config /etc/greetd/sway-config"
user = "greeter"

Create /etc/greetd/sway-config which will be used by the sway greeter session, e.g.:

exec "gtkgreet --layer-shell --style /etc/greetd/gtkgreet-style.css; swaymsg exit"

bindsym Mod4+shift+e exec swaynag \
-t warning \
-m 'What do you want to do?' \
-b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot'

include /etc/sway/config.d/*

It is advisable to also set the correct output and input configuration. Either write them into the same file or place additional files into /etc/sway/config.d/.

Optionally one can style the gtkgreet greeter with /etc/greetd/gtkgreet-style.css, e.g.:

window {
  background-color: rgba(0, 0, 0, 0);
  background-size: contain;
  background-position: center;
  color: rgba(200, 200, 200, 0.9);
}

box#body {
  background-color: rgba(50, 50, 50, 0.8);
  border-radius: 10px;
  color: rgba(250, 250, 250, 0.9);
  padding: 50px;
}

Enable and start greetd.service

$ sudo systemctl enable --now greetd.service