dotfiles/.dotfiles/arch_install.md

# Arch Installation

This document describes my ArchLinux installation steps. It skips over the preparation of the installation medium. Otherwise it mostly follows the [ArchWiki Installation Guide](https://wiki.archlinux.org/title/Installation_guide), but explicitly states some decisions:

- use `systemd-boot` as the bootloader
- use `NetworkManager` for network configuration
- use `btrfs` as the main file system
- use `LUKS` for disk encryption
- **try** to only use native wayland with sway as WM
- no swap partition (i might use zram or a swapfile in the future though)
- no display manager (for now at least)

My setup is opinionated and so is this doc.

## Pre-Installation aka things to do in the arch-iso liveboot

### Prerequisites

Set keyboard layout

```console
# loadkeys de-latin1
```

Check if booted in UEFI mode

```console
# ls /sys/firmware/efi/efivars
```

Check internet connectivity

```console
# ip link
# ping archlinux.org
```

Update system clock

```console
timedatectl set-ntp true
```

### Disk partitioning

GPT partitioning scheme:

|Mount point|Partition|Partition type|Size|
|---|---|---|---|
|/mnt/boot|/dev/*efi-partition*|EFI system partition|500MiB|
|/mnt|/dev/*root-partition*|Linux x86-64 root(/)|max|

Check available disks and start `fdisk`

```console
fdisk -l
fdisk /dev/<disk-to-install-to>
```

Create GPT partition table

```md
Command (m for help): *g*
```

Create *efi-partition*

```md
Command (m for help): *n*
Partition number (1-128, default 1): *<Return>*
First sector (x-y, default x): *<Return>*
Last sector [...] (x-y, default y): *+500M*

Command (m for help): *t*
Selected partition 1
Partition type or alias: *1*
Changed type of partition 'Linux Filesystem' to 'EFI System'.
```

Create *root-partition*

```md
Command (m for help): *n*
Partition number (1-128, default 2): *<Return>*
First sector (x-y, default x): *<Return>*
Last sector [...] (x-y, default y): *<Return>*

Command (m for help): *t*
Partition number (1,2, default 2): *2*
Partition type or alias: *23*
Changed type of partition 'Linux Filesystem' to 'Linux root (x86-64)'.
```

Write partitions to disk

```md
Command (m for help): *w*
```

### Format partitions / create filesystems

Format the efi partition with Fat32

```console
# mkfs.fat -F 32 /dev/<efi_partition>
```

Setup the root partition with LUKS

```console
# cryptsetup -v --verify-passphrase --type=luks2 --hash=sha256 --key-size=512 --cipher=aes-xts-plain64 luksFormat /dev/<root-partition>
```

Note: `man cryptsetup` is a really nice resource. Especially the section about the LuksHeader and the `luksHeaderBackup` command are really valuable.

Mount LUKS device

```console
# cryptsetup luksOpen /dev/<root-partition> luks-root
```

Format luks root partition with btrfs

```console
# mkfs.btrfs -L archlinuxroot /dev/mapper/luks-root
```

Create btrfs subvolumes

```console
# mount -o compress=zstd /dev/mapper/luks-root /mnt
# btrfs sub create /mnt/@
# btrfs sub create /mnt/@home
# btrfs sub create /mnt/@pkg
# btrfs sub create /mnt/@snapshots
# btrfs sub create /mnt/@tmp
# umount /mnt
```

Associate subvolumes and filesystem directories

```console
# mount -o noatime,nodiratime,compress=zstd,subvol=@ /dev/mapper/luks-root /mnt
# mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,tmp,.snapshots}
# mount -o noatime,nodiratime,compress=zstd,subvol=@home /dev/mapper/luks-root /mnt/home
# mount -o noatime,nodiratime,compress=zstd,subvol=@pkg /dev/mapper/luks-root /mnt/var/cache/pacman/pkg
# mount -o noatime,nodiratime,compress=zstd,subvol=@tmp /dev/mapper/luks-root /mnt/tmp
# mount -o noatime,nodiratime,compress=zstd,subvol=@snapshots /dev/mapper/luks-root /mnt/.snapshots
```

Mount EFI partition

```console
# mount /dev/<efi-partition> /mnt/boot
```

## Installation

### Bootstrap & filesystemtable

Bootstrap base arch install

```console
# pacstrap /mnt linux linux-firmware base btrfs-progs amd-ucode git vi vim sudo networkmanager zsh
```

Generate `fstab`

```console
# genfstab -U /mnt >> /mnt/etc/fstab
```

### Basic system configuration

Chroot into new system

```console
# arch-chroot /mnt
```

Set hostname

```console
# echo <HOSTNAME> > /etc/hostname
```

Set and generate locale

```console
# echo LANG=en_US.UTF-8 > /etc/locale.conf
# sed -i -e 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' -e 's/^#de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
# locale-gen
```

Set keyboard layout

```console
# echo KEYMAP=de-latin1 > /etc/vconsole.conf
```

Set time zone

```console
# ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# hwclock --systohc
```

Set root password

```console
# passwd
```

Add btrfs and encrypt initramfs hooks to `/etc/mkinitcpio.conf`

e.g.:

```ini
HOOKS=(base udev autodetect modconf block encrypt btrfs filesystems keyboard fsck)
```

Regenerate initramfs

```console
# mkinitcpio -p linux
```

### Configure boot loader

Install systemd-boot

```console
# bootctl --path=/boot install
```

Fetch UUID of the root partition

```console
# blkid -s UUID -o value /dev/<root-partition>
```

Create arch boot entry `/boot/loader/entries/arch.conf`

```conf
title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID-OF-ROOT-PARTITION>:luks-root root=/dev/mapper/luks-root rootflags=subvol=@,x-systemd.device-timeout=0 rd.luks.options=timeout=0 rw quiet loglevel=0 splash rd.systemd.show_status=0 rd.udev.log_level=0
```

Copy arch boot entry to `/boot/loader/entries/arch-fallback.conf` and set the initramfs to the fallback one. Resulting in the following

```conf
title Arch Linux (fallback)
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux-fallback.img
options cryptdevice=UUID=<UUID-OF-ROOT-PARTITION>:luks-root root=/dev/mapper/luks-root rootflags=subvol=@,x-systemd.device-timeout=0 rd.luks.options=timeout=0 rw quiet loglevel=0 splash rd.systemd.show_status=0 rd.udev.log_level=0
```

Edit boot loader config `/boot/loader/loader.conf`

```conf
default arch.conf
timeout 3
console-mode max
editor no
```

Exit chroot, unmount disk, reboot

```console
# exit
# umount -R /mnt
# reboot
```

## Finish installation

### Enable and check networking

Enable and start NetworkManager

```console
# systemctl enable --now NetworkManager
```

Test network connectivity

```console
# ping archlinux.org
```

### Setup user account

Create a sudo group for sudo access

```console
# groupadd -r sudo
```

Use `visudo` to uncomment the following line

```sudoers
# %sudo ALL=(ALL:ALL) ALL
```

Create user account with sudo and journal access

```console
# useradd -m -G sudo,systemd-journal -s /bin/zsh histalek
```

Set password for useraccount

```console
# passwd histalek
```

Exit out of the root session and login as user

### Install and setup personal preferences

Setup my dotfiles

```console
$ echo ".dotfiles" >> .gitignore
$ git clone --bare <remote-git-repo-url> $HOME/.dotfiles
$ alias dotfiles='/usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'
$ dotfiles config --local status.showUntrackedFiles no
$ dotfiles checkout
```

Install various packages from dotfiles

```console
$ sudo pacman -S --needed - < $HOME/.dotfiles/pkglist.txt
```

Update system just to be sure

```console
$ sudo pacman -Syu
```

### AUR

Install `paru` as AUR helper

```console
$ sudo pacman -S --needed base-devel
$ git clone https://aur.archlinux.org/paru.git
$ cd paru
$ makepkg -si
```

Install packages from AUR

```console
$ paru -Sa wlogout
```

### Flatpak

Install flatpak package

```console
$ sudo pacman -S flatpak
```

Add the flathub repo

```console
$ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
```

Install `Flatseal` to manage flatpak permissions via GUI

```console
$ flatpak install flathub com.github.tchx84.Flatseal
```

### (optional) Configure boot splash screen

Install `plymouth`

```console
$ sudo paru -Sa plymouth-git
```

Adapt mkinitcpio hooks. Add `plymouth plymouth-encrypt` **after** `base udev` and remove `encrypt`. Resulting in e.g.

```ini
HOOKS=(base udev plymouth plymouth-encrypt autodetect modconf block btrfs filesystems keyboard fsck)
```

Set theme for plymouth (this also regenerates the initramfs)

```console
$ sudo plymouth-set-default-theme -R script
```