dotfiles/.dotfiles/arch_install.md
histalek 5033882c7a
docs: Update arch_install.md
Let created user access system journal messages by default.

Use `plymouth-git` to fix a bug preventing proper shutdown/reboot.
2022-04-21 10:35:54 +02:00

8.1 KiB

Arch Installation

This document describes my ArchLinux installation steps. It skips over the preparation of the installation medium. Otherwise it mostly follows the ArchWiki Installation Guide, but explicitly states some decisions:

  • use systemd-boot as the bootloader
  • use NetworkManager for network configuration
  • use btrfs as the main file system
  • use LUKS for disk encryption
  • try to only use native wayland with sway as WM
  • no swap partition (i might use zram or a swapfile in the future though)
  • no display manager (for now at least)

My setup is opinionated and so is this doc.

Pre-Installation aka things to do in the arch-iso liveboot

Prerequisites

Set keyboard layout

# loadkeys de-latin1

Check if booted in UEFI mode

# ls /sys/firmware/efi/efivars

Check internet connectivity

# ip link
# ping archlinux.org

Update system clock

timedatectl set-ntp true

Disk partitioning

GPT partitioning scheme:

Mount point Partition Partition type Size
/mnt/boot /dev/efi-partition EFI system partition 500MiB
/mnt /dev/root-partition Linux x86-64 root(/) max

Check available disks and start fdisk

fdisk -l
fdisk /dev/<disk-to-install-to>

Create GPT partition table

Command (m for help): *g*

Create efi-partition

Command (m for help): *n*
Partition number (1-128, default 1): *<Return>*
First sector (x-y, default x): *<Return>*
Last sector [...] (x-y, default y): *+500M*

Command (m for help): *t*
Selected partition 1
Partition type or alias: *1*
Changed type of partition 'Linux Filesystem' to 'EFI System'.

Create root-partition

Command (m for help): *n*
Partition number (1-128, default 2): *<Return>*
First sector (x-y, default x): *<Return>*
Last sector [...] (x-y, default y): *<Return>*

Command (m for help): *t*
Partition number (1,2, default 2): *2*
Partition type or alias: *23*
Changed type of partition 'Linux Filesystem' to 'Linux root (x86-64)'.

Write partitions to disk

Command (m for help): *w*

Format partitions / create filesystems

Format the efi partition with Fat32

# mkfs.fat -F 32 /dev/<efi_partition>

Setup the root partition with LUKS

# cryptsetup -v --verify-passphrase --type=luks2 --hash=sha256 --key-size=512 --cipher=aes-xts-plain64 luksFormat /dev/<root-partition>

Note: man cryptsetup is a really nice resource. Especially the section about the LuksHeader and the luksHeaderBackup command are really valuable.

Mount LUKS device

# cryptsetup luksOpen /dev/<root-partition> luks-root

Format luks root partition with btrfs

# mkfs.btrfs -L archlinuxroot /dev/mapper/luks-root

Create btrfs subvolumes

# mount -o compress=zstd /dev/mapper/luks-root /mnt
# btrfs sub create /mnt/@
# btrfs sub create /mnt/@home
# btrfs sub create /mnt/@pkg
# btrfs sub create /mnt/@snapshots
# btrfs sub create /mnt/@tmp
# umount /mnt

Associate subvolumes and filesystem directories

# mount -o noatime,nodiratime,compress=zstd,subvol=@ /dev/mapper/luks-root /mnt
# mkdir -p /mnt/{boot,home,var/cache/pacman/pkg,tmp,.snapshots}
# mount -o noatime,nodiratime,compress=zstd,subvol=@home /dev/mapper/luks-root /mnt/home
# mount -o noatime,nodiratime,compress=zstd,subvol=@pkg /dev/mapper/luks-root /mnt/var/cache/pacman/pkg
# mount -o noatime,nodiratime,compress=zstd,subvol=@tmp /dev/mapper/luks-root /mnt/tmp
# mount -o noatime,nodiratime,compress=zstd,subvol=@snapshots /dev/mapper/luks-root /mnt/.snapshots

Mount EFI partition

# mount /dev/<efi-partition> /mnt/boot

Installation

Bootstrap & filesystemtable

Bootstrap base arch install

# pacstrap /mnt linux linux-firmware base btrfs-progs amd-ucode git vi vim sudo networkmanager zsh

Generate fstab

# genfstab -U /mnt >> /mnt/etc/fstab

Basic system configuration

Chroot into new system

# arch-chroot /mnt

Set hostname

# echo <HOSTNAME> > /etc/hostname

Set and generate locale

# echo LANG=en_US.UTF-8 > /etc/locale.conf
# sed -i -e 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' -e 's/^#de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
# locale-gen

Set keyboard layout

# echo KEYMAP=de-latin1 > /etc/vconsole.conf

Set time zone

# ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# hwclock --systohc

Set root password

# passwd

Add btrfs and encrypt initramfs hooks to /etc/mkinitcpio.conf

e.g.:

HOOKS=(base udev autodetect modconf block encrypt btrfs filesystems keyboard fsck)

Regenerate initramfs

# mkinitcpio -p linux

Configure boot loader

Install systemd-boot

# bootctl --path=/boot install

Fetch UUID of the root partition

# blkid -s UUID -o value /dev/<root-partition>

Create arch boot entry /boot/loader/entries/arch.conf

title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID-OF-ROOT-PARTITION>:luks-root root=/dev/mapper/luks-root rootflags=subvol=@,x-systemd.device-timeout=0 rd.luks.options=timeout=0 rw quiet loglevel=0 splash rd.systemd.show_status=0 rd.udev.log_level=0

Copy arch boot entry to /boot/loader/entries/arch-fallback.conf and set the initramfs to the fallback one. Resulting in the following

title Arch Linux (fallback)
linux /vmlinuz-linux
initrd /amd-ucode.img
initrd /initramfs-linux-fallback.img
options cryptdevice=UUID=<UUID-OF-ROOT-PARTITION>:luks-root root=/dev/mapper/luks-root rootflags=subvol=@,x-systemd.device-timeout=0 rd.luks.options=timeout=0 rw quiet loglevel=0 splash rd.systemd.show_status=0 rd.udev.log_level=0

Edit boot loader config /boot/loader/loader.conf

default arch.conf
timeout 3
console-mode max
editor no

Exit chroot, unmount disk, reboot

# exit
# umount -R /mnt
# reboot

Finish installation

Enable and check networking

Enable and start NetworkManager

# systemctl enable --now NetworkManager

Test network connectivity

# ping archlinux.org

Setup user account

Create a sudo group for sudo access

# groupadd -r sudo

Use visudo to uncomment the following line

# %sudo ALL=(ALL:ALL) ALL

Create user account with sudo and journal access

# useradd -m -G sudo,systemd-journal -s /bin/zsh histalek

Set password for useraccount

# passwd histalek

Exit out of the root session and login as user

Install and setup personal preferences

Setup my dotfiles

$ echo ".dotfiles" >> .gitignore
$ git clone --bare <remote-git-repo-url> $HOME/.dotfiles
$ alias dotfiles='/usr/bin/git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'
$ dotfiles config --local status.showUntrackedFiles no
$ dotfiles checkout

Install various packages from dotfiles

$ sudo pacman -S --needed - < $HOME/.dotfiles/pkglist.txt

Update system just to be sure

$ sudo pacman -Syu

AUR

Install paru as AUR helper

$ sudo pacman -S --needed base-devel
$ git clone https://aur.archlinux.org/paru.git
$ cd paru
$ makepkg -si

Install packages from AUR

$ paru -Sa wlogout

Flatpak

Install flatpak package

$ sudo pacman -S flatpak

Add the flathub repo

$ flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo

Install Flatseal to manage flatpak permissions via GUI

$ flatpak install flathub com.github.tchx84.Flatseal

(optional) Configure boot splash screen

Install plymouth

$ sudo paru -Sa plymouth-git

Adapt mkinitcpio hooks. Add plymouth plymouth-encrypt after base udev and remove encrypt. Resulting in e.g.

HOOKS=(base udev plymouth plymouth-encrypt autodetect modconf block btrfs filesystems keyboard fsck)

Set theme for plymouth (this also regenerates the initramfs)

$ sudo plymouth-set-default-theme -R script