setup

Notes on Arch Linux system setup.

Notes

• Make sure you run in UEFI mode, meaning the output of efivar -l is not empty.
• If running from an older live USB, you should update the pacman keys with pacman-key --populate archlinux and pacman-key --refresh-keys.

Preparation

• cryptsetup open --type plain -d /dev/urandom /dev/sda temp - create a temporary encrypted container named temp on the /dev/sda partition to be encrypted.
• dd if=/dev/zero of=/dev/mapper/temp bs=4M status=progress - fill the container with zeros.
• cryptsetup close temp - close the temporary container.

Partitioning

• parted /dev/sda mklabel gpt - create a new gpt partition label.
• parted /dev/sda mkpart boot fat32 0% 512M - create the boot partition.
• parted /dev/sda set 1 boot on - set the boot flags for the boot partition.
• parted /dev/sda mkpart system ext4 512M 100% - create the system partition.

Encryption

• cryptsetup luksFormat --type luks2 /dev/sda2 - initialize the LUKS2 header on the system partition.
• cryptsetup luksDump /dev/sda2 - check the LUKS2 header.
• cryptsetup luksOpen /dev/sda2 cryptlvm - open the encrypted system partition and map it to /dev/mapper/cryptlvm.

Logical volume management

• pvcreate /dev/mapper/cryptlvm - create a new physical volume from the encrypted system partition.
• vgcreate vg /dev/mapper/cryptlvm - create a new volume group vg.
• lvcreate --size 16G --name root vg - create a new logical volume root inside the vg.
• lvcreate --extents 100%FREE --name home vg - create a new logical volume home inside the vg, taking up the remaining space.

Filesystems

• mkfs.ext4 /dev/mapper/vg-root - make a filesystem for the vg-root logical volume.
• mkfs.ext4 /dev/mapper/vg-home - make a filesystem for the vg-home logical volume.
• mkfs.fat /dev/sda1 - make a filesystem for the boot partition.
• mount /dev/mapper/vg-root /mnt - mount the vg-root.
• mkdir /mnt/home - create the home dir.
• mount /dev/mapper/vg-home /mnt/home - mount the home dir.
• mkdir /mnt/boot - create the boot dir.
• mount /dev/sda1 /mnt/boot - create the boot dir.

Installation

• pacstrap /mnt base base-devel - install base and base-devel packages. Note that you might want to install packages like zsh, git, wpa_supplicant, etc. here.
• genfstab -U /mnt > /mnt/etc/fstab - write the currently mounted filesystems to the new system.
• arch-chroot /mnt - chroot to the new system.

Configuration

Locale

• vi /etc/locale.gen - edit the locale file.
• locale-gen - generate the chosen locales.
• localectl set-locale LANG=en_US.UTF-8 - set the locale.

Time

• timedatectl set-timezone Europe/Zurich - set the timezone.
• timedatectl set-ntp true - enable network time sync.

Hostname

• vi /etc/hostname - edit the hostname.

User

• useradd -s /bin/zsh -g wheel -m martins - create a new user martins.
• passwd martins - set the password for martins.
• passwd root - set the password for root.
• visudo - edit sudo user permissions.

Boot

• bootctl install - install the systemd-boot bootloader.
• vi /boot/loader/loader.conf - edit the bootloader conf.

default arch
editor 0
timeout 3
console-mode max

• cp /usr/share/systemd/bootcl/arch.conf /boot/loader/entries/ - copy the default entry.
• vi /boot/loader/entries/arch.conf - edit the default entry. UUID must be the UUID (not PARTUUID) of /dev/sda2 (not of /dev/mapper/cryptlvm or /dev/mapper/vg-root).

title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options root=/dev/mapper/vg-root rd.luks.name=UUID=cryptlvm rd.luks.options=timeout=0 rootflags=x-systemd.device-timeout=0 quiet loglevel=3 vga=current

• vi /etc/mkinitcpio.conf - edit the initial ramdisk environment script.

...
HOOKS=(base systemd autodetect keyboard modconf block sd-encrypt sd-lvm2 filesystems fsck)
...

• mkinitcpio -p linux - regenerate the initial ramdisk environment.

Post

Extra (highly recommended)

• lists - Arch Linux package lists.
• dotfiles - Linux dotfiles.
• network - notes on safe network setup.
• gpg - GPG key management.