dotfiles2000/system/arch/README.md

# Arch Linux system Setup

How my systems are set up.


## Preparation

- Download Arch Linux ISO image
- Write it to an usb drive with
```
$ dd if=[ARCH-LINUX.iso] of=[/path/to/usbdrive]
```
- Boot the computer from this stick

## Prepare the disk
We will partition the disk drive for UEFI boot.
The root disk will be encrypted, /boot will reside inside the unencrypted EFI service partition.
The diskdevice is /dev/sda.

### Partition the disk
- Write some zeros to the disk to make sure there is no bootsector left.
```
$ dd if=/dev/zero of=/dev/sda
```
- Abort after a few seconds.
-  Create partitions and format them
```
$ gdisk /dev/sda
  | o [ENTER] to create a new empty GUID partition table (GPT)
  | y [ENTER] to confirm
  |
  | n [ENTER] add a new partition
  | [ENTER] to select default partition number of 1
  | [ENTER] to select default start at first sector
  | +512M [ENTER] make that size partition for booting
  | ef00 [ENTER] EFI partition type
  |
  | n [ENTER] add a new partition
  | [ENTER] to select default partition number of 2
  | [ENTER] to select default start at first sector
  | +60G [ENTER] allocate whatever size wanted for linux
  |
  | w [ENTER] Write changes
  | y [ENTER] confirm
```

### Encrypt the root partition
- Create and open the root partition
```
$ cryptsetup luksFormat -v -s 512 -h sha512 /dev/sda2
$ cryptsetup open /dev/sda2 cryptroot
```
- Format with ext4
```
$ mkfs.ext4 /dev/mapper/cryptroot
```
- Mount the encrypted volume
```
$ mount /dev/mapper/cryptroot /mnt
```

### Mount the /boot partition
```
$ mkfs.fat -F32 /dev/sda1
$ mkdir /mnt/boot
$ mount /dev/sda1 /mnt/boot
```

## Install the base-system
- Connect to wifi
```
$ systemctl start idw.service
$ iwctl
  | [iwd]# station list
  |                             Devices in Station Mode                           *
  | --------------------------------------------------------------------------------
  |  Name                  State            Scanning
  | --------------------------------------------------------------------------------
  |  wlan0                 disconnected
  |
  | [iwd]# station wlan0 scan
  | [iwd]# station wlan0 get-networks
  |                                Available networks                             *
  | --------------------------------------------------------------------------------
  |       Network name                      Security            Signal
  | --------------------------------------------------------------------------------
  |       MagentaWLAN-49XA                  psk                 ****
  |       Vodafone-8154                     psk                 ****
  | .....
  |
  | [iwd]# station wlan0 connect "SSID"
  | Type the network passphrase for SSID
  | Passphrase: ********
  |
```
- Select a nearby (possibly faster) mirror by editing /etc/pacman.d/mirrorlist
- Install the base-system
```
$ pacstrap /mnt base \
                ansible \
                base-devel \
                dialog \
                git \
                intel-ucode \
                linux \
                linux-firmware \
                netctl \
                openssl-1.0 \
                stow \
                vim \
                wpa_supplicant \
```
- Generate fstab for the new system
```
$ genfstab -pU /mnt >> /mnt/etc/fstab
```

## Configure the new system
- Chroot into the new system
```
$ arch-chroot /mnt /bin/bash
```
- Set the hostname
```
$ echo MYHOSTNAME > /etc/hostname
```
- Edit /etc/vconsole.conf to set keyboard and font
```
$ vi /etc/vconsole.conf
  FONT=latarcyrheb-sun32
  KEYMAP=de
```
The FONT setting is optional. latarcyrheb-sun32 is useful for small hidpi devices like GPD Pocket.
- Add encryption components to initramfs
```
$ vi /etc/mkinitcpio.conf
  ...
  HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt
         filesystems fsck)
  ...
$ mkinitcpio -P
```
- Install bootloader
```
$ bootctl install
```
- Configure the bootloader
```
$ vi /boot/loader/loader.conf
  default arch
  auto-firmware no
  timeout 0
  console-mode 2
  editor no
```
- Configure the bootloader entry
```
$ blkid | grep sda2 | cut -d \" -f 2 > /boot/loader/entries/arch.conf
$ vi /boot/loader/arch.conf
  title Arch Linux
  linux /vmlinuz-linux
  initrd /intel-ucode.img
  initrd /initramfs-linux.img
  options cryptdevice=UUID=[DEVICE-UUID]:cryptroot root=/dev/mapper/cryptroot rw
  fbcon=rotate:1
```
DEVICE-UUID is the string we added with the first command.
fbcon=rotate:1 rotates the display. This is ONLY NEEDED on device like GPD Pocket.

## More configuration
- Perform basic systemconfiguration
```
$ git clone https://github.com/elfrinjo/syssetup
$ cd syssetup/dotfiles
$ stow */
$ cd ../system/arch
$ sudo ansible-playbook baseconfig.yaml
```
- Change the root password
```
$ passwd
```
- Create useraccount
```
$ useradd -m -G sudo [USERNAME]
$ passwd [USERNAME]
```
- Exit the chroot
```
$ exit
```
- Shutdown the system
```
$ shutdown -h now
```
- Remove usb-drive
- Start the computer
- Enter drive encryption password
- Logon as the newly created user
- Connect to wifi
```
$ sudo wifi-menu
```
- Perform more system configuration
```
$ git clone https://github.com/elfrinjo/dotfiles
$ cd syssetup/dotfiles
$ stow */
$ cd ../system/arch
$ sudo ansible-playbook workstation.yaml
```
- At some point the Desktop will start. When this happens, just log on and continue inside a terminal
- Update the system
```
$ pacman -Syu
```
- Reboot
```
$ reboot
```