1
0
Fork 0
dotfiles2000/system/arch
2024-11-02 00:16:19 +01:00
..
lib Starting over my dotfiles 2024-10-31 22:09:39 +01:00
baseconfig.yaml Starting over my dotfiles 2024-10-31 22:09:39 +01:00
README.md Starting over my dotfiles 2024-10-31 22:09:39 +01:00
server.yaml Starting over my dotfiles 2024-10-31 22:09:39 +01:00
workstation.yaml Fix wrong ranger dir 2024-11-02 00:16:19 +01:00
workstation_aur.yaml Starting over my dotfiles 2024-10-31 22:09:39 +01:00
workstation_aurSoftware.yaml Starting over my dotfiles 2024-10-31 22:09:39 +01:00

Arch Linux system Setup

How my systems are set up.

Preparation

  • Download Arch Linux ISO image
  • Write it to an usb drive with
$ dd if=[ARCH-LINUX.iso] of=[/path/to/usbdrive]
  • Boot the computer from this stick

Prepare the disk

We will partition the disk drive for UEFI boot. The root disk will be encrypted, /boot will reside inside the unencrypted EFI service partition. The diskdevice is /dev/sda.

Partition the disk

  • Write some zeros to the disk to make sure there is no bootsector left.
$ dd if=/dev/zero of=/dev/sda
  • Abort after a few seconds.
  • Create partitions and format them
$ gdisk /dev/sda
  | o [ENTER] to create a new empty GUID partition table (GPT)
  | y [ENTER] to confirm
  |
  | n [ENTER] add a new partition
  | [ENTER] to select default partition number of 1
  | [ENTER] to select default start at first sector
  | +512M [ENTER] make that size partition for booting
  | ef00 [ENTER] EFI partition type
  |
  | n [ENTER] add a new partition
  | [ENTER] to select default partition number of 2
  | [ENTER] to select default start at first sector
  | +60G [ENTER] allocate whatever size wanted for linux
  |
  | w [ENTER] Write changes
  | y [ENTER] confirm

Encrypt the root partition

  • Create and open the root partition
$ cryptsetup luksFormat -v -s 512 -h sha512 /dev/sda2
$ cryptsetup open /dev/sda2 cryptroot
  • Format with ext4
$ mkfs.ext4 /dev/mapper/cryptroot
  • Mount the encrypted volume
$ mount /dev/mapper/cryptroot /mnt

Mount the /boot partition

$ mkfs.fat -F32 /dev/sda1
$ mkdir /mnt/boot
$ mount /dev/sda1 /mnt/boot

Install the base-system

  • Connect to wifi
$ systemctl start idw.service
$ iwctl
  | [iwd]# station list
  |                             Devices in Station Mode                           *
  | --------------------------------------------------------------------------------
  |  Name                  State            Scanning
  | --------------------------------------------------------------------------------
  |  wlan0                 disconnected
  |
  | [iwd]# station wlan0 scan
  | [iwd]# station wlan0 get-networks
  |                                Available networks                             *
  | --------------------------------------------------------------------------------
  |       Network name                      Security            Signal
  | --------------------------------------------------------------------------------
  |       MagentaWLAN-49XA                  psk                 ****
  |       Vodafone-8154                     psk                 ****
  | .....
  |
  | [iwd]# station wlan0 connect "SSID"
  | Type the network passphrase for SSID
  | Passphrase: ********
  |
  • Select a nearby (possibly faster) mirror by editing /etc/pacman.d/mirrorlist
  • Install the base-system
$ pacstrap /mnt base \
                ansible \
                base-devel \
                dialog \
                git \
                intel-ucode \
                linux \
                linux-firmware \
                netctl \
                openssl-1.0 \
                stow \
                vim \
                wpa_supplicant \
  • Generate fstab for the new system
$ genfstab -pU /mnt >> /mnt/etc/fstab

Configure the new system

  • Chroot into the new system
$ arch-chroot /mnt /bin/bash
  • Set the hostname
$ echo MYHOSTNAME > /etc/hostname
  • Edit /etc/vconsole.conf to set keyboard and font
$ vi /etc/vconsole.conf
  FONT=latarcyrheb-sun32
  KEYMAP=de

The FONT setting is optional. latarcyrheb-sun32 is useful for small hidpi devices like GPD Pocket.

  • Add encryption components to initramfs
$ vi /etc/mkinitcpio.conf
  ...
  HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt
         filesystems fsck)
  ...
$ mkinitcpio -P
  • Install bootloader
$ bootctl install
  • Configure the bootloader
$ vi /boot/loader/loader.conf
  default arch
  auto-firmware no
  timeout 0
  console-mode 2
  editor no
  • Configure the bootloader entry
$ blkid | grep sda2 | cut -d \" -f 2 > /boot/loader/entries/arch.conf
$ vi /boot/loader/arch.conf
  title Arch Linux
  linux /vmlinuz-linux
  initrd /intel-ucode.img
  initrd /initramfs-linux.img
  options cryptdevice=UUID=[DEVICE-UUID]:cryptroot root=/dev/mapper/cryptroot rw
  fbcon=rotate:1

DEVICE-UUID is the string we added with the first command. fbcon=rotate:1 rotates the display. This is ONLY NEEDED on device like GPD Pocket.

More configuration

  • Perform basic systemconfiguration
$ git clone https://github.com/elfrinjo/syssetup
$ cd syssetup/dotfiles
$ stow */
$ cd ../system/arch
$ sudo ansible-playbook baseconfig.yaml
  • Change the root password
$ passwd
  • Create useraccount
$ useradd -m -G sudo [USERNAME]
$ passwd [USERNAME]
  • Exit the chroot
$ exit
  • Shutdown the system
$ shutdown -h now
  • Remove usb-drive
  • Start the computer
  • Enter drive encryption password
  • Logon as the newly created user
  • Connect to wifi
$ sudo wifi-menu
  • Perform more system configuration
$ git clone https://github.com/elfrinjo/dotfiles
$ cd syssetup/dotfiles
$ stow */
$ cd ../system/arch
$ sudo ansible-playbook workstation.yaml
  • At some point the Desktop will start. When this happens, just log on and continue inside a terminal
  • Update the system
$ pacman -Syu
  • Reboot
$ reboot