Arch install with ZFS root on LUKS and EFISTUB

arch-luks-zfs-efistub-install

# Create your partition layout (using GPT)
# 1 - ESP (FAT32, 128M)
# 2 - Linux (luks, any size)

# Format your partitions
mkfs.fat -F32 /dev/sdx1
cryptsetup luksFormat --key-size 512 --cipher aes-xts-plain64 /dev/sdx2

# Open your luks partition
cryptsetup open /dev/sdx2 luks_root

# Make sure ZFS is loaded before continuing
modprobe zfs

# Create your ZFS pool
# Note: 
# - For drives with a block size of 512b, use ashift=9
# - For drives with a blocks size of 4KiB, use ahift=12
zpool create \
 -o ashift=12\
 -O xattr=sa\
 -O redundant_metadata=most\
 -O normalization=formD\
 -O acltype=posixacl\
 -O compression=lz4\
 -O dedup=on\
 -O dnodesize=legacy\
 -O relatime=on\
 -O mountpoint=none\
 -O canmount=off\
 -O devices=off\
 -m none\
 zroot\
 /dev/mapper/luks_root
 
# Export your new zpool and reimport it with an alternate root to avoid mounting conflicts
zpool export zroot
zpool import -R /mnt zroot

# Create all of your datasets
# 1 - zroot/root (/)
# 2 - zroot/home (/home)
# 3 - zroot/home/root (/root)
# 4 - zroot/home/your_user_here (/home/your_user_here)
# 5 - zroot/var (/var)
zfs create -o mountpoint=/ zroot/root
zfs create -o mountpoint=/home zroot/home
zfs create -o mountpoint=/home/your_user_here zroot/home/your_user_here
zfs create -o mountpoint=/root zroot/home/root
zfs create -o mountpoint=/var zroot/var

# Configure the root filesystem
zpool set bootfs=zroot/root zroot

# Exit the chroot and copy over hte current ZFS cache
# Note: This step is required for the ZFS daemon to start
cp /etc/zfs/zpool.cache /mnt/etc/zfs/zpool.cache

# Re-enter the chroot and set the cache for the root pool
arch-chroot /mnt
zpool set cachefile=/etc/zfs/zpool.cache zroot

# Mount your ESP
mkdir -p /mnt/boot
mount /dev/sdx1 /mnt/boot

# Export your mount configuration to /mnt/etc/fstab
# Note: You must comment out all of the exported ZFS dataset mounts, otheriwse you will experience issues booting
genfstab -pU /mnt > /mnt/etc/fstab

# Add a tmpfs for /tmp to /mnt/etc/fstab
# tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0

# Install Arch Linux
pacstrap /mnt \
 base\
 base-devel\
 zsh\
 vim\
 git\
 efibootmgr\
 dialog\
 openssh\
 dhcpcd\
 dosfstools\
 linux\
 linux-headers\
 linux-firmware\
 mkinitcpio\
 intel-ucode\
 reflector
 
# Chroot into your new installation
arch-chroot /mnt

# Set your locales
echo "LANG=en_US.UTF-8\nLC_ALL=C\nLANGUAGE=en_US" > /etc/locale.conf
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen
locale-gen

# Set your hostname
echo "your_hostname" > /etc/hostname

# Enable NTP and set your timezone
timedatectl set-ntp true
timedatectl set-timezone your_timezone

# Enable DHCPCD on boot
systemctl enable dhcpcd

# Enable the wheel sudo group
# Uncomment the following line in /etc/sudoers with visudo
# %wheel ALL=(ALL) ALL

# Create your user and set the correct permissions for your home directory
useradd your_user_here
usermod -aG wheel your_user_here
chown your_user_here:your_user_here /home/your_user_here

# Set a root password
passwd

# Set your user's password
passwd your_user_here

# Enable the multiarch repo in /etc/pacman.conf by uncommenting the following lines:
# [multilib]
# Include = /etc/pacman.d/mirrorlist

# Use reflector to order your mirrorlist for speed and update your repos
reflector -c Country -f 150 --threads `nproc` > /mnt/etc/pacman.d/mirrorlist
pacman -Sy

# Configure makepkg for faster AUR package builds
# - Uncomment and change #MAKEFLAGS="-j2" to MAKEFLAGS="-j`nproc`"
# - Change PKGEXT='.pkg.tar.xz' to PKGEXT='.pkg.tar' to disable package compression

# Give your user relevant access to their dataser
zfs allow your_user_here create,mount,mountpoint,snapshot zroot/home/your_user_here

# Su into your user and cd to your home directory
su your_user_here
cd ~

# Install Yay (or your AUR helper of of choice)
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si

# Use Yay (or your AUR helper of choice) to install the following packages
yay -Sy --noconfirm --sudoloop arch-efiboot zfs-utils zfs-dkms

# Configure your initrd (udev or systemd)
# - For udev-based systems, set the following lines in /etc/mkinitcpio.conf
#   MODULES=(zfs)
#   HOOKS=(base udev autodetect modconf block encrypt zfs filesystems keyboard)

# - For systemd-based systems, install the follwing AUR packages
yay -Sy --noconfirm --sudoloop mkinitcpio-sd-zfs
#   and set the following lines in /etc/mkinitcpio.conf
#   MODULES=(zfs)
#   HOOKS=(base systemd autodetect modconf block sd-encrypt sd-zfs filesystems keyboard)

# Exit your user's shell and rebuild your initrd as root
mkinitcpio -p linux

# Get the UUID of your LUKS partition
lsblk -o +UUID

# Configure your kernel cmdline
# - Edit /boot/cmdline.txt and add the following:
#   cryptdevice=UUID=UUID_OF_YOUR_LUKS_PARTITION:luks:allow-discards zfs=zroot/root root=ZFS=zroot/root rw quiet

# Build your EFISTUB loader
# Note: If you make changes to your initrd, or files included in your initrd, you will need to re-run this command
# in order to update your EFISTUB.
build_efi_kernels

# Register your EFISTUB loader with efibootmgr or place it in the default x86_64 EFI location
# - Register with efibootmgr
efibootmgr -c -d /dev/sdx -p 1 -L "EFISTUB" -l "\linux.efi" 

# - Move it into the default x86_64 EFI location
mkdir -p /boot/EFI/BOOT
mv /boot/linux.efi /boot/EFI/BOOT/bootx64.efi

# That's it, enjoy your new system!

oh ok