Arch Linux Setup with LUKS Encrypted LVM

arch-lvm-setup.md

Arch Linux Setup with LUKS Encrypted LVM

1. Partition the disk $ fdisk /dev/sda

2. Create EFI partition (skip for legacy)

g (creates GPT)
n
1
enter
+300M
t
1 (for EFI)

2. Create boot partition

n
2
enter
+400M

3. Create LVM partition

n
3
enter
enter
t
3
31 (for LVM)

4. Write changes

w

5. Format partions

• EFI partition: $ mkfs.fat -F32 /dev/sda1 (skip for legacy)
• Boot partition: $ mkfs.ext2 /dev/sda2

7. Set up encryption (optional)

• $ cryptsetup luksFormat /dev/sda3
• $ cryptsetup open --type luks /dev/sda3 lvm

8. Set up LVM

• $ pvcreate --dataalignment 1m /dev/mapper/lvm
• $ vgcreate vg0 /dev/mapper/lvm
• $ lvcreate -L 30GB vg0 -n lv_root
• $ lvcreate -L 250GB vg0 -n lv_home
• $ modprobe dm_mod
• $ vgscan
• $ vgchange -ay

9. Format LVM volumes

• $ mkfs.ext4 /dev/vg0/lv_root
• $ mkfs.ext4 /dev/vg0/lv_home

10. Mount volumes

• $ mount /dev/vg0/lv_root /mnt
• $ mkdir /mnt/boot
• $ mkdir /mnt/home
• $ mount /dev/sda2 /mnt/boot
• $ mount /dev/vg0/lv_home /mnt/home

11. Setup the filesystem

• $ pacstrap -i /mnt base

12. Generate fstab

• $ genfstab -U -p /mnt >> /mnt/etc/fstab

13. Chroot into the filesystem

• $ arch-chroot /mnt

14. Install packages

• $ pacman -S grub efibootmgr dosfstools os-prober mtools linux-headers linux-lts linux-lts-headers (skip efibootmgr for legacy)

15. Edit /etc/mkinitcpio.conf

• Add encrypt lvm2 between block and filesystems at HOOKS

16. Generate the ramdisk environment

• $ mkinitcpio -p linux
• $ mkinitcpio -p linux-lts

17. Setup the locale

• Uncomment the locale in /etc/locale.gen
• $ locale-gen

18. Configure GRUB

• Edit /etc/default/grub
• Add cryptdevice=/dev/sda3:vg0 to the beginning of GRUB_CMDLINE_LINUX_DEFAULT

19. Mount the EFI partition

• $ mkdir /boot/EFI
• $ mount /dev/sda1 /boot/EFI

20. Install GRUB

• $ grub-install --target x86_64-efi --bootloader-id grub_uefi --recheck
• ($ grub-install --bootloader-id grub_legacy --recheck for legacy)

21. Set the GRUB locale

• $ cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo

22. Generate the GRUB config

• $ grub-mkconfig -o /boot/grub/grub.cfg

23. Create a swap file

• $ fallocate -l 2G /swapfile
• $ chmod 600 /swapfile
• $ mkswap /swapfile
• $ echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab

24. Set a root password

• $ passwd

25. Exit the install media

• $ exit
• $ umount -a
• $ reboot

Post install configuration

1. Set a locale

• $ localectl set-locale LANG="en_US.UTF-8"

2. Enable TRIM for SSDs

• Edit /etc/fstab
• Add the discard flag to all partitions on SSDs

3. Setup networking

• For wired connections: $ dhcpcd
• For wireless connections:
  • $ cp /etc/netctl/examples/wireless-wpa /etc/netctl/<network name>
  • Edit /etc/netctl/<network name>
  • $ netctl start <network name>

4. Enable multilib repositories in pacman

• Edit /etc/pacman.conf
• Uncomment the Include below [multilib]

5. Install essential packages

• $ pacman -Sy networkmanager network-manager-applet wireless_tools wpa_supplicant wpa_actiond dialog

6. Enable the networkmanager service: $ systemctl enable NetworkManager

7. Install sudo and Zsh

• $ pacman -S sudo zsh

8. Enable the wheel group

• Uncomment %wheel in /etc/visudo

9. Create a user account

• $ useradd -m -G wheel -s /bin/zsh penguin

10. Set a password for the user account

• $ passwd penguin

11. Set a hostname

• $ hostnamectl set-hostname penguin-pc

12. Install the X window server

• $ pacman -S xf86-input-libinput xorg-server xorg-xinit xorg-apps mesa

13. Install a video driver

• $ pacman -S ...
• Intel: xf86-video-intel lib32-intel-dri lib32-mesa lib32-libgl
• NVIDIA: nvidia lib32-nvidia-libgl or see https://wiki.archlinux.org/index.php/NVIDIA
• VirtualBox: virtualbox-guest-utils

14. Install a desktop environment

• $ pacman -S i3