Skip to content

Instantly share code, notes, and snippets.

@alberto-santini

alberto-santini/arch-install-notes.md

Last active May 27, 2020 12:53
Show Gist options
  • Save alberto-santini/07fc297c92035ef32a00507763343eb2 to your computer and use it in GitHub Desktop.
Save alberto-santini/07fc297c92035ef32a00507763343eb2 to your computer and use it in GitHub Desktop.
Download ZIP
Notes for next time I install arch
Raw
arch-install-notes.md

Download and burn the Arch ISO

I get the ISO, which is about 530MB large, and burn it on the USB key.

$ lsblk
NAME                MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                   8:0    1   3.8G  0 disk  
└─sda1                8:1    1   3.8G  0 part

Here is the USB key: /dev/sda. So I burn the ISO:

$ sudo dd if=archlinux-2018.08.01-x86_64.iso of=/dev/sda status=progress oflag=sync

Save relevant data

I saved a lot of scripts which I hade in ~/local/bin, as well as configuration files, in ~/.config (most notably, i3 and i3blocks config files). I downloaded the list of vscode estensions I have with code --list-extensions, and copied the user settings to a file. All my code is in git repositories, and my documents are on Dropbox, so there is nothing to do on that side. Also check for private keys and config in ~/.ssh, and for fonts in ~/.fonts. Other relevant files in the home directory are ~/,gitconfig, ~/.netrc, ~/.xinitrc, and ~/.zshrc. In /etc, I copied hosts, inputrc, ld.so.conf.d/*, pam.d/*, u2f_mappings.

Backup the data

I use my Synology NAS to back up the home directory with rsync:

rsync -av ~ 192.168.1.6::NetBackup/backupdata

Arch installation

wifi-menu
timedatectl set-ntp true
timedatectl set-timezone Europe/Madrid

Partitioning:

  • /dev/nvme0n1p1: 1GB EFI with Fat 32 (mkfs.fat -F32)
  • /dev/nvme0n1p2: 1GB Linux (type: 8300) with Ext4, for boot (mkfs.ext4)
  • /dev/nvme0n1p3: 400GB Linux LVM (type: 8E00) for LUKS
  • The remaining space is left free

Creating the encrypted partition:

cryptsetup luksFormat --type luks2 -c aes-xts-plain64 -s 512 -h sha512 -i 5000 /dev/nvme0n1p3
cryptsetup luksOpen /dev/nvme0n1p3 luks
pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate -l 100%FREE vg0 --name root
mkfs.ext4 /dev/mapper/vg0-root

Mounting the new filesystems:

mount /dev/mapper/vg0-root /mnt
mkdir /mnt/{boot,efi}
mount /dev/nvme0n1p2 /mnt/boot
mount /dev/nvme0n1p1 /mnt/efi
fallocate -l 1GB /mnt/swapfile
chmod 600 /mnt/swapfile
mkswap /mnt/swapfile
swapon /mnt/swapfile

And then I proceeded with the standard Arch installation, following the guide. Variations from the guide are as follows.

Pacstrap

I pacstrap-ed using more packages, to include zsh, utilities to install grub on EFI, and utilities to connect to wifi: pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant

Network

I gave network interfaces sane names creating /etc/udev/rules.d/10-network.rules, as listed below.

SUBSYSTEM=="net", ACTION=="add", ATTR{address} == "e4:a4:71:92:1b:a2", NAME="wifi0"
SUBSYSTEM=="net", ACTION=="add", ATTR{address} == "54:ee:75:aa:35:bf", NAME="ethernet0"

I used netctl to manage network interfaces. I have two profiles; the first is /etc/netctl/Home-Wireless-MovistarPlus:

Interface=wifi0
Connection=wireless
Security=wpa
ESSID=MOVISTAR_PLUS_E202
IP=dhcp
Key=<...> # Obfuscated with wpa_passphrase

The second is /etc/netctl/Work-Wired-UPF:

Interface=ethernet0
Connection=ethernet
IP=dhcp

Initramfs with LUKS support

I edited /etc/mkinitcpio.conf by adding the ext4 module (to load /boot) and the encrypt and lvm2 hooks. I then generated the image with mkinitcpio -p linux and proceeded setting up grub with:

ln -s /efi /boot/efi
grub-install

Then I edited the grub default config file (/etc/default/grub) to instruct it about LUKS:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/nvme0n1p3:luks:allow-discards"

And, from the default config, I recreated the actual config (grub-mkconfig -o /boot/grub/grub.cfg).

Post-install

Do not clear tty1 after boot

Unfortunately, Arch comes with the popular systemd malware installed, and it is increasingly hard to live without it, given that most resources you find online assume your computer is infected too. (The free space we left in the hard drive during installation is exactly to experiment with installing an openrc-based distro, and see how feasible it is to run it on modern hardware.) Among the various malicious tasks that systemd executes, there is cleaning tty1 despite no one asking for it. To disable this behaviour, I created the file /etc/systemd/system/[email protected]/noclear.conf with:

[Service]
TTYVTDisallocate=no

This is not an Acer!

For some reason on init the system tries to load the acer_wmi module (and, of course, fails: this is a Thinkpad!). I blacklisted the module, adding a config file /etc/modprobe.d/no-acer.conf:

blacklist acer_wmi

Early KMS

I achieved early KMS by adding modules intel_agp and i915 to the MODULES section of /etc/mkinitcpio.conf and rebuilding the initramfs.

Disable mitigations

Not running a missile control system. I add mitigations=off to grub's config file.

The rest

After this step, it was just a matter of installing and configuring the programmes I use the most, starting from i3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment