Install Arch

arch.sh

# This guide is based on https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install
# compare for more details on each step. It's a great guide and seems to get frequent updates.
# This guide has a few changes that helped me to get thew bootloader running

# create an ENV variable for your drive and hostname.
# You need to edit this line!!!
DRIVE=/dev/sda
HOST=myhost
DESKTOP=gnome

# Start up the Live USB/CD and enable SSH:
# set a password for root to enable ssh login
# *
# passwd
# systemctl start sshd.service

# then login to your machine from another device with ssh
# if you're reinstalling a machine and you have a static ip
# you may want to ignore the hosts file:
# ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null root@LIVE_USB

# then go on with these instructions via SSH

# clean drive. This deletes everything for good. Be careful
sgdisk --zap-all $DRIVE

# partition with partition labels
sgdisk --clear \
       --new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
       --new=2:0:+8GiB   --typecode=2:8200 --change-name=2:cryptswap \
       --new=3:0:0       --typecode=2:8200 --change-name=3:cryptsystem \
         $DRIVE

# format the EFI partition with fat-32
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI

# create the encrypted system partition
cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem

# open the encrypted partition with label system
# If something fails and you need to restart your system this is the line you need to open your partition again later on.
# I'l mark those commands with an asterisk should you need to reboot and start over with eg. the boot option.
# *
cryptsetup open /dev/disk/by-partlabel/cryptsystem system

# open the swap partition with a random key
cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap

# create the swap partition
mkswap -L swap /dev/mapper/swap

swapon -L swap

# format the system partition with btrfs. Inside we will use subvolumes
mkfs.btrfs --force --label system /dev/mapper/system

# create some useful ENV vars
o=defaults,x-mount.mkdir

o_btrfs=$o,compress=lzo,ssd,noatime

# mount the newly created partition
mount -t btrfs LABEL=system /mnt

# and create the neccessary subvolumes
btrfs subvolume create /mnt/@root

btrfs subvolume create /mnt/@home

btrfs subvolume create /mnt/@snapshots

# then unmount to mount again with subvolumes
umount -R /mnt

# *
mount -t btrfs -o subvol=@root,$o_btrfs LABEL=system /mnt

mount -t btrfs -o subvol=@home,$o_btrfs LABEL=system /mnt/home

mount -t btrfs -o subvol=@snapshots,$o_btrfs LABEL=system /mnt/.snapshots

# FIX: confirm this mounts correctly
mount $DRIVE1 /mnt/boot;

# then install the base system
pacstrap /mnt base

# You will notice some errors related to fsck.btrfs. We will fix that in a minute

genfstab -L -p /mnt >> /mnt/etc/fstab

# fix fstab so swap partition can be found again
sed -i "s+LABEL=swap+/dev/mapper/swap+" /mnt/etc/fstab

# tell crypttab which partition to mount
echo "swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256" >> /mnt/etc/crypttab

# boot into new system to continue with install
# I run into a permissions issue when trying to use this command;
# FIX
# TTY="
# pts/0
# pts/1
# pts/2
# pts/3
# pts/4
# pts/5
# pts/6
# pts/7
# pts/8
# pts/9
# "
# $TTY >> /mnt/etc/securetty

# systemd-nspawn -bD /mnt
arch-chroot /mnt /bin/bash

# basic settings
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen

locale-gen

echo "LANG=en_US.UTF-8" > /etc/locale.conf

timedatectl set-ntp 1

timedatectl set-timezone America/New_York

# You need to edit this line
hostnamectl set-hostname $HOST

# echo "KEYMAP=de-latin1" > /etc/vconsole.conf

# install some more basic stuff otherwise you can't boot into new system
pacman -Syu base-devel btrfs-progs linux linux-firmware mkinitcpio
# pacman -Syu $DESKTOP

# you need to change hooks to decrypt your drive
# I also changed MODULES so that I can have early KMS start with my Intel graphics card: MODULES="i915"
sed -i "s+HOOKS=\"base udev autodetect modconf block filesystems keyboard fsck\"+HOOKS=\"base udev autodetect modconf block keyboard keymap encrypt filesystems btrfs\"+" /etc/mkinitcpio.conf

# This line didn't quite work on my second PC. I had to use this here instead in my mkinitio.conf file:
# MODULES=(atkbd)
# HOOKS=(base udev autodetect modconf block keyboard keymap encrypt filesystems btrfs)
# The atkbd module was necessary because I couldn't use the keyboard from systemd 241 on. Some bug maybe?

# then rerun to get a new initramfs image
mkinitcpio -p linux

# change password
passwd

# get back to the LIVE USB/CD to finish up
# poweroff

# I used efibootmgr to boot. You may need GRUB or whatever
# efibootmgr -d /dev/sda -p 1 -c -L "Arch Linux" -l /vmlinuz-linux -u "cryptdevice=/dev/$DRIVE:cryptsystem root=/dev/mapper/cryptsystem rw rootflags=subvol=root initrd=/initramfs-linux.img"

# this method didn't work on my DELL optiplex 7050. Apparently its UEFI doesn't support boot options so I can't decrypt.
# Instead I used refind:
pacman -S refind-efi
## FIX: this isn't working; process is failing at very end
refind-install

# Then edit the /boot/refind_linux.conf file:
# "Boot with standard options"  "cryptdevice=/dev/vda3:cryptsystem root=/dev/mapper/cryptsystem rw rootflags=subvol=root initrd=/initramfs-linux.img"

# Make sure you're using your partition here. Mine was sda3

# then reboot and see if it works. Good luck
# reboot

# if it doesn't work boot from your pen drive again and run the commands with the asterisk again to get into your newly installed system.
# note that your system is not the same as the one on your pendrive. You will have to reinstall everything that you need.