Last active
January 1, 2025 16:35
-
-
Save ibihim/0ecc122a1867494132f2a2ffa85ea594 to your computer and use it in GitHub Desktop.
Arch install in progress
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Installation on Lenovo X1 5th Generation | |
| # Installation guide: https://wiki.archlinux.org/index.php/Installation_Guide | |
| # Encryption: https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Cryptsetup_usage | |
| # LVM: https://wiki.archlinux.org/index.php/LVM | |
| # Set large font, if necessary | |
| setfont latarcyrheb-sun32 | |
| # Connect to Internet | |
| wifi-menu | |
| # Sync clock | |
| timedatectl set-ntp true | |
| # Create three partitions: | |
| # 1 1G EFI partition # Hex code ef00 | |
| # 2 1.5xRAM SWAP # Hex code 8200 (for the intellij users :D) | |
| # 3 100% Linux partiton (to be encrypted) # Hex code 8300 | |
| cgdisk /dev/nvme0n1 | |
| # EFI part | |
| mkfs.fat -F32 /dev/nvme0n1p1 | |
| # Enable swap | |
| mkswap /dev/nvme0n1p1 | |
| swapon /dev/nvme0n1p2 | |
| # Encryption | |
| # Encrypt - *uppercase* the yes... | |
| cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 4000 --use-random luksFormat /dev/nvme0n1p3 | |
| # Open encrypted | |
| cryptsetup open --type luks /dev/nvme0n1p3 encryptedroot #encryptroot | |
| # LVM | |
| # Create a physical volume | |
| pvcreate /dev/mapper/encryptedroot | |
| # Create volume group | |
| vgcreate vg0 /dev/mapper/encryptedroot | |
| # Create logical volumes | |
| lvcreate -L 100G vg0 --name root | |
| lvcreate -l +80%FREE vg0 -- name home | |
| # Check | |
| lvdisplay | |
| # Create filesystem | |
| mkfs.ext4 /dev/mapper/vg0-root | |
| mkfs.ext4 /dev/mapper/vg0-home | |
| # Mount the system | |
| mkdir /mnt | |
| mount /dev/mapper/vg0-root /mnt | |
| mkdir /mnt/boot | |
| mkdir /mnt/home | |
| mount /dev/mapper/vg0-home /mnt/home | |
| mount /dev/nvme0n1p1 /mnt/boot | |
| # Sort by fastest mirror | |
| rankmirror -n 10 /etc/pacman.d/mirrorlist > /etc/pacman.d/mirrorlist.sorted | |
| # Check and replace files, I mostly don't trust certain mirrors :P | |
| # Install the base system plus a few packages | |
| pacstrap /mnt base zsh vim git sudo efibootmgr wpa_supplicant dialog iw | |
| # generate fstab | |
| # double check fstab for stuff like the EFI partition... it will blow up, when you install a new kernel :D | |
| genfstab -U -p /mnt >> /mnt/etc/fstab | |
| ## Change... | |
| # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) | |
| # Add discard to swap | |
| # Enter the new system | |
| arch-chroot /mnt | |
| # Set local time | |
| ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime | |
| hwclock --systohc | |
| # Generate required locales | |
| vim /etc/locale.gen # Uncomment desired locales, e.g. "en_US.UTF-8", "de_DE.UTF-8" | |
| locale-gen | |
| # Set desired locale | |
| echo 'LANG=en_US.UTF-8' > /etc/locale.conf | |
| # Set desired keymap and font if necessary | |
| echo 'KEYMAP=us' > /etc/vconsole.conf | |
| # echo 'FONT=latarcyrheb-sun32' >> /etc/vconsole.conf | |
| # Set hostname | |
| echo 'myhostname' > /etc/hostname | |
| #Consider adding a matching entry to hosts(5): | |
| #/etc/hosts | |
| #127.0.0.1 localhost.localdomain localhost | |
| #::1 localhost.localdomain localhost | |
| #127.0.1.1 myhostname.localdomain myhostname | |
| # Set password for root | |
| passwd | |
| # Add real user | |
| useradd -m -g users -G wheel -s /bin/zsh <username> | |
| passwd <username> | |
| echo '<username> ALL=(ALL) ALL' > /etc/sudoers.d/<username> | |
| # Configure mkinitcpio with modules needed for the initrd image | |
| vi /etc/mkinitcpio.conf | |
| # Add 'ext4 dm_snapshot' to MODULES | |
| # SYSTEMD | |
| # Change: HOOKS="base systemd autodetect modconf block keyboard sd-vconsole sd-encrypt sd-lvm2 fsck filesystems" | |
| # BUSYBOX | |
| # Change: HOOKS="base udev resume autodetect modconf block keyboard keymap consolefont encrypt lvm2 fsck filesystems" | |
| # Regenerate initrd image | |
| # if this fails, you most probably have a typo :) | |
| mkinitcpio -p linux | |
| # Setup systemd-boot | |
| bootctl --path=/boot install | |
| # Enable Intel microcode updates | |
| pacman -S intel-ucode | |
| # Create bootloader entry | |
| # Get luks-uuid with: `cryptsetup luksUUID /dev/nvme0n1p3` | |
| --- | |
| /boot/loader/entries/arch.conf # if this file does not exit, you might not have executed bootctl properly | |
| --- | |
| title Arch Linux | |
| linux /vmlinuz-linux | |
| initrd /intel-ucode.img | |
| initrd /initramfs-linux.img | |
| options luks.uuid=<uuid> luks.name=<uuid>=luks root=/dev/mapper/vg0-root rw | |
| --- | |
| # Set default bootloader entry | |
| --- | |
| /boot/loader/loader.conf | |
| --- | |
| default arch | |
| --- | |
| # Exit and reboot | |
| exit | |
| reboot | |
| ## login | |
| # setup wifi | |
| # identify wlan interface | |
| ip link | |
| sudo wpa_passphrase <SSID> <PASSWORD> > /etc/wpa_supplicant/wpa_supplicant-<wifi interface>.conf | |
| ## remove psk from file | |
| ## add to the top: | |
| ## ctrl_interface=/run/wpa_supplicant.conf | |
| ## update_config=1 | |
| # enable wpa_supplicant on boot | |
| sudo systemctl enable wpa_supplicant@<wifi interface>.service | |
| # enable wpa_supplicant now | |
| sudo systemctl start wpa_supplicant@<wifi interface>.service | |
| # check status, if not running, execute sudo wpa_supplicant -B -i <wifi interface> -c /etc/wpa_supplicant/wpa_supplicant-<wifi interface>.conf and check error | |
| sudo systemctl status wpa_supplicant@<wifi interface>.service | |
| # enable getting ip address on boot | |
| sudo systemctl enable dhcpcd@<wifi interface>.service | |
| # do it now | |
| sudo systemctl start dhcpcd@<wifi interface>.service | |
| # check, if errors, execute sudo dhcpcd <wifi interface> and check error | |
| sudo systemctl start dhcpcd@<wifi interface>.service | |
| # if it does not work: most probably you failed at typing your SSID or PASSWORD | |
| # GUI | |
| ## X11 Variation for i3 | |
| sudo pacman -S xorg-server xorg-xinit | |
| ## Shotgut approach for display driver :S | |
| sudo pacman -S xorg-drivers | |
| # i3 | |
| sudo pacman -S i3 | |
| # i3 menu | |
| sudo pacman -S dmenu | |
| # add "exec i3" to .xinitrc | |
| # --------------------------------- | |
| ## Wayland Variation for gnome | |
| sudo pacman -S gnome | |
| ## enable login manager | |
| sudo systemctl enable gdm.service | |
| # Audio | |
| ## I guess ALSA is there, but throw this in | |
| sudo pacman -S alsa-utils | |
| ## Most distros also use Pule | |
| sudo pacman -S pulseaudio pulseaudio-alsa | |
| # ACPID for additional Notebook support like sleep n stuff | |
| sudo pacman -S acpid | |
| # FIREFOX!!! CHROME MA ASS | |
| sudo pacman -S firefox thunderbird | |
| # Terminal stuff # guake too if not i3 :D | |
| sudo pacman -S awesome-terminal-fonts terminator |
sd-lvm2 > lvm2, install it with pacstrap.
wip:
# Installation on Lenovo X1 5th Generation
# Installation guide: https://wiki.archlinux.org/index.php/Installation_Guide
# Encryption: https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Cryptsetup_usage
# LVM: https://wiki.archlinux.org/index.php/LVM
# Set large font, if necessary
setfont latarcyrheb-sun32
# Connect to Internet through WiFi if necessary
iwctl
# ip a to check for dhcpd to work
# Consider pacman -Syu
# Sync clock
timedatectl
###############################################################################
# Partition Disk 1 (nvme0n1)
###############################################################################
# Create three partitions:
# 1. EFI (1G), type ef00
# 2. /boot (1G), type 8300
# 3 100% Linux partiton (to be encrypted), type 8300
cgdisk /dev/nvme0n1
###############################################################################
# Partition Disk 2 (nvme1n1)
###############################################################################
# 1) LUKS partition (entire disk), type 8300
cgdisk /dev/nvme1n1
###############################################################################
# Encrypt LUKS partitions
###############################################################################
# For disk1’s big partition (p3):
cryptsetup --allow-discards --persistent --perf-no_read_workqueue --perf-no_write_workqueue \
--verbose \
--cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 4000 \
--use-random luksFormat /dev/nvme0n1p3
cryptsetup --allow-discards --persistent open /dev/nvme0n1p3 cryptroot1
# For disk2’s big partition (p1):
cryptsetup --allow-discards --persistent --perf-no_read_workqueue --perf-no_write_workqueue \
--verbose \
--cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 4000 \
--use-random luksFormat /dev/nvme1n1p1
cryptsetup --allow-discards --persistent open /dev/nvme1n1p1 cryptroot2
###############################################################################
# Format filesystem
###############################################################################
# Format EFI
mkfs.vfat -F 32 /dev/nvme0n1p1
# Format /boot
mkfs.ext4 /dev/nvme0n1p2
# Combine both unlocked LUKS devices into a single Btrfs:
mkfs.btrfs -f \
/dev/mapper/cryptroot1 \
/dev/mapper/cryptroot2
# Mount it
mkdir /mnt
mount /dev/mapper/cryptroot1 /mnt
# (At this point, Btrfs sees both devices in the same filesystem.)
# Create subvolumes for root & home (Fedora style)
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
# (Optionally) btrfs subvolume create /mnt/var
# etc.
# Unmount
umount /mnt
###############################################################################
# Mount subvolumes
###############################################################################
# Mount the root subvolume
mount -o subvol=root /dev/mapper/cryptroot1 /mnt
# Create & mount home
mkdir /mnt/home
mount -o subvol=home /dev/mapper/cryptroot1 /mnt/home
###############################################################################
# Mount /boot and EFI
###############################################################################
mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/nvme0n1p1 /mnt/boot/efi
###############################################################################
# Arch Linux Installation
###############################################################################
# Sort by fastest mirror
rankmirror -n 10 /etc/pacman.d/mirrorlist > /etc/pacman.d/mirrorlist.sorted
# Check and replace files, I mostly don't trust certain mirrors :P
# Install the base system plus a few packages
# amd-ucode for amd and
# intel-ucode for intel
pacstrap -K /mnt base linux linux-firmware amd-ucode \
grub efibootmgr \
dialog networkmanager btrfs-progs \
zsh git sudo neovim \
plasma-meta kde-applications-meta sddm \
nvidia-open nvidia-utils nvidia-settings \
pipewire pipewire-alsa pipewire-pulse pipewire-jack wireplumber
# generate fstab
# double check fstab for stuff like the EFI partition... it will blow up, when you install a new kernel :D
genfstab -U -p /mnt >> /mnt/etc/fstab
## Change...
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
# Add discard to swap
# Enter the new system
arch-chroot /mnt
###############################################################################
# Arch Linux Configuration
###############################################################################
# Set local time
ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
# Generate required locales
vim /etc/locale.gen # Uncomment desired locales, e.g. "en_US.UTF-8", "de_DE.UTF-8"
locale-gen
# Set desired locale
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
# Set desired keymap and font if necessary
echo 'KEYMAP=us' > /etc/vconsole.conf
echo 'FONT=Lat2-Terminus16' >> /etc/vconsole.conf
# echo 'FONT=latarcyrheb-sun32' >> /etc/vconsole.conf
# Set hostname
echo 'myhostname' > /etc/hostname
#Consider adding a matching entry to hosts(5):
#/etc/hosts
#127.0.0.1 localhost.localdomain localhost
#::1 localhost.localdomain localhost
#127.0.1.1 myhostname.localdomain myhostname
# Set password for root
passwd
# Add real user
useradd -m -g users -G wheel,video,audio,optical,storage,docker,lp,scanner -s /bin/zsh <username>
passwd <username>
echo '<username> ALL=(ALL) ALL' > /etc/sudoers.d/<username>
# Configure mkinitcpio with modules needed for the initrd image
vi /etc/mkinitcpio.conf
# Add 'ext4 dm_snapshot' to MODULES
# SYSTEMD
# Change: HOOKS="base systemd autodetect microcode modconf keyboard sd-vconsole block sd-encrypt filesystems fsck acpi_override nvidia nvidia_modset nvidia_uvm nvidia_drm"
# Regenerate initrd image
# if this fails, you most probably have a typo :)
mkinitcpio -P
# efi directory is boot and boot loader is installed there as well.
# Some distros (like Ubuntu) have two different partitions for boot and efi.
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
# Add 'rd.luks.name=XXX=cryptlvm root=/dev/mapper/vg0-root' to GRUB_CMDLINE_LINUX
# Add modules for it to be able to tackle encryption and btrfs: GRUB_PRELOAD_MODULES="cryptodisk luks gcry_rijndael pbkdf2 btrfs"
nvim /etc/default/grub
# Exchange XXX with the result of cryptsetup luksUUID /dev/nvme0n1p3
sed -i "s/xxx/$(cryptsetup luksUUID /dev/nvme0n1p3)/" # never tried this, so be cautious :D
grub-mkconfig -o /boot/grub/grub.cfg
# Exit and reboot
exit
reboot
## login
sudo systemctl enable --now sddm
# Internet
sudo systemctl enable --now NetworkManager
nmcli device wifi connect "<SSID>" password "<PASSWORD>"
# OR nmtui
# Audio
systemctl enable --user wireplumber
systemctl start --user wireplumber
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To start of with more useful groups:
sudo useradd -m -s /usr/bin/fish -G wheel,video,audio,optical,storage,docker,lp,scanner ibihimwheel: For granting sudo access (requires configuration in the sudoers file).video: For access to video devices and hardware acceleration.audio: For access to audio devices.optical: For access to optical drives (CD/DVD).storage: For access to removable storage devices.docker: For access to Docker daemon and containers (requires Docker to be installed).lp: For access to printers.scanner: For access to scanners.Add
dockerwithgroupadd docker.