Skip to content

Instantly share code, notes, and snippets.

@nhumrich

nhumrich/arch_linux_installation.md

Forked from OdinsPlasmaRifle/arch_linux_installation.md
Last active April 19, 2021 02:27
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save nhumrich/67f6f13ae88eaabaa219953d41c5bf9d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save nhumrich/67f6f13ae88eaabaa219953d41c5bf9d to your computer and use it in GitHub Desktop.
Download ZIP
LVM on LUKS Arch installation with systemd-boot
Raw
arch_linux_installation.md

Arch Linux Installation

LVM on LUKS Arch installation with systemd-boot

Sources:

USB

Download Arch Linux. Prepare an installtion medium (A USB drive is used as an example below).

Find out the name of your USB drive with lsblk. Make sure that it is not mounted.

To mount the Arch ISO run the following command, replacing /dev/sdx with your USB drive, e.g. /dev/sdb. (do not append a partition number, so do not use something like /dev/sdb1, you can find it by using lsblk):

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync

Preparation

Boot from USB drive.

If the current font is unreadable or too small, change it:

setfont sun12x22

Check if you are running in UEFI mode:

ls /sys/firmware/efi/efivars

If no errors are ouputted and the directory exists then the system is booted in UEFI. Otherwise reboot in UEFI.

Check that there is an internet connection:

ping archlinux.org

ip a

SSH IN

On new install:

# set a root password
passwd root

# start ssh
systemctl list-unit-files -t service | grep ssh
systemctl start sshd

Then ssh in with another computer for copy/paste/etc.

Rest

After ssh'ing in:

Update the system clock:

timedatectl set-ntp true

Lastly to enable mirrors, edit /etc/pacman.d/mirrorlist and locate your geographic region. Uncomment mirrors you would like to use. Adjust the list order as well if necessary: The higher a mirror is placed on the list the more priority it has when downloading packages.

Partitioning

Get the name of the disk to format/partition:

lsblk

The name should be something like /dev/nvme0n1

If you need to wipe data before install - shred the disk using the shred tool:

shred -v -n1 /dev/nvme0n1

Now partition the disk:

parted /dev/nvme0n1

2 partitions:

  1. EFI boot
  2. Rest for LVM
mklabel gpt
mkpart ESP fat32 1MiB 512MiB
set 1 boot on
name 1 efi
mkpart primary 512MiB 100%
name 2 lvm
print
quit

Once partitioned you can format the boot and swap partition (the LVM partition needs to be encrypted before it gets formatted) crypt

Encryption

First modprobe for dm-crypt

modprobe dm-crypt

Now, encrypt the disk:

cryptsetup luksFormat /dev/nvme0n1p2

Open the disk with the password set above:

cryptsetup open --type luks /dev/nvme0n1p2 cryptlvm

Check the lvm disk exists:

ls /dev/mapper/cryptlvm

Create a physical volume:

pvcreate /dev/mapper/cryptlvm

Create a volume group:

vgcreate volume /dev/mapper/cryptlvm

Create logical partitions:

lvcreate -L50G volume -n swap    # make size the same as amount of RAM
lvcreate -L100G volume -n root
lvcreate -l 100%FREE volume -n home

OR for all root:

lvcreate -L50G volume -n swap
lvcreate -l 100%FREE volume -n root

Format file system on logical partitions:

mkfs.ext4 /dev/volume/root
mkfs.ext4 /dev/volume/home     # or leave out if only root
mkswap /dev/volume/swap

Mount the volumes and file systems:

mount /dev/volume/root /mnt
mkdir /mnt/home       # leave out if only root partition
mkdir /mnt/boot
mount /dev/volume/home /mnt/home
mount /dev/nvme0n1p1 /mnt/boot
swapon /dev/volume/swap

Installation

Install base package, linux, firmware, lvm2 and utilities:

pacstrap /mnt base base-devel linux linux-firmware lvm2 vim git openssh networkmanager

Generate fstab:

genfstab -U /mnt >> /mnt/etc/fstab

chroot into system:

arch-chroot /mnt

Set time locale (choose a relevant locale):

ln -sf /usr/share/zoneinfo/America/Denver /etc/localtime

Set clock:

hwclock --systohc

Uncomment en_US.UTF-8 UTF-8 en_US ISO-8859-1 and other needed localizations in /etc/locale.gen. Now run:

locale-gen

Create locale config file:

locale > /etc/locale.conf

Set the lang variable in the above file:

LANG=en_US.UTF-8

Add an hostname (any hostname of your choice as one line in the file. eg. myhostname):

vim /etc/hostname

Update /etc/hosts to contain:

127.0.1.1   myhostname.localdomain  myhostname
127.0.0.1   localhost
::1         localhost

Because our filesystem is on LVM we will need to enable the correct mkinitcpio hooks.

Edit the /etc/mkinitcpio.conf. Look for the HOOKS variable and move keyboard to before the filesystems and add encrypt and lvm2 after keyboard. Then add resume after lvm2 and filesystem. Like:

HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems resume fsck"

Regenerate the initramfs:

mkinitcpio -p linux

Install a bootloader:

bootctl --path=/boot/ install

Create bootloader. Edit /boot/loader/loader.conf. Replace the file's contents with:

default arch
timeout 3
editor 0

The editor 0 ensures the configuration can't be changed on boot.

Next create a bootloader entry in /boot/loader/entries/arch.conf

title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID={UUID}:cryptlvm root=/dev/volume/root resume=/dev/volume/swap quiet rw

Replace {UUID} with the UUID of /dev/nvme0n1. In order to get the UUID run the following command:

blkid

Or, while stil in vim, run:

:read ! blkid /dev/nnvme0n1

Last steps

# change the root password
chpass

#Make a user and give access to sudo:

Complete

exit chroot:

exit

unmount everything:

umount -R /mnt

and reboot

reboot
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment