Mirror of https://gitlab.com/-/snippets/2476679

artixinstall-lvm-on-luks.md

Verify Connection

ping -c4 archlinux.org

Disk Partitioning

cgdisk /dev/nvme0n1

Partition                               Partition Type      Size                        Mount Point
/dev/nvme0n1p1                          efi (ef00)          128M                        /mnt/efi
/dev/nvme0n1p2 (/dev/mapper/cryptlvm)   LVM on LUKS         Remainder of the device     /mnt

set env

esp=/dev/nvme0n1p1
luks=/dev/nvme0n1p2

Setup LUKS

cryptsetup luksFormat -v -i 3000 $luks
cryptsetup open $luks cryptlvm

LVM

Detect volume group

vgscan
vgchange -ay

Create pv & vg & lv

pvcreate /dev/mapper/cryptlvm
vgcreate vg0 /dev/mapper/cryptlvm
lvcreate -L 40G -n root vg0
lvcreate -L 256M -n boot vg0
lvcreate -l 100%FREE -n home vg0

Make filesystem

mkfs.fat -F32 -n EFI $esp
mkfs.ext4 -L boot /dev/vg0/boot
mkfs.ext4 -L root /dev/vg0/root
mkfs.ext4 -L home /dev/vg0/home

Mount partion

mount -m /dev/vg0/root /mnt
mount -m /dev/vg0/boot /mnt/boot
mount -m $esp /mnt/efi
mount -m /dev/vg0/home /mnt/home
mkdir -pv /mnt/efi/EFI/Linux

Install base and init system

pacstrap /mnt base vim opendoas lvm2

Generate fstab

genfstab -U /mnt >> /mnt/etc/fstab

mkdir /mnt/etc/cmdline.d/
echo "rd.luks.name=$(lsblk -dno UUID $luks)=cryptlvm root=/dev/vg0/root rw loglevel=3" > /mnt/etc/cmdline.d/cmdline.conf

chroot

arch-chroot /mnt /bin/bash
user={user}
hostname={hostname}

Region settings

ln -sf /usr/share/zoneinfo/Asia/Tokyo /etc/localtime
hwclock --systohc

Locale Settings

/etc/locale.gen

...
en_DK.UTF-8 UTF-8
...
en_US.UTF-8 UTF-8
...
ja_JP.UTF-8 UTF-8
...

locale-gen

echo 'LANG=ja_JP.UTF-8'  > /etc/locale.conf

Prevent beep sound

echo 'blacklist pcspkr' >> /etc/modprobe.d/blacklist.conf

Add User

useradd -m -G video,storage,input,wheel $user
passwd $user

doas

echo 'permit persist :wheel' > /etc/doas.conf

Install kernel and others

pacman -S linux linux-firmware efibootmgr intel-ucode amd-ucode \
	xorg-xinit xorg-server i3-gaps noto-fonts-cjk networkmanager \
	xdg-user-dirs cryptsetup rsync git base-devel \
	pipewire-alsa pipewire-pulse gvfs gvfs-mtp alacritty firefox --needed -y

Remove fallback initramfs image

/etc/mkinitcpio.d/linux.preset

-PRESETS=('default' 'fallback')
+PRESETS=('default')
+#default_image="/boot/initramfs-linux.img"
+default_uki="/efi/EFI/Linux/grubx64.efi"

rm /boot/initramfs-linux*.img

Make English-named directories

su $user -c 'LANG=C xdg-user-dirs-update --force'

Initramfs Settings

/etc/mkinitcpio.conf

-HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block filesystems fsck)
+HOOKS=(base systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt lvm2 filesystems fsck)

Generate initram

mkinitcpio -P

set hostname

echo $hostname > /etc/hostname

exit and shutdown

exit # or Ctrl+d
umount -R /mnt
shutdown -h now

Setup Network

systemctl enable --now NetworkManager
nmtui

CJK input

doas pacman -S fcitx5-im fcitx5-skk

~/.xprofile

export GTK_IM_MODULE=fcitx
export QT_IM_MODULE=fcitx
export XMODIFIERS=@im=fcitx

doas reboot

UTC in Windows

Execute as admin

reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation" /v RealTimeIsUniversal /d 1 /t REG_QWORD /f

Enable discard on LVM on LUKS

doas cryptsetup --allow-discards --persistent refresh $luks
doas sed -i 's/# issue_discards = 0/issue_discards = 1/' /etc/lvm/lvm.conf
doas systemctl enable fstrim.timer

setup refind with bitlocker support

doas refind-install --shim /usr/share/shim-signed/shimx64.efi
doas sbsign --key MOK.key --cert MOK.crt --output /efi/EFI/refind/grubx64.efi /efi/EFI/refind/grubx64.efi

/efi/EFI/refind/refind.conf

...
menuentry "Windows" {
	icon /EFI/refind/icons/os_win8.png
# efibootmgr Boot{Number}
	firmware_bootnum 0000
}