From e80f58116a9ecd67b2febe06778c624fd42ed1c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Mon, 18 Jan 2021 12:52:27 +0100 Subject: Restart repo from scratch --- content/writeups/archlinux_installation.md | 181 +++++++++++++++++++++++++++++ 1 file changed, 181 insertions(+) create mode 100644 content/writeups/archlinux_installation.md (limited to 'content/writeups/archlinux_installation.md') diff --git a/content/writeups/archlinux_installation.md b/content/writeups/archlinux_installation.md new file mode 100644 index 0000000..4a54636 --- /dev/null +++ b/content/writeups/archlinux_installation.md @@ -0,0 +1,181 @@ ++++ +title = "Archlinux installation" +date = 2020-07-01 ++++ + +
+ +## Introduction +Through my 5 years with different Archlinux installations, I made up my mind to +document the one that fullfills my needs. The main goal is a minimal arch install +(like any other), including systemd and refind, without using any crappy ncurses +interface, and of course powered by btrfs (zfs an other day). + +Installation process is heavily inspired by : +- [Bullet proof arch install](https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install) +
+ +
+ +## Partitions +``` bash +$ sgdisk --clear \ + --new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \ + --new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \ + --new=3:0:0 --typecode=3:8300 --change-name=3:cryptsystem \ + /dev/nvme0n1 +$ sgdisk --clear \ + --new=1:0:1025GiB --typecode=1:8300 --change-name=1:wsd \ +/dev/sda +``` +
+ +
+ +## Encryption + +```bash +$ cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem +$ cryptsetup open /dev/disk/by-partlabel/cryptsystem system +$ cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap +$ mkswap -L swap /dev/mapper/swap +$ swapon -L swap +``` +
+ +
+ +## File format + +```bash +$ mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI +$ mkfs.ext4 -n wsd /dev/disk/by-partlabel/wsd +$ mkfs.btrfs --force --label system /dev/mapper/system +$ o=defaults,x-mount.mkdir +$ o_btrfs=$o,compress=lzo,ssd,noatime +$ mount -t btrfs LABEL=system /mnt +$ mount -t btrfs LABEL=system /mnt +$ btrfs subvolume create /mnt/root +$ btrfs subvolume create /mnt/home +$ btrfs subvolume create /mnt/snapshots +$ umount -R /mnt +$ mount -t btrfs -o subvol=root,$o_btrfs LABEL=system /mnt +$ mount -t btrfs -o subvol=home,$o_btrfs LABEL=system /mnt/home +$ mount -t btrfs -o subvol=snapshots,$o_btrfs LABEL=system /mnt/.snapshots +$ mkdir /mnt/wsd +$ mount LABEL=wsd /mnt/wsd +$ mkdir /mnt/boot +$ mount LABEL=EFI /mnt/boot +``` +
+ +
+## Base install + +```bash +$ pacstrap /mnt basenvim +$ genfstab -L -p /mnt >> /mnt/etc/fstab +``` +Open up /mnt/etc/fstab (old, new): +```bash +LABEL=swap none swap defaults 0 0 +``` +```bash +/dev/mapper/cryptswap none swap sw 0 0 +``` +Open up /mnt/etc/crypttab, append at the end: +```bash +swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=256 +``` +
+ +
+ +## Base systemd + +The only way to have a non-biased opinion about systemd is to mix it yourself in your base install. + +```bash +$ systemd-nspawn -bD /mnt +$ localectl set-locale LANG=en_US.UTF-8 +$ timedatectl set-ntp 1 +$ timedatectl set-timezone Europe/Paris +$ hostnamectl set-hostname WS-workstationname +``` +
+ +
+ +## Base packages + +After spending more than one day on some archlinux shenanigans, you need linux-firmware package for a propper booting install, since 2019 :questionmark: + +```bash +$ pacman -Syu base-devel linux linux-firmware refind-efi btrfs-prog gptfdisk zsh wget curl git zip unzip ntfs-3g +``` +
+ +
+ +## Initramfs + +```bash +$ mv /etc/mkinitcpio.conf /etc/mkinitcpio.conf.orig +``` + Open up /etc/mkinitcpio.conf : + +```bash +MODULES="" +BINARIES="" +FILES="" +HOOKS="base systemd sd-vconsole modconf keyboard block filesystems btrfs sd-encrypt fsck" +``` +```bash +$ mkinicpio -p linux +``` +
+ +
+ +## rEFind + +```bash +$ refind-install +``` + +We now reached the trickiest part for installing rEFind. +Hit Ctrl+Alt+F2, exec this last code block, and then reach back TTy1 (nspawn doesn't allow deep disk modification / access). + +```bash +$ arch-chroot /mnt +$ refind-install +``` +Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir : + +```config +timeout 5 +use_graphics_for windows +also_scan_dirs +,@/ +``` +```config +btrfs filesystem show system +lsblk -fs +``` +Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir : +```config +Add the following value if you are using an intel cpu : initrd=/intel-ucode.img +"Boot with standard options" "rd.luks.name=*FILL IN UUID FROM PARTITION*=cryptsystem root=UUID=*UUID FROM encrypted root subvolume* rootflags=subvol=root initrd=/initramfs-linux.img" +``` +
+ +
+ +## Reboot + +```bash +$ passwd +$ poweroff +$ reboot +#finger crossed !! +``` +
-- cgit v1.2.3