aboutsummaryrefslogtreecommitdiffstats
path: root/src/b/2020-07-archlinux-installation.md
blob: 4f47b14b95409f28832f45f67e5b813dd34aed18 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
---
date: 2020-07-01
title: Archlinux Bulletproof Installation
---

Through my 5 years with different Archlinux installations, I made up my mind to 
document the one that fullfills my needs. The main goal is a minimal arch install
(like any other), including systemd and refind, without using any crappy ncurses
interface, and of course powered by btrfs (zfs an other day).

Installation process is heavily inspired by :

- [https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install](Bullet proof arch install)

## partitions

```
$ sgdisk --clear \
	--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \
	--new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \
	--new=3:0:0 --typecode=3:8300 --change-name=3:cryptsystem \
	/dev/nvme0n1
$ sgdisk --clear \
	--new=1:0:1025GiB --typecode=1:8300 --change-name=1:wsd \
/dev/sda
```

## encryption

```
$ cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem
$ cryptsetup open /dev/disk/by-partlabel/cryptsystem system
$ cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap
$ mkswap -L swap /dev/mapper/swap
$ swapon -L swap
```

## file format

```
$ mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
$ mkfs.ext4 -n wsd /dev/disk/by-partlabel/wsd
$ mkfs.btrfs --force --label system /dev/mapper/system
$ o=defaults,x-mount.mkdir
$ o_btrfs=$o,compress=lzo,ssd,noatime
$ mount -t btrfs LABEL=system /mnt
$ mount -t btrfs LABEL=system /mnt
$ btrfs subvolume create /mnt/root
$ btrfs subvolume create /mnt/home
$ btrfs subvolume create /mnt/snapshots
$ umount -R /mnt
$ mount -t btrfs -o subvol=root,$o_btrfs LABEL=system /mnt
$ mount -t btrfs -o subvol=home,$o_btrfs LABEL=system /mnt/home
$ mount -t btrfs -o subvol=snapshots,$o_btrfs LABEL=system /mnt/.snapshots
$ mkdir /mnt/wsd
$ mount LABEL=wsd /mnt/wsd
$ mkdir /mnt/boot
$ mount LABEL=EFI /mnt/boot
```

## base install

```
$ pacstrap /mnt basenvim
$ genfstab -L -p /mnt >> /mnt/etc/fstab
```

Open up /mnt/etc/fstab (old, new):

```
LABEL=swap none swap defaults 0 0
```

```
/dev/mapper/cryptswap none swap sw 0 0
```

Open up /mnt/etc/crypttab, append at the end:

```
swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=256
```

## base systemd

The only way to have a non-biased opinion about systemd is to mix it yourself in your base install.

```
$ systemd-nspawn -bD /mnt
$ localectl set-locale LANG=en_US.UTF-8
$ timedatectl set-ntp 1
$ timedatectl set-timezone Europe/Paris
$ hostnamectl set-hostname WS-workstationname
```

## base packages

After spending more than one day on some archlinux shenanigans, you need linux-firmware package for a propper booting install, since 2019 :questionmark:

```
$ pacman -Syu base-devel linux linux-firmware refind-efi btrfs-prog gptfdisk zsh wget curl git zip unzip ntfs-3g
```
</pre>

## intramfs

```
$ mv /etc/mkinitcpio.conf /etc/mkinitcpio.conf.orig
```

Open up /etc/mkinitcpio.conf :

```
MODULES=""
BINARIES=""
FILES=""
HOOKS="base systemd sd-vconsole modconf keyboard block filesystems btrfs sd-encrypt fsck"
```

```
$ mkinicpio -p linux
```

## refind

```
$ refind-install
```

We now reached the trickiest part for installing rEFind.
Hit Ctrl+Alt+F2, exec this last code block, and then reach back TTy1 (nspawn doesn't allow deep disk modification / access).

```
$ arch-chroot /mnt
$ refind-install
```

Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir :

```
timeout 5
use_graphics_for windows
also_scan_dirs   +,@/
```

```
$ btrfs filesystem show system
$ lsblk -fs
```

Open up /boot/EFI/refind/refind.conf, or somewhere like that in the EFI dir :

```
Add the following value if you are using an intel cpu : initrd=/intel-ucode.img
"Boot with standard options"  "rd.luks.name=*FILL IN UUID FROM PARTITION*=cryptsystem root=UUID=*UUID FROM encrypted root subvolume* rootflags=subvol=root initrd=/initramfs-linux.img"
```

## reboot

```
$ passwd
$ poweroff
$ reboot
#finger crossed !!
```
remember that computers suck.