People who hijack any situation to talk about how they 'use Arch' like some sort of preacher has become a wildly popular Meme in Geek culture, however not without reason. Here I go: I've been using Arch for about four years now and I have to say I truly love it!
I've been introduced to Linux about 13 years ago through Ubuntu and immediately I knew this would be my OS of choice. During my early Linux years I've been testing out tons and tons of distributions and Desktop Environments. I eventually settled for Debian and stayed there for a bunch of years.
Since everone was always raving about Arch Linux I became very curious to try it out but time and again I was intimidated by the installation procedure. Until one day I just decided to back-up all the things! <insert meme> and go for bust. Guess what... it worked! It booted the first-time round! However this was without LUKS encryption and EFI boot which I always encourage and love to use.
After piecing and splicing together multiple tutorials I finally had the perfect installation procedure down to a science. This install will give you a EFI bootable image secured by LUKS full-disk (partition) ecnryption. I will keep this updated continually since I myself also still use this as my cheat sheet from time to time.
Prerequisites
Check internet connection
ping -c 3 www.google.com
If needed try connecting via WiFi
iwctl
device list
station connect <DEVICE> <SSID>
Check EFI vars present
ls /sys/firmware/efi/efivars
Main installation
Set system time using NTP:
timedatectl set-ntp true
timedatectl status
Partitioning
TIP: If dual-booting leave a 128MiB empty ‘gap’ partition in between your ‘other os’ and your new partition.
Zap all data on disk and create a new GPT table.
Show current partition table
lsblk
NOTE: X represents your drive mountpoint. mine is sda
.
gdisk /dev/sdX
o
# Create a new empty GUID partition table (GPT)y
# Confirm
EFI System Partition (ESP)n
# Add a new partition1
# Partition number[Return]
# First sector+512M
# Last sector = sizeef00
# Partition type = EFI System
LUKS containern
# Add a new partition2
# Partition number[Return]
# First sector[Return]
# Last sector = Use remaining space8e00
# Partition type = Linux LVM
p
# Check partitionsw
# Write changes to disk and exity
# Confirm
Format EFI System Partition (ESP):
mkfs.fat -F32 /dev/sda1
Encrypt the other partition with LUKS (512 Bit AES-XTS and SHA512 for passphrase):
cryptsetup luksFormat -v -s 512 -h sha512 /dev/sda2
cryptsetup luksOpen /dev/sda2 luks
Setup Logical Volume Manager:
pvcreate /dev/mapper/luks
vgcreate rootvg /dev/mapper/luks
Create Logical Volumes:
lvcreate -n swap -L 4G -C y rootvg
lvcreate -n root -L 25G rootvg
lvcreate -n home -l 100%FREE rootvg
Check LVM Setup:
pvs
vgs
lvs
Create filesystems for LVs:
mkfs.ext4 /dev/mapper/rootvg-home
mkfs.ext4 /dev/mapper/rootvg-root
mkswap /dev/mapper/rootvg-swap
swapon /dev/mapper/rootvg-swap
Mount LVs and ESP for installation:
mount /dev/mapper/rootvg-root /mnt
mkdir /mnt/boot
mkdir /mnt/home
mount /dev/mapper/rootvg-home /mnt/home
mount /dev/sda1 /mnt/boot
Selecting fastest mirrors
reflector --country France --country Germany --age 12 --protocol https --sort rate --save /etc/pacman.d/mirrorlist
Install base system
pacstrap /mnt base base-devel linux linux-firmware
Generate fstab (make sure swapon is set when running these)
genfstab -U /mnt >> /mnt/etc/fstab
nano /mnt/etc/fstab (for SSD change swap line from ‘defaults’ to ‘defaults,discard’)
Mount into system
arch-chroot /mnt
Install some basic packages
pacman -S lvm2 vim nano
Set hostname
echo arch-laptop > /etc/hostname
Set timezone
ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
hwclock --systohc
Locales
nano /etc/locale.gen
Uncomment the following two localesen_US.UTF-8 UTF-8
en_US ISO-8859-1
locale-gen
Set Language
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8
Enabling the AUR repo
nano /etc/pacman.conf
Add these lines at the bottom of the file:[archlinuxfr]
SigLevel = Never
Server = https://repo.archlinux.fr/$arch
After saving be sure to update your sources:
pacman -Sy
User Management
Set root password
passwd
Create user:
useradd -m -g users -G wheel,storage,power -s /bin/bash <user>
passwd <user>
Setup sudoers:
EDITOR=nano visudo
Uncomment this line:%wheel ALL=(ALL) ALL
Add to the bottom:Defaults rootpw
Installing some basic software
Bash completion:
pacman -S bash-completion
Install packages for WiFi:
pacman -S dialog wpa_supplicant wpa_actiond rfkill
Find and enable your wireless-interface
ip link
systemctl enable netctl-auto@<YOUR_INTERFACE>
Installing the bootloader:
bootctl install
Write long UUID to file for later use
blkid | grep sda2 | cut -f2 -d\" >> /boot/loader/entries/arch.conf
Create an entry for Arch
nano /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<YOUR_UUID>:rootvg:allow-discards root=/dev/mapper/rootvg-root rw
Install Intel Microcode:
This is useful for when you want to be able to receive firmware updates to your CPU.
You should only follow this step if you run on a Intel CPU.
pacman -S intel-ucode
Add the following to your previously created boot entry:initrd /intel-ucode.img
nano /boot/loader/entries/arch.conf
Your final boot entry should look like this:title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=<YOUR_UUID>:rootvg:allow-discards root=/dev/mapper/rootvg-root rw
Set required hooks for boot init.
in /etc/mkinitcpio.conf
make sure the following hooks are present, if not add them:encrypt
lvm2
An example of a complete string of hooks would be:base udev autodetect modconf block filesystems keyboard encrypt lvm2 fsck
mkinitcpio -p linux
Finalize:
exit
umount -R /mnt
reboot
Congratulations! You are now booted into your new Arch system. As you've noticed things are a little 'texty' out here. Let's add some paint.
Install a graphics driver and display server
sudo pacman -S mesa xorg-server xorg-xinit xorg-twm xorg-xclock
Install awesome GUI stuff
sudo pacman -S gnome gdm gnome-tweaks chrome-gnome-shell gnome-keyring
sudo systemctl enable gdm.service
Installing a AUR helper
In Arch we have a great asset that is the Arch User Respository (AUR). Here we can find all kinds of user maintained packages build-scripts that would otherwise be quite hard to install. Using an AUR helper makes installing packages from the AUR as easy as Pacman for instance. Let's install my favorite one, Yay!
git clone https://aur.archlinux.org/yay.git
cd yay && makepkg -si
Installing and enabling a Firewall
sudo pacman -S ufw
sudo ufw enable
Installing and enabling OpenSSH-Server
sudo pacman -S openssh
sudo systemctl enable --now sshd.service
If needed make sure the SSH connection get's through the Firewall
sudo ufw allow 22
Enable NetworkManager
sudo pacman -S networkmanager networkmanager-openvpn
sudo systemctl enable NetworkManager.service
Install some funky themes
sudo pacman -S adapta-gtk-theme
yay -S paper-icon-theme-git
Install some awesome packages
sudo pacman -S file-roller vlc vim git keepassxc reflector jdk8-openjdk
Add a Mozilla signature in order to build Firefox
gpg --recv-key 0x61B7B526D98F0353
yay -S firefox-nightly
Install some support libraries
sudo pacman -S xdotool xsel udisks2 dosfstools exfat-utils ntfs-3g
Enable minimal media codecs
sudo pacman -S gstreamer gst-plugins-good gst-plugins-ugly
After install stuff [Optional]:
Install some nifty little package installers (Flatpak vs Snap.. FIGHT!)
sudo pacman -S flatpak
yay -S snapd
Pacman hooks
Install a Pacman hook to update the mirrorlist to specified criterea upon upgrading the pacman-mirrorlist
package.
sudo mkdir -p /etc/pacman.d/hooks
Create a new file in /etc/pacman.d/hooks/mirrorupgrade.hook
and paste the following code:
[Trigger]
Operation = Upgrade
Type = Package
Target = pacman-mirrorlist
[Action]
Description = Updating pacman-mirrorlist with reflector and removing pacnew...
When = PostTransaction
Depends = reflector
Exec = /usr/bin/env sh -c "reflector --country 'Netherlands' --latest 10 --protocol https --age 12 --sort rate --save /etc/pacman.d/mirrorlist; if [[ -f /etc/pacman.d/mirrorlist.pacnew ]]; then rm /etc/pacman.d/mirrorlist.pacnew; fi"
Now every time the pacman-mirrorlist
package gets upgraded (ie. new mirrors get added) we use reflector
to test the mirror speed and protocol to obtain a new ordered mirrorlist.
NOTE: The above script depends on reflector
so be sure to have it installed as described above.
Terminal preference
See the zsh n00b guide
Auto mounting of /media/data
and /media/games
.
First make the folders to mount to:
sudo mkdir -p /media/data
sudo mkdir -p /media/games
Find the proper UUIDs:
sudo blkid | grep sdb1
sudo blkid | grep sdc1
Then add the UUID of desired drive to the fstab like so:
UUID=<your-uuid> /media/data ext4 defaults 0 1
UUID=<your-uuid> /media/games ntfs-3g defaults,discard 0 1
Installing steam native runtime:
sudo pacman -S steam steam-native-runtime
Troubleshooting
Use NetworkManager instead of netctl
During installation we enabled the netctl-auto configuration in order to have access to wireless internet post-install. This is because life after install is just a terminal prompt. After installing a GUI though you probably would like to start using a graphical network manager. In this case we're going to assume you installed GNOME.
sudo systemctl disable netctl-auto@<YOUR_INTERFACE>.service
sudo systemctl enable --now NetworkManager.service
Simply reboot and enjoy your new NetworkManager
DOCUMENT HISTORY:
12-01-2021
Removed advise for proprietary Macbook video driver and optimized some commands.
14-01-2020
I swapped out aurman
in favor of yay
since Aurman is not that well supported anymore by the developer(s). Updated the references accordinlgy.
12-12-2018
I no longer recommend to install the synaptics-touch driver since the built-in support now exceeds the performance and configuration options of the third-party integration. It just gets in the way of libinput.
More logical bundling of package installations and some more consistent use of code blocks. One command per block is my stride.
12-04-2018
I no longer encourage the use of MultiLib.
Added a step to fetch and install the Aurman signature.
09-25-2018
- Added useful Pacman hook for testing the new entries in
pacman-mirrorlist
according to predefined criterea. Credits: Tead.
08-23-2018
Swapped out Yaourt
in favor of Aurman
. It is no longer recommended to use Yaourt as your package manager since it hasn't received updates or security review in a very long time.
Added document history for transparency sake.
Comments