User:Cvlc/Notes/Installation guide

From ArchWiki
Warning: WIP Do not follow (yet...)

Pre-installation

Acquire an installation image

Verify signature

Prepare an installation medium

Boot the live environment

Set the keyboard layout

Verify the boot mode

Connect to the internet

Update the system clock

Partition the disks

Tip: Check that your disk reports the correct sector size

Partition layout

UEFI with GPT
Partition Partition type Size Mount point
/dev/nvme0n1p1 EFI system partition 300 MiB /mnt/boot
/dev/nvme0n1p2 Linux x86-64 root (/) Remainder of the device /mnt
Warning: If you create a new partition table on a disk with data on it, it will erase all the data on the disk. Make sure this is what you want to do.
# fdisk /dev/nvme0n1
  • Type g to create a new GUID Partition Table and clear all current partition data.
  • Type n to create the EFI system partition :
    • Press Enter twice to use defaults for Partition number and First sector
    • Enter +300M for Last sector
    • Type t and set Partition type to 1 (EFI System Partition)
  • Type n to create the root partition :
    • Press Enter three times to use defaults for Partition number, First sector and Last sector. This will use all the remaining space.
    • Type t, Enter to select partition 2, and set Partition type to 23 (Linux Root x86-64)
  • Type p to check the layout :
Device          Start        End   Sectors   Size Type
/dev/nvme0n1p1    256      77055     76800   300M EFI System
/dev/nvme0n1p2  77056    1310714       ...    ..G Linux Root x86-64
  • If this is correct, type w to write the changes to disk.

Encryption setup

# cryptsetup luksFormat --label Root /dev/nvme0n1p2
# cryptsetup --allow-discards --perf-no_read_workqueue --perf-no_write_workqueue --persistent open /dev/disk/by-label/Root root

See Dm-crypt/Specialties #Discard/TRIM support for solid state drives (SSD) and Dm-crypt/Specialties #Disable workqueue for increased solid state drive (SSD) performance

Optional: create a keyfile on a USB device

This creates a physical key, which when plugged in before boot will automatically unlock the computer, without prompting for the Luks password.

# mkfs.fat /dev/sdX -n KEYDEV
# mount /dev/disk/by-label/KEYDEV /mnt
# dd bs=512 count=4 if=/dev/random of=/mnt/mykeyfile iflag=fullblock
# chmod 600 /mnt/mykeyfile
# cryptsetup luksAddKey /dev/disk/by-label/Root /mnt/mykeyfile
# umount /mnt

Format the partitions

# mkfs.fat -F 32 -n ESP /dev/nvme0n1p1
# mkfs.btrfs -L Arch /dev/mapper/root

Create subvolumes

# mount /dev/mapper/root /mnt
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# btrfs subvolume create /mnt/@var_cache
# btrfs subvolume create /mnt/@var_log
# btrfs subvolume create /mnt/@var_tmp
# btrfs subvolume create /mnt/@snap_root
# btrfs subvolume create /mnt/@snap_username
Tip: You can create all subvolumes in one command with for i in {@,@home,@var_{cache,log,tmp},@snap_{root,username}}; do btrfs subvolume create /mnt/"$i"; done

See Snapper#Suggested_filesystem_layout and User talk:Lahwaacz#Btrfs layout

Set the default subvolume to @ :

# btrfs subvolume set-default /mnt/@ 

Unmount the toplevel subvolume

# umount /mnt

Mount the file systems

We will use zstd compression, and asynchronous discard as mount options. No need to specify them again for subvolumes other than root, as they will inherit them by design.

# mount -o compress-force=zstd,discard=async /dev/mapper/root /mnt

# mkdir -p /mnt/{boot,home,var/{cache,log,tmp}}

# mount -o subvol=@home /dev/mapper/root /mnt/home
# mount -o subvol=@var_cache /dev/mapper/root /mnt/var/cache
# mount -o subvol=@var_log /dev/mapper/root /mnt/var/log
# mount -o subvol=@var_tmp /dev/mapper/root /mnt/var/tmp

Don't forget to mount the EFI system partition

# mount /dev/disk/by-label/ESP /mnt/boot

info on discard option.

Installation

Select the mirrors

Install essential packages

# pacstrap /mnt base linux nano btrfs-progs snapper networkmanager iwd systemd-resolvconf reflector bash-completion sudo pacman-contrib base-devel git intel-ucode sof-firmware
Tip: intel-ucode and sof-firmware are device specific (Intel)

Configure the system

Fstab

Manually modify the fstab file to keep it simple. Entries for / and /boot are not necessary thanks to [1]:

# nano /mnt/etc/fstab
/mnt/etc/fstab
# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>

LABEL=Arch	/home     	btrfs	rw,subvol=@home		0 0
LABEL=Arch	/var/cache     	btrfs	rw,subvol=@var_cache	0 0
LABEL=Arch	/var/log     	btrfs	rw,subvol=@var_log	0 0
LABEL=Arch	/var/tmp     	btrfs	rw,subvol=@var_tmp	0 0

Chroot

Time zone

Localization

Network configuration

Create the hostname file:

/etc/hostname
myhostname

Enable NetworkManager (for Gnome integration) with the newer iwd backend instead of wpa_supplicant, and systemd-resolved for Name Resolution:

# systemctl enable systemd-resolved NetworkManager
# systemctl mask wpa_supplicant

Enable the iwd backend by creating the following drop-in configuration file

/etc/NetworkManager/conf.d/wifi_backend.conf
[device]
wifi.backend=iwd

Unmount /etc/resolv.conf to create the symlink for systemd-resolved

# umount /etc/resolve.conf
# ln -sf /run/systemd/resolve/stub-resolve.conf /etc/resolve.conf

Initramfs

Modify the MODULES and HOOKS variables in /etc/mkinitcpio.conf :

/etc/mkinicpio.conf
MODULES=(i915 vfat btrfs)
HOOKS=(systemd autodetect modconf block keyboard sd-vconsole sd-encrypt)
Tip: MODULES=() is specific to my setup :

For mkinitcpio to create Unified kernel images, add / modify the following lines in /etc/mkinitcpio.d/linux.preset

/etc/mkinitcpio.d/linux.preset
...
ALL_microcode=(/boot/*-ucode.img)
...
default_efi_image="/boot/EFI/Linux/archlinux-linux.efi"
default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp"
..
fallback_efi_image="/boot/EFI/Linux/archlinux-linux-fallback.efi"
fallback_options="-S autodetect --splash /usr/share/systemd/bootctl/splash-arch.bmp"

Set the Kernel parameters :

/etc/kernel/cmdline
root=/dev/mapper/root rootflags=compress-force=zstd,discard=async rw quiet bgrt_disable
Note: root=/dev/mapper/root is necessary despite [2], otherwise the options compress-force and discard=async will not be respected. See [3]

Optional: If a USB key-file was created, create /etc/crypttab.initramfs :

/etc/crypttab.initramfs
# <name>      <device>      <password>              <options>
root	      LABEL=Root    /keyfile:LABEL=KEYDEV    keyfile-timeout=10s

Wait after installing the bootloader to regenerate the initramfs, so that the EFI folders are available.

Root password

Boot loader

Use bootctl to install systemd-boot into the EFI system partition by running:

# bootctl install
# systemctl enable systemd-boot-update.service

Adjust the loader configuration to disable the editor for safety reasons. see loader.conf(5)

/boot/loader/loader.conf
editor no

Recreate the initramfs image:

# mkinitcpio -P

Reboot

Post-installation

See User:Cvlc/Notes/General_recommendations