User:Soloturn/Quick Installation guide UEFI

From ArchWiki

This installation guide installs Arch Linux on a System with three partitions EFI, root, and home. Dual boot with windows 10 is possible, as well install on a USB disk or memory stick. No legacy technologies are considered, please use Installation Guide in such a case.

Format disk and mount partitions

Best do it with GParted and create the following partitions or make sure they exist:

  • the partition table is GPT
  • the EFI partition is FAT32, around 250MB
  • the root partition is ext4, around 50GB
  • the home partition is ext4, rest of the disk

rEFInd is used to find existing kernels resp operating systems to boot. reuse the existing EFI partition created by microsoft windows is possible. mount the root partition and the EFI partition into it.

mount /dev/sda5 /mnt
mkdir /mnt/efi
mount /dev/sda3 /mnt/efi

Install Arch

a user is created which is "archie"

export myuser=archie
export myhostname=hostn
pacstrap /mnt base linux
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt/
pacman -S perl
LANG=C perl -i -pe 's/#(de_CH.UTF)/$1/' /etc/locale.gen
LANG=C perl -i -pe 's/#(en_US.UTF)/$1/' /etc/locale.gen
LANG=C perl -i -pe 's/#(fr_CH.UTF)/$1/' /etc/locale.gen
locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
echo 'KEYMAP=de_CH-latin1' > /etc/vconsole.conf
localectl --no-convert set-x11-keymap ch
ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
echo $myhostname > /etc/hostname
pacman -S dialog wpa_supplicant refind
mkdir -p /efi/EFI/Boot
cp /usr/share/refind/refind_x64.efi /efi/EFI/Boot/bootx64.efi
cp -r /usr/share/refind/drivers_x64/ /efi/EFI/Boot/
echo 'extra_kernel_version_strings linux,linux-hardened,linux-lts,linux-zen,linux-git;' > /efi/EFI/Boot/refind.conf
echo 'fold_linux_kernels false' >> /efi/EFI/Boot/refind.conf
echo 'default_selection "linux from"' >> /efi/EFI/Boot/refind.conf
passwd
useradd -m -G wheel -s /bin/bash $myuser
passwd $myuser
pacman -S sudo git binutils
perl -i -pe 's/# (%wheel ALL=\(ALL\) ALL)/$1/' /etc/sudoers
# swap
dd if=/dev/zero of=/var/swap.img bs=1024k count=4000
mkswap /var/swap.img
echo "/var/swap.img    none    swap    sw    0    0" >> /etc/fstab
# clone dotfiles
su - $myuser
cd
git init
echo '.*' >> .git/info/exclude
git remote add origin https://github.com/soloturn/dotfiles.git
git fetch -p --all
git checkout master
git reset --hard origin/master
git remote set-url origin git@github.com:soloturn/dotfiles.git
exit
# install same packages as existing arch system
pacman -S --needed - < /home/${myuser}/.config/pkglist-abs.txt
cd /tmp
git clone https://aur.archlinux.org/paru-bin.git
cd paru-bin
makepkg -si
paru -S --needed - < /home/${myuser}/.config/pkglist-aur.txt

this is for android

groupadd android-sdk
gpasswd -a $myuser android-sdk
mkdir /opt/android-sdk
setfacl -R -m g:android-sdk:rwX /opt/android-sdk
setfacl -m d:g:android-sdk:rwX /opt/android-sdk
# this is for node.js, npm, and does not work
# because of https://npm.community/t/linux-setfacl-is-defeated-by-npm/9156 
paru -S npm
setfacl -d -m g:root:rX /usr/lib/node_modules/

reboot and configure

store pkglist to later install same packages from existing arch installation

become your user, check and update the package lists from repo if necessary

cd
pacman -Qqen > ~/.config/pkglist-abs.txt
pacman -Qqem > ~/.config/pkglist-aur.txt
git diff

if windows is installed

If windows is installed it might take precedence, so add an entry for the UEFI partitions rEFInd boot loader and set it after the USB device boot as second option. in the order just take the last number listed by efibootmgr:

# efibootmgr
# efibootmgr -v
# efibootmgr --create --disk /dev/sda --part 3 --loader /EFI/Boot/bootx64.efi --label "rEFInd local boot"
# efibootmgr -o 0,4,1

in case the bios does not let the order change via efibootmgr, go to the bios and alter the boot order there.

miscellaneous: network, firewall, time, date

set uncomplicated Firewall rules, network config for netctl, show week number, activate network time protocol, show hide button on right side of windows.

sudo systemctl enable gdm
sudo ufw default deny
sudo ufw allow from 192.168.0.0/24
sudo ufw limit ssh
sudo ufw enable
sudo systemctl enable NetworkManager
gsettings set org.gnome.desktop.interface clock-show-date true 
gsettings set org.gnome.desktop.calendar show-weekdate true
timedatectl set-ntp true
gsettings set org.gnome.desktop.wm.preferences button-layout ":minimize,close"

alternative: systemd netctl

# wifi-menu
$ sudo systemctl enable netctl-auto@wlp4s0.service

maintain

regular commands

upgrade, delete everything not installed from package cache, delete orphans

$ paru -Syu
$ paru -Sc
$ pacman -Qdtq | xargs paru -Rsn --noconfirm
$ sudo pacman -Sy archlinux-keyring 
$ paru -S archlinux-keyring
> pacman -Qdtq | xargs paru -Rsn --noconfirm

add another user

add an admin user. if not admin, do not put into group wheel. also add group to do android development:

useradd -m -G wheel -s /bin/bash $myuser
passwd $myuser
gpasswd -a $myuser android-sdk

acl

remove acl and default acl for group android-sdk, recursive:

setfacl -R -x d:g:android-sdk /opt/android-sdk
setfacl -R -x g:android-sdk /opt/android-sdk

remove all acl, recursive:

setfacl -R -b /opt/android-sdk

open up an existing directory for a group, e.g. users, set actual and default acl recursive:

setfacl -R -m g:users:rwX /home/groupdrive
setfacl -R -m d:g:users:rwX /home/groupdrive

wipe data, ssd, disk

nonzero lsblk disc-gran shows TRIM support. especially for external ssd, check if TRIM is supported, see Solid_state_drive#External_SSD_with_TRIM_support.

lsblk --discard
sg_readcap -l /dev/sdX
sg_vpd -a /dev/sdX

podman

sudo usermod --add-subuids 100000-150000 --add-subgids 100000-150000 username
podman system migrate

in /etc/containers/storage.conf comment so overlay is not used

#mountopt = "nodev"

and reset

podman --storage-driver overlay system reset