From b76d7cac6977d8d73f02252d0c267347d584221a Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Tue, 29 Jun 2021 18:18:54 +0200 Subject: [PATCH 01/10] fix md formatting --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a8d7b7c..eed186c 100644 --- a/README.md +++ b/README.md @@ -74,9 +74,9 @@ For setting up different locale than pl check official guide >btrfs su cr /mnt/@snapshots #### disable copy on write on var, tmp and swap ->chattr +C /mnt/@var ->chattr +C /mnt/@tmp ->chattr +C /mnt/@swap +>chattr +C /mnt/@var +>chattr +C /mnt/@tmp +>chattr +C /mnt/@swap >umount /mnt From b31ef40510d5dc11a7c222650b8b3a52180464e7 Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Tue, 29 Jun 2021 18:35:36 +0200 Subject: [PATCH 02/10] typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eed186c..54c3a43 100644 --- a/README.md +++ b/README.md @@ -219,7 +219,7 @@ For setting up different locale than pl check official guide ### Find UUID (PARTUUID for /dev/sdX2) of crypto partition so we can add it to grub config >blkid ### Now set this line including proper UUID in place of "\": -####(temporarly you cen use /dev/sdX2 in place of UUID and change it later easy in gui mode) +#### (temporarly you can use /dev/sdX2 in place of UUID and change it later easy in gui mode) >/etc/default/grub >>GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards ### allow-discards is only for ssd From 36c057967bfebfc181d73e68644dddb28c945cd1 Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Tue, 29 Jun 2021 19:00:33 +0200 Subject: [PATCH 03/10] update luks comment --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 54c3a43..ee7b138 100644 --- a/README.md +++ b/README.md @@ -38,8 +38,8 @@ For setting up different locale than pl check official guide ### ----------------- encryption (optional) ------------------ ### Setup the encryption of the system, don't use letters outside en-us keyboard like ąęć etc. for password -### Grub have partial support for luks2 now, but can handle only pbkdf2 ->cryptsetup -c=aes-xts-plain64 --key-size=512 --hash=sha512 --iter-time=3000 --pbkdf=pbkdf2 --use-random luksFormat --type=luks2 /dev/sdX2 +### Grub have some kind of support for luks2 now but still cannot decrypt luks2, so specify luks1 for now +>cryptsetup -c=aes-xts-plain64 --key-size=512 --hash=sha512 --iter-time=3000 --pbkdf=pbkdf2 --use-random luksFormat --type=luks1 /dev/sdX2 >cryptsetup luksOpen /dev/sdX2 MainPart @@ -221,7 +221,7 @@ For setting up different locale than pl check official guide ### Now set this line including proper UUID in place of "\": #### (temporarly you can use /dev/sdX2 in place of UUID and change it later easy in gui mode) >/etc/default/grub ->>GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards +>>GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards" ### allow-discards is only for ssd ### Generate key so grub don't ask twice for password on boot From a9016595841d2902f5de6b443a21cffe3430b2bc Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Tue, 29 Jun 2021 19:35:38 +0200 Subject: [PATCH 04/10] correct comment --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ee7b138..1352af6 100644 --- a/README.md +++ b/README.md @@ -219,7 +219,7 @@ For setting up different locale than pl check official guide ### Find UUID (PARTUUID for /dev/sdX2) of crypto partition so we can add it to grub config >blkid ### Now set this line including proper UUID in place of "\": -#### (temporarly you can use /dev/sdX2 in place of UUID and change it later easy in gui mode) +#### (temporarly you can use /dev/sdX2 in place of "UUID=\" and change it later easy in gui mode) >/etc/default/grub >>GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards" ### allow-discards is only for ssd From 2eb3d0c37446d349a3f2f17727d92c7f9a0338f6 Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Wed, 30 Jun 2021 17:57:40 +0200 Subject: [PATCH 05/10] UUID, not PARTUUID --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1352af6..0854905 100644 --- a/README.md +++ b/README.md @@ -216,7 +216,7 @@ For setting up different locale than pl check official guide ### -------------encryption only--------------------- >nano /etc/default/grub >>GRUB_ENABLE_CRYPTODISK=y -### Find UUID (PARTUUID for /dev/sdX2) of crypto partition so we can add it to grub config +### Find UUID (UUID for /dev/sdX2) of crypto partition so we can add it to grub config >blkid ### Now set this line including proper UUID in place of "\": #### (temporarly you can use /dev/sdX2 in place of "UUID=\" and change it later easy in gui mode) From 8e8d57a1f27e20abc3cf9eaac536f6e98407700e Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Sun, 25 Jul 2021 16:20:59 +0200 Subject: [PATCH 06/10] Update locales conf, update markdown formatting --- README.md | 372 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 217 insertions(+), 155 deletions(-) diff --git a/README.md b/README.md index 0854905..975fe56 100644 --- a/README.md +++ b/README.md @@ -1,260 +1,322 @@ # Install Arch Linux with encrypted filesystem(optional) and on btrfs partition (UEFI) Official guide for basic install: [https://wiki.archlinux.org/index.php/Installation_Guide](https://wiki.archlinux.org/index.php/Installation_Guide) it is always good to consult with official guide, cause arch config might change in time -For setting up different locale than pl check official guide +For setting up different locale, check official guide # 1. Boot ISO ### Download the ISO file from [https://www.archlinux.org](https://www.archlinux.org/) ### Put on pedrive ->dd if=archlinux.img of=/dev/sdX bs=16M && sync - +```bash +dd if=archlinux.img of=/dev/sdX bs=16M && sync +``` ### Boot from the usb. ### Set keymap ->loadkeys pl - +```bash +loadkeys pl +``` ### Update clock ->timedatectl set-ntp true - -### Optionally (recommended) update mirrorlist ->reflector --country 'Poland' --age 24 --verbose --sort rate --save /etc/pacman.d/mirrorlist - +```bash +timedatectl set-ntp true +``` +### Optionally (recommended) update mirrorlist +```bash +reflector --country 'Poland' --age 24 --verbose --sort rate --save /etc/pacman.d/mirrorlist +``` # 2. Prepare Disk ### Update btrfs-progs ->pacman -Syy btrfs-progs - -### Display disks setup ->fdisk -l - +```bash +pacman -Syy btrfs-progs +``` +### Display disks setup +```bash +fdisk -l +``` ### Create partitions (if you have not already) ->fdisk /dev/sdX +```bash +fdisk /dev/sdX +``` 1. 100MB EFI partition 2. 100% size partiton # ( encrypted optionally) for BTRFS, this partition will require formatting AFTER encryption if you do encryption ### Swap will be as file in its own subvolume - ->mkfs.vfat -F32 /dev/sdX1 +```bash +mkfs.vfat -F32 /dev/sdX1 +``` ### ----------------- encryption (optional) ------------------ ### Setup the encryption of the system, don't use letters outside en-us keyboard like ąęć etc. for password ### Grub have some kind of support for luks2 now but still cannot decrypt luks2, so specify luks1 for now ->cryptsetup -c=aes-xts-plain64 --key-size=512 --hash=sha512 --iter-time=3000 --pbkdf=pbkdf2 --use-random luksFormat --type=luks1 /dev/sdX2 +```bash +cryptsetup -c=aes-xts-plain64 --key-size=512 --hash=sha512 --iter-time=3000 --pbkdf=pbkdf2 --use-random luksFormat --type=luks1 /dev/sdX2 ->cryptsetup luksOpen /dev/sdX2 MainPart - +cryptsetup luksOpen /dev/sdX2 MainPart +``` ### Formatting as btrfs now when it is already encrypted ->mkfs.btrfs -L "Arch Linux" /dev/mapper/MainPart - +```bash +mkfs.btrfs -L "Arch Linux" /dev/mapper/MainPart +``` ### ---------------- end of encryption ------------------------ ### Format the partition if not yet formatted: ->pacman -Syy btrfs-progs +```bash +pacman -Syy btrfs-progs ->mkfs.btrfs -L "Arch Linux" /dev/sdX2 - +mkfs.btrfs -L "Arch Linux" /dev/sdX2 +``` ### Mount partition to be able to create btrfs subvolumes ### If using encryption, change /dev/sdX2 to /dev/mapper/MainPart: ->mount /dev/sdX2 /mnt - +```bash +mount /dev/sdX2 /mnt +``` ## Create subvolumes ### Using more complicated sheme, (but there actually is only need for separate @swap subvolume , other files can be on default top subvolume) - ->btrfs su cr /mnt/@ +```bash +btrfs su cr /mnt/@ ->btrfs su cr /mnt/@swap +btrfs su cr /mnt/@swap ->btrfs su cr /mnt/@home +btrfs su cr /mnt/@home ->btrfs su cr /mnt/@var +btrfs su cr /mnt/@var ->btrfs su cr /mnt/@tmp - ->btrfs su cr /mnt/@snapshots +btrfs su cr /mnt/@tmp +btrfs su cr /mnt/@snapshots +``` #### disable copy on write on var, tmp and swap ->chattr +C /mnt/@var ->chattr +C /mnt/@tmp ->chattr +C /mnt/@swap +```bash +chattr +C /mnt/@var +chattr +C /mnt/@tmp +chattr +C /mnt/@swap ->umount /mnt - +umount /mnt +``` ### If using encryption, change /dev/sdX2 to /dev/mapper/MainPart: ->mount -o defaults,noatime,discard,ssd,subvol=@ /dev/sdX2 /mnt +```bash +mount -o defaults,noatime,discard,ssd,subvol=@ /dev/sdX2 /mnt ->mkdir /mnt/swap +mkdir /mnt/swap ->mkdir /mnt/home +mkdir /mnt/home ->mkdir /mnt/var +mkdir /mnt/var ->mkdir /mnt/tmp +mkdir /mnt/tmp ->mkdir /mnt/snapshots +mkdir /mnt/snapshots ->mkdir /mnt/efi # for EFI partition /dev/sdX1 - +mkdir /mnt/efi # for EFI partition /dev/sdX1 + ``` ### If using encryption, change /dev/sdX2 to /dev/mapper/MainPart ### for swap subvolume add nodatacow option to disable CoW (works only if its separate partition) ### Discard ssd and noatime are for ssd disks only +```bash +mount -o defaults,noatime,nodatacow,discard,ssd,subvol=@swap /dev/sdX2 /mnt/swap + +mount -o defaults,noatime,discard,ssd,subvol=@home /dev/sdX2 /mnt/home + +mount -o defaults,noatime,discard,ssd,subvol=@var /dev/sdX2 /mnt/var + +mount -o defaults,noatime,discard,ssd,subvol=@tmp /dev/sdX2 /mnt/tmp + +mount -o defaults,noatime,discard,ssd,subvol=@snapshots /dev/sdX2 /mnt/snapshots + +mount /dev/sdX1 /mnt/efi ->mount -o defaults,noatime,nodatacow,discard,ssd,subvol=@swap /dev/sdX2 /mnt/swap - ->mount -o defaults,noatime,discard,ssd,subvol=@home /dev/sdX2 /mnt/home - ->mount -o defaults,noatime,discard,ssd,subvol=@var /dev/sdX2 /mnt/var - ->mount -o defaults,noatime,discard,ssd,subvol=@tmp /dev/sdX2 /mnt/tmp - ->mount -o defaults,noatime,discard,ssd,subvol=@snapshots /dev/sdX2 /mnt/snapshots - ->mount /dev/sdX1 /mnt/efi - - +``` # 3. Install Arch Linux ### Select the mirror to be used if not updated with reflector on start ->nano /etc/pacman.d/mirrorlist - +```bash +nano /etc/pacman.d/mirrorlist +``` ### This command can be customized with additional packages ->pacstrap /mnt/ base base-devel git btrfs-progs efibootmgr linux linux-headers linux-firmware mkinitcpio dhcpcd bash-completion sudo - -### Use genfstab with -U parameter if no encryption ->genfstab /mnt >> /mnt/etc/fstab - -### If using swapfile check if nodatacow is added for @swap ->nano /mnt/etc/fstab - +```bash +pacstrap /mnt/ base base-devel git btrfs-progs efibootmgr linux linux-headers linux-firmware mkinitcpio dhcpcd bash-completion sudo + ``` +### Use genfstab with -U parameter if no encryption +```bash +genfstab /mnt >> /mnt/etc/fstab + ``` +### If using swapfile check if nodatacow is added for @swap +```bash +vim /mnt/etc/fstab + ``` # 4. Configure the system ### Switch to installed system root user ->arch-chroot /mnt /bin/bash +```bash +arch-chroot /mnt /bin/bash +``` ### Nano can be usefull when editing config files ->pacman -Syy nano - +```bash +pacman -Syy nano + ``` ### Setup system clock ->ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime - +```bash +ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime +``` >hwclock --systohc --utc -### Set the hostname ->/etc/hostname ->>myhostname - -### Edit vconsole ->/etc/vconsole.conf ->>KEYMAP=pl ->>FONT=Lat2-Terminus16.psfu.gz ->>FONT_MAP=8859-2 - +### Set the hostname in `/etc/hostname` +```test +myhostname + ``` +### Edit vconsole in `/etc/vconsole.conf` +```text +KEYMAP=pl +FONT=Lat2-Terminus16.psfu.gz +FONT_MAP=8859-2 +``` ### Setup locale -### Uncomment pl_PL.UTF-8 in /etc/locale.gen and then: ->locale-gen - -### Update locale ->/etc/locale.conf ->>LANG=pl_PL.UTF-8 ->>LC_ALL=pl_PL.UTF-8 - -### Hosts ->/etc/hosts ->>127.0.0.1 localhost ->>::1 localhost ->>127.0.1.1 myhostname.localdomain myhostname - +### Uncomment pl_PL.UTF-8 in /etc/locale.gen and then run: +```bash +locale-gen + ``` +### Update locale in `etc/locale.conf` +```text +LANG=en_US.UTF-8 +LC_COLLATE=pl_PL.UTF-8 +LC_MEASUREMENT=pl_PL.UTF-8 +LC_MONETARY=pl_PL.UTF-8 +LC_NUMERIC=pl_PL.UTF-8 +LC_TIME=pl_PL.UTF-8 + ``` +### Hosts in `/etc/hosts` +```text +127.0.0.1 localhost +::1 localhost +127.0.1.1 myhostname.localdomain myhostname + ``` ### Now create 4GiB swap file. nodatacow is already on @swap but if you follow exactly then @swap is on same partition as other subvolumes and nodatacow will not work for whole subvolume so you need to disavle CoW manualy : ->touch /swap/swapfile +```bash +touch /swap/swapfile +``` ### Check if C attribute is enabled with ->lsattr /swap/swapfile' - +```bash +lsattr /swap/swapfile' +``` ### If not then disable COW for swapfile manually: ->chattr +C /swap/swapfile - +```bash +chattr +C /swap/swapfile + ``` ### Expanding empty file to 4GiB swap file ->dd if=/dev/zero of=/swap/swapfile bs=1024K count=4096 - ->chmod 600 /swap/swapfile +```bash +dd if=/dev/zero of=/swap/swapfile bs=1024K count=4096 +chmod 600 /swap/swapfile + ``` ### Format the swap file. ->mkswap /swap/swapfile - +```bash +mkswap /swap/swapfile + ``` ### Turn swap file on. ->swapon /swap/swapfile - -### You also need to update /etc/fstab to mount swapfile on boot: ->/etc/fstab ->>/swap/swapfile none swap sw 0 0 - +```bash +swapon /swap/swapfile +``` +### You also need to update `/etc/fstab` to mount swapfile on boot: +```text +/swap/swapfile none swap sw 0 0 + ``` ### Set password for root ->passwd +```bash +passwd +``` ### Add real user ->useradd -m MYUSERNAME - ->passwd MYUSERNAME - +```bash +useradd -m MYUSERNAME +passwd MYUSERNAME + ``` ### Configure mkinitcpio with modules needed for the initrd image ->nano /etc/mkinitcpio.conf +```bash +vim /etc/mkinitcpio.conf +``` ### Remove 'fsck' and add 'keyboard', 'keymap', 'encrypt' and 'btrfs' to HOOKS before filesystems ### If no encryption then only remove fsck and add on that place btrfs ->HOOKS=(... keyboard keymap block encrypt btrfs ... filesystems ...) - +```text +HOOKS=(... keyboard keymap block encrypt btrfs ... filesystems ...) + ``` ###### optionally add BINARIES=(/usr/bin/btrfs) for rescue? -### Regenerate initrd images ->mkinitcpio -P - +### Regenerate initrd images +```bash +mkinitcpio -P + ``` # 5. Install bootloader ### Setup grub (UEFI) ->pacman -S grub efibootmgr os-prober dosfstools mtools - +```bash +pacman -S grub efibootmgr os-prober dosfstools mtools + ``` ### -------------encryption only--------------------- ->nano /etc/default/grub ->>GRUB_ENABLE_CRYPTODISK=y +#### edit `/etc/default/grub` +```text +GRUB_ENABLE_CRYPTODISK=y +``` ### Find UUID (UUID for /dev/sdX2) of crypto partition so we can add it to grub config ->blkid +```bash +blkid +``` ### Now set this line including proper UUID in place of "\": #### (temporarly you can use /dev/sdX2 in place of "UUID=\" and change it later easy in gui mode) ->/etc/default/grub ->>GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards" +edit `/etc/default/grub` +```text +GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards" +``` ### allow-discards is only for ssd ### Generate key so grub don't ask twice for password on boot ->dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock ->chmod 600 /crypto_keyfile.bin ->chmod 600 /boot/initramfs-linux* ->cryptsetup luksAddKey /dev/sdX2 /crypto_keyfile.bin +```bash +dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock +chmod 600 /crypto_keyfile.bin +chmod 600 /boot/initramfs-linux* +cryptsetup luksAddKey /dev/sdX2 /crypto_keyfile.bin +``` ### If you change name of key file there is need to add kernel parameter like cryptkey=rootfs:path ### Crypto_keyfile.bin is the default name that kernel will guess anyway -### Now add this file to mkinitcpio.conf ->/etc/mkinitcpio.conf ->>FILES=(/crypto_keyfile.bin) - ->mkinitcpio -P +### Now add this file to `/etc/mkinitcpio.conf` +```text +FILES=(/crypto_keyfile.bin) +``` +then run: +```bash +mkinitcpio -P +``` ### -------------encryption end--------------------- ### Install ->grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB ->grub-mkconfig -o /boot/grub/grub.cfg - +```bash +grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB +grub-mkconfig -o /boot/grub/grub.cfg + ``` ### Exit new system ->exit - +```bash +exit + ``` ### Unmount all partitions ->swapoff -a ->umount -R /mnt +```bash +swapoff -a +umount -R /mnt +``` ### Reboot into the new system, don't forget to remove the CD/pendrive ->reboot +```bash +reboot +``` ### or ->shutdown now - +```bash +shutdown now + ``` ## Addtitional tips ### To get proper locale and keymap, check: ->localectl status +```bash +localectl status +``` ### On KDE plasma , also set settings > ... > keyboard layout && regional settings From 97455800f4cedbbc48fd962a07221acde663b61b Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Tue, 9 Nov 2021 09:48:56 +0100 Subject: [PATCH 07/10] markdown fix --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 975fe56..1bed438 100644 --- a/README.md +++ b/README.md @@ -161,8 +161,9 @@ pacman -Syy nano ### Setup system clock ```bash ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime + +hwclock --systohc --utc ``` ->hwclock --systohc --utc ### Set the hostname in `/etc/hostname` ```test From f32097bc53aa5dc8388e68d5e6c43862edde72cc Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Wed, 16 Feb 2022 21:10:29 +0100 Subject: [PATCH 08/10] Small rework --- README.md | 509 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 336 insertions(+), 173 deletions(-) diff --git a/README.md b/README.md index 1bed438..a5a6916 100644 --- a/README.md +++ b/README.md @@ -1,186 +1,257 @@ -# Install Arch Linux with encrypted filesystem(optional) and on btrfs partition (UEFI) -Official guide for basic install: [https://wiki.archlinux.org/index.php/Installation_Guide](https://wiki.archlinux.org/index.php/Installation_Guide) +# ArchLinux install encrypted btrfs + +# Install Arch Linux on EFI system with full filesystem (including /boot) encrypted and on btrfs partition + +Official guide for basic install: [https://wiki.archlinux.org/index.php/Installation\_Guide](https://wiki.archlinux.org/index.php/Installation_Guide) it is always good to consult with official guide, cause arch config might change in time -For setting up different locale, check official guide - -# 1. Boot ISO -### Download the ISO file from [https://www.archlinux.org](https://www.archlinux.org/) -### Put on pedrive +For setting up different locale, or better explanations check out Arch Wiki + +## 1. Boot ISO + +#### Download the ISO file from [https://www.archlinux.org](https://www.archlinux.org/) + +#### Put on pendrive + ```bash -dd if=archlinux.img of=/dev/sdX bs=16M && sync +dd if=archlinux.img of=/dev/sdX bs=16M && sync ``` -### Boot from the usb. - -### Set keymap + +#### Boot from the USB. + +#### Optional (**experimental** approach to have desktop environment during install): + +##### Extend writable space so you can install basic desktop in live environment and for example use gparted for partitioning or open this tutorial in web browser or whatever you want. + +

Remember this area is saved in your RAM, so make sure you have enough of it

+ +``` +mount -o remount,size=5G /run/archiso/cowspace + +pacman -Syy plasma-desktop glibc konsole xorg +pacman -Scc + +startplasma-wayland +``` + +#### Set key map + ```bash loadkeys pl ``` -### Update clock + +#### Update clock + ```bash timedatectl set-ntp true ``` -### Optionally (recommended) update mirrorlist + +#### Optionally (recommended) update mirrorlist + ```bash reflector --country 'Poland' --age 24 --verbose --sort rate --save /etc/pacman.d/mirrorlist ``` - # 2. Prepare Disk -### Update btrfs-progs +## 2. Prepare Disk + +#### Update btrfs-progs + ```bash -pacman -Syy btrfs-progs +pacman -Syy btrfs-progs ``` -### Display disks setup + +#### Display disks and partitions + ```bash -fdisk -l +lsblk ``` -### Create partitions (if you have not already) + +#### Create partitions (if you have not already) + ```bash fdisk /dev/sdX ``` -1. 100MB EFI partition -2. 100% size partiton # ( encrypted optionally) for BTRFS, this partition will require formatting AFTER encryption if you do encryption -### Swap will be as file in its own subvolume -```bash -mkfs.vfat -F32 /dev/sdX1 + +1. 100MB EFI partition +2. 100% size partiton # ( encrypted optionally) for BTRFS partition, this partition will require formatting AFTER encryption if you do encryption + +##### Swap will bin in file with CoW disabled, which will be prepared later + +#### Format EFI partition + +```Bash +mkfs.vfat -F32 /dev/sdX1 ``` - -### ----------------- encryption (optional) ------------------ - -### Setup the encryption of the system, don't use letters outside en-us keyboard like ąęć etc. for password -### Grub have some kind of support for luks2 now but still cannot decrypt luks2, so specify luks1 for now + +##### ----------------- encryption (optional) ------------------ + + +#### Setup the encryption of the system, + +

Don't use regional letters (not in en-us keyboard) like ąęć etc. for password. This requires additional steps, which are not covered by this tutorial.

+ +#### Grub have some kind of support for luks2, but not entirely, so for more fail-safe setup use luks1 + ```bash cryptsetup -c=aes-xts-plain64 --key-size=512 --hash=sha512 --iter-time=3000 --pbkdf=pbkdf2 --use-random luksFormat --type=luks1 /dev/sdX2 -cryptsetup luksOpen /dev/sdX2 MainPart +cryptsetup luksOpen /dev/sdX2 MainPart ``` -### Formatting as btrfs now when it is already encrypted + +### Formatting as btrfs now when it is already encrypted + ```bash mkfs.btrfs -L "Arch Linux" /dev/mapper/MainPart ``` - -### ---------------- end of encryption ------------------------ - -### Format the partition if not yet formatted: + +##### ---------------- end of encryption ------------------------ + +#### Format the partition if not yet formatted: + ```bash pacman -Syy btrfs-progs mkfs.btrfs -L "Arch Linux" /dev/sdX2 ``` -### Mount partition to be able to create btrfs subvolumes -### If using encryption, change /dev/sdX2 to /dev/mapper/MainPart: + +#### Mount partition to be able to create btrfs subvolumes + +##### If using encryption, change **/dev/sdX2** to **/dev/mapper/MainPart**: + ```bash mount /dev/sdX2 /mnt ``` -## Create subvolumes -### Using more complicated sheme, (but there actually is only need for separate @swap subvolume , other files can be on default top subvolume) + +#### Create subvolumes + +##### This scheme can be adjusted to your needs, I'd suggest at least one subvolume for root (@) and one for snapshots (@snapshots). varlog and tmp are created to easily disable Copy on Write on` /var/log` and `/tmp`. + ```bash btrfs su cr /mnt/@ -btrfs su cr /mnt/@swap - btrfs su cr /mnt/@home -btrfs su cr /mnt/@var +btrfs su cr /mnt/@varlog btrfs su cr /mnt/@tmp btrfs su cr /mnt/@snapshots -``` -#### disable copy on write on var, tmp and swap -```bash -chattr +C /mnt/@var -chattr +C /mnt/@tmp -chattr +C /mnt/@swap -umount /mnt ``` -### If using encryption, change /dev/sdX2 to /dev/mapper/MainPart: + +##### Disable copy on write on `/var/log` and `/tmp` + +```bash +chattr +C /mnt/@varlog +chattr +C /mnt/@tmp +umount /mnt + +``` + +#### If using encryption, change **/dev/sdX2** to **/dev/mapper/MainPart**: + ```bash mount -o defaults,noatime,discard,ssd,subvol=@ /dev/sdX2 /mnt - -mkdir /mnt/swap mkdir /mnt/home -mkdir /mnt/var +mkdir -p /mnt/var/log mkdir /mnt/tmp mkdir /mnt/snapshots mkdir /mnt/efi # for EFI partition /dev/sdX1 - ``` -### If using encryption, change /dev/sdX2 to /dev/mapper/MainPart -### for swap subvolume add nodatacow option to disable CoW (works only if its separate partition) -### Discard ssd and noatime are for ssd disks only -```bash -mount -o defaults,noatime,nodatacow,discard,ssd,subvol=@swap /dev/sdX2 /mnt/swap - -mount -o defaults,noatime,discard,ssd,subvol=@home /dev/sdX2 /mnt/home - -mount -o defaults,noatime,discard,ssd,subvol=@var /dev/sdX2 /mnt/var - -mount -o defaults,noatime,discard,ssd,subvol=@tmp /dev/sdX2 /mnt/tmp - -mount -o defaults,noatime,discard,ssd,subvol=@snapshots /dev/sdX2 /mnt/snapshots - -mount /dev/sdX1 /mnt/efi - ``` -# 3. Install Arch Linux - -### Select the mirror to be used if not updated with reflector on start -```bash -nano /etc/pacman.d/mirrorlist -``` -### This command can be customized with additional packages -```bash -pacstrap /mnt/ base base-devel git btrfs-progs efibootmgr linux linux-headers linux-firmware mkinitcpio dhcpcd bash-completion sudo - ``` -### Use genfstab with -U parameter if no encryption -```bash -genfstab /mnt >> /mnt/etc/fstab - ``` -### If using swapfile check if nodatacow is added for @swap -```bash -vim /mnt/etc/fstab - ``` - -# 4. Configure the system - -### Switch to installed system root user +#### Discard and ssd options and are for ssd disks only + +#### If using encryption, change **/dev/sdX2** to **/dev/mapper/MainPart** + ```bash -arch-chroot /mnt /bin/bash +mount -o defaults,noatime,discard,ssd,subvol=@home /dev/sdX2 /mnt/home + +mount -o defaults,noatime,discard,ssd,subvol=@varlog /dev/sdX2 /mnt/var/log + +mount -o defaults,noatime,discard,ssd,subvol=@tmp /dev/sdX2 /mnt/tmp + +mount -o defaults,noatime,discard,ssd,subvol=@snapshots /dev/sdX2 /mnt/snapshots + +mount /dev/sdX1 /mnt/efi ``` - -### Nano can be usefull when editing config files + +# 3. Install Arch Linux + +#### Select the mirror to be used if not updated with reflector on start + ```bash -pacman -Syy nano - ``` -### Setup system clock +vim /etc/pacman.d/mirrorlist +``` + +#### Install base system: + +##### This command can be customized with additional packages (**btrfs-progs is necessary to let the system boot up from btrfs partition !**) + +```bash +pacstrap /mnt/ base base-devel git btrfs-progs efibootmgr linux linux-headers linux-firmware mkinitcpio dhcpcd bash-completion sudo +``` + +#### Generate fstab: + +##### Use genfstab with -U parameter if no encryption + +```bash +genfstab /mnt >> /mnt/etc/fstab +``` + +#### + +# 4. Configure the system + +#### Switch to installed system root user + +```bash +arch-chroot /mnt /bin/bash +``` + +#### Nano can be usefull when editing config files + +```bash +pacman -Syy nano +``` + +#### Setup system clock + ```bash ln -s /usr/share/zoneinfo/Europe/Warsaw /etc/localtime hwclock --systohc --utc ``` - -### Set the hostname in `/etc/hostname` + +#### Set the hostname in `/etc/hostname` + ```test -myhostname - ``` -### Edit vconsole in `/etc/vconsole.conf` +myhostname +``` + +#### Edit vconsole in `/etc/vconsole.conf` + ```text KEYMAP=pl FONT=Lat2-Terminus16.psfu.gz FONT_MAP=8859-2 + ``` -### Setup locale -### Uncomment pl_PL.UTF-8 in /etc/locale.gen and then run: + +#### Setup locale + +##### Uncomment pl\_PL.UTF-8 in /etc/locale.gen and then run: + ```bash -locale-gen - ``` -### Update locale in `etc/locale.conf` +locale-gen +``` + +#### Update locale in `etc/locale.conf` + ```text LANG=en_US.UTF-8 LC_COLLATE=pl_PL.UTF-8 @@ -188,136 +259,228 @@ LC_MEASUREMENT=pl_PL.UTF-8 LC_MONETARY=pl_PL.UTF-8 LC_NUMERIC=pl_PL.UTF-8 LC_TIME=pl_PL.UTF-8 - ``` -### Hosts in `/etc/hosts` + +``` + +#### Hosts in `/etc/hosts` + ```text 127.0.0.1 localhost ::1 localhost 127.0.1.1 myhostname.localdomain myhostname - ``` -### Now create 4GiB swap file. nodatacow is already on @swap but if you follow exactly then @swap is on same partition as other subvolumes and nodatacow will not work for whole subvolume so you need to disavle CoW manualy : + +``` + +#### Now create empty (with 0 size) swap file: + +#### Create separate folder for swapfile. This folder is needed to let you make snapshot of `/`, which would not be possible with any file in it with CoW disabled! + +``` +mkdir /swap + +chattr +C /swap +``` + +#### Copy on Write should always be disabled on swap file, so it will be done in the next step + ```bash touch /swap/swapfile ``` -### Check if C attribute is enabled with + +#### Check if C attribute is enabled (should be already if created in folder with disabled CoW attribute) + ```bash lsattr /swap/swapfile' ``` -### If not then disable COW for swapfile manually: + +#### If not then disable CoW for swapfile manually: + ```bash chattr +C /swap/swapfile - ``` -### Expanding empty file to 4GiB swap file +``` + +#### Expanding empty file to 4GiB swap file + ```bash dd if=/dev/zero of=/swap/swapfile bs=1024K count=4096 - + chmod 600 /swap/swapfile - ``` -### Format the swap file. + +``` + +#### Format the swap file. + ```bash mkswap /swap/swapfile - ``` -### Turn swap file on. +``` + +#### Turn swap file on. + ```bash swapon /swap/swapfile -``` -### You also need to update `/etc/fstab` to mount swapfile on boot: +``` + +#### You also need to update `/etc/fstab` to mount swapfile on boot: + ```text /swap/swapfile none swap sw 0 0 - ``` -### Set password for root +``` + +#### Set password for root + ```bash passwd ``` -### Add real user + +#### Add real user an set password for him + ```bash useradd -m MYUSERNAME + passwd MYUSERNAME - ``` -### Configure mkinitcpio with modules needed for the initrd image +``` + +### Configure mkinitcpio with modules needed for the initrd image + ```bash vim /etc/mkinitcpio.conf ``` -### Remove 'fsck' and add 'keyboard', 'keymap', 'encrypt' and 'btrfs' to HOOKS before filesystems -### If no encryption then only remove fsck and add on that place btrfs + +#### Add 'keyboard', 'keymap', 'encrypt' and 'btrfs' to HOOKS before filesystems: + +``` +HOOKS=(base udev autodetect keyboard keymap modconf block btrfs filesystems keyboard fsck) +``` + +#### Add btrfsck to binaries: + +``` +BINARIES=(btrfsck) +``` + +#### **With encryption:** also add encrypt before btrfs: + ```text HOOKS=(... keyboard keymap block encrypt btrfs ... filesystems ...) - ``` -###### optionally add BINARIES=(/usr/bin/btrfs) for rescue? - -### Regenerate initrd images +``` + +###### + +#### Regenerate initrd images + ```bash mkinitcpio -P - ``` - # 5. Install bootloader - -### Setup grub (UEFI) +``` + +# 5. Install bootloader + +#### Setup grub (UEFI) + ```bash pacman -S grub efibootmgr os-prober dosfstools mtools - ``` - -### -------------encryption only--------------------- -#### edit `/etc/default/grub` -```text -GRUB_ENABLE_CRYPTODISK=y ``` -### Find UUID (UUID for /dev/sdX2) of crypto partition so we can add it to grub config + +#### -------------encryption only--------------------- + +#### edit `/etc/default/grub` + +```text +GRUB_ENABLE_CRYPTODISK=y +``` + +#### Find UUID (UUID for /dev/sdX2) of crypto partition so we can add it to grub config + ```bash -blkid +blkid ``` -### Now set this line including proper UUID in place of "\": -#### (temporarly you can use /dev/sdX2 in place of "UUID=\" and change it later easy in gui mode) -edit `/etc/default/grub` + +#### Now set this line including proper UUID in place of "<device-UUID>": + +#### (temporarly you can use /dev/sdX2 in place of "UUID=<device-UUID>" and change it later easy in gui mode) + +##### edit `/etc/default/grub` + ```text -GRUB_CMDLINE_LINUX="cryptdevice=UUID=\:MainPart:allow-discards" +GRUB_CMDLINE_LINUX="cryptdevice=UUID=:MainPart:allow-discards" ``` -### allow-discards is only for ssd - -### Generate key so grub don't ask twice for password on boot + +##### allow-discards is only for ssd to let trim work with encryption enabled + +#### Generate key so grub don't ask twice for password on boot + ```bash dd bs=512 count=4 if=/dev/random of=/crypto_keyfile.bin iflag=fullblock chmod 600 /crypto_keyfile.bin chmod 600 /boot/initramfs-linux* cryptsetup luksAddKey /dev/sdX2 /crypto_keyfile.bin ``` -### If you change name of key file there is need to add kernel parameter like cryptkey=rootfs:path -### Crypto_keyfile.bin is the default name that kernel will guess anyway -### Now add this file to `/etc/mkinitcpio.conf` + +#### If you change name of key file there is need to add kernel parameter like cryptkey=rootfs:path + +#### Crypto\_keyfile.bin is the default name that kernel will guess anyway + +#### Now add this file to `/etc/mkinitcpio.conf` + ```text -FILES=(/crypto_keyfile.bin) +FILES=(/crypto_keyfile.bin) ``` + then run: + ```bash mkinitcpio -P ``` -### -------------encryption end--------------------- - -### Install + +#### -------------encryption end--------------------- + +#### Install grub for + ```bash grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB grub-mkconfig -o /boot/grub/grub.cfg - ``` -### Exit new system +``` + +#### Exit new system + ```bash exit - ``` -### Unmount all partitions +``` + +#### Unmount all partitions + ```bash swapoff -a umount -R /mnt ``` - -### Reboot into the new system, don't forget to remove the CD/pendrive + +#### Reboot into the new system, don't forget to remove the pendrive + ```bash reboot ``` -### or + +#### or + ```bash shutdown now - ``` -## Addtitional tips -### To get proper locale and keymap, check: -```bash -localectl status ``` -### On KDE plasma , also set settings > ... > keyboard layout && regional settings + +### 6. Addtitional tips: + +#### Install AUR helper (git and base-devel packages needed to do so): + +``` +git clone https://aur.archlinux.org/yay.git + +cd yay + +makepkg -si +``` + +#### To get proper locale and keymap, check: + +```bash +localectl status +``` + +#### On KDE plasma , also set settings > ... > keyboard layout && regional settings From 83c1403e91ace717b1e3e8f9e19c69fda52525bf Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Thu, 17 Feb 2022 11:52:08 +0100 Subject: [PATCH 09/10] Who uses nano anyway --- README.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.md b/README.md index a5a6916..841b1a6 100644 --- a/README.md +++ b/README.md @@ -213,12 +213,6 @@ genfstab /mnt >> /mnt/etc/fstab arch-chroot /mnt /bin/bash ``` -#### Nano can be usefull when editing config files - -```bash -pacman -Syy nano -``` - #### Setup system clock ```bash From 5920fb3b2e6c462a1cd19cf675bccc2b83f2296e Mon Sep 17 00:00:00 2001 From: Maciej Lebiest <68295743+Szwendacz99@users.noreply.github.com> Date: Fri, 18 Feb 2022 20:33:36 +0100 Subject: [PATCH 10/10] subvolume for swapfile --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 841b1a6..ef07d00 100644 --- a/README.md +++ b/README.md @@ -267,10 +267,10 @@ LC_TIME=pl_PL.UTF-8 #### Now create empty (with 0 size) swap file: -#### Create separate folder for swapfile. This folder is needed to let you make snapshot of `/`, which would not be possible with any file in it with CoW disabled! +#### Create separate subvolume for swapfile. This subvolume is needed to let you make snapshot of `/`, which would not be possible with any file in it with CoW disabled! ``` -mkdir /swap +btrfs su create /swap chattr +C /swap ```