Archlinux setup guide

Posted on 2015-12-28 (Mon) in linux, last update 2017-03-02 (Thu)

This guide is based on the official Archlinux Installation Guide, Beginners’ Guide and my personal experience.

Partition layout

Partitions:

UEFI/GPT:

HDD fs size mountpoint
/dev/sda1 FAT32 64M /boot/efi
/dev/sda2 LUKS MAX -
/dev/sda2 LVM MAX /dev/mapper/lvm
/dev/mapper/vg-root btrfs MAX -
/dev/mapper/vg-swap swap = RAM -

BIOS/MBR:

HDD fs size mountpoint
/dev/sda LUKS MAX -
/dev/sda LVM MAX /dev/mapper/lvm
/dev/mapper/vg-root btrfs MAX -
/dev/mapper/vg-swap swap = RAM -

BTRFS subvolumes:

partition subvolume mountpoint
/dev/mapper/vg-root @ /
/dev/mapper/vg-root @home /home

Load correct key layout if needed

loadkeys de-latin1-nodeadkeys

Setup partitions

//Only do this if you use UEFI//

Use cfdisk to create one 64MB partition and make it bootable. Set the partition type to “EF00 EFI System”. Create a seperate partition and set the type to “8300 LVM”.

You can also use gdisk to create a 64MB EFI System (EF00) partition and the LUKS (8300) container after that.

gdisk /dev/sda

You can hit the following keys to get everything done in gdisk:

o
n
<enter>
<enter>
+64M
ef00
n
<enter>
<enter>
<enter>
8300
w

Then format the EFI system partition as FAT32:

mkdosfs -F32 -n "ESP" /dev/sda1

The rest of this howto will assume that your LUKS container is /dev/sda and that you have no partitions. So keep in mind to change that to /dev/sda2 if you use UEFI.

Create the crypto container

The defaults should be completely fine here. I’m just typing these to be a bit more verbose.

cryptsetup luksFormat \
    --cipher aes-xts-plain64 \
    --hash sha512 \
    --key-size 512 \
    --iter-time 5000 \
    --use-urandom \
    /dev/sda

Open the crypto container

cryptsetup luksOpen /dev/sda lvm

Add --allow-discards if /dev/sda is a SSD:

cryptsetup luksOpen --allow-discards /dev/sda lvm

Setup LVM

  • Create the physical volume and the volume group

    pvcreate /dev/mapper/lvm
    vgcreate vg /dev/mapper/lvm
    
  • Create the volume for swap and the btrfs partition. Make the swap partition as big as your RAM, here 16GB is used.

    lvcreate -L 16G vg -n swap
    lvcreate -l +100%FREE vg -n arch
    

Format the partitions

mkfs.btrfs -L root /dev/mapper/vg-root
mkswap -L swap /dev/mapper/vg-swap

Create BTRFS subvolumes

  • Mount btrfs volume and cd into it

    mount /dev/mapper/vg-root /mnt
    cd /mnt
    
  • Add subvolumes

    btrfs subvolume create @
    btrfs subvolume create @home
    
  • Unmount

    cd
    umount /mnt
    

Mount everything

You can enable compression with lzo or zlib on btrfs and enable auto defragmentation.

HDD setup

mount /dev/mapper/vg-root /mnt -o subvol=@,compress=lzo,autodefrag
mkdir -p /mnt/home
mount /dev/mapper/vg-root /mnt/home -o subvol=@home,compress=lzo,autodefrag
swapon /dev/mapper/vg-swap

SSD setup

Add the -d param (discard) to swapon and discard,ssd,noatime to mount btrfs subvolumes.

mount /dev/mapper/vg-root /mnt -o subvol=@,discard,ssd,noatime,compress=lzo,autodefrag
mkdir -p /mnt/home
mount /dev/mapper/vg-root /mnt/home -o subvol=@home,discard,ssd,noatime,compress=lzo,autodefrag
swapon -d /dev/mapper/vg-swap

UEFI

If you use UEFI, mount your EFI system partition like this:

mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

Install rootfs with pacstrap

Install the base system with the following command:

pacstrap -i /mnt base base-devel sudo btrfs-progs os-prober dosfstools mtools memtest86+ ntfs-3g

You can add more packages with to this command. I usually add bash-completion vim git python python2 htop tree fish openssh htop lsof strace dialog wpa_supplicant iw

Generate fstab

genfstab -U -p /mnt >> /mnt/etc/fstab

Change defaults to defaults,discard for swap partition entry in fstab if you have a SSD.

Chroot into the new system

arch-chroot /mnt

Install grub

  • Install ucodes when you have a Intel CPU:

      pacman -S intel-ucode
    
  • Install grub package:

    • using BIOS:

      pacman -S grub-bios
      
    • using EFI:

      pacman -S grub efibootmgr
      
  • Add GRUB_ENABLE_CRYPTODISK=y to /etc/default/grub

  • Find UUID of LUKS partition with blkid (BIOS: /dev/sda; UEFI: /dev/sda2)
  • Set cryptdevice and resume partition
    • For HDD: GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/fd15619b-459a-4bee-bdac-63ef4a909c87:lvm resume=/dev/mapper/vg-swap"
    • For SSD: GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-uuid/fd15619b-459a-4bee-bdac-63ef4a909c87:lvm:allow-discards resume=/dev/mapper/vg-swap"
  • Install grub to harddrive:

    • UEFI:

      grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub --recheck /dev/sda
      
    • BIOS:

      grub-install --target=i386-pc --recheck /dev/sda
      

      - Add some more useful grub entries, edit /etc/grub.d/40_custom:

menuentry "System shutdown" {
    echo "System shutting down..."
    halt
}

menuentry "System restart" {
    echo "System rebooting..."
    reboot
}

menuentry "Firmware setup" {
    fwsetup
}

Create keyfile for the LUKS partition

Generate 4096 bit key:

dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin

Add key to LUKS partition (change sda to sda2 for UEFI):

cryptsetup luksAddKey /dev/sda /crypto_keyfile.bin

Edit /etc/mkinitcpio.conf:

  • Add crc32c-intel for Intel CPUs or crc32c for AMD CPUs to the MODULES array
  • Add radoen for ATI early KMS
MODULES="crc32c-intel radeon"
  • Add btrfs binary to initramfs
BINARIES="/usr/bin/btrfs"
  • Add the keyfile for the LUKS partition to the initfamfs so that you only have to unlock the root partition once
FILES="/crypto_keyfile.bin"
  • Add btrfs to the end and encrypt and resume between keyboard and filesystems in the HOOKS array.
HOOKS="... keyboard encrypt lvm2 resume filesystems ... fsck btrfs"

Generate initramfs:

mkinitcpio -p linux

Generate grub.cfg:

grub-mkconfig -o /boot/grub/grub.cfg

Seting up the base system

  • Edit /etc/locale.conf:

      LANG=en_US.UTF-8
      LANGUAGE=en_US:en
      # Display dotfiles first in directory listings
      LC_COLLATE=C
      # Change currency appearance
      LC_MONETARY=de_DE.UTF-8
      # Datetime format as YYYY-MM-DD
      LC_TIME=en_DK.UTF-8
    
  • Edit /etc/locale.gen and uncomment the needed locales:

      de_DE.UTF-8 UTF-8
      en_DK.UTF-8 UTF-8
      en_US.UTF-8 UTF-8
    
  • Generate locales

      locale-gen
    
  • Edit /etc/vconsole.conf and set keymap and font:

      #KEYMAP=de-latin1-nodeadkeys
      KEYMAP=us
    
  • Find correct timezone with tzselect and set it with (here with Europe/Berlin):

      ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
    
  • Write time to hardware clock:

      hwclock --systohc --utc
    
  • Set hostname:

      echo "archbox" > /etc/hostname
      echo '127.0.1.1 archbox.localdomain archbox' >> /etc/hosts
    

Configure network with dynamic IP

This is not needed if you install a graphical network manager.

Get the example config file that fits your config best and edit it.

cp /etc/netctl/examples/ethernet-dhcp /etc/netctl/

Uncomment this line to enable IPv6:

IP6=stateless

Enable and start netctl profile at boot:

netctl enable ethernet-dhcp

Deactivate new udev naming scheme

ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules

Install dependencies for wifi connections (optional)

pacman -S dialog wpa_supplicant iw

Configure pacman and add a user

Edit /etc/pacman.conf and uncomment/add these lines:

Color
VerbosePkgLists
ILoveCandy

[multilib]
Include = /etc/pacman.d/mirrorlist

Add a user and set the password:

useradd -m -G users,wheel -s /bin/bash bob
passwd bob

Set root password:

passwd root

Configure sudo:

visudo

and uncomment %wheel ALL=(ALL:ALL) ALL or %wheel ALL=(ALL:ALL) NOPASSWD: ALL if you don’t want to enter your password again when using sudo.

Finishing

Exit chroot environmenti, unmount devices and reboot:

exit
umount -R /mnt
swapoff /dev/mapper/vg-swap
cryptsetup luksClose /dev/mapper/lvm
reboot

Finished! You now have an encrypted Archlinux up and running. If you want to build a server you’re pretty much finished and can continue to setup the services you want to host. For a more desktop like setup continue with this guide.

Now setup the system

Setup NTP

Edit /etc/systemd/timesyncd.conf:

[Time]
NTP=0.de.pool.ntp.org 1.de.pool.ntp.org 2.de.pool.ntp.org 3.de.pool.ntp.org
FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 0.fr.pool.ntp.org

Enable it with:

timedatectl set-ntp true

Setup audio

Install ALSA and unmute the master volume.

pacman -S alsa-utils
alsamixer

Setup X

  • Set keymap for X

    localectl --no-convert set-x11-keymap us pc104 altgr-intl "nodeadkeys compose:caps terminate:ctrl_alt_bksp"
    
  • You need at least one font and the X server

    pacman -S ttf-dejavu xorg-server xorg-server-utils xorg-xinit mesa mesa-libgl xorg-twm xorg-xclock xterm wayland-protocols xorg-server-xwayland weston
    
  • Find your video driver:

    pacman -Ss xf86-video | less
    
  • In case of intel:

    pacman -S xf86-video-intel vulkan-intel
    
  • For a ATI Radeon 5770:

    pacman -S xf86-video-ati vulkan-radeon
    
  • If you use a notebook use probably also need drivers for your touchpad and/or trackpoint:

    pacman -S xf86-input-synaptics
    
  • Test X and exit all X-terminals if it works

    startx
    
  • Setup login manager, terminal and sway as a window manager

    pacman -S sddm rxvt-unicode dmenu sway i3status imagemagick ffmpeg libva-vdpau-driver
    systemctl enable sddm
    
  • Add a file /usr/local/sway-custom with your custom keyboard layout:

#!/bin/sh
XKB_DEFAULT_MODEL=pc104 XKB_DEFAULT_LAYOUT=us XKB_DEFAULT_VARIANT=altgr-intl XKB_DEFAULT_OPTIONS=compose:caps,terminate:ctrl-alt-bksp sway
  • Add a file /usr/share/wayland-sessions/sway-custom.desktop to have add an entry in sddm:
    [Desktop Entry]
    Name=Sway (Wayland) (Custom)
    Comment=Wayland window manager with custom keyboard layout
    Exec=/usr/local/bin/sway-custom
    Type=Application
    

Optimise packages

Install some tools:

pacman -S ccache optipng

Edit /etc/makepkg.conf:

CFLAGS="-march=native -mtune=native -O2 -pipe -fstack-protector-string"
CXXFLAGS="-march=native -mtune=native -O2 -pipe -fstack-protector-string"
MAKEFLAGS="-j4"
INTEGRITY_CHECK=(sha256)
COMPRESS=(xz -c -z -T 0 -)

Also activate ccache in BUILDFLAGS and add optipng to OPTIONS.

Install AUR helper

  • First get the needed GPG keys:

    gpg --recv-keys 1EB2638FF56C0C53 1A9D657D06B5820E
    
  • Install cower (AUR):

    git clone https://aur.archlinux.org/cower.git /tmp/cower
    cd /tmp/cower
    makepkg –csi
    
  • Install pacaur (AUR):

    git clone https://aur.archlinux.org/pacaur.git /tmp/pacaur
    cd /tmp/pacaur
    makepkg -si
    
  • Install pac (AUR):

    pacaur -S pac
    

Setup your prefered system

  • Checkout the wiki and look how to install your favorite desktop environment: Desktop_Environment
  • Or choose just one of these window managers (Window Manager)
  • Use the Archlinux wiki extensively! It’s beautiful and full of wonderful pages that can help you in nearly every situation