This is my personal installation tutorial for Arch Linux. It assumes familiarity with the Arch Beginner's Guide and Installation Guide.
It uses efi and systemd boot and makes many assumptions (german keyboard & timezone, nvme drive, enable trim on ssd, etc..), so be aware that not all commands may map to your local environment.
-
Flash a recent archiso to an usb drive, verify and boot it.
-
Load german keyboard layout
$ loadkeys de-latin1- Get internet access
# Start DCHP daemon
$ systemctl start dhcpcd.service
# Connect to wifi with iw
$ systemctl start iwd.service
$ iwctl
[iwd] device list
[iwd] station wlan0 get-networks
[iwd] station wlan0 connect "SSID"
[iwd] exit
# ping a server to confirm
$ ping archlinux.org- Set timezone
$ timedatectl set-ntp true
$ timedatectl set-timezone Europe/Berlinfor an EFI boot
+----------------+ +-------------------------------------------+
| Boot partition | | Logical volume 1 | Logical volume 2 |
| | | | |
| /boot | | [SWAP] 8 GB | / |
| | | | |
| | | /dev/CryptLVM/swap | /dev/CryptLVM/root |
| (may be on | |_ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _|
| other device) | | |
| | | LUKS2 encrypted partition |
| /dev/nvme0n1p1 | | /dev/nvme0n1p2 |
+----------------+ +-------------------------------------------+
$ fdisk /dev/nvme0n1
# Create /boot partition
Command (m for help): g # Creates a gpt layout & deletes the disk!!
Command (m for help): n
Partion number: 1
First sector: (default)
Last sector: +512M
Command (m for help): t
Partion type: 1
# Create / (root) partition
Command (m for help): n
Partion number: 2
First sector: (default)
Last sector: (default)
# Check partiion layout and write to disk
Command (m for help): p
Command (m for help): w- Encrypt the root partition with
cryptsetupand open it:
$ cryptsetup luksFormat /dev/nvme0n1p2
$ cryptsetup open /dev/nvme0n1p2 cryptlvm- Prepare the logical volumes, as described in the Arch Wiki.
$ pvcreate /dev/mapper/cryptlvm
$ vgcreate CryptLVM /dev/mapper/cryptlvm
$ lvcreate -L 8G CryptLVM -n swap
$ lvcreate -l 100%FREE CryptLVM -n root
# Format your filesystems on each logical volume:
$ mkfs.ext4 /dev/CryptLVM/root
$ mkswap /dev/CryptLVM/swap
# Mount your filesystems:
$ mount /dev/CryptLVM/root /mnt
$ swapon /dev/CryptLVM/swap$ mkfs.fat -F32 /dev/nvme0n1p1
$ mkdir /mnt/boot
$ mount /dev/nvme0n1p1 /mnt/bootProceed with the Arch Linux Installation.
- Install essential packages
$ pacstrap /mnt base linux linux-firmware
$ pacstrap /mnt ethtool lvm2 dhclient dhcpcd dnsmasq dnsutils efibootmgr grub intel-ucode iwd man-db man-pages mesa netctl ntp openssh parted sudo terminus-font texinfo tmux usbutils vi vim vulkan-intel vulkan-mesa-layer wpa_supplicant- Fstab
$ genfstab -U /mnt >> /mnt/etc/fstab- Change root
$ arch-chroot /mnt- Time zone
Set the time zone:
$ ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
# Run hwclock(8) to generate /etc/adjtime:
$ hwclock --systohc
This command assumes the hardware clock is set to UTC. See System time#Time standard for details.
- Localization
Uncomment en_US.UTF-8 UTF-8, de_DE.UTF-8 UTF-8 and other needed locales in /etc/locale.gen, and generate them with:
$ locale-genCreate the locale.conf(5) file, and set the LANG variable accordingly:
/etc/locale.conf:
LANG=en_US.UTF-8
Make the changes persistent and use a bigger font for HiDPI in /etc/vconsole.conf:
KEYMAP=de-latin1
FONT=ter-124n
- Network configuration
Create the hostname file:
/etc/hostname:
maschine
For systemd-based initramfs, change /etc/mkinitcpio.conf to the following:
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt sd-lvm2 filesystems fsck)
With intel graphics, also put:
MODULES=(intel_agp i915)
Regenerate all presets (default & fallback), with:
$ mkinitcpio -P- Root password
$ passwdWe are using GRUB.
$ grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=MaschineGrubIn order to unlock the encrypted root partition at boot, the following kernel parameter needs to be set by the boot loader:
/etc/default/grub:
GRUB_CMDLINE_LINUX="rd.luks.name=device-UUID=cryptlvm root=/dev/CryptLVM/root rd.luks.options=discard"
The device-UUID refers to the UUID of /dev/nvme0n1p2. Grab it via ls -l /dev/disk/by-uuid.
You can use a tmux session for split terminals.
Regenerate the grub config:
$ grub-mkconfig -o /boot/grub/grub.cfgIntel microcode updates are configured automatically, because we installed the intel-ucode beforehand.
- Reboot!! :)
$ exit
$ umount -R /mnt
$ rebootRemember to unplug the archiso usb drive.
- First thing after reboot is to get internet back:
$ systemctl enable dhcpcd.service
$ systemctl start dhcpcd.service
$ systemclt start iwd.service
$ iwctl
[iwd] device list
[iwd] station wlan0 get-networks
[iwd] station wlan0 connect "SSID"
[iwd] exit
# ping a server to confirm
$ ping archlinux.org-
Update the whole system
pacman -Syu -
Install Ansible and git
pacman -Sy ansible git -
Run the playbook :)
Install openssh. Then create a new key for each organization / concern with:
ssh-keygen -a 100 -t ed25519 -f ~/.ssh/CONCERN -C "EMAIL@ADDRESS"
Optionally add the keys to your KeePassXC database.
Add a systemd user unit to run the ssh-agent. Write the following to ~/.config/systemd/user/ssh-agent.service.
[Unit]
Description=SSH key agent
[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
[Install]
WantedBy=default.targetEnable and run the service with systemctl --user enable --now ssh-agent.
Then export the SSH_AUTH_SOCK environment variable in /etc/profile:
# SSH-Agent
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"
After you logout and login again, you can start using the SSH Agent from KeePassXC.