# Arch Linux # =============================================================== # Installation with LVM, LUKS (in HOME /dev/sdb) and Systemd-Boot # =============================================================== # by: William C. Canin # Note: Where it says >>>, that's where the command starts. >>> loadkeys br-abnt2 >>> timedatectl set-timezone America/Sao_Paulo >>> hwclock --systohc ------------------------------------------------------------ :: Partitioning storage for the system (IMPORTANT! Use GPT) ------------------------------------------------------------ | Dispositivo | Tamanho | Tipo | Local | |-------------|---------|---------------------|-----------| | /dev/sda1 | 2G | EFI System | /boot | | /dev/sda2 | 120G | Linux LVM | | | /dev/sdb1 | 1T | Linux filesystems | /home | -------------------------- :: Creating LVM structure -------------------------- >>> pvcreate /dev/sda2 >>> vgcreate linux /dev/sda2 >>> lvcreate -L 120G linux -n arch --------------------------------------- :: Encrypt the HOME partition and open --------------------------------------- ### IMPORTANT!!! If you already have the `/dev/mapper/home` drive encrypted with your files, there ### is no need for this step, otherwise you will lose your files. >>> cryptsetup -y -v luksFormat /dev/sdb1 >>> cryptsetup open /dev/sdb1 home ------------------------- :: Formatting partitions ------------------------- >>> mkfs.fat -F 32 /dev/sda1 >>> mkfs -t ext4 /dev/mapper/linux-arch >>> mkfs -t ext4 /dev/mapper/home ### IMPORTANT!!! If you already have the `/dev/mapper/home` partition with files, do not format it ### or you will lose ALL the files. ----------------------- :: Mounting partitions ----------------------- >>> mount /dev/mapper/linux-arch /mnt >>> mount --mkdir /dev/sda1 /mnt/boot >>> mount --mkdir /dev/mapper/home /mnt/home ----------------------- :: Install base system ----------------------- >>> reflector --verbose --country Brazil,US --age 12 --protocol https --sort rate --save /etc/pacman.d/mirrorlist >>> pacman -Syy >>> pacman -Sy archlinux-keyring >>> pacman-key --populate archlinux >>> pacstrap -K /mnt base base-devel linux-lts linux-lts-headers linux-firmware systemd systemd-ukify sudo vim dhcpcd wireless_tools wpa_supplicant --------------------- :: Create /etc/fstab --------------------- >>> genfstab -U -p /mnt >> /mnt/etc/fstab ----------------------- :: Entering the system ----------------------- >>> arch-chroot /mnt /bin/bash ------------------------- :: Add password for root ------------------------- >>> passwd ------------------------------------- :: Configuring Internet with SystemD ------------------------------------- >>> systemctl disable --now NetworkManager.service >>> systemctl mask NetworkManager.service >>> systemctl enable --now systemd-networkd.service systemd-resolved.service >>> vim /etc/systemd/network/20-wired.network [Match] Name=eno1 # Replace with the name of your interface [Network] Address=192.168.0.2/24 Gateway=192.168.0.1 DNS=8.8.8.8 ## Conection via DHCP # [Network] # DHCP=yes >>> ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf ---------------------- :: Configuring Pacman ---------------------- >>> vim /etc/pacman.conf IgnorePkg = linux-lts linux linux-zen linux-headers linux-zen-headers linux-lts-headers nvidia-utils nvidia-settings nvidia lib32-nvidia cuda [multilib] Include = /etc/pacman.d/mirrorlist [canin] SigLevel = Optional TrustAll Server = https://williamcanin.gitlab.io/archlinux/stable/x86_64 >>> pacman -Syy ----------------------------- :: Setting up encrypted HOME ----------------------------- >>> cat << EOF >> /etc/crypttab.initramfs # /dev/sdb1 home UUID=$(blkid -s UUID -o value /dev/sdb1) none luks,tries=0,timeout=0 EOF >>> cat << EOF >> /etc/fstab # /dev/mapper/home UUID=$(blkid -s UUID -o value /dev/mapper/home) /home ext4 rw,relatime,data=ordered 0 2 EOF ------------------------------------ :: Configuring /etc/mkinitcpio.conf ------------------------------------ >>> sed -i "s|^MODULES=.*|MODULES=(usbhid xhci_hcd ehci_hcd)|g" /etc/mkinitcpio.conf >>> sed -i "s|^HOOKS=.*|HOOKS=(base systemd autodetect keymap modconf kms keyboard sd-vconsole block sd-encrypt lvm2 filesystems fsck)|g" /etc/mkinitcpio.conf >>> pacman -S lvm2 -------------------------------------------------------- :: Installing and configuring Bootloader (systemd-boot) -------------------------------------------------------- >>> pacman -S --noconfirm efibootmgr intel-ucode >>> bootctl --path=/boot install >>> ESP_DIR="" >>> cat << EOF > /boot/loader/loader.conf default arch-linux-lts.efi timeout 3 console-mode max editor no EOF >>> cp /etc/mkinitcpio.d/linux-lts.preset /etc/mkinitcpio.d/linux-lts.preset.backup >>> cat << EOF > /etc/mkinitcpio.d/linux-lts.preset ESP_DIR="${ESP_DIR}" ALL_config="/etc/mkinitcpio.conf" ALL_kver="/boot/\${ESP_DIR}vmlinuz-linux-lts" ALL_cmdline="root=UUID=$(blkid -s UUID -o value /dev/mapper/linux-arch) rw loglevel=3 nvidia_drm.modeset=1 video=1920x1080@75" PRESETS=('default' 'fallback') default_config="/etc/mkinitcpio.conf" default_image="/boot/\${ESP_DIR}initramfs-linux-lts.img" default_uki="/boot/\${ESP_DIR}EFI/Linux/arch-linux-lts.efi" default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp" fallback_config="/etc/mkinitcpio.conf" fallback_image="/boot/\${ESP_DIR}initramfs-linux-lts-fallback.img" fallback_uki="/boot/\${ESP_DIR}EFI/Linux/arch-linux-lts-fallback.efi" fallback_options="-S autodetect" EOF >>> pacman -S --noconfirm linux-lts >>> mount --mkdir /dev/sdc1 /mnt/winboot >>> cp -r /mnt/winboot/EFI/Microsoft /boot/EFI ----------------------------------------- :: Installation of the drivers graphical ----------------------------------------- # OpenGL/Vulkan (IMPORTANT!!!) >>> pacman -S --needed --noconfirm xorg wayland dialog mesa lib32-mesa xf86-video-vesa vulkan-icd-loader lib32-vulkan-icd-loader vulkan-tools # Intel >>> pacman -S --needed --noconfirm mesa-vulkan-intel vulkan-intel linux-firmware-intel # NVIDIA (Nouveau) pacman -S --noconfirm xf86-video-nouveau vulkan-nouveau -------------------- :: Installing fonts -------------------- >>> pacman -S --needed --noconfirm noto-fonts noto-fonts-emoji noto-fonts-cjk ttf-liberation otf-font-awesome ttf-jetbrains-mono ttf-jetbrains-mono-nerd ttf-dejavu-nerd --------------------------------------- :: Installation audio drivers / mixers --------------------------------------- pacman -S --needed --noconfirm pipewire wireplumer pipewire-audio pipewire-pulse pipewire-alsa pipewire-jack lib32-pipewire lsp-plugins-lv2 mda.lv2 zam-plugins-lv2 zam-plugins-lv2 pavucontrol -------------------------------------------------- :: Installation of the desktop environment (i3) -------------------------------------------------- >>> pacman -S --needed --noconfirm i3 i3lock i3status polybar pcmanfm picom rofi nitrogen gtk-chtheme btop jq conky gsimplecal numlockx qt5ct qt6ct scrot dunst yazi xautolock imagemagick ranger lynx -------------------------------------------- :: Installing utility packages (IMPORTANT!) -------------------------------------------- >>> pacman -S --needed --noconfirm pacman-contrib util-linux dkms xdg-user-dirs ntfs-3g udisks2 dosfstools mtools cpupower reflector samba git openssh tor virtualbox-guest-utils vlc transmission-gtk gvfs gvfs-smb ttf-dejavu ttf-dejavu-nerd terminator veracrypt zip unzip xarchiver gimp inkscape make gcc go ruby perl tk python nodejs npm arch-wiki-docs arch-wiki-lite zeal qemu-full virt-manager piper steam-native-runtime firefox libreoffice-fresh libreoffice-fresh-pt-br terminator galculator leafpad calf smplayer gparted rofimoji easyeffects gnome-keyring seahorse mpv -------------------- :: Enabled services -------------------- >>> systemctl enable iptables.service smb.service nmb.service tor.service ---------------------------- :: Complementing /etc/fstab ---------------------------- >>> mkdir -p /media/cdrom0; mkdir /mnt/floppy; mkdir /mnt/windows >>> ln -s /media/cdrom0 /media/cdrom >>> cat << EOF >> /etc/fstab ### CDROM /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0 ### Floppy /dev/fd0 /mnt/floppy auto defaults,user,noauto 0 0 ### Windows (optional) #UUID=XXXXX-XXXXX-XXXXX /mnt/windows ntfs-3g defaults,user,rw,auto 0 0 EOF ----------------- :: Enabling ZRAM ----------------- >>> pacman -S --needed --noconfirm zram-generator >>> cat << "EOF" > /etc/systemd/zram-generator.conf [zram0] zram-size = ram / 4 compression-algorithm = zstd swap-priority = 50 fs-type = swap EOF >>> systemctl daemon-reload >>> systemctl enable --now systemd-zram-setup@zram0.service ------------------- :: Adding new USER ------------------- >>> sed -i "s|# %sudo ALL=(ALL:ALL) ALL|%sudo ALL=(ALL:ALL) ALL|g" /etc/sudoers >>> USERNAME_TEMP="will" >>> groupadd $USERNAME_TEMP >>> useradd -m -g $USERNAME_TEMP -G users,tty,wheel,games,power,optical,storage,scanner,lp,audio,video,input,mail,root -s /bin/zsh $USERNAME_TEMP >>> groupadd sudo -U $USERNAME_TEMP >>> passwd $USERNAME_TEMP ----------------------- :: Language and region ----------------------- >>> timedatectl set-timezone America/Sao_Paulo >>> echo "KEYMAP=br-abnt2" > /etc/vconsole.conf >>> sed -i "s|#en_US.UTF-8 UTF-8|en_US.UTF-8 UTF-8|g" /etc/locale.gen >>> sed -i "s|#pt_BR.UTF-8 UTF-8|pt_BR.UTF-8 UTF-8|g" /etc/locale.gen >>> locale-gen >>> echo LANG=pt_BR.UTF-8 | tee /etc/locale.conf >>> rm -f /etc/localtime && ln -s /usr/share/zoneinfo/America/Sao_Paulo /etc/localtime >>> hwclock --systohc >>> echo "archlinux" | tee /etc/hostname >>> printf "127.0.0.1 archlinux\n" >> /etc/hosts >>> echo KEYMAP=br-abnt2 | tee /etc/vconsole.conf ---------------------------------------- :: Configuring Security Boot (Optional) ---------------------------------------- >>> pacman -S --noconfirm sbctl >>> sbctl create-keys >>> sbctl sign -s -o /usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed /usr/lib/systemd/boot/efi/systemd-bootx64.efi >>> sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI >>> sbctl sign -s /boot/EFI/Linux/arch-linux-lts.efi >>> sbctl sign -s /boot/EFI/Linux/arch-linux-lts-fallback.efi >>> sbctl verify ### If I have Windows EFI >>> cd /boot/EFI/Microsoft && sbctl verify | sed 's/✗ /sbctl sign -s /e' >>> systemctl reboot --firmware-setup ### Once you're in the BIOS, go to the Boot > Security Boot tab, leaving it disabled and in Custom ### mode. ### In Key Management, delete ALL keys and RESTORE to Setup Mode. After that, save and start ### Arch Linux again. >>> sbctl enroll-keys --microsoft >>> systemctl reboot --firmware-setup ### Now, inside the BIOS, enable Security Boot and save. When you restart, Arch Linux will be in ### Security Boot mode. ======================================== Post Install (In the user) ======================================== -------------------------------------------- :: Installing package manager for AUR (yay) -------------------------------------------- >>> git clone https://aur.archlinux.org/yay.git; >>> cd yay && makepkg -si PKGBUILD ----------------------------------------------------- :: Installing essential packages from AUR (optional) ----------------------------------------------------- >>> yay -S --noconfirm i3-volume spotify visual-studio-code-bin brave-bin google-chrome secure-delete smem ----------------------------------------------------- :: Install Oh-My-ZSH and plugins for USER (optional) ----------------------------------------------------- >>> sudo pacman -S --noconfirm starship >>> sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" >>> git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions >>> git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting >>> new_plugins=" zsh-autosuggestions zsh-syntax-highlighting" >>> current_plugins=$(grep '^plugins=' "$HOME/.zshrc" | sed 's/^plugins=(//; s/)//') >>> new_plugins_line="plugins=(${current_plugins}${new_plugins})" >>> sed -i "s|^plugins=.*|${new_plugins_line}|" "$HOME/.zshrc" >>> echo "eval \"\$(starship init zsh)\"" > "${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/themes/starship.zsh-theme" >>> sed -i 's/^ZSH_THEME=".*"/ZSH_THEME="starship"/' "$HOME/.zshrc" ---------------------------------------- :: Automatic login using TTY (optional) ---------------------------------------- >>> sudo mkdir -p /etc/systemd/system/getty@tty1.service.d >>> sudo cat << EOF > /etc/systemd/system/getty@tty1.service.d/skip-prompt.conf [Service] ExecStart= ExecStart=-/usr/bin/agetty --skip-login --nonewline --noissue --autologin $USERNAME_TEMP --noclear %I \$TERM EOF >>> [ -f "$HOME/.xinitrc" ] && mv $HOME/.xinitrc $HOME/.xinitrc.bak; >>> cat << EOF > $HOME/.xinitrc exec i3 EOF >>> [ -f "$HOME/.zprofile" ] && mv $HOME/.zprofile $HOME/.zprofile.bak; >>> cat << EOF > $HOME/.zprofile if [ -z "\$DISPLAY" ] && [ "\$XDG_VTNR" = 1 ]; then exec startx &>/dev/null fi EOF