Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
de:server:operating_systems:arch_linux [2022/09/03 00:16] – removed - external edit (Unknown date) 127.0.0.1 | de:server:operating_systems:arch_linux [2024/04/30 21:56] (current) – [Microcode] updated upstream changes - microcode hook by default dan | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Arch Linux ====== | ||
+ | Der Guide ist sowohl für Server als auch für Desktop geeignet. | ||
+ | |||
+ | Es umfasst: | ||
+ | |||
+ | **Server & Desktop** | ||
+ | |||
+ | * UEFI | ||
+ | * systemd-boot | ||
+ | * LVM on LUKS | ||
+ | * NetworkManager | ||
+ | * zram | ||
+ | * doas/sudo | ||
+ | |||
+ | **Desktop** | ||
+ | |||
+ | * Xorg | ||
+ | * KDE / Plasma | ||
+ | * SDDM/xinit | ||
+ | |||
+ | ===== ISO herunterladen ===== | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ==== Überprüfung des ISO-Images ==== | ||
+ | |||
+ | Überprüfe die beiden Dateien in demselben Ordner mit den folgenden Befehl(en): | ||
+ | |||
+ | * für Arch-Anwender | ||
+ | * '' | ||
+ | * andere GnuPGP-Systeme | ||
+ | * '' | ||
+ | * und überprüfe die sha256sum mit folgendem Befehl | ||
+ | * '' | ||
+ | |||
+ | <alert type=" | ||
+ | |||
+ | ===== Erste Schritte ===== | ||
+ | |||
+ | Wenn du eine deutsche Tastatur verwendest: | ||
+ | |||
+ | < | ||
+ | ls / | ||
+ | loadkeys de | ||
+ | </ | ||
+ | |||
+ | Prüfe, ob das System unter UEFI läuft:: | ||
+ | |||
+ | < | ||
+ | ls / | ||
+ | </ | ||
+ | |||
+ | Bei Bedarf mit WLAN verbinden | ||
+ | |||
+ | < | ||
+ | iwctl | ||
+ | device list | ||
+ | station DEVICE_NAME scan | ||
+ | station DEVICE_NAME get-networks | ||
+ | station DEVICE_NAME connect SSID | ||
+ | </ | ||
+ | |||
+ | NTP aktivieren und Zeitzone einstellen | ||
+ | |||
+ | < | ||
+ | timedatectl set-ntp true | ||
+ | timedatectl set-timezone Europe/ | ||
+ | </ | ||
+ | |||
+ | Verbindung testen | ||
+ | |||
+ | < | ||
+ | ping techsaviours.org -c 1 | ||
+ | </ | ||
+ | |||
+ | ===== Festplatte/ | ||
+ | |||
+ | Formatiere deine Festplatte/ | ||
+ | |||
+ | < | ||
+ | cfdisk /dev/sd* | ||
+ | </ | ||
+ | |||
+ | Typische Partitionen sehen wie folgt aus: | ||
+ | ^ Partitionen | ||
+ | | /dev/sda1 (boot) | ||
+ | | /dev/sda2 (root) | ||
+ | | /dev/sdb1 (home) (optional) | ||
+ | |||
+ | <alert type=" | ||
+ | |||
+ | ===== LVM on LUKS ===== | ||
+ | |||
+ | ==== Erstelle LUKS ==== | ||
+ | |||
+ | **root** | ||
+ | < | ||
+ | cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sda2 | ||
+ | cryptsetup open /dev/sda2 root | ||
+ | </ | ||
+ | |||
+ | **home** | ||
+ | (Optional) Zweite Festplatte (/dev/sdb1) | ||
+ | |||
+ | < | ||
+ | cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sdb1 | ||
+ | cryptsetup open /dev/sdb1 home | ||
+ | </ | ||
+ | |||
+ | ==== Erstelle LVM ==== | ||
+ | |||
+ | === Vorbereitung der Physical Volumes, Volume Groups und Logical Volumes === | ||
+ | |||
+ | **root** | ||
+ | < | ||
+ | pvcreate / | ||
+ | vgcreate vg0 / | ||
+ | lvcreate -l 100%FREE vg0 -n root | ||
+ | </ | ||
+ | |||
+ | **home** (optional) | ||
+ | |||
+ | < | ||
+ | pvcreate / | ||
+ | vgcreate vg1 / | ||
+ | lvcreate -l 100%FREE vg1 -n home | ||
+ | </ | ||
+ | |||
+ | === Dateisysteme formatieren und mounten === | ||
+ | |||
+ | **root** | ||
+ | < | ||
+ | mkfs.ext4 / | ||
+ | mount / | ||
+ | </ | ||
+ | |||
+ | **boot** | ||
+ | < | ||
+ | mkfs.fat -F32 /dev/sda1 | ||
+ | mkdir /mnt/boot | ||
+ | mount /dev/sda1 /mnt/boot | ||
+ | </ | ||
+ | |||
+ | **home** (optional) | ||
+ | |||
+ | < | ||
+ | mkfs.ext4 / | ||
+ | mkdir /mnt/home | ||
+ | mount / | ||
+ | </ | ||
+ | |||
+ | ===== Installiere die Basispakete ===== | ||
+ | |||
+ | < | ||
+ | pacstrap /mnt base base-devel linux-hardened linux-hardened-docs linux-hardened-headers linux-firmware nano networkmanager lvm2 opendoas openssh | ||
+ | </ | ||
+ | |||
+ | <alert type=" | ||
+ | |||
+ | ===== Konfigurierung des Systems ===== | ||
+ | |||
+ | < | ||
+ | genfstab -U /mnt > / | ||
+ | arch-chroot /mnt | ||
+ | </ | ||
+ | |||
+ | ==== Timezone ==== | ||
+ | |||
+ | < | ||
+ | ln -sf / | ||
+ | hwclock --systohc | ||
+ | </ | ||
+ | |||
+ | Unkommentiere deinen Standort. Zum Beispiel: // | ||
+ | |||
+ | < | ||
+ | nano / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | LC_ADDRESS=de_DE.UTF-8 | ||
+ | LC_IDENTIFICATION=de_DE.UTF-8 | ||
+ | LC_MEASUREMENT=de_DE.UTF-8 | ||
+ | LC_MONETARY=de_DE.UTF-8 | ||
+ | LC_NAME=de_DE.UTF-8 | ||
+ | LC_NUMERIC=de_DE.UTF-8 | ||
+ | LC_PAPER=de_DE.UTF-8 | ||
+ | LC_TELEPHONE=de_DE.UTF-8 | ||
+ | LC_TIME=de_DE.UTF-8 | ||
+ | LC_ALL=de_DE.UTF-8" | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | locale-gen | ||
+ | </ | ||
+ | |||
+ | ==== Tastaturlayout ==== | ||
+ | |||
+ | < | ||
+ | ls / | ||
+ | nano / | ||
+ | </ | ||
+ | < | ||
+ | KEYMAP=YOUR_KEYBOARD | ||
+ | </ | ||
+ | |||
+ | ==== Hostname ==== | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Host-Datei ==== | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | ::1 localhost | ||
+ | 127.0.1.1 arch.localdomain arch" >> /etc/hosts | ||
+ | </ | ||
+ | |||
+ | ==== root passwort ==== | ||
+ | < | ||
+ | passwd | ||
+ | </ | ||
+ | |||
+ | ==== Eine initiale Ramdisk erstellen ==== | ||
+ | |||
+ | < | ||
+ | nano / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems fsck encrypt lvm2) | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | mkinitcpio -P | ||
+ | </ | ||
+ | |||
+ | ==== Bootloader ==== | ||
+ | |||
+ | < | ||
+ | bootctl install | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | echo "title Arch Linux | ||
+ | linux / | ||
+ | initrd / | ||
+ | options cryptdevice=UUID=$(blkid -s UUID -o value / | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | echo "title Arch Linux (fallback initramfs) | ||
+ | linux / | ||
+ | initrd | ||
+ | options cryptdevice=UUID=$(blkid -s UUID -o value / | ||
+ | </ | ||
+ | |||
+ | ==== Microcode ==== | ||
+ | |||
+ | Abhängig von deiner CPU - __//AMD//__ oder __// | ||
+ | |||
+ | < | ||
+ | pacman -S intel-ucode | ||
+ | </ | ||
+ | < | ||
+ | pacman -S amd-ucode | ||
+ | </ | ||
+ | |||
+ | ==== doas ==== | ||
+ | |||
+ | Erlaubt Mitgliedern der Gruppe '' | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | chown -c root:root / | ||
+ | chmod -c 0400 / | ||
+ | </ | ||
+ | |||
+ | <alert type=" | ||
+ | </ | ||
+ | |||
+ | === Sudo Benutzer? === | ||
+ | |||
+ | < | ||
+ | pacman -Rsn opendoas | ||
+ | pacman -S sudo | ||
+ | </ | ||
+ | |||
+ | Aktiviere '' | ||
+ | |||
+ | < | ||
+ | visudo | ||
+ | </ | ||
+ | < | ||
+ | %wheel ALL=(ALL: | ||
+ | </ | ||
+ | |||
+ | oder | ||
+ | < | ||
+ | echo "alias sudo=' | ||
+ | alias sudoedit=' | ||
+ | ln -s $(which doas) / | ||
+ | </ | ||
+ | |||
+ | ==== Benutzer hinzufügen ==== | ||
+ | |||
+ | Ändere '' | ||
+ | |||
+ | < | ||
+ | useradd -m -G wheel -s /bin/bash USER | ||
+ | passwd USER | ||
+ | </ | ||
+ | |||
+ | ==== zram ==== | ||
+ | |||
+ | |||
+ | === Module === | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | === Modprobe === | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | === Udev === | ||
+ | |||
+ | < | ||
+ | echo ' | ||
+ | </ | ||
+ | |||
+ | === Fstab === | ||
+ | |||
+ | < | ||
+ | echo "# swap | ||
+ | /dev/zram0 none swap defaults 0 0 | ||
+ | " >> /etc/fstab | ||
+ | </ | ||
+ | |||
+ | ==== Services aktivieren ==== | ||
+ | |||
+ | < | ||
+ | systemctl enable --now NetworkManager.service | ||
+ | systemctl enable --now sshd.service | ||
+ | </ | ||
+ | |||
+ | ==== (Optional) Schlüssel für die Home-Partition hinzufügen ==== | ||
+ | |||
+ | Wenn du dich entschieden hast, eine zusätzliche Partition oder ein zusätzliches Laufwerk zu verwenden, kannst du auch einen Schlüssel verwenden, anstatt die Passphrase immer wieder einzugeben. Auf diese Weise muss nur noch für root die Passphrase eingeben. | ||
+ | |||
+ | < | ||
+ | mkdir / | ||
+ | dd bs=512 count=4 if=/ | ||
+ | chmod -cR 0400 / | ||
+ | cryptsetup luksAddKey /dev/sdb1 / | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | ==== Reboot ==== | ||
+ | |||
+ | < | ||
+ | exit | ||
+ | </ | ||
+ | < | ||
+ | umount -R /mnt | ||
+ | reboot | ||
+ | </ | ||
+ | |||
+ | === (Optional) Verbinde dich mit Wifi, wenn nötig | ||
+ | |||
+ | < | ||
+ | nmcli d wifi list | ||
+ | nmcli dev wifi connect SSID password ' | ||
+ | </ | ||
+ | |||
+ | <alert type=" |