Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:server:operating_systems:arch_linux [2022/01/06 05:34] – [Bootloader] changed creating files with echo including UUID; deleted info alert dan | en:server:operating_systems:arch_linux [2024/03/07 20:30] (current) – [Microcode] updated upstream changes - microcode hook in mkinitcpio.conf by default dan | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | <alert type=" | ||
- | |||
====== Arch Linux ====== | ====== Arch Linux ====== | ||
Line 14: | Line 12: | ||
* NetworkManager | * NetworkManager | ||
* zram | * zram | ||
+ | * doas/sudo | ||
**Desktop** | **Desktop** | ||
Line 19: | Line 18: | ||
* Xorg | * Xorg | ||
* KDE / Plasma | * KDE / Plasma | ||
- | * SDDM | + | * SDDM/xinit |
===== Download the ISO ===== | ===== Download the ISO ===== | ||
[[https:// | [[https:// | ||
+ | |||
+ | ==== Verify the ISO image ==== | ||
+ | |||
+ | Check the two files in the same folder with the following command(s): | ||
+ | |||
+ | * for Arch users | ||
+ | * '' | ||
+ | * other GnuPGP systems | ||
+ | * '' | ||
+ | * and check the sha256sum with the following command | ||
+ | * '' | ||
+ | |||
+ | <alert type=" | ||
===== Inital setup ===== | ===== Inital setup ===== | ||
Line 77: | Line 89: | ||
| /dev/sdb1 (home) (optional) | | /dev/sdb1 (home) (optional) | ||
- | <alert type=" | + | <alert type=" |
===== LVM on LUKS ===== | ===== LVM on LUKS ===== | ||
Line 142: | Line 154: | ||
< | < | ||
- | pacstrap /mnt base base-devel linux-hardened linux-hardened-docs linux-hardened-headers linux-firmware nano networkmanager lvm2 | + | pacstrap /mnt base base-devel linux-hardened linux-hardened-docs linux-hardened-headers linux-firmware nano networkmanager lvm2 opendoas openssh |
</ | </ | ||
+ | |||
+ | <alert type=" | ||
===== Configure the system ===== | ===== Configure the system ===== | ||
Line 176: | Line 190: | ||
LC_TELEPHONE=en_US.UTF-8 | LC_TELEPHONE=en_US.UTF-8 | ||
LC_TIME=en_US.UTF-8 | LC_TIME=en_US.UTF-8 | ||
- | LC_ALL=en_US.UTF-8h" >> / | + | LC_ALL=en_US.UTF-8" >> / |
</ | </ | ||
Line 220: | Line 234: | ||
< | < | ||
- | HOOKS=(base udev autodetect keyboard keymap | + | HOOKS=(base udev autodetect |
</ | </ | ||
Line 244: | Line 258: | ||
linux / | linux / | ||
initrd | initrd | ||
- | options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2)=root root=/ | + | options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2):root root=/ |
</ | </ | ||
+ | |||
+ | ==== Microcode ==== | ||
+ | |||
+ | Depends on your CPU - __//AMD//__ or __// | ||
+ | |||
+ | < | ||
+ | pacman -S intel-ucode | ||
+ | </ | ||
+ | < | ||
+ | pacman -S amd-ucode | ||
+ | </ | ||
+ | ==== doas ==== | ||
+ | |||
+ | Allow members of group '' | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | chown -c root:root / | ||
+ | chmod -c 0400 / | ||
+ | </ | ||
+ | |||
+ | <alert type=" | ||
+ | </ | ||
+ | |||
+ | === Sudo user? === | ||
+ | |||
+ | < | ||
+ | pacman -Rsn opendoas | ||
+ | pacman -S sudo | ||
+ | </ | ||
+ | |||
+ | Enable '' | ||
+ | |||
+ | < | ||
+ | visudo | ||
+ | </ | ||
+ | < | ||
+ | %wheel ALL=(ALL: | ||
+ | </ | ||
+ | |||
+ | or | ||
+ | |||
+ | < | ||
+ | echo "alias sudo=' | ||
+ | alias sudoedit=' | ||
+ | ln -s $(which doas) / | ||
+ | </ | ||
+ | |||
+ | ==== Add user ==== | ||
+ | |||
+ | Change '' | ||
+ | |||
+ | < | ||
+ | useradd -m -G wheel -s /bin/bash USER | ||
+ | passwd USER | ||
+ | </ | ||
+ | |||
+ | ==== zram ==== | ||
+ | |||
+ | |||
+ | === Module === | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | === Modprobe === | ||
+ | |||
+ | < | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | === Udev === | ||
+ | |||
+ | < | ||
+ | echo ' | ||
+ | </ | ||
+ | |||
+ | === Fstab === | ||
+ | |||
+ | < | ||
+ | echo "# swap | ||
+ | /dev/zram0 none swap defaults 0 0 | ||
+ | " >> /etc/fstab | ||
+ | </ | ||
+ | |||
+ | ==== Enable services ==== | ||
+ | |||
+ | < | ||
+ | systemctl enable --now NetworkManager.service | ||
+ | systemctl enable --now sshd.service | ||
+ | </ | ||
+ | |||
+ | ==== (Optional) Add key for home partition ==== | ||
+ | |||
+ | If you have decided to use an additional partition or drive, you can also use a key instead of entering the passphrase over and over again. This way it only stays for root to enter the passphrase. | ||
+ | |||
+ | < | ||
+ | mkdir / | ||
+ | dd bs=512 count=4 if=/ | ||
+ | chmod -cR 0400 / | ||
+ | cryptsetup luksAddKey /dev/sdb1 / | ||
+ | echo " | ||
+ | </ | ||
+ | |||
+ | ==== Reboot ==== | ||
+ | |||
+ | < | ||
+ | exit | ||
+ | </ | ||
+ | < | ||
+ | umount -R /mnt | ||
+ | reboot | ||
+ | </ | ||
+ | |||
+ | === (Optional) Connect to wifi if needed | ||
+ | |||
+ | < | ||
+ | nmcli d wifi list | ||
+ | nmcli dev wifi connect SSID password ' | ||
+ | </ | ||
+ | |||
+ | |||
+ | <alert type=" |