Differences

This shows you the differences between two versions of the page.

--- en:server:operating_systems:arch_linux [2022/02/26 06:49] – [Reboot] added backup link to alert info dan
+++ en:server:operating_systems:arch_linux [2024/03/07 20:30] (current) – [Microcode] updated upstream changes - microcode hook in mkinitcpio.conf by default dan
@@ Line 12: / Line 12: @@
   * NetworkManager
   * zram
-  * doas
+  * doas/sudo
-  * nftables
 **Desktop**
@@ Line 19: / Line 18: @@
   * Xorg
   * KDE / Plasma
-  * SDDM
+  * SDDM/xinit
 ===== Download the ISO =====
 [[https://www.archlinux.org/download/]]
+==== Verify the ISO image ====
+Check the two files in the same folder with the following command(s):
+  * for Arch users
+    * ''pacman-key -v archlinux-<version>-x86_64.iso.sig''
+  * other GnuPGP systems
+    * ''gpg %%--%%keyserver pgp.mit.edu %%--%%keyserver-options auto-key-retrieve %%--%%verify archlinux-<version>-x86_64.iso.sig''
+  * and check the sha256sum with the following command
+    * ''sha256sum archlinux-<version>-x86_64.iso''
+<alert type="info" icon="fa fa-info-circle">Another method to verify the authenticity of the signature is to ensure that the public key's fingerprint is identical to the key fingerprint of the [[https://www.archlinux.org/people/developers/|Arch Linux developer]] who signed the ISO-file. See [[https://en.wikipedia.org/wiki/Public-key_cryptography|Wikipedia:Public-key_cryptography]] for more information on the public-key process to authenticate keys.</alert>
 ===== Inital setup =====
@@ Line 142: / Line 154: @@
 <code>
-pacstrap /mnt base base-devel linux-hardened linux-hardened-docs linux-hardened-headers linux-firmware nano networkmanager lvm2 opendoas openssh iptables-nft
+pacstrap /mnt base base-devel linux-hardened linux-hardened-docs linux-hardened-headers linux-firmware nano networkmanager lvm2 opendoas openssh
 </code>
+<alert type="info" icon="fa fa-info-circle">If you encounter some issues, e.g. if you are using an older ISO, first run ''%%pacman -Sy archlinux-keyring && pacman-key --init && pacman-key --populate archlinux%%''.</alert>
 ===== Configure the system =====
@@ Line 220: / Line 234: @@
 <code>
-HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck)
+HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block filesystems fsck encrypt lvm2)
 </code>
@@ Line 244: / Line 258: @@
 linux /vmlinuz-linux-hardened
 initrd  /initramfs-linux-hardened-fallback.img
-options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2)=root root=/dev/vg0/root rw" >> /boot/loader/entries/arch-fallback.conf
+options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2):root root=/dev/vg0/root rw" >> /boot/loader/entries/arch-fallback.conf
 </code>
@@ Line 257: / Line 271: @@
 pacman -S amd-ucode
 </code>
-and add ''initrd /**intel**-ucode.img'' or ''initrd /**amd**-ucode.img'' above ''initrd /initramfs-linux-hardened.img'', ''initrd /initramfs-linux-hardened-**fallback**.img'' in ''/boot/loader/entries/arch.conf'' and ''/boot/loader/entries/arch-**fallback**.conf''
 ==== doas ====
@@ Line 278: / Line 289: @@
 pacman -Rsn opendoas
 pacman -S sudo
+</code>
+Enable ''wheel'' for your sudo user.
+<code>
+visudo
+</code>
+<code>
+%wheel ALL=(ALL:ALL) ALL
 </code>
@@ Line 285: / Line 305: @@
 echo "alias sudo='doas'
 alias sudoedit='doas rnano'" >> ~/.bashrc
+ln -s $(which doas) /usr/bin/sudo
 </code>
@@ Line 353: / Line 374: @@
 reboot
 </code>
+=== (Optional) Connect to wifi if needed  ===
+<code>
+nmcli d wifi list
+nmcli dev wifi connect SSID password 'password'
+</code>
 <alert type="info">Congratulation 🍻 The server part is done! Continue with [[en:desktop:environments:kde|KDE]] if you want to install a desktop environment. Also create a [[en:backup:server|backup]].</alert>