Show pagesourceOld revisionsBacklinksExport to PDFFold/unfold allBack to top Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Yammer Reddit TeamsRecent ChangesSend via e-MailPrintPermalink × Table of Contents Download the ISO Inital setup Format disk/s and create partitions LVM on LUKS Create LUKS Create LVM Preparing the physical volumes, volume groups and logical volumes Format filesystems and mount Install the base packages Configure the system Timezone Keyboard layout Hostname Host file root password Create an initial ramdisk Bootloader Microcode doas Sudo user? Add user zram Module Modprobe Udev Fstab Enable services (Optional) Add key for home partition Reboot Arch Linux The guide is for both - server and desktop. It includes: Server & Desktop UEFI systemd-boot LVM on LUKS NetworkManager zram doas nftables Desktop Xorg KDE / Plasma SDDM Download the ISO https://www.archlinux.org/download/ Inital setup If using a US keyboard: ls /usr/share/kbd/keymaps/**/*.map.gz loadkeys us Check if system is under UEFI: ls /sys/firmware/efi/efivars Connect to wifi if needed iwctl device list station DEVICE_NAME scan station DEVICE_NAME get-networks station DEVICE_NAME connect SSID Enable NTP and set timezone timedatectl set-ntp true timedatectl set-timezone Pacific/Auckland Test Connection ping techsaviours.org -c 1 Format disk/s and create partitions Format your disks and create GPT table. cfdisk /dev/sd* Typical partitions look like this: Partitions Space Type /dev/sda1 (boot) 512M EFI System /dev/sda2 (root) xG Linux Filesystem (ext4,…) /dev/sdb1 (home) (optional) xG Linux Filesystem (ext4,…) As an option, the home partition - /dev/sdb1, if you want to use another hard drive LVM on LUKS Create LUKS root cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sda2 cryptsetup open /dev/sda2 root home (Optional) Second disk (/dev/sdb1) cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sdb1 cryptsetup open /dev/sdb1 home Create LVM Preparing the physical volumes, volume groups and logical volumes root pvcreate /dev/mapper/root vgcreate vg0 /dev/mapper/root lvcreate -l 100%FREE vg0 -n root home (optional) pvcreate /dev/mapper/home vgcreate vg1 /dev/mapper/home lvcreate -l 100%FREE vg1 -n home Format filesystems and mount root mkfs.ext4 /dev/vg0/root mount /dev/vg0/root /mnt boot mkfs.fat -F32 /dev/sda1 mkdir /mnt/boot mount /dev/sda1 /mnt/boot home (optional) mkfs.ext4 /dev/vg1/home mkdir /mnt/home mount /dev/vg1/home /mnt/home Install the base packages pacstrap /mnt base base-devel linux-hardened linux-hardened-docs linux-hardened-headers linux-firmware nano networkmanager lvm2 opendoas openssh iptables-nft Configure the system genfstab -U /mnt > /mnt/etc/fstab arch-chroot /mnt Timezone ln -sf /usr/share/zoneinfo/Pacific/Auckland /etc/localtime hwclock --systohc Uncomment your location. For example: en_US.UTF-8 UTF-8 nano /etc/locale.gen echo "LANG=en_US.UTF-8 LC_ADDRESS=en_US.UTF-8 LC_IDENTIFICATION=en_US.UTF-8 LC_MEASUREMENT=en_US.UTF-8 LC_MONETARY=en_US.UTF-8 LC_NAME=en_US.UTF-8 LC_NUMERIC=en_US.UTF-8 LC_PAPER=en_US.UTF-8 LC_TELEPHONE=en_US.UTF-8 LC_TIME=en_US.UTF-8 LC_ALL=en_US.UTF-8" >> /etc/locale.conf locale-gen Keyboard layout ls /usr/share/kbd/keymaps/**/*.map.gz nano /etc/vconsole.conf KEYMAP=YOUR_KEYBOARD Hostname echo "arch" > /etc/hostname Host file echo "127.0.0.1 localhost ::1 localhost 127.0.1.1 arch.localdomain arch" >> /etc/hosts root password passwd Create an initial ramdisk nano /etc/mkinitcpio.conf HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck) mkinitcpio -P Bootloader bootctl install echo "title Arch Linux linux /vmlinuz-linux-hardened initrd /initramfs-linux-hardened.img options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2):root root=/dev/vg0/root rw" >> /boot/loader/entries/arch.conf echo "title Arch Linux (fallback initramfs) linux /vmlinuz-linux-hardened initrd /initramfs-linux-hardened-fallback.img options cryptdevice=UUID=$(blkid -s UUID -o value /dev/sda2)=root root=/dev/vg0/root rw" >> /boot/loader/entries/arch-fallback.conf Microcode Depends on your CPU - AMD or Intel - choose one of the following commands: pacman -S intel-ucode pacman -S amd-ucode and add initrd /intel-ucode.img or initrd /amd-ucode.img above initrd /initramfs-linux-hardened.img, initrd /initramfs-linux-hardened-fallback.img in /boot/loader/entries/arch.conf and /boot/loader/entries/arch-fallback.conf doas Allow members of group wheel to run commands: echo "permit persist :wheel" >> /etc/doas.conf chown -c root:root /etc/doas.conf chmod -c 0400 /etc/doas.conf The persist feature is disabled by default [….] This feature is new and potentially dangerous, in the original doas, a kernel API is used to set and clear timeouts. This API is openbsd specific and no similar API is available on other operating systems. Sudo user? pacman -Rsn opendoas pacman -S sudo or echo "alias sudo='doas' alias sudoedit='doas rnano'" >> ~/.bashrc Add user Change USER to your name. useradd -m -G wheel -s /bin/bash USER passwd USER zram Module echo "zram" >> /etc/modules-load.d/zram.conf Modprobe echo "options zram num_devices=1" >> /etc/modprobe.d/zram.conf Udev echo 'KERNEL=="zram0", ATTR{disksize}="4GB" RUN="/usr/bin/mkswap /dev/zram0", TAG+="systemd"' >> /etc/udev/rules.d/99-zram.rules Fstab echo "# swap /dev/zram0 none swap defaults 0 0 " >> /etc/fstab Enable services systemctl enable --now NetworkManager.service systemctl enable --now sshd.service (Optional) Add key for home partition If you have decided to use an additional partition or drive, you can also use a key instead of entering the passphrase over and over again. This way it only stays for root to enter the passphrase. mkdir /etc/luks-keys/ dd bs=512 count=4 if=/dev/urandom of=/etc/luks-keys/home.bin chmod -cR 0400 /etc/luks-keys/ cryptsetup luksAddKey /dev/sdb1 /etc/luks-keys/home.bin echo "home /dev/sdb1 /etc/luks-keys/home.bin" >> /etc/crypttab Reboot exit umount -R /mnt reboot Congratulation 🍻 The server part is done! Continue with KDE if you want to install a desktop environment. Also create a backup. en/server/operating_systems/arch_linux.txt Last modified: 2022/02/26 06:49by dan