· 6 years ago · Oct 14, 2019, 11:48 AM
1# Arch Linux Installation
2
3*LVM on LUKS Arch installation with systemd-boot*
4
5## USB
6
7Download Arch Linux
8
9Find out the name of your USB drive with lsblk. Make sure that it is not mounted.
10
11To mount the Arch ISO run the following command, replacing /dev/sdx with your drive, e.g. /dev/sdb. (do not append a partition number, so do not use something like /dev/sdb1):
12
13```shell
14dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
15```
16
17## Preparation
18
19Boot from USB disk
20
21Change default font:
22
23```shell
24setfont sun12x22
25```
26
27Check if running in UEFI mode:
28
29```shell
30ls /sys/firmware/efi
31```
32
33If there is any content in this folder then you are in UEFI mode.
34
35Check that there is a connection:
36
37```shell
38ping archlinux.org
39```
40
41Update the system clock:
42
43```shell
44timedatectl set-ntp true
45```
46
47Lastly to enable mirrors, edit `/etc/pacman.d/mirrorlist` and locate your geographic region. Uncomment mirrors you would like to use.
48
49### Partitioning
50
51Get the name of the disk to format/partition:
52
53```shell
54lsblk
55```
56
57The name should be something like `/dev/sda`
58
59First shred the disk using the shred tool:
60
61
62```shell
63shred -v -n1 /dev/sdX
64```
65
66Now partition the disk using `gdisk`:
67
68```shell
69gdisk /dev/sda
70```
71
72Partition 1 should be an EFI boot partition (code: ef00) of 512MB. Partition 2 should be a Linux LVM partition (8e00). The 2nd partition can take up the full disk or only a part of it. Remember to write the partition table changes to the disk on configuration completion.
73
74Once partitioned you can format the boot partition (the LVM partition needs to be encrypted before it gets formatted)
75
76```shell
77mkfs.fat -F32 /dev/sda1
78```
79
80### Encryption
81
82First modprobe for `dm-crypt`
83
84```shell
85modprobe dm-crypt
86```
87
88Now, encrypt the disk:
89
90```shell
91cryptsetup luksFormat /dev/sda2
92```
93
94Open the disk with the password set above:
95
96```shell
97cryptsetup open --type luks /dev/sda2 lvm
98```
99
100Check the lvm disk exists:
101
102```shell
103ls /dev/mapper/lvm
104```
105
106Create a physical volume:
107
108```shell
109pvcreate /dev/mapper/lvm
110```
111
112Create a volume group:
113
114```shell
115vgcreate volume /dev/mapper/lvm
116```
117
118Create logical partitions:
119
120```shell
121lvcreate -L20G volume -n swap
122lvcreate -L40G volume -n root
123lvcreate -l 100%FREE volume -n home
124```
125
126Format file system on logical partitions:
127
128```shell
129mkfs.ext4 /dev/mapper/volume-root
130mkfs.ext4 /dev/mapper/volume-home
131mkswap /dev/mapper/volume-swap
132```
133
134Mount the volumes and file systems:
135
136```shell
137mount /dev/mapper/volume-root /mnt
138mkdir /mnt/home
139mount /mnt/boot
140mount /dev/mapper/volume-home /mnt/home
141mount /dev/sda1 /mnt/boot
142swapon /dev/mapper/volume-swap
143```
144
145## Installation
146
147Bootstrap base system onto disk using pacstrap:
148
149```shell
150pacstrap /mnt base base-devel vim
151```
152
153Generate `fstab`:
154
155```shell
156genfstab -p /mnt >> /mnt/etc/fstab
157```
158
159`chroot` into system:
160
161```shell
162arch-chroot /mnt
163```
164
165Set time locale:
166
167```shell
168ln -sf /usr/share/zoneinfo/Africa/Johannesburg /etc/localtime
169```
170
171Set clock:
172
173```shell
174hwclock --systohc
175```
176
177Uncomment `en_US.UTF-8 UTF-8` `en_US ISO-8859-1` and other needed localizations in `/etc/locale.gen`. Now run:
178
179```shell
180locale-gen
181```
182
183Create locale config file:
184
185```shell
186locale > /etc/locale.conf
187```
188
189Add an hostname:
190
191```shell
192vim /etc/hostname
193```
194
195Update `/etc/hosts` to contain::
196
197```text
198127.0.1.1 myhostname.localdomain myhostname
199```
200
201Because we are using disk encryption we have to change the initramfs.
202
203Edit the `/etc/mkinitcpio.conf`. Look for the HOOKS variable and move `keyboard` to before the `filesystems` and add `encrypt` and `lvm2` after `keyboard`. Like:
204
205```text
206HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 filesystems fsck"
207```
208
209Regenerate the initramfs:
210
211```shell
212mkinitcpio -p linux
213```
214
215Install a bootloader:
216
217```shell
218bootctl --path=/boot/ install
219```
220
221Create bootloader. Edit `/boot/loader/loader.conf`. Replace the file's contents with:
222
223```text
224default arch
225timeout 3
226editor 0
227```
228
229The `editor 0` ensures the configuration can't be changed on boot.
230
231Next create a bootloader entry in `/boot/loader/entries/arch.conf`
232
233```text
234title Arch Linux
235linux /vmlinuz-linux
236initrd /initramfs-linux.img
237options cryptdevice=UUID={UUID}:volume root=/dev/mapper/volume-root quiet rw
238```
239
240In order to get the UUID run the following command in vim:
241
242```shell
243:read ! blkid /dev/sda2
244```
245
246## Complete
247
248exit `chroot`:
249
250```shell
251exit
252```
253
254unmount everything:
255
256```shell
257umount -R /mnt
258```
259
260and reboot
261
262```shell
263reboot
264```