Home Blag Links Wireguard About

Archlinux: install step-by-step

2021-04-27

Set keyboard layout and NTP time:

loadkeys uk
timedatectl set-ntp true

Partitioning (empty lines mean 'confirm default'):

fdisk /dev/nvm0n1

g
n


+500M
t
1
n



w

Formatting:

mkfs.fat -F 32 /dev/nvme0n1p1
cryptsetup luksFormat --type luks1 /dev/nvme0n1p2
YES
cryptsetup open /dev/nvme0n1p2 cryptroot
mkfs.btrfs /dev/mapper/cryptroot

Mount target disks and think of mounting boot partition (I keep forgetting this every other time!):

mount /dev/mapper/cryptroot /mnt
mkdir --parents /mnt/boot/efi
mount /dev/nvme0n1p1 /mnt/boot/efi

Install base system, replace linux with linux-hardened, add some of my favourites:

pacstrap /mnt base linux-hardened linux-firmware grub efibootmgr zsh grml-zsh-config tmux rsync vim etckeeper dhcpcd btrfs-progs man-db openssh mkinitcpio-{netconf,tinyssh,utils}

genfstab -U /mnt >> /mnt/etc/fstab

Enter chroot and switch into zsh:

arch-chroot /mnt
zsh

Add a bit of initial host information:

vim /etc/hostname
vim /etc/hosts
git config --global user.email "root@myhost"
git config --global user.name "root@myhost"
etckeeper init
etckeeper commit -m "Initial"

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc

echo "en_IE.UTF-8 UTF-8" > /etc/locale.gen; locale-gen

echo "LANG=en_IE.UTF-8" > /etc/locale.conf
echo "KEYMAP=uk" > /etc/vconsole.conf

Initialize tinyssh:

wget https://github.com/ziq.keys
cp ziq.keys /etc/tinyssh/root_key
vim /etc/tinyssh/root_key # remove non-ed25519
tinysshd-makekey /etc/tinyssh/sshkeydir

Modify hooks in mkinitcpio.conf:

vim /etc/mkinitcpio.conf
mkinitcpio -P

Identify UUIDs for LUKS container and btrfs filesystem (add them to end of config file for easier CLI copy+paste):

lsblk --fs >> /etc/default/grub

Adjust grub config (add cryptodisk info to GRUB_CMDLINE_LINUX and set GRUB_ENABLE_CRYPTODISK=y):

vim /etc/default/grub
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=Archlinux-GRUB
grub-mkconfig -o /boot/grub/grub.cfg

Set root's shell to zsh and set a root password:

chsh -s /bin/zsh
passwd

Enable sshd and add authorized keys:

vim /etc/ssh/sshd_config
mkdir /etc/ssh/authorized_keys
vim /etc/ssh/authorized_keys/root
systemctl enable sshd.service

Minimal network config:

[Match]
Name=enp1s0

[Network]
Address = 10.205.0.1/24
Gateway = 10.205.0.254
DNS     = 10.205.0.254
LinkLocalAddressing = no

Set up networking:

vim /etc/systemd/network/default.network
systemctl enable systemd-networkd.service

exit
exit
umount --recursive /mnt
reboot

btrfs subvolume create /.snapshots
btrfs subvolume snapshot / /.snapshots/rootfs_$(date "+%F_%H%M%S")

This is the footer. Not sure if I'll keep it.

Feed · Xkcd · Webdesign