Documentation
Linux
Arch Linux Installation Guide

Arch Linux Installation Guide

Overview

This is an installation guide for Arch Linux, leveraging full disk encryption in a UEFI system.

Note: If creating a KVM machine, use the following template:

#!/bin/bash
virt-install \
  --name huginn \
  --description "Pirate Platform" \
  --ram=8192 \
  --vcpus=4 \
  --os-variant=archlinux \
  --disk path=/srv/virtual/kvm/vm-drives/huginn.qcow2,bus=virtio,size=100 \
  --graphics spice \
  --cdrom=/opt/storage/ISO/archlinux-2023.01.01-x86_64.iso \
  --network network=bridged-network \
  --boot uefi

Starting the Machine

Boot the machine with the ISO in place, which will bring you to an empty root prompt.

Confirm you are in fact in UEFI mode by running this command:

ls /sys/firmware/efi/efivars

If this returns files in a directory, and not a “no such file or directory” error, then you are safely in UEFI mode.

Next, verify internet connectivity and set the clock to ntp:

ping google.com
<replies from server>
timedatectl set-ntp true

Disk Setup

We will be using gdisk, so it creates GPT. In this example, there is 1, 100GB, disk on /dev/vda. Adjust as required for additional disks.

gdisk /dev/vda
partition 1: 512MB, filesystem type EF00
partition 2: remaining diskspace (99G), type 8300
lsblk

lsblk should show both partitions, /dev/vda1 and /dev/vda2 respectively.

We will now set up the encryption on /dev/vda2 (our root partition)

cryptsetup luksFormat /dev/vda2
cryptsetup open /dev/vda2 cryptroot
mkfs.btrfs /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt

We use mkfs.btrfs as btrfs offers us a lot of valuable features. If desired, another FS can be used such as xfs or ext4. Now it is time to prepare the boot drive:

mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

We can go ahead and generate the /etc/fstab at this time:

mkdir /mnt/etc
genfstab -L /mnt >> /mnt/etc/fstab

Bootstrapping and Configuring the OS

We will now download the system with the base operating system files:

pacstrap /mnt base base-devel linux linux-firmware vim dhcpcd reflector

Now, we will chroot ourselves into the OS and do the basic configuration:

arch-chroot /mnt
ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime
hwclock --systohc
locale-gen

We will add the following to /etc/hosts

127.0.0.1       localhost
::1             localhost
127.0.1.1       <hostname>

Now, we need to add the encrypt hook into the mkinitcpio.conf file:

vim /etc/mkinitcpio.conf
<add encrypt to the HOOKS= section, just before the filesystems keyword>
EXAMPLE:
HOOKS=(base udev autodetect modconf block keyboard encrypt filesystems fsck)

Now we wil rebuild the kernel:

mkinitcpio -P

Create the password for the root user, and create a new regular user for the system:

passwd
<enter new root password>
useradd -m -s /bin/bash -G wheel <username>
passwd <username>
<enter new user password>

We will patch the CPUs microcode:

  • For AMD processors, install the amd-ucode package
  • For Intel processors, install the intel-ucode package
cat /proc/cpuinfo
<determine which CPU you are using>
pacman -S amd-ucode

Setting up the Boot System

Install the bootloader:

bootctl install

You will now need to get the UUID for the root partition:

blkid
<take note of the UUID (NOT PARTUUID)>

We will now set up the boot screen:

vim /boot/loader/entries/arch.conf
**********************************
title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options cryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:cryptroot root=/dev/mapper/cryptroot rw

Replace the XXXX part with the actual UUID of the root partition (NOT boot partition)

Edit the loader config file:

vim /boot/loader/loader.conf
****************************
default      arch.conf
timeout      5
console-mode max
editor       no

You can now list the configuration:

bootctl list
Boot Loader Entries:
    title: Arch Linux (default)
    id: arch.conf
    source: /boot/loader/entries/arch.conf
    linux: /vmlinuz-linux
    initrd: /intel-ucode.img
            /initramfs-linux.img
    options: cryptdevice=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX:cryptroot root=/dev/mapper/cryptroot rw

The system should now be configured. We can exit the chroot and reboot the system

exit
reboot

Installing a Desktop Environment

Open Box

We will install the base requirements:

sudo pacman -S xorg-server xorg-xinit xorg-fonts-misc ttf-hack alacritty xterm
cp /etc/X11/xinit/xinitrc ~/.xinitrc
vim ~/.xinitrc
<comment out all the program execution at the bottom of the file, and add this line>
exec openbox-session
<save and exit>
sudo pacman -S openbox xdg-utils menumaker
mkdir -p ~/.config/openbox
cp -a /etc/xdg/openbox/ ~/.config/
mmaker openbox

Now, edit the .bashrc file and add this to the end:

export XDG_CONFIG_HOME=$HOME/.config/

You can test that it works by running:

startx

This will get you a black screen, but if you right-click, you should get the openbox menu.

Using QEMU/KVMInstallation and Configuration of Traefik in Docker