techWebsite/arch.adoc

installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition.

== Installing via ssh

It can sometimes be nice to install using the same computer you are reading this documentation on.

[IMPORTANT]
====
On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network. 
We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone.
====

On the installee, make a password for the root account

 # passwd

Enable SSH using

 # systemctl start sshd.service

Find the ip adress with

 # ip addr show

you are looking for a line like

 inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25

in this case, my LAN IP is 192.168.1.162

now, on the pc you are going to be SSHing from,

 # ssh root@[ip we just found on installee]

and type in the password you set on the installee

now lets continue with the installation.

== inital setup

verify you are connected to the internet

 # ping 1.1.1.1

turn on ntp

 # timedatectl set-ntp true

== Partitioning

create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then 

an EFI partition of 512M

a swap partition with a size equal to your RAM.

a btrfs partition containing the rest of the space.

== Encryption

Encrypt the btrfs parition with

 # cryptsetup luksFormat /dev/sda3

 # cryptsetup config --label="btrfs" /dev/sda3

and enter the encryption passkey. I reccomend making it a full sentence for security.

Encrypt the swap partition. Use the same password as last time.

 # cryptsetup luksFormat /dev/sda2

 # cryptsetup config --label="swap" /dev/sda2

now open the newly encrypted partitions

 # cryptsetup open /dev/sda2 swap

 # cryptsetup open /dev/sda3 btrfs

== Filesystem creation

format the EFI poartion with FAT32 and give it the label EFI (label can be something else.)

 # mkfs.vfat -F32 -n EFI /dev/sda1

format the swap partiton as swap

 # mkswap /dev/mapper/swap

format the root partition with btrfs and give the label root (label can be something else.)

 # mkfs.btrfs -L btrfs /dev/mapper/btrfs

== Creating and mounting subvolumes

....
# mount /dev/mapper/btrfs /mnt           

# btrfs subvolume create /mnt/root

# btrfs subvolume create /mnt/home

# umount /mnt
....

mount subvols and EFI partition

....
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt

# mkdir /mnt/home

# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home

# mkdir /mnt/boot

# mount /dev/sda1 /mnt/boot

# swapon /dev/mapper/swap
....

== installing base system, generating *stab

install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor.

 # pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode

generate an fstab

 # genfstab -U /mnt > /mnt/etc/fstab

make /mnt/etc/crypttab.initramfs containing:

....
#our swap device
swap LABEL=swap

#our main device
btrfs LABEL=btrfs
....

== system config

chroot into the new system

 # arch-chroot /mnt/

set time zone.
 
 # ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

run hwclock

 # hwclock --systohc

uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.)

gen locales

 # locale-gen

set LANG variable

 # echo 'LANG=en_US.UTF-8' > /etc/locale.conf

create the hostname file

 # echo '[myhostname]' > /etc/hostname

and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)

....
127.0.0.1	localhost
::1		localhost
127.0.1.1	myhostname.localdomain	myhostname
....

== installing the boot loader

edit /etc/mkinitcpio.conf so the HOOKS line looks like this:

....
HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck)
....

and regen the initramfs

 # mkinitcpio -p linux

install systemd-boot

 # bootctl install

create /boot/loader/entries/arch.conf containing:

....
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap
....

edit /boot/loader/loader.conf and add:

....
default arch.conf
timeout 2
console-mode max
editor no
....

== system config

set root password

 # passwd

exit and shutdown the system

 # exit

 # shutdown now

remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal.

== configuring userspace

add a non-root user

 # useradd -m -G wheel -s /bin/sh your_username
 # passwd your_username

symlink neovim to vi

 # ln -s /usr/bin/nvim /usr/bin/vi

configure sudo

 # visudo

uncomment the line that reads

 %wheel ALL=(ALL) ALL

enable multilib: uncomment the following lines in /ec/pacman.conf

....
[multilib]
Include = /etc/pacman.d/mirrorlist
....

Congrats! you now have a barebones, but functional, encrypted arch install!
Inital commit. there isnt much here, but its a start 2021-04-05 02:17:04 -05:00			`installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition.`

			`== Installing via ssh`

			`It can sometimes be nice to install using the same computer you are reading this documentation on.`

			`[IMPORTANT]`
			`====`
			`On a normal, already installed machine, NEVER use just a password for SSH. ESPECIALLY if it is internet-facing or connected to a public network.`
			`We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone.`
			`====`

			`On the installee, make a password for the root account`

			`# passwd`

			`Enable SSH using`

			`# systemctl start sshd.service`

			`Find the ip adress with`

			`# ip addr show`

			`you are looking for a line like`

			`inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25`

			`in this case, my LAN IP is 192.168.1.162`

			`now, on the pc you are going to be SSHing from,`

			`# ssh root@[ip we just found on installee]`

			`and type in the password you set on the installee`

			`now lets continue with the installation.`

			`== inital setup`

			`verify you are connected to the internet`

			`# ping 1.1.1.1`

			`turn on ntp`

			`# timedatectl set-ntp true`

			`== Partitioning`

			`create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then`

			`an EFI partition of 512M`

			`a swap partition with a size equal to your RAM.`

			`a btrfs partition containing the rest of the space.`

			`== Encryption`

			`Encrypt the btrfs parition with`

			`# cryptsetup luksFormat /dev/sda3`

			`# cryptsetup config --label="btrfs" /dev/sda3`

			`and enter the encryption passkey. I reccomend making it a full sentence for security.`

			`Encrypt the swap partition. Use the same password as last time.`

			`# cryptsetup luksFormat /dev/sda2`

			`# cryptsetup config --label="swap" /dev/sda2`

			`now open the newly encrypted partitions`

			`# cryptsetup open /dev/sda2 swap`

			`# cryptsetup open /dev/sda3 btrfs`

			`== Filesystem creation`

			`format the EFI poartion with FAT32 and give it the label EFI (label can be something else.)`

			`# mkfs.vfat -F32 -n EFI /dev/sda1`

			`format the swap partiton as swap`

			`# mkswap /dev/mapper/swap`

			`format the root partition with btrfs and give the label root (label can be something else.)`

			`# mkfs.btrfs -L btrfs /dev/mapper/btrfs`

			`== Creating and mounting subvolumes`

			`....`
			`# mount /dev/mapper/btrfs /mnt`

			`# btrfs subvolume create /mnt/root`

			`# btrfs subvolume create /mnt/home`

			`# umount /mnt`
			`....`

			`mount subvols and EFI partition`

			`....`
			`# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt`

			`# mkdir /mnt/home`

			`# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home`

			`# mkdir /mnt/boot`

			`# mount /dev/sda1 /mnt/boot`

			`# swapon /dev/mapper/swap`
			`....`

			`== installing base system, generating *stab`

			`install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor.`

			`# pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode`

			`generate an fstab`

			`# genfstab -U /mnt > /mnt/etc/fstab`

			`make /mnt/etc/crypttab.initramfs containing:`

			`....`
			`#our swap device`
			`swap LABEL=swap`

			`#our main device`
			`btrfs LABEL=btrfs`
			`....`

			`== system config`

			`chroot into the new system`

			`# arch-chroot /mnt/`

			`set time zone.`

			`# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime`

			`run hwclock`

			`# hwclock --systohc`

			`uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.)`

			`gen locales`

			`# locale-gen`

			`set LANG variable`

			`# echo 'LANG=en_US.UTF-8' > /etc/locale.conf`

			`create the hostname file`

			`# echo '[myhostname]' > /etc/hostname`

			`and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)`

			`....`
			`127.0.0.1 localhost`
			`::1 localhost`
			`127.0.1.1 myhostname.localdomain myhostname`
			`....`

			`== installing the boot loader`

			`edit /etc/mkinitcpio.conf so the HOOKS line looks like this:`

			`....`
			`HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck)`
			`....`

			`and regen the initramfs`

			`# mkinitcpio -p linux`

			`install systemd-boot`

			`# bootctl install`

			`create /boot/loader/entries/arch.conf containing:`

			`....`
			`title Arch Linux`
			`linux /vmlinuz-linux`
			`initrd /intel-ucode.img`
			`initrd /initramfs-linux.img`
			`options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap`
			`....`

			`edit /boot/loader/loader.conf and add:`

			`....`
			`default arch.conf`
			`timeout 2`
			`console-mode max`
			`editor no`
			`....`

			`== system config`

			`set root password`

			`# passwd`

			`exit and shutdown the system`

			`# exit`

			`# shutdown now`

			`remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal.`

			`== configuring userspace`

			`add a non-root user`

			`# useradd -m -G wheel -s /bin/sh your_username`
			`# passwd your_username`

			`symlink neovim to vi`

			`# ln -s /usr/bin/nvim /usr/bin/vi`

			`configure sudo`

			`# visudo`

			`uncomment the line that reads`

			`%wheel ALL=(ALL) ALL`

			`enable multilib: uncomment the following lines in /ec/pacman.conf`

			`....`
			`[multilib]`
			`Include = /etc/pacman.d/mirrorlist`
			`....`

			`Congrats! you now have a barebones, but functional, encrypted arch install!`