From 7365c708e3962a282ce4dad78f83dcb45a2a50af Mon Sep 17 00:00:00 2001 From: gabe venberg Date: Mon, 5 Apr 2021 02:17:04 -0500 Subject: [PATCH] Inital commit. there isnt much here, but its a start --- TODO | 13 +++ arch.adoc | 254 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 267 insertions(+) create mode 100644 TODO create mode 100644 arch.adoc diff --git a/TODO b/TODO new file mode 100644 index 0000000..5f1a93f --- /dev/null +++ b/TODO @@ -0,0 +1,13 @@ +host this thing with gatsby, jekyll, hugo, or antora + +write about interacting with nextcloud instance via cli with cadaver, rclone, maybye lftp? + +write about synthing, talk about cli program syncthingmanager + +write about installing gittea + +write about how static site is generated + +write about w3ms featurs. Many people dont realize it has tabs and bookmarks. + +write about magic-wormhole diff --git a/arch.adoc b/arch.adoc new file mode 100644 index 0000000..347952e --- /dev/null +++ b/arch.adoc @@ -0,0 +1,254 @@ +installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition. + +== Installing via ssh + +It can sometimes be nice to install using the same computer you are reading this documentation on. + +[IMPORTANT] +==== +On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network. +We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone. +==== + +On the installee, make a password for the root account + + # passwd + +Enable SSH using + + # systemctl start sshd.service + +Find the ip adress with + + # ip addr show + +you are looking for a line like + + inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25 + +in this case, my LAN IP is 192.168.1.162 + +now, on the pc you are going to be SSHing from, + + # ssh root@[ip we just found on installee] + +and type in the password you set on the installee + +now lets continue with the installation. + +== inital setup + +verify you are connected to the internet + + # ping 1.1.1.1 + +turn on ntp + + # timedatectl set-ntp true + +== Partitioning + +create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then + +an EFI partition of 512M + +a swap partition with a size equal to your RAM. + +a btrfs partition containing the rest of the space. + +== Encryption + +Encrypt the btrfs parition with + + # cryptsetup luksFormat /dev/sda3 + + # cryptsetup config --label="btrfs" /dev/sda3 + +and enter the encryption passkey. I reccomend making it a full sentence for security. + +Encrypt the swap partition. Use the same password as last time. + + # cryptsetup luksFormat /dev/sda2 + + # cryptsetup config --label="swap" /dev/sda2 + +now open the newly encrypted partitions + + # cryptsetup open /dev/sda2 swap + + # cryptsetup open /dev/sda3 btrfs + +== Filesystem creation + +format the EFI poartion with FAT32 and give it the label EFI (label can be something else.) + + # mkfs.vfat -F32 -n EFI /dev/sda1 + +format the swap partiton as swap + + # mkswap /dev/mapper/swap + +format the root partition with btrfs and give the label root (label can be something else.) + + # mkfs.btrfs -L btrfs /dev/mapper/btrfs + +== Creating and mounting subvolumes + +.... +# mount /dev/mapper/btrfs /mnt + +# btrfs subvolume create /mnt/root + +# btrfs subvolume create /mnt/home + +# umount /mnt +.... + +mount subvols and EFI partition + +.... +# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt + +# mkdir /mnt/home + +# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home + +# mkdir /mnt/boot + +# mount /dev/sda1 /mnt/boot + +# swapon /dev/mapper/swap +.... + +== installing base system, generating *stab + +install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor. + + # pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode + +generate an fstab + + # genfstab -U /mnt > /mnt/etc/fstab + +make /mnt/etc/crypttab.initramfs containing: + +.... +#our swap device +swap LABEL=swap + +#our main device +btrfs LABEL=btrfs +.... + +== system config + +chroot into the new system + + # arch-chroot /mnt/ + +set time zone. + + # ln -sf /usr/share/zoneinfo/Region/City /etc/localtime + +run hwclock + + # hwclock --systohc + +uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.) + +gen locales + + # locale-gen + +set LANG variable + + # echo 'LANG=en_US.UTF-8' > /etc/locale.conf + +create the hostname file + + # echo '[myhostname]' > /etc/hostname + +and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127) + +.... +127.0.0.1 localhost +::1 localhost +127.0.1.1 myhostname.localdomain myhostname +.... + +== installing the boot loader + +edit /etc/mkinitcpio.conf so the HOOKS line looks like this: + +.... +HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck) +.... + +and regen the initramfs + + # mkinitcpio -p linux + +install systemd-boot + + # bootctl install + +create /boot/loader/entries/arch.conf containing: + +.... +title Arch Linux +linux /vmlinuz-linux +initrd /intel-ucode.img +initrd /initramfs-linux.img +options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap +.... + +edit /boot/loader/loader.conf and add: + +.... +default arch.conf +timeout 2 +console-mode max +editor no +.... + +== system config + +set root password + + # passwd + +exit and shutdown the system + + # exit + + # shutdown now + +remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal. + +== configuring userspace + +add a non-root user + + # useradd -m -G wheel -s /bin/sh your_username + # passwd your_username + +symlink neovim to vi + + # ln -s /usr/bin/nvim /usr/bin/vi + +configure sudo + + # visudo + +uncomment the line that reads + + %wheel ALL=(ALL) ALL + +enable multilib: uncomment the following lines in /ec/pacman.conf + +.... +[multilib] +Include = /etc/pacman.d/mirrorlist +.... + +Congrats! you now have a barebones, but functional, encrypted arch install!