Inital commit. there isnt much here, but its a start
This commit is contained in:
commit
7365c708e3
13
TODO
Normal file
13
TODO
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
host this thing with gatsby, jekyll, hugo, or antora
|
||||||
|
|
||||||
|
write about interacting with nextcloud instance via cli with cadaver, rclone, maybye lftp?
|
||||||
|
|
||||||
|
write about synthing, talk about cli program syncthingmanager
|
||||||
|
|
||||||
|
write about installing gittea
|
||||||
|
|
||||||
|
write about how static site is generated
|
||||||
|
|
||||||
|
write about w3ms featurs. Many people dont realize it has tabs and bookmarks.
|
||||||
|
|
||||||
|
write about magic-wormhole
|
254
arch.adoc
Normal file
254
arch.adoc
Normal file
|
@ -0,0 +1,254 @@
|
||||||
|
installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition.
|
||||||
|
|
||||||
|
== Installing via ssh
|
||||||
|
|
||||||
|
It can sometimes be nice to install using the same computer you are reading this documentation on.
|
||||||
|
|
||||||
|
[IMPORTANT]
|
||||||
|
====
|
||||||
|
On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network.
|
||||||
|
We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone.
|
||||||
|
====
|
||||||
|
|
||||||
|
On the installee, make a password for the root account
|
||||||
|
|
||||||
|
# passwd
|
||||||
|
|
||||||
|
Enable SSH using
|
||||||
|
|
||||||
|
# systemctl start sshd.service
|
||||||
|
|
||||||
|
Find the ip adress with
|
||||||
|
|
||||||
|
# ip addr show
|
||||||
|
|
||||||
|
you are looking for a line like
|
||||||
|
|
||||||
|
inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25
|
||||||
|
|
||||||
|
in this case, my LAN IP is 192.168.1.162
|
||||||
|
|
||||||
|
now, on the pc you are going to be SSHing from,
|
||||||
|
|
||||||
|
# ssh root@[ip we just found on installee]
|
||||||
|
|
||||||
|
and type in the password you set on the installee
|
||||||
|
|
||||||
|
now lets continue with the installation.
|
||||||
|
|
||||||
|
== inital setup
|
||||||
|
|
||||||
|
verify you are connected to the internet
|
||||||
|
|
||||||
|
# ping 1.1.1.1
|
||||||
|
|
||||||
|
turn on ntp
|
||||||
|
|
||||||
|
# timedatectl set-ntp true
|
||||||
|
|
||||||
|
== Partitioning
|
||||||
|
|
||||||
|
create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then
|
||||||
|
|
||||||
|
an EFI partition of 512M
|
||||||
|
|
||||||
|
a swap partition with a size equal to your RAM.
|
||||||
|
|
||||||
|
a btrfs partition containing the rest of the space.
|
||||||
|
|
||||||
|
== Encryption
|
||||||
|
|
||||||
|
Encrypt the btrfs parition with
|
||||||
|
|
||||||
|
# cryptsetup luksFormat /dev/sda3
|
||||||
|
|
||||||
|
# cryptsetup config --label="btrfs" /dev/sda3
|
||||||
|
|
||||||
|
and enter the encryption passkey. I reccomend making it a full sentence for security.
|
||||||
|
|
||||||
|
Encrypt the swap partition. Use the same password as last time.
|
||||||
|
|
||||||
|
# cryptsetup luksFormat /dev/sda2
|
||||||
|
|
||||||
|
# cryptsetup config --label="swap" /dev/sda2
|
||||||
|
|
||||||
|
now open the newly encrypted partitions
|
||||||
|
|
||||||
|
# cryptsetup open /dev/sda2 swap
|
||||||
|
|
||||||
|
# cryptsetup open /dev/sda3 btrfs
|
||||||
|
|
||||||
|
== Filesystem creation
|
||||||
|
|
||||||
|
format the EFI poartion with FAT32 and give it the label EFI (label can be something else.)
|
||||||
|
|
||||||
|
# mkfs.vfat -F32 -n EFI /dev/sda1
|
||||||
|
|
||||||
|
format the swap partiton as swap
|
||||||
|
|
||||||
|
# mkswap /dev/mapper/swap
|
||||||
|
|
||||||
|
format the root partition with btrfs and give the label root (label can be something else.)
|
||||||
|
|
||||||
|
# mkfs.btrfs -L btrfs /dev/mapper/btrfs
|
||||||
|
|
||||||
|
== Creating and mounting subvolumes
|
||||||
|
|
||||||
|
....
|
||||||
|
# mount /dev/mapper/btrfs /mnt
|
||||||
|
|
||||||
|
# btrfs subvolume create /mnt/root
|
||||||
|
|
||||||
|
# btrfs subvolume create /mnt/home
|
||||||
|
|
||||||
|
# umount /mnt
|
||||||
|
....
|
||||||
|
|
||||||
|
mount subvols and EFI partition
|
||||||
|
|
||||||
|
....
|
||||||
|
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt
|
||||||
|
|
||||||
|
# mkdir /mnt/home
|
||||||
|
|
||||||
|
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home
|
||||||
|
|
||||||
|
# mkdir /mnt/boot
|
||||||
|
|
||||||
|
# mount /dev/sda1 /mnt/boot
|
||||||
|
|
||||||
|
# swapon /dev/mapper/swap
|
||||||
|
....
|
||||||
|
|
||||||
|
== installing base system, generating *stab
|
||||||
|
|
||||||
|
install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor.
|
||||||
|
|
||||||
|
# pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode
|
||||||
|
|
||||||
|
generate an fstab
|
||||||
|
|
||||||
|
# genfstab -U /mnt > /mnt/etc/fstab
|
||||||
|
|
||||||
|
make /mnt/etc/crypttab.initramfs containing:
|
||||||
|
|
||||||
|
....
|
||||||
|
#our swap device
|
||||||
|
swap LABEL=swap
|
||||||
|
|
||||||
|
#our main device
|
||||||
|
btrfs LABEL=btrfs
|
||||||
|
....
|
||||||
|
|
||||||
|
== system config
|
||||||
|
|
||||||
|
chroot into the new system
|
||||||
|
|
||||||
|
# arch-chroot /mnt/
|
||||||
|
|
||||||
|
set time zone.
|
||||||
|
|
||||||
|
# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
|
||||||
|
|
||||||
|
run hwclock
|
||||||
|
|
||||||
|
# hwclock --systohc
|
||||||
|
|
||||||
|
uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.)
|
||||||
|
|
||||||
|
gen locales
|
||||||
|
|
||||||
|
# locale-gen
|
||||||
|
|
||||||
|
set LANG variable
|
||||||
|
|
||||||
|
# echo 'LANG=en_US.UTF-8' > /etc/locale.conf
|
||||||
|
|
||||||
|
create the hostname file
|
||||||
|
|
||||||
|
# echo '[myhostname]' > /etc/hostname
|
||||||
|
|
||||||
|
and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)
|
||||||
|
|
||||||
|
....
|
||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost
|
||||||
|
127.0.1.1 myhostname.localdomain myhostname
|
||||||
|
....
|
||||||
|
|
||||||
|
== installing the boot loader
|
||||||
|
|
||||||
|
edit /etc/mkinitcpio.conf so the HOOKS line looks like this:
|
||||||
|
|
||||||
|
....
|
||||||
|
HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck)
|
||||||
|
....
|
||||||
|
|
||||||
|
and regen the initramfs
|
||||||
|
|
||||||
|
# mkinitcpio -p linux
|
||||||
|
|
||||||
|
install systemd-boot
|
||||||
|
|
||||||
|
# bootctl install
|
||||||
|
|
||||||
|
create /boot/loader/entries/arch.conf containing:
|
||||||
|
|
||||||
|
....
|
||||||
|
title Arch Linux
|
||||||
|
linux /vmlinuz-linux
|
||||||
|
initrd /intel-ucode.img
|
||||||
|
initrd /initramfs-linux.img
|
||||||
|
options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap
|
||||||
|
....
|
||||||
|
|
||||||
|
edit /boot/loader/loader.conf and add:
|
||||||
|
|
||||||
|
....
|
||||||
|
default arch.conf
|
||||||
|
timeout 2
|
||||||
|
console-mode max
|
||||||
|
editor no
|
||||||
|
....
|
||||||
|
|
||||||
|
== system config
|
||||||
|
|
||||||
|
set root password
|
||||||
|
|
||||||
|
# passwd
|
||||||
|
|
||||||
|
exit and shutdown the system
|
||||||
|
|
||||||
|
# exit
|
||||||
|
|
||||||
|
# shutdown now
|
||||||
|
|
||||||
|
remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal.
|
||||||
|
|
||||||
|
== configuring userspace
|
||||||
|
|
||||||
|
add a non-root user
|
||||||
|
|
||||||
|
# useradd -m -G wheel -s /bin/sh your_username
|
||||||
|
# passwd your_username
|
||||||
|
|
||||||
|
symlink neovim to vi
|
||||||
|
|
||||||
|
# ln -s /usr/bin/nvim /usr/bin/vi
|
||||||
|
|
||||||
|
configure sudo
|
||||||
|
|
||||||
|
# visudo
|
||||||
|
|
||||||
|
uncomment the line that reads
|
||||||
|
|
||||||
|
%wheel ALL=(ALL) ALL
|
||||||
|
|
||||||
|
enable multilib: uncomment the following lines in /ec/pacman.conf
|
||||||
|
|
||||||
|
....
|
||||||
|
[multilib]
|
||||||
|
Include = /etc/pacman.d/mirrorlist
|
||||||
|
....
|
||||||
|
|
||||||
|
Congrats! you now have a barebones, but functional, encrypted arch install!
|
Loading…
Reference in a new issue