Inital commit. there isnt much here, but its a start

This commit is contained in:
gabe venberg 2021-04-05 02:17:04 -05:00
commit 7365c708e3
2 changed files with 267 additions and 0 deletions

13
TODO Normal file
View file

@ -0,0 +1,13 @@
host this thing with gatsby, jekyll, hugo, or antora
write about interacting with nextcloud instance via cli with cadaver, rclone, maybye lftp?
write about synthing, talk about cli program syncthingmanager
write about installing gittea
write about how static site is generated
write about w3ms featurs. Many people dont realize it has tabs and bookmarks.
write about magic-wormhole

254
arch.adoc Normal file
View file

@ -0,0 +1,254 @@
installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition.
== Installing via ssh
It can sometimes be nice to install using the same computer you are reading this documentation on.
[IMPORTANT]
====
On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network.
We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone.
====
On the installee, make a password for the root account
# passwd
Enable SSH using
# systemctl start sshd.service
Find the ip adress with
# ip addr show
you are looking for a line like
inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25
in this case, my LAN IP is 192.168.1.162
now, on the pc you are going to be SSHing from,
# ssh root@[ip we just found on installee]
and type in the password you set on the installee
now lets continue with the installation.
== inital setup
verify you are connected to the internet
# ping 1.1.1.1
turn on ntp
# timedatectl set-ntp true
== Partitioning
create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then
an EFI partition of 512M
a swap partition with a size equal to your RAM.
a btrfs partition containing the rest of the space.
== Encryption
Encrypt the btrfs parition with
# cryptsetup luksFormat /dev/sda3
# cryptsetup config --label="btrfs" /dev/sda3
and enter the encryption passkey. I reccomend making it a full sentence for security.
Encrypt the swap partition. Use the same password as last time.
# cryptsetup luksFormat /dev/sda2
# cryptsetup config --label="swap" /dev/sda2
now open the newly encrypted partitions
# cryptsetup open /dev/sda2 swap
# cryptsetup open /dev/sda3 btrfs
== Filesystem creation
format the EFI poartion with FAT32 and give it the label EFI (label can be something else.)
# mkfs.vfat -F32 -n EFI /dev/sda1
format the swap partiton as swap
# mkswap /dev/mapper/swap
format the root partition with btrfs and give the label root (label can be something else.)
# mkfs.btrfs -L btrfs /dev/mapper/btrfs
== Creating and mounting subvolumes
....
# mount /dev/mapper/btrfs /mnt
# btrfs subvolume create /mnt/root
# btrfs subvolume create /mnt/home
# umount /mnt
....
mount subvols and EFI partition
....
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt
# mkdir /mnt/home
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot
# swapon /dev/mapper/swap
....
== installing base system, generating *stab
install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor.
# pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode
generate an fstab
# genfstab -U /mnt > /mnt/etc/fstab
make /mnt/etc/crypttab.initramfs containing:
....
#our swap device
swap LABEL=swap
#our main device
btrfs LABEL=btrfs
....
== system config
chroot into the new system
# arch-chroot /mnt/
set time zone.
# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
run hwclock
# hwclock --systohc
uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.)
gen locales
# locale-gen
set LANG variable
# echo 'LANG=en_US.UTF-8' > /etc/locale.conf
create the hostname file
# echo '[myhostname]' > /etc/hostname
and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)
....
127.0.0.1 localhost
::1 localhost
127.0.1.1 myhostname.localdomain myhostname
....
== installing the boot loader
edit /etc/mkinitcpio.conf so the HOOKS line looks like this:
....
HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck)
....
and regen the initramfs
# mkinitcpio -p linux
install systemd-boot
# bootctl install
create /boot/loader/entries/arch.conf containing:
....
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap
....
edit /boot/loader/loader.conf and add:
....
default arch.conf
timeout 2
console-mode max
editor no
....
== system config
set root password
# passwd
exit and shutdown the system
# exit
# shutdown now
remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal.
== configuring userspace
add a non-root user
# useradd -m -G wheel -s /bin/sh your_username
# passwd your_username
symlink neovim to vi
# ln -s /usr/bin/nvim /usr/bin/vi
configure sudo
# visudo
uncomment the line that reads
%wheel ALL=(ALL) ALL
enable multilib: uncomment the following lines in /ec/pacman.conf
....
[multilib]
Include = /etc/pacman.d/mirrorlist
....
Congrats! you now have a barebones, but functional, encrypted arch install!