Inital commit. there isnt much here, but its a start
This commit is contained in:
commit
7365c708e3
13
TODO
Normal file
13
TODO
Normal file
|
@ -0,0 +1,13 @@
|
|||
host this thing with gatsby, jekyll, hugo, or antora
|
||||
|
||||
write about interacting with nextcloud instance via cli with cadaver, rclone, maybye lftp?
|
||||
|
||||
write about synthing, talk about cli program syncthingmanager
|
||||
|
||||
write about installing gittea
|
||||
|
||||
write about how static site is generated
|
||||
|
||||
write about w3ms featurs. Many people dont realize it has tabs and bookmarks.
|
||||
|
||||
write about magic-wormhole
|
254
arch.adoc
Normal file
254
arch.adoc
Normal file
|
@ -0,0 +1,254 @@
|
|||
installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition.
|
||||
|
||||
== Installing via ssh
|
||||
|
||||
It can sometimes be nice to install using the same computer you are reading this documentation on.
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network.
|
||||
We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone.
|
||||
====
|
||||
|
||||
On the installee, make a password for the root account
|
||||
|
||||
# passwd
|
||||
|
||||
Enable SSH using
|
||||
|
||||
# systemctl start sshd.service
|
||||
|
||||
Find the ip adress with
|
||||
|
||||
# ip addr show
|
||||
|
||||
you are looking for a line like
|
||||
|
||||
inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25
|
||||
|
||||
in this case, my LAN IP is 192.168.1.162
|
||||
|
||||
now, on the pc you are going to be SSHing from,
|
||||
|
||||
# ssh root@[ip we just found on installee]
|
||||
|
||||
and type in the password you set on the installee
|
||||
|
||||
now lets continue with the installation.
|
||||
|
||||
== inital setup
|
||||
|
||||
verify you are connected to the internet
|
||||
|
||||
# ping 1.1.1.1
|
||||
|
||||
turn on ntp
|
||||
|
||||
# timedatectl set-ntp true
|
||||
|
||||
== Partitioning
|
||||
|
||||
create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then
|
||||
|
||||
an EFI partition of 512M
|
||||
|
||||
a swap partition with a size equal to your RAM.
|
||||
|
||||
a btrfs partition containing the rest of the space.
|
||||
|
||||
== Encryption
|
||||
|
||||
Encrypt the btrfs parition with
|
||||
|
||||
# cryptsetup luksFormat /dev/sda3
|
||||
|
||||
# cryptsetup config --label="btrfs" /dev/sda3
|
||||
|
||||
and enter the encryption passkey. I reccomend making it a full sentence for security.
|
||||
|
||||
Encrypt the swap partition. Use the same password as last time.
|
||||
|
||||
# cryptsetup luksFormat /dev/sda2
|
||||
|
||||
# cryptsetup config --label="swap" /dev/sda2
|
||||
|
||||
now open the newly encrypted partitions
|
||||
|
||||
# cryptsetup open /dev/sda2 swap
|
||||
|
||||
# cryptsetup open /dev/sda3 btrfs
|
||||
|
||||
== Filesystem creation
|
||||
|
||||
format the EFI poartion with FAT32 and give it the label EFI (label can be something else.)
|
||||
|
||||
# mkfs.vfat -F32 -n EFI /dev/sda1
|
||||
|
||||
format the swap partiton as swap
|
||||
|
||||
# mkswap /dev/mapper/swap
|
||||
|
||||
format the root partition with btrfs and give the label root (label can be something else.)
|
||||
|
||||
# mkfs.btrfs -L btrfs /dev/mapper/btrfs
|
||||
|
||||
== Creating and mounting subvolumes
|
||||
|
||||
....
|
||||
# mount /dev/mapper/btrfs /mnt
|
||||
|
||||
# btrfs subvolume create /mnt/root
|
||||
|
||||
# btrfs subvolume create /mnt/home
|
||||
|
||||
# umount /mnt
|
||||
....
|
||||
|
||||
mount subvols and EFI partition
|
||||
|
||||
....
|
||||
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt
|
||||
|
||||
# mkdir /mnt/home
|
||||
|
||||
# mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home
|
||||
|
||||
# mkdir /mnt/boot
|
||||
|
||||
# mount /dev/sda1 /mnt/boot
|
||||
|
||||
# swapon /dev/mapper/swap
|
||||
....
|
||||
|
||||
== installing base system, generating *stab
|
||||
|
||||
install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor.
|
||||
|
||||
# pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode
|
||||
|
||||
generate an fstab
|
||||
|
||||
# genfstab -U /mnt > /mnt/etc/fstab
|
||||
|
||||
make /mnt/etc/crypttab.initramfs containing:
|
||||
|
||||
....
|
||||
#our swap device
|
||||
swap LABEL=swap
|
||||
|
||||
#our main device
|
||||
btrfs LABEL=btrfs
|
||||
....
|
||||
|
||||
== system config
|
||||
|
||||
chroot into the new system
|
||||
|
||||
# arch-chroot /mnt/
|
||||
|
||||
set time zone.
|
||||
|
||||
# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
|
||||
|
||||
run hwclock
|
||||
|
||||
# hwclock --systohc
|
||||
|
||||
uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.)
|
||||
|
||||
gen locales
|
||||
|
||||
# locale-gen
|
||||
|
||||
set LANG variable
|
||||
|
||||
# echo 'LANG=en_US.UTF-8' > /etc/locale.conf
|
||||
|
||||
create the hostname file
|
||||
|
||||
# echo '[myhostname]' > /etc/hostname
|
||||
|
||||
and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127)
|
||||
|
||||
....
|
||||
127.0.0.1 localhost
|
||||
::1 localhost
|
||||
127.0.1.1 myhostname.localdomain myhostname
|
||||
....
|
||||
|
||||
== installing the boot loader
|
||||
|
||||
edit /etc/mkinitcpio.conf so the HOOKS line looks like this:
|
||||
|
||||
....
|
||||
HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck)
|
||||
....
|
||||
|
||||
and regen the initramfs
|
||||
|
||||
# mkinitcpio -p linux
|
||||
|
||||
install systemd-boot
|
||||
|
||||
# bootctl install
|
||||
|
||||
create /boot/loader/entries/arch.conf containing:
|
||||
|
||||
....
|
||||
title Arch Linux
|
||||
linux /vmlinuz-linux
|
||||
initrd /intel-ucode.img
|
||||
initrd /initramfs-linux.img
|
||||
options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap
|
||||
....
|
||||
|
||||
edit /boot/loader/loader.conf and add:
|
||||
|
||||
....
|
||||
default arch.conf
|
||||
timeout 2
|
||||
console-mode max
|
||||
editor no
|
||||
....
|
||||
|
||||
== system config
|
||||
|
||||
set root password
|
||||
|
||||
# passwd
|
||||
|
||||
exit and shutdown the system
|
||||
|
||||
# exit
|
||||
|
||||
# shutdown now
|
||||
|
||||
remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal.
|
||||
|
||||
== configuring userspace
|
||||
|
||||
add a non-root user
|
||||
|
||||
# useradd -m -G wheel -s /bin/sh your_username
|
||||
# passwd your_username
|
||||
|
||||
symlink neovim to vi
|
||||
|
||||
# ln -s /usr/bin/nvim /usr/bin/vi
|
||||
|
||||
configure sudo
|
||||
|
||||
# visudo
|
||||
|
||||
uncomment the line that reads
|
||||
|
||||
%wheel ALL=(ALL) ALL
|
||||
|
||||
enable multilib: uncomment the following lines in /ec/pacman.conf
|
||||
|
||||
....
|
||||
[multilib]
|
||||
Include = /etc/pacman.d/mirrorlist
|
||||
....
|
||||
|
||||
Congrats! you now have a barebones, but functional, encrypted arch install!
|
Loading…
Reference in a new issue