installing btrfs, systemd-boot, and LUKS with a hibernateable swap partition. == Installing via ssh It can sometimes be nice to install using the same computer you are reading this documentation on. [IMPORTANT] ==== On a normal, already installed machine, *NEVER* use just a password for SSH. *ESPECIALLY* if it is internet-facing or connected to a public network. We are only doing this because we are (hopefully) on a personal network, and the password-based SSH session only exists on the Arch ISO, so as soon as you boot into your fresh system, the SSH session will be gone. ==== On the installee, make a password for the root account # passwd Enable SSH using # systemctl start sshd.service Find the ip adress with # ip addr show you are looking for a line like inet 192.168.1.162/24 brd 192.168.1.255 scope global dynamic enp0s25 in this case, my LAN IP is 192.168.1.162 now, on the pc you are going to be SSHing from, # ssh root@[ip we just found on installee] and type in the password you set on the installee now lets continue with the installation. == inital setup verify you are connected to the internet # ping 1.1.1.1 turn on ntp # timedatectl set-ntp true == Partitioning create paritions using the tools of your choice. I will be using the following partition map. If you use a different one, then an EFI partition of 512M a swap partition with a size equal to your RAM. a btrfs partition containing the rest of the space. == Encryption Encrypt the btrfs parition with # cryptsetup luksFormat /dev/sda3 # cryptsetup config --label="btrfs" /dev/sda3 and enter the encryption passkey. I reccomend making it a full sentence for security. Encrypt the swap partition. Use the same password as last time. # cryptsetup luksFormat /dev/sda2 # cryptsetup config --label="swap" /dev/sda2 now open the newly encrypted partitions # cryptsetup open /dev/sda2 swap # cryptsetup open /dev/sda3 btrfs == Filesystem creation format the EFI poartion with FAT32 and give it the label EFI (label can be something else.) # mkfs.vfat -F32 -n EFI /dev/sda1 format the swap partiton as swap # mkswap /dev/mapper/swap format the root partition with btrfs and give the label root (label can be something else.) # mkfs.btrfs -L btrfs /dev/mapper/btrfs == Creating and mounting subvolumes .... # mount /dev/mapper/btrfs /mnt # btrfs subvolume create /mnt/root # btrfs subvolume create /mnt/home # umount /mnt .... mount subvols and EFI partition .... # mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=root /dev/mapper/btrfs /mnt # mkdir /mnt/home # mount -o noatime,nodiratime,compress=zstd,ssd,discard,subvol=home /dev/mapper/btrfs /mnt/home # mkdir /mnt/boot # mount /dev/sda1 /mnt/boot # swapon /dev/mapper/swap .... == installing base system, generating *stab install arch (ajust this to suit your needs), change intel-ucode if using an AMD processor. # pacstrap /mnt linux linux-firmware base base-devel btrfs-progs zsh neovim git stow tmux connman wpa_supplicant openvpn fzf htop rsync tig tree xdg-user-dirs units python tree openssh w3m curl intel-ucode generate an fstab # genfstab -U /mnt > /mnt/etc/fstab make /mnt/etc/crypttab.initramfs containing: .... #our swap device swap LABEL=swap #our main device btrfs LABEL=btrfs .... == system config chroot into the new system # arch-chroot /mnt/ set time zone. # ln -sf /usr/share/zoneinfo/Region/City /etc/localtime run hwclock # hwclock --systohc uncomment needed locales in /etc/locale.gen (you always need to at least uncomment en_US.UTF-8 UTF-8.) gen locales # locale-gen set LANG variable # echo 'LANG=en_US.UTF-8' > /etc/locale.conf create the hostname file # echo '[myhostname]' > /etc/hostname and add maching entries to /etc/hosts, like so (if static ip, use that. if dynamic, use 127) .... 127.0.0.1 localhost ::1 localhost 127.0.1.1 myhostname.localdomain myhostname .... == installing the boot loader edit /etc/mkinitcpio.conf so the HOOKS line looks like this: .... HOOKS=(base systemd udev autodetect modconf block sd-encrypt btrfs resume filesystems keyboard fsck) .... and regen the initramfs # mkinitcpio -p linux install systemd-boot # bootctl install create /boot/loader/entries/arch.conf containing: .... title Arch Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options root=/dev/mapper/btrfs rootflags=subvol=/root resume=/dev/mapper/swap .... edit /boot/loader/loader.conf and add: .... default arch.conf timeout 2 console-mode max editor no .... == system config set root password # passwd exit and shutdown the system # exit # shutdown now remove the install media, and boot back up. make sure everythign boots. from now on, configure the system as normal. == configuring userspace add a non-root user # useradd -m -G wheel -s /bin/sh your_username # passwd your_username symlink neovim to vi # ln -s /usr/bin/nvim /usr/bin/vi configure sudo # visudo uncomment the line that reads %wheel ALL=(ALL) ALL enable multilib: uncomment the following lines in /ec/pacman.conf .... [multilib] Include = /etc/pacman.d/mirrorlist .... Congrats! you now have a barebones, but functional, encrypted arch install!