Arch Linux on a Laptop

My opinionated notes for installing Arch Linux, UEFI, LUKS, on a laptop.

Download Arch Linux ISO and write it to USB media.

dd if=archlinux-2030.01.01-x86_64.iso of=/dev/sdX bs=16M

Load keymap, verify Internet connection, enable NTP.

loadkeys dvorak
wifi-menu
timedatectl set-ntp true

Partitioning, Full Disk Encryption, creating file systems.

Create GPT partitions for UEFI and LVM on LUKS:

gdisk /dev/sda
Command (? for help): o
This option deletes all partitions and creates a new protective MBR.
Proceed? (Y/N): Y 

Command (? for help): n
Partition number (1-128, default 1): 128
First sector (34-30031838, default = 2048) or {+-}size{KMGTP}: 
Last sector (2048-30031838, default = 30031838) or {+-}size{KMGTP}: +512M
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): EF00
Changed type of partition to 'EFI System'

Command (? for help): n
Partition number (1-128, default 1): 
First sector (34-30031838, default = 1026048) or {+-}size{KMGTP}: 
Last sector (1026048-30031838, default = 30031838) or {+-}size{KMGTP}: 
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): 8309
Changed type of partition to 'Linux LUKS'

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed? (Y/N): Y
OK; writing new GUID partition table (GPT) to /dev/sda.
The operation has completed successfully.

Format partition with LUKS protected by a passphrase, and open it:

cryptsetup luksFormat /dev/sda1

WARNING!
========
This will overwrite data on /dev/sda1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda1: 
Verify passphrase: 

cryptsetup open /dev/sda1 luks

Create the LVM volumes, file systems, and mount them.

The LUKS volume is mapped at /dev/mapper/luks. We will treat this as if it were any physical drive, but this one has a layer of encryption. Adjust the size for the logical volume swap to the amount of RAM you have, as it will also be used for hibernation.


pvcreate /dev/mapper/luks
vgcreate vg0 /dev/mapper/luks
lvcreate -L 12G vg0 -n swap
lvcreate -l +100%FREE vg0 -n root

mkfs.fat -F32 /dev/sda128
mkfs.ext4 /dev/mapper/vg0-root
mkswap /dev/mapper/vg0-swap

mount /dev/mapper/vg0-root /mnt
mkdir /mnt/boot
mount /dev/sda128 /mnt/boot
swapon /dev/mapper/vg0-swap

Install the base system and some extras we’ll need on first boot.

pacstrap /mnt base base-devel dialog git go reflector wpa_supplicant netctl linux-lts linux-firmware dhcpcd lvm2 ifplugd
genfstab -U /mnt >> /mnt/etc/fstab

Initial configuration, users, and passwords.

chroot into the installed root file system:

arch-chroot /mnt

Set timezone and update the hardware clock:

ln -sf /usr/share/zoneinfo/America/Detroit /etc/localtime
hwclock --systohc

Set hostname and set up locale:

echo 'frozen' >/etc/hostname
echo 'KEYMAP=dvorak' >/etc/vconsole.conf
echo 'LANG=en_US.UTF-8' >/etc/locale.conf
sed -i 's/^#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
locale-gen

Change the root password and create a user:

passwd
useradd -m -G wheel -s /bin/bash <yourname>
passwd <yourname>

Edit /etc/sudoers and uncomment the line allowing members of group wheel to execute any command.

Configure initramfs and install a bootloader.

Edit /etc/mkinitcpio.conf and add ext4 to MODULES. Then add the following to HOOKS:

HOOKS="... block keymap encrypt lvm2 resume filesystems ..."

Now run mkinitcpio:

mkinitcpio -P

And install a bootloader:

bootctl --path=/boot install

Configure systemd-boot.

Create /boot/loader/entries/archlinux.conf:

cat >/boot/loader/entries/archlinux.conf <<EOF
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=$(lsblk -ndo UUID /dev/sda1):lvm:allow-discards resume=/dev/mapper/vg0-swap root=/dev/mapper/vg0-root rw quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_priority=3
EOF

Modify /boot/loader/loader.conf:

cat >/boot/loader/loader.conf <<EOF
timeout 0
default archlinux
editor 0
EOF

Preparing to reboot into the installed system.

Run Reflector:

reflector -p http -c us -l 20 -f 5 --save /etc/pacman.d/mirrorlist

Exit the chroot, unmount, and reboot:

exit
umount -R /mnt
reboot

Good luck!