My workstation setup

- Download install image from https://archlinux.org/download/
- Copy image to a USB drive with https://www.ventoy.net prepared
- Boot the image from the USB drive
- Connect the device to the internet
- Change keyboard layout with
loadkeys de_CH-latin1
By the way, it's possible to connect from another computer to the live environment (livecd) via SSH.
Enable ssh service via
systemctl start sshd.service
Reset root password with
passwd
Find the ip address with
ip addr show
Connect from another computer with
ssh root@[ip-address]
Update system clock with
timedatectl set-ntp true
Find installed block devices with
fdisk -l
If there is a EFI partition with at least 200 MiB it can be used for
/boot
otherwise the size should be increased or a separate/boot
partition created.Partition the block device with
fdisk /dev/nvme0n1
toDevice Start End Sectors Size Type /dev/nvme0n1p1 2048 1671167 1669120 815M EFI System /dev/nvme0n1p2 1671168 4000797326 3999126159 1.9T Linux filesystem
Encrypt system partition with
cryptsetup luksFormat /dev/nvme0n1p2
WARNING! ======== This will overwrite data on /dev/nvme0n1p2 irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/nvme0n1p2: Verify passphrase: cryptsetup luksFormat /dev/nvme0n1p2 18.01s user 0.77s system 53% cpu 35.251 total
Mount encrypted partition to
cryptlvm
withcryptsetup open /dev/nvme0n1p2 cryptlvm
Create a physical volume on top of the LUKS container with
pvcreate /dev/mapper/cryptlvm
Create a volume group with the previously create physical volume with
vgcreate systemcryptlvm /dev/mapper/cryptlvm
Create logical volumes on the volume group:
lvcreate -L 8G systemcryptlvm -n swap lvcreate -L 500G systemcryptlvm -n root lvcreate -l 100%FREE systemcryptlvm -n home
Format filesystem on each logical volume:
mkfs.btrfs /dev/systemcryptlvm/root mkfs.btrfs /dev/systemcryptlvm/home mkswap /dev/systemcryptlvm/swap
Mount filesystems:
mount /dev/systemcryptlvm/root /mnt mkdir /mnt/home mount /dev/systemcryptlvm/home /mnt/home swapon /dev/systemcryptlvm/swap
Mount boot partition (https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#Preparing_the_boot_partition_2):
mkdir /mnt/boot mount /dev/nvme0n1p1 /mnt/boot
Install base system with
pacstrap /mnt base linux linux-firmware
Generate an fstab file
genfstab -U /mnt >> /mnt/etc/fstab
Install
lvm2
,vim
andbtrfs-progs
withpacman -S lvm2 vim btrfs-progs
Update hooks in
mkinitcpio.conf
toHOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)
Set time zone ln -sf /usr/share/zoneinfo/Europe/Zurich /etc/localtime
Set hardware clock with
hwclock --systohc
Uncomment locale
en_US.UTF-8 UTF-8
undde_CH.UTF-8 UTF-8
in/etc/locale.gen
Generate locales with
locale-gen
Set locale in
/etc/locale.conf
toLANG=en_US.UTF-8
Set keymap in
/etc/vconsole.conf
toKEYMAP=sg FONT=eurlatgr
- All locales with
localectl list-keymaps
- All fonts with
ls -l /usr/share/kbd/consolefonts/ | grep -i ".psfu.gz"
- All locales with
Set x11 keymap with
localectl --no-convert set-x11-keymap ch
Set hostename in
/etc/hostname
Create new
initramfs
withmkinitcpio -P
Set root password with
passwd
Boot manager
- Install
grub
andefibootmgr
packages withpacman -S grub efibootmgr
- Install bootloader with
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
- Add
GRUB_DISABLE_OS_PROBER=false
at the end of/etc/default/grub
to preventWarning: os-prober will not be executed to detect other bootable partition
otherwise install packageos-prober
. - Get UUID of cryptdevice with
blkid | grep crypto
- Change
GRUB_CMDLINE_LINUX="cryptdevice=UUID=[UUID]:cryptlvm root=/dev/systemcryptlvm/root
" - Generate GRUB configuration
grub-mkconfig -o /boot/grub/grub.cfg
DHCP client setup
- Install
dhcpcd
viapacman -S dhcpcd
. - Enable service with `systemctl enable dhcpcd
Reboot to system
- Logout CTRL + D
- Unmount
umount -R /mnt
- Restart
reboot
Microcode
- Add microcode package with
pacman -S intel-ucode
- Regenerate GRUB configuration
grub-mkconfig -o /boot/grub/grub.cfg
User management
- Add a user
useradd -m robin
- Set password
passwd robin
- Add sudo package
pacman -S sudo
- Edit sudoers file with
EDITOR=vim visudo
- Uncomment that members of group
sudo
can execute any command - Add group sudo with
groupadd sudo
- Add user to group sudo
gpasswd -a robin sudo
Graphical User Interface
- Install Gnome with
pacman -S gnome
- Enable
gdm
withsystemctl enable gdm
- Important settings:
- Fast cursor speed
- Tab to click for touch pad
- Automatic login
Networking
- Add network manager package
pacman -S networkmanager
- Enable network manager
systemctl enable NetworkManager.service
AUR helper
- Install build tools
pacman -S --needed base-devel git
- Clone paru
git clone https://aur.archlinux.org/paru.git
- Build paru
cd paru && makepkg -si
Tools
- Install Firefox (Browser)
paru -S firefox
- Install Visual Studio Code (Editor)
paru -S visual-studio-code-bin
- Install KeepassXC (Password manager)
paru -S keepassxc