commit 015ad88c33b253be53f4d4a0097594e93703482b Author: Franco Colmenarez Date: Fri Sep 24 21:27:25 2021 -0500 First commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..cecdb8a --- /dev/null +++ b/README.md @@ -0,0 +1,254 @@ +# Artix Linux with Full Disk Encryption installation guide +This is a cheatsheet I made for myself to use it everytime I want to install Arch/Artix, or maybe even other distros like Gentoo or Slackware, the steps are very similar. You can PR suggestions or fixes if you want! + +## 0. Backup your data +Every time you are going to mess around with partitions and hard drives, SSD's, etc. Always make sure to make a backup and test that backup to make sure that you are not losing your important data. + +## 1. Make sure that you have an internet connection +If you want to avoid issues just plug in an ethernet cable and 99% times Internet will just work. +If for some reason you need to use Wi-fi, for Arch, you can type this command to connect to your wifi: +``` +# wifi-menu +``` +but for Artix it's a little bit more tricky. You have to: +``` +# connmanctl enable wifi +# connmanctl scan wifi +# connmanctl services +# connmanctl connect [enter the code starting in "wifi_" that is assigned to the desired ssid here] +``` +And then you can `ping` a website to make sure that you have an Internet connection. +``` +# ping francoacg.com +``` + +## 2. Switch to the root user +If you are not `root` already, switch to the root user: +``` +$ su - +``` +On Artix, it will prompt for a password, which is `artix` + +## 3. Check wether you are using UEFI or not +This will change just a couple of steps later +``` +# ls /sys/firmware/efi/efivars +``` +If you see a bunch of stuff comming out, you are using UEFI. If you see something like "No such file or directory", you are using BIOS. +Keep that in mind for the next steps. + +## 4. Identify your drive +Run +``` +# fdisk -l +``` +to list your devices. The one with the most capacity is likely the one where you want to install your OS. If you have a SATA drive, it will probably be `/dev/sda` or `/dev/sdb`. If you have an nVME drive, it will probably be `/dev/nvme0n1`. Be careful with this to make sure that you are going to use the right drive. + +## 5. Drive format and partitioning +WARNING: If you want to dualboot (probably with Windows), you have to skip this step and do other steps instead, but we will not cover that in this guide for now. +Again, make sure to chose the right drive. In my case, I will be using `/dev/vda` because I'm testing this on a virtual machine, but in your case it will probably be `/dev/sda` or `/dev/nvme0n1`. +NOTE: If you don't have UEFI, just skip the EFI partitions steps + +Start formatting the drive +``` +# fdisk /dev/vda +``` +Create a GPT partition. This is required if you have UEFI. On BIOS it doesn't really matter +``` +Command (m for help): g +``` +512M EFI partition +``` +Command (m for help): n +Partition number (1-128, default 1): +First sector (...): +Last sector (...): +512M +Command (...): t +Partition type or alias (type L to list all): 1 +``` +512M BOOT partition +``` +Command (m for help): n +Partition number (2-128, default 2): +First sector (...): +Last sector (...): +512M +``` +LVM partition +``` +Command (m for help): n +Partition number (3-128, default 3): +First sector (...): +Last sector (...): +Command (...): t +Partition number (1-3, default 3): +Partition type or alias (type L to list all): 30 +``` +Write changes +``` +Command (...): w +``` +Format the EFI partition +``` +# mkfs.fat -F32 /dev/vda1 +``` +Format the BOOT partition +``` +# mkfs.ext4 /dev/vda2 +``` + +## 6. Setup encryption +Create the encrypted partition with a passphrase, then the LVM volume and partitions +``` +# cryptsetup luksFormat /dev/vda3 +# cryptsetup open --type luks /dev/vda3 lvm +# pvcreate --dataalignment 1m /dev/mapper/lvm +# vgcreate volgr0 /dev/mapper/lvm +# lvcreate -l 100%free volgr0 -n lv_root +# modprobe dm_mod +# vgscan +# vgchange -ay +# mkfs.ext4 /dev/volgr0/lv_root +# mount /dev/volgr0/lv_root /mnt +# mkdir /mnt/boot +# mount /dev/vda2 /mnt/boot +``` +Generate the fstab with UUID +Note: in Artix its `fstabgen` and in Arch its `genfstab` +``` +# mkdir /mnt/etc +# fstabgen -U -p /mnt >> /mnt/etc/fstab +``` + +## 7. Actually installing the system +Note: `pacstrap` for Arch and `basestrap` for Artix +Note: Replace `` by your init system of choice or don't put any if you are on Arch (Systemd) +Note: Don't put `linux-firmware` if you don't want proprietary drivers +We can install all we need at once: +``` +basestrap /mnt base base-devel linux linux-firmware elogind- cryptsetup networkmanager networkmanager- wpa_supplicant wireless_tools lvm2 sudo grub efibootmgr dosfstools os-prober mtools vim +``` +Chroot to the installation. `arch-chroot` for Arch and `artix-chroot` for Artix +``` +# artix-chroot /mnt +``` +Enable networkmanager +OpenRC: +``` +# rc-update add NetworkManager +``` +Runit: +``` +# ln -s /etc/runit/sv/NetworkManager /etc/runit/runsvdir/default +``` + +Enable disk decryption at startup +``` +/etc/mkinitcpio.conf + +HOOKS=(base udev ... block encrypt lvm2 ...) +``` +Apply changes +``` +# mkinitcpo -P +``` +Setup your server of preference. Just copy it at top like so +``` +vim /etc/pacman.d/mirrorlist + +Server = https://us-mirror.artixlinux.org/$repo/os/$arch +``` +Setup the timezone +``` +ln -sf /usr/share/zoneinfo/Your/Timezone /etc/localtime +``` +Sync your hardware clock +``` +hwclock --systohc +``` +Configure your locale by uncommenting the lines that you want +``` +/etc/locale.gen + +en_US.UTF-8 UTF-8 +en_US.ISO-8859-1 +``` +Generate the locale +``` +# locale-gen +``` +Put your locale at this file like so +``` +/etc/locale.conf + +LANG=en_US.UTF-8 +``` +Setup hostname +``` +/etc/hostname + +your-hostname +``` +Setup hosts +``` +/etc/hosts + +127.0.0.1 localhost +::1 localhost +127.0.1.1 your-hostname.localdomain your-hostname +``` +Set the root password +``` +# passwd +``` +Create your user +``` +# useradd -m -g users -G wheel +``` +Set the password for the created user +``` +# passwd +``` +Give sudo privileges to the user by spawning `visudo` and uncomment the line +``` +# EDITOR=vim visudo + +%wheel ALL=(ALL) ALL +``` +Install GRUB +With UEFI +``` +# mkdir /boot/EFI +# mount /dev/vda1 /boot/EFI +# grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck +``` +With BIOS +``` +# grub-install --target=i386-pc --recheck /dev/vda +``` +Set the locale for GRUB +``` +# mkdir /boot/grub/locale +# cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo +``` +Enable encryption for GRUB by uncommenting `GRUB_ENABLE_CRYPTODISK=y` and adding `cryptdevice=UUID=:volgr0:allow-discards` to the kernel parameters +Get partition UUID: +``` +# blkid /dev/vda3 +``` +``` +/etc/default/grub + +GRUB_CMDLINE_LINUX="cryptdevice=UUID=:cryptlvm root=/dev/volgr0/lv_root" +GRUB_ENABLE_CRYPTODISK=y +``` +Save the config +``` +# grub-mkconfig -o /boot/grub/grub.cfg +``` +Now you can finally reboot! + +## 8. Post installation +- Display manager: `lightdm` +- xorg: `pacman -S xorg xorg-server` +- Notification system: `dunst` +- Nice looking disk encryption password prompt: `plymouth`