Major rewrite: switching back to Arch from NixOS

2025-06-29 12:10:42 +00:00 · 2024-10-02 14:37:28 +02:00 · 2024-10-02 14:37:28 +02:00 · 254181c0fc
commit 254181c0fc
parent df585b737b
121 changed files with 5433 additions and 2371 deletions
--- a/guides/01_INSTALLATION.md
+++ b/guides/01_INSTALLATION.md
@ -0,0 +1,367 @@
+# Installation
+
+This installation guide will walk you through the process of setting up Arch
+Linux, getting you from live cd to a working OS.
+
+This guide is written primarily as a reference for myself, but it can certainly
+be a useful resource for you too, if you want to achieve a similar setup.
+
+This guide includes steps for full disk encryption, and sets up the system with
+some basic tools and my zsh configuration.
+
+## Partitioning
+
+First thing we will need to do is set up partitions. To do so, I recommend using
+`fdisk`. Assuming you have a single-disk system, you will want to create 3
+partitions:
+
+- EFI (1 GB)
+- Swap (same size as your RAM, or more)
+- Data (rest)
+
+The swap partition is optional, however I do recommend creating it (instead of
+using a swap file), as it will allow you to hibernate your machine.
+
+> [!NOTE]
+> Don't forget to also set the type for these partitions (`t` command in `fdisk`).
+>
+> - EFI partition type: EFI System (1)
+> - Swap partition type: Linux swap (19)
+> - Data partition type: Linux filesystem (20)
+
+### File-Systems
+
+Now we'll to create file systems on these partitions, and give them disk labels:
+
+```bash
+mkfs.fat -F 32 /dev/sdX1
+fatlabel /dev/sdX1 EFI
+
+mkswap -L SWAP /dev/diskX2
+
+cryptsetup luksFormat /dev/sdX3 --label CRYPTFS
+cryptsetup open /dev/disk/by-label/CRYPTFS crypfs
+mkfs.btrfs -L FS /dev/mapper/cryptfs
+```
+
+> [!NOTE]
+> For the LUKS encrypted partitions, I'd heavily recommend that you back up the
+> LUKS headers in case of a partial drive failure, so that you're still able to
+> recover your remaining data. To do this, you can use the following command:
+>
+> ```bash
+> cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img
+> ```
+
+### BTRFS Subvolumes
+
+Now we will split our btrfs partition into the following subvolumes:
+
+- root: The subvolume for `/`.
+- data: The subvolume for `/data`, containing my personal files, which should be
+  and backed up.
+- snapshots: A subvolume that will be used to store snapshots (backups) of the
+  other subvolumes
+
+```bash
+mount /dev/mapper/cryptfs /mnt
+btrfs subvolume create /mnt/root
+btrfs subvolume create /mnt/data
+btrfs subvolume create /mnt/snapshots
+umount /mnt
+```
+
+### Mount the partitions and subvolumes
+
+<!-- markdownlint-disable MD028 -->
+
+> [!NOTE]
+> Even though we're specifying the `compress` flag in the mount options of each
+> btrfs subvolume, somewhat misleadingly, you can't actually use different
+> compression levels for different subvolumes. Btrfs will share the same
+> compression level across the whole partition, so it's pointless to attempt to
+> set different values here.
+
+> [!NOTE]
+> You may have seen others use btrfs options such as `ssd`, `discard=async` and
+> `space_cache=v2`. These are all default (with the `ssd` being auto-detected),
+> so specifying them is pointless now.
+
+<!-- markdownlint-enable MD028 -->
+
+```bash
+mount -o subvol=root,compress=zstd:3,noatime /dev/mapper/cryptfs /mnt
+mount --mkdir -o subvol=home,compress=zstd:3,noatime /dev/mapper/cryptfs /mnt/data
+mount --mkdir -o subvol=snapshots,compress=zstd:3,noatime /dev/mapper/cryptfs /mnt/snapshots
+mount --mkdir -o compress=zstd:3,noatime /dev/mapper/cryptfs /mnt/.btrfs
+
+mount --mkdir /dev/disk/by-label/EFI /mnt/efi
+mkdir /mnt/efi/arch
+mount --mkdir --bind /mnt/efi/arch /mnt/boot
+
+swapon /dev/disk/by-label/SWAP
+```
+
+## Base installation
+
+```bash
+reflector --save /etc/pacman.d/mirrorlist --latest 10 --protocol https --sort rate
+pacstrap -K /mnt base linux linux-firmware linux-headers amd-ucode # or intel-ucode
+genfstab -U /mnt >> /mnt/etc/fstab
+arch-chroot /mnt
+```
+
+Configure essentials
+
+```bash
+pacman -S git btrfs-progs neovim
+ln -sf /usr/share/zoneinfo/CET /etc/localtime
+hwclock --systohc
+sed -i 's/^#en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen
+echo "LANG=en_US.UTF-8" > /etc/locale.conf
+locale-gen
+echo "pc" > /etc/hostname
+passwd
+```
+
+## Basic configuration
+
+Clone my dotfiles and run the install script
+
+```bash
+git clone --recursive https://github.com/ItsDrike/dotfiles ~/dots
+cd ~/dots
+./install_root.sh
+```
+
+Exit and reenter chroot, this time into zsh shell
+
+```bash
+exit
+arch-chroot /mnt zsh
+```
+
+Create non-privileged user
+
+```bash
+useradd itsdrike
+usermod -aG wheel itsdrike
+install -o itsdrike -g itsdrike -d /home/itsdrike
+passwd itsdrike
+chsh -s /usr/bin/zsh itsdrike
+su -l itsdrike # press q or esc in the default zsh options
+```
+
+Setup user account
+
+```bash
+git clone --recursive https://github.com/ItsDrike/dotfiles ~/dots
+cd ~/dots
+./install_user.sh
+```
+
+Exit (logout) the user and relogin, this time into configured zsh shell
+
+```bash
+exit
+su -l itsdrike
+```
+
+Install LazyVim
+
+```bash
+git clone https://github.com/ItsDrike/lazyvim ~/.config/nvim
+```
+
+## Fstab adjustments
+
+Finally, we'll want to make some slight modifications to `/etc/fstab` file, so
+that we're using labels instead of UUIDs to mount our devices and also fix the
+permissions for the EFI mount-point (the fmask & dmask options), as by default,
+they're way too permissive. This is how I like to structure my fstab:
+
+<!-- markdownlint-disable MD013 -->
+
+```text
+# Static information about the filesystems.
+# See fstab(5) for details.
+#
+# <file system> <dir> <type> <options> <dump> <pass>
+
+# region: Physical partitions
+
+# /dev/nvme1n1p1 LABEL=EFI UUID=A34B-A020
+/dev/disk/by-label/EFI     /efi       vfat       rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2
+
+# /dev/nvme1n1p2 LABEL=SWAP UUID=d262a2e5-a1a3-42b1-ac83-18639f5e8f3d
+/dev/disk/by-label/SWAP    none       swap       defaults                                                                                                0 0
+
+# endregion
+# region: BTRFS Subvolumes
+
+# /dev/mapper/cryptfs LABEL=FS UUID=bffc7a62-0c7e-4aa9-b10e-fd68bac477e0
+/dev/mapper/cryptfs /            btrfs      rw,noatime,compress=zstd:1,subvol=/root         0 1
+/dev/mapper/cryptfs /data        btrfs      rw,noatime,compress=zstd:1,subvol=/data         0 2
+/dev/mapper/cryptfs /snapshots   btrfs      rw,noatime,compress=zstd:1,subvol=/snapshots    0 2
+/dev/mapper/cryptfs /.btrfs      btrfs      rw,noatime,compress=zstd:1                      0 2
+
+# endregion
+# region: Bind mounts
+
+# Write kernel images to /efi/arch, not directly to efi system partition (esp), to avoid conflicts when dual booting
+/efi/arch      /boot      none       rw,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro,bind  0 0
+
+# endregion
+```
+
+<!-- markdownlint-enable MD013 -->
+
+## Ask for LUKS password from initramfs
+
+Ask for encryption password of the root partition in early userspace (only
+relevant if you're using LUKS encryption), you'll also need to set cryptdevice
+kernel parameter, specifying the device that should be unlocked here, and the
+device mapping name. (shown later)
+
+```bash
+# Find the line with HOOKS=(...)
+# Add `keyboard keymap` after `autodetect` (if these hooks are already there,
+# just keep them, but make sure they're after `autodetect`).
+# Lastly add `encrypt` before `filesystems`.
+nvim /etc/mkinitcpio.conf
+```
+
+This will configure `mkinitcpio` to build support for the keyboard input, and
+for decrypting LUKS devices from within the initial ramdisk environment.
+
+If you wish, you can also follow the instructions below to auto-enable numlock:
+
+```bash
+sudo -u itsdrike paru -S mkinitcpio-numlock
+# Go to HOOKS and add `numlock` after `keyboard` in:
+nvim /etc/mkinitcpio.conf
+```
+
+Now regenerate the initial ramdisk environment image:
+
+```bash
+mkinitcpio -P
+```
+
+## Configure systemd-boot bootloader
+
+> [!NOTE]
+> If you wish to use another boot loader (like GRUB), just follow the Arch Wiki.
+> This guide will only cover systemd-boot
+
+### Make sure you're using UEFI
+
+As a first step, you will want to confirm that you really are on a UEFI system.
+If you're using any recent hardware, this is very likely the case. Nevertheless,
+let's check and make sure:
+
+```bash
+bootctl status
+```
+
+Make sure the `Firmware` is reported as `UEFI`.
+
+If you're still using BIOS instead of UEFI, you should check the wiki for
+instructions on how to set up systemd-boot or choose a different boot manager,
+that is more suited for BIOS firmware.
+
+### Install systemd-boot
+
+Install systemd-boot to the EFI system partition (ESP)
+
+```bash
+bootctl --esp-path=/efi install
+# This might report a warning about permissions for the /efi mount point,
+# these were addressed in the fstab file above (changed fmask and dmask),
+# if you copied those to your fstab, the permissions will be fixed after reboot
+```
+
+Add boot menu entries
+(Note that we're using LABEL= for cryptdevice, for which `udev` must be before
+the `encrypt` hook in mkinitcpio `HOOKS`. This should however be the case by default.
+If you wish, you can also use UUID= or just /dev/XYZ here)
+
+Create a new file - `/efi/loader/entries/arch.conf`, with:
+
+```bash
+title Arch Linux
+sort-key 0
+linux /arch/vmlinuz-linux
+initrd /arch/amd-ucode.img
+initrd /arch/initramfs-linux.img
+options cryptdevice=LABEL=CRYPTFS:cryptfs:allow-discards
+options root=/dev/mapper/cryptfs rootflags=subvol=/root
+options rw loglevel=3
+```
+
+And finally configure loader - `/efi/loader/loader.conf` (overwrite the contents):
+
+```bash
+default arch-hyprland.conf
+timeout 4
+console-mode auto
+editor yes
+auto-firmware yes
+beep no
+```
+
+## Reboot
+
+Take a deep breath.
+
+```bash
+exit  # go back to live iso (exit chroot)
+reboot
+```
+
+## Post-setup
+
+Log in as an unpriviledged user, and:
+
+Enable Network Time Protocol (time synchronization)
+
+```bash
+sudo timedatectl set-ntp true
+timedatectl status
+```
+
+Connect to a wifi network
+
+```bash
+nmtui
+```
+
+## Graphical User Interface
+
+Finally, you can run the `install_gui.sh` script in my dotfiles, to get all of
+the packages necessary for a proper graphical experience with Hyprland WM and a
+bunch of applications/toolings that I like to use.
+
+This final script is definitely the most opinionated one and you might want to
+make adjustments to it, depending on your preferences.
+
+## We're done
+
+If you got this far, good job! You should now be left with a fully functional
+Arch Linux system, ready for daily use.
+
+That said, you might find some of the other guides helpful if you wish to tinker
+some more:
+
+- If you have more encrypted partitions than just root, you should check out:
+  [automounting other encrypted
+  partitions](./02_AUTOMOUNTING_ENCRYPTED_PARTITIONS.md).
+- You may be also interested in [setting up secure boot](./04_SECURE_BOOT.md).
+- Having your encrypted root partition unlock automatically without compromising
+  on safety through [tpm unlocking](./06_TPM_UNLOCKING.md).
+- The [theming guide](./99_THEMING.md), explaining how to configure qt, gtk,
+  cursor and fonts correctly.
+- Setting up a display manager (DM) with optional automatic login: [greetd
+  guide](./99_GREETD.md)
+- On laptops, you should check the [battery optimizations
+  guide](./99_BATTERY_OPTIMIZATIONS.md)