mirror of
https://github.com/ItsDrike/dotfiles.git
synced 2024-12-25 12:44:35 +00:00
Update installation guide
This commit is contained in:
parent
9538d5c1b1
commit
770e9f46c1
|
@ -15,9 +15,12 @@ Create partitions for the drives
|
|||
|
||||
```bash
|
||||
fdisk /dev/nvme0n1
|
||||
# Create new GPT table and make 5 partitions
|
||||
# Create new GPT table and make 3 partitions
|
||||
# first for boot (1G), second for swap (16G),
|
||||
# third for root (256G), fifth for data (rest ~680G)
|
||||
# third for btrfs (root + /home + data) (rest of the space)
|
||||
|
||||
fdisk /dev/nvme0n2
|
||||
# Create a single partition for btrfs data
|
||||
```
|
||||
|
||||
Format partitions that shouldn't be encrypted
|
||||
|
@ -31,39 +34,69 @@ mkswap -L SWAP /dev/nvme0n1p2
|
|||
Format drives using LUKS for encryption and open them to mapper devices
|
||||
|
||||
```bash
|
||||
cryptsetup luksFormat --type luks2 --label LINUXROOT /dev/nvme0n1p3
|
||||
cryptsetup luksFormat --type luks2 --label DATA /dev/nvme0n1p4
|
||||
cryptsetup luksFormat --type luks2 --label ARCH_LUKS /dev/nvme0n1p3
|
||||
cryptsetup luksFormat --type luks2 --label DATA /dev/nvme0n2p1
|
||||
|
||||
cryptsetup luksOpen /dev/disk/by-label/LINUXROOT cryptroot
|
||||
cryptsetup luksOpen /dev/disk/by-label/ARCH_LUKS cryptroot
|
||||
cryptsetup luksOpen /dev/disk/by-label/DATA cryptdata
|
||||
```
|
||||
|
||||
Create BTRFS filesystem on the encrypted drives
|
||||
|
||||
```bash
|
||||
mkfs.btrfs -f -L CRYPTROOT /dev/mapper/cryptroot
|
||||
mkfs.btrfs -f -L ARCH /dev/mapper/cryptroot
|
||||
mkfs.btrfs -f -L DATA /dev/mapper/cryptdata
|
||||
```
|
||||
|
||||
Mount the drives
|
||||
Mount btrfs and create subvolumes
|
||||
|
||||
```bash
|
||||
mount /dev/mapper/cryptroot /mnt
|
||||
mount /dev/disk/by-label/BOOT /mnt/efi --mkdir
|
||||
mkdir /mnt/efi/arch-1
|
||||
mount --bind /mnt/efi/arch-1 /mnt/boot --mkdir
|
||||
mount /dev/mapper/cryptdata /mnt/mnt/data --mkdir
|
||||
swapon /dev/disk/by-label/SWAP
|
||||
# Cryptroot
|
||||
# - We set `noatime` to disable updating of the file access time
|
||||
# every time a file is read. This is done for performance improvements,
|
||||
# especially on SSDs, and we don't really need to know this information
|
||||
# anyway.
|
||||
# - We set `compress=zstd:1` to enable level 1 zstd compression (lowest),
|
||||
# which still provides quite fast read/write speeds, while saving some space.
|
||||
mount -o noatime,compress=zstd:1 /dev/mapper/cryptroot /mnt
|
||||
btrfs subvolume create /mnt/@ # / (root)
|
||||
btrfs subvolume create /mnt/@home # /home
|
||||
btrfs subvolume create /mnt/@log # /var/log
|
||||
btrfs subvolume create /mnt/@cache # /var/cache
|
||||
btrfs subvolume create /mnt/@tmp # /tmp
|
||||
btrfs subvolume create /mnt/@data # /data
|
||||
btrfs subvolume create /mnt/@snapshots
|
||||
umount /mnt
|
||||
|
||||
# cryptdata
|
||||
# - We use same options for mounting the root btrfs drive as
|
||||
# we did for cryptroot here, however we will use a bigger compression
|
||||
# rate for the individual subvolumes when mounting them.
|
||||
mount -o noatime,compress=zstd:1 /dev/mapper/cryptdata /mnt
|
||||
btrfs subvolume create /mnt/@data # /data2
|
||||
btrfs subvolume create /mnt/@backups # /backups
|
||||
btrfs subvolume create /mnt/@snapshots
|
||||
umount /mnt
|
||||
```
|
||||
|
||||
Create BTRFS subvolumes
|
||||
Mount the subvolumes and drives
|
||||
|
||||
```bash
|
||||
btrfs subvolume create /mnt/home
|
||||
btrfs subvolume create /mnt/var
|
||||
btrfs subvolume create /mnt/var/log
|
||||
btrfs subvolume create /mnt/var/cache
|
||||
btrfs subvolume create /mnt/var/tmp
|
||||
# cryptroot btrfs subvolumes
|
||||
mount -o defaults,noatime,compress=zstd:1,subvol=@ /dev/mapper/cryptroot /mnt
|
||||
mount -o defaults,noatime,compress=zstd:1,subvol=@home /dev/mapper/cryptroot /mnt/home --mkdir
|
||||
mount -o defaults,noatime,compress=zstd:2,subvol=@log /dev/mapper/cryptroot /mnt/var/log --mkdir
|
||||
mount -o defaults,noatime,compress=zstd:3,subvol=@cache /dev/mapper/cryptroot /mnt/var/cache --mkdir
|
||||
mount -o defaults,noatime,compress=no,subvol=@tmp /dev/mapper/cryptroot /mnt/tmp --mkdir
|
||||
mount -o defaults,noatime,compress=zstd:5,subvol=@data /dev/mapper/cryptroot /mnt/data --mkdir
|
||||
# cryptdata btrfs subvolumes
|
||||
mount -o defaults,noatime,compress=zstd:5,subvol=@data /dev/mapper/cryptdata /mnt/data2 --mkdir
|
||||
mount -o defaults,noatime,compress=zstd:10,subvol=@backups /dev/mapper/cryptdata /mnt/backups --mkdir
|
||||
# physical partitions
|
||||
mount /dev/disk/by-label/EFI /mnt/efi --mkdir
|
||||
mkdir /mnt/efi/arch-1
|
||||
mount --bind /mnt/efi/arch-1 /mnt/boot --mkdir
|
||||
swapon /dev/disk/by-label/SWAP
|
||||
```
|
||||
|
||||
## Base installation
|
||||
|
@ -72,13 +105,16 @@ btrfs subvolume create /mnt/var/tmp
|
|||
reflector --save /etc/pacman.d/mirrorlist --latest 10 --protocol https --sort rate
|
||||
pacstrap -K /mnt base linux linux-firmware linux-headers amd-ucode # or intel-ucode
|
||||
genfstab -U /mnt >> /mnt/etc/fstab
|
||||
# Note: We'll need to edit fstab later on, to use UUIDs, and to set proper compression levels
|
||||
# as the generated options will just use zstd:1 everywhere, the final fstab is shown late.
|
||||
# during bootloader config
|
||||
arch-chroot /mnt
|
||||
```
|
||||
|
||||
Configure essentials
|
||||
|
||||
```bash
|
||||
pacman -S git btrfs-progs
|
||||
pacman -S git btrfs-progs neovim
|
||||
ln -sf /usr/share/zoneinfo/CET /etc/localtime
|
||||
hwclock --systohc
|
||||
sed -i 's/^#en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen
|
||||
|
@ -227,25 +263,34 @@ interfaces for them, to mount those to a concrete directory, we still use
|
|||
|
||||
# <file system> <dir> <type> <options> <dump> <pass>
|
||||
|
||||
# region: LUKS encrypted devices (opened from /etc/crypttab, or mounted from initramfs)
|
||||
# region: Physical partitions
|
||||
|
||||
/dev/mapper/cryptroot / btrfs rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard 0 1
|
||||
/dev/mapper/cryptdata /mnt/data btrfs rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard 0 2
|
||||
# /dev/nvme0n1p2 LABEL=SWAP UUID=d262a2e5-a1a3-42b1-ac83-18639f5e8f3d
|
||||
/dev/disk/by-label/SWAP none swap defaults 0 0
|
||||
|
||||
# Or, an example with ext4 filesystem
|
||||
#/dev/mapper/cryptdata /mnt/data ext4 rw,relatime,nofail,discard 0 2
|
||||
# /dev/nvme0n1p1 LABEL=EFI UUID=44E8-EB26
|
||||
/dev/disk/by-label/EFI /efi vfat rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
|
||||
|
||||
# endregion
|
||||
# region: Physical devices
|
||||
# region: BTRFS subvolumes on /dev/disk/by-label/ARCH (decrypted from ARCH_LUKS)
|
||||
|
||||
LABEL=BOOT /efi vfat rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2
|
||||
LABEL=SWAP none swap defaults 0 0
|
||||
# /dev/mapper/cryptroot LABEL=ARCH UUID=bffc7a62-0c7e-4aa9-b10e-fd68bac477e0
|
||||
/dev/mapper/cryptroot / btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvol=/@ 0 1
|
||||
/dev/mapper/cryptroot /home btrfs rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvol=/@home 0 1
|
||||
/dev/mapper/cryptroot /var/log btrfs rw,noatime,compress=zstd:2,ssd,space_cache=v2,subvol=/@log 0 1
|
||||
/dev/mapper/cryptroot /var/cache btrfs rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@cache 0 1
|
||||
/dev/mapper/cryptroot /tmp btrfs rw,noatime,compress=no,ssd,space_cache=v2,subvol=/@tmp 0 1
|
||||
/dev/mapper/cryptroot /data btrfs rw,noatime,compress=zstd:5,ssd,space_cache=v2,subvol=/@data 0 2
|
||||
|
||||
# /dev/mapper/cryptdata LABEL=DATA UUID=...
|
||||
/dev/mapper/cryptdata /data2 btrfs rw,noatime,compress=zstd:5,ssd,space_cache=v2,subvol=/@data 0 2
|
||||
/dev/mapper/cryptdata /backups btrfs rw,noatime,compress=zstd:10,ssd,space_cache=v2,subvol=/@backups 0 2
|
||||
|
||||
# endregion
|
||||
# region: Bind mounts
|
||||
|
||||
# Write kernel images to /efi/arch-1, not directly to the efi system partition (esp), to avoid conflicts when dual booting
|
||||
/efi/arch-1 /boot none rw,bind 0 0
|
||||
# Write kernel images to /efi/arch-1, not directly to efi system partition (esp), to avoid conflicts when dual booting
|
||||
/mnt/efi/arch-1 /boot none rw,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro,bind 0 0
|
||||
|
||||
# endregion
|
||||
```
|
||||
|
@ -268,7 +313,7 @@ device mapping name. (shown later)
|
|||
# Add `keyboard keymap` after `autodetect` (if these hooks are already there,
|
||||
# just keep them, but make sure they're after `autodetect`).
|
||||
# Lastly add `encrypt` before `filesystems`.
|
||||
sudo nvim /etc/mkinitcpio.conf
|
||||
nvim /etc/mkinitcpio.conf
|
||||
```
|
||||
|
||||
This will configure `mkinitcpio` to build support for the keyboard input, and
|
||||
|
@ -280,13 +325,13 @@ If you wish, you can also follow the instructions below to auto-enable numlock:
|
|||
```bash
|
||||
sudo -u itsdrike yay -S mkinitcpio-numlock
|
||||
# Go to HOOKS and add `numlock` after `keyboard` in:
|
||||
sudo nvim /etc/mkinitcpio.conf
|
||||
nvim /etc/mkinitcpio.conf
|
||||
```
|
||||
|
||||
Now regenerate the initial ramdisk environment image:
|
||||
|
||||
```bash
|
||||
sudo mkinitcpio -P
|
||||
mkinitcpio -P
|
||||
```
|
||||
|
||||
### Configure systemd-boot
|
||||
|
@ -294,7 +339,10 @@ sudo mkinitcpio -P
|
|||
Install systemd-boot to the EFI system partition (ESP)
|
||||
|
||||
```bash
|
||||
sudo bootctl --esp-path=/efi install
|
||||
bootctl --esp-path=/efi install
|
||||
# This might report a warning about permissions for the /efi mount point,
|
||||
# these were addressed in the fstab file above (changed fmask and dmask),
|
||||
# if you copied those to your fstab, the permissions will be fixed after reboot
|
||||
```
|
||||
|
||||
Add boot menu entries
|
||||
|
@ -310,8 +358,8 @@ sort-key 0
|
|||
linux /arch-1/vmlinuz-linux
|
||||
initrd /arch-1/amd-ucode.img
|
||||
initrd /arch-1/initramfs-linux.img
|
||||
options cryptdevice=LABEL=LINUXROOT:cryptroot:allow-discards
|
||||
options root=/dev/mapper/cryptroot
|
||||
options cryptdevice=LABEL=ARCH_LUKS:cryptroot:allow-discards
|
||||
options root=/dev/mapper/cryptroot rootflags=subvol=/@
|
||||
options rw loglevel=3
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue