Update installation guide

2024-09-19 21:29:41 +00:00 · 2023-12-30 21:13:10 +01:00 · 2023-12-30 21:13:10 +01:00 · 770e9f46c1
parent 9538d5c1b1
commit 770e9f46c1
1 changed files with 84 additions and 36 deletions
--- a/guides/installation.md
+++ b/guides/installation.md
@ -15,9 +15,12 @@ Create partitions for the drives

 ```bash
 fdisk /dev/nvme0n1
-# Create new GPT table and make 5 partitions
+# Create new GPT table and make 3 partitions
 # first for boot (1G), second for swap (16G),
-# third for root (256G), fifth for data (rest ~680G)
+# third for btrfs (root + /home + data) (rest of the space)
+
+fdisk /dev/nvme0n2
+# Create a single partition for btrfs data
 ```

 Format partitions that shouldn't be encrypted
@ -31,39 +34,69 @@ mkswap -L SWAP /dev/nvme0n1p2
 Format drives using LUKS for encryption and open them to mapper devices

 ```bash
-cryptsetup luksFormat --type luks2 --label LINUXROOT /dev/nvme0n1p3
-cryptsetup luksFormat --type luks2 --label DATA /dev/nvme0n1p4
+cryptsetup luksFormat --type luks2 --label ARCH_LUKS /dev/nvme0n1p3
+cryptsetup luksFormat --type luks2 --label DATA /dev/nvme0n2p1

-cryptsetup luksOpen /dev/disk/by-label/LINUXROOT cryptroot
+cryptsetup luksOpen /dev/disk/by-label/ARCH_LUKS cryptroot
 cryptsetup luksOpen /dev/disk/by-label/DATA cryptdata
 ```

 Create BTRFS filesystem on the encrypted drives

 ```bash
-mkfs.btrfs -f -L CRYPTROOT /dev/mapper/cryptroot
+mkfs.btrfs -f -L ARCH /dev/mapper/cryptroot
 mkfs.btrfs -f -L DATA /dev/mapper/cryptdata
 ```

-Mount the drives
+Mount btrfs and create subvolumes

 ```bash
-mount /dev/mapper/cryptroot /mnt
-mount /dev/disk/by-label/BOOT /mnt/efi --mkdir
-mkdir /mnt/efi/arch-1
-mount --bind /mnt/efi/arch-1 /mnt/boot --mkdir
-mount /dev/mapper/cryptdata /mnt/mnt/data --mkdir
-swapon /dev/disk/by-label/SWAP
+# Cryptroot
+# - We set `noatime` to disable updating of the file access time
+#  every time a file is read. This is done for performance improvements,
+#  especially on SSDs, and we don't really need to know this information
+#  anyway.
+# - We set `compress=zstd:1` to enable level 1 zstd compression (lowest),
+# which still provides quite fast read/write speeds, while saving some space.
+mount -o noatime,compress=zstd:1 /dev/mapper/cryptroot /mnt
+btrfs subvolume create /mnt/@       # / (root)
+btrfs subvolume create /mnt/@home   # /home
+btrfs subvolume create /mnt/@log    # /var/log
+btrfs subvolume create /mnt/@cache  # /var/cache
+btrfs subvolume create /mnt/@tmp    # /tmp
+btrfs subvolume create /mnt/@data   # /data
+btrfs subvolume create /mnt/@snapshots
+umount /mnt
+
+# cryptdata
+# - We use same options for mounting the root btrfs drive as
+#  we did for cryptroot here, however we will use a bigger compression
+#  rate for the individual subvolumes when mounting them.
+mount -o noatime,compress=zstd:1 /dev/mapper/cryptdata /mnt
+btrfs subvolume create /mnt/@data     # /data2
+btrfs subvolume create /mnt/@backups  # /backups
+btrfs subvolume create /mnt/@snapshots
+umount /mnt
 ```

-Create BTRFS subvolumes
+Mount the subvolumes and drives

 ```bash
-btrfs subvolume create /mnt/home
-btrfs subvolume create /mnt/var
-btrfs subvolume create /mnt/var/log
-btrfs subvolume create /mnt/var/cache
-btrfs subvolume create /mnt/var/tmp
+# cryptroot btrfs subvolumes
+mount -o defaults,noatime,compress=zstd:1,subvol=@ /dev/mapper/cryptroot /mnt
+mount -o defaults,noatime,compress=zstd:1,subvol=@home /dev/mapper/cryptroot /mnt/home --mkdir
+mount -o defaults,noatime,compress=zstd:2,subvol=@log /dev/mapper/cryptroot /mnt/var/log --mkdir
+mount -o defaults,noatime,compress=zstd:3,subvol=@cache /dev/mapper/cryptroot /mnt/var/cache --mkdir
+mount -o defaults,noatime,compress=no,subvol=@tmp /dev/mapper/cryptroot /mnt/tmp --mkdir
+mount -o defaults,noatime,compress=zstd:5,subvol=@data /dev/mapper/cryptroot /mnt/data --mkdir
+# cryptdata btrfs subvolumes
+mount -o defaults,noatime,compress=zstd:5,subvol=@data /dev/mapper/cryptdata /mnt/data2 --mkdir
+mount -o defaults,noatime,compress=zstd:10,subvol=@backups /dev/mapper/cryptdata /mnt/backups --mkdir
+# physical partitions
+mount /dev/disk/by-label/EFI /mnt/efi --mkdir
+mkdir /mnt/efi/arch-1
+mount --bind /mnt/efi/arch-1 /mnt/boot --mkdir
+swapon /dev/disk/by-label/SWAP
 ```

 ## Base installation
@ -72,13 +105,16 @@ btrfs subvolume create /mnt/var/tmp
 reflector --save /etc/pacman.d/mirrorlist --latest 10 --protocol https --sort rate
 pacstrap -K /mnt base linux linux-firmware linux-headers amd-ucode # or intel-ucode
 genfstab -U /mnt >> /mnt/etc/fstab
+# Note: We'll need to edit fstab later on, to use UUIDs, and to set proper compression levels
+# as the generated options will just use zstd:1 everywhere, the final fstab is shown late.
+# during bootloader config
 arch-chroot /mnt
 ```

 Configure essentials

 ```bash
-pacman -S git btrfs-progs
+pacman -S git btrfs-progs neovim
 ln -sf /usr/share/zoneinfo/CET /etc/localtime
 hwclock --systohc
 sed -i 's/^#en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen
@ -227,25 +263,34 @@ interfaces for them, to mount those to a concrete directory, we still use

 # <file system> <dir> <type> <options> <dump> <pass>

-# region: LUKS encrypted devices (opened from /etc/crypttab, or mounted from initramfs)
+# region: Physical partitions

-/dev/mapper/cryptroot     	 /               	 btrfs   	 rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard     	 0 1
-/dev/mapper/cryptdata     	 /mnt/data       	 btrfs   	 rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard     	 0 2
+# /dev/nvme0n1p2 LABEL=SWAP UUID=d262a2e5-a1a3-42b1-ac83-18639f5e8f3d
+/dev/disk/by-label/SWAP 	none          	swap      	defaults  	0 0

-# Or, an example with ext4 filesystem
-#/dev/mapper/cryptdata     	 /mnt/data       	 ext4    	 rw,relatime,nofail,discard     	 0 2
+# /dev/nvme0n1p1 LABEL=EFI  UUID=44E8-EB26
+/dev/disk/by-label/EFI  	/efi          	vfat      	rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 	0 2

 # endregion
-# region: Physical devices
+# region: BTRFS subvolumes on /dev/disk/by-label/ARCH (decrypted from ARCH_LUKS)

-LABEL=BOOT   	 /efi     	 vfat   	 rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro  	0 2
-LABEL=SWAP   	 none     	 swap   	 defaults    	 0 0
+# /dev/mapper/cryptroot LABEL=ARCH UUID=bffc7a62-0c7e-4aa9-b10e-fd68bac477e0
+/dev/mapper/cryptroot	/         	btrfs     	rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvol=/@         	0 1
+/dev/mapper/cryptroot	/home     	btrfs     	rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvol=/@home     	0 1
+/dev/mapper/cryptroot	/var/log  	btrfs     	rw,noatime,compress=zstd:2,ssd,space_cache=v2,subvol=/@log      	0 1
+/dev/mapper/cryptroot	/var/cache	btrfs     	rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@cache    	0 1
+/dev/mapper/cryptroot	/tmp      	btrfs     	rw,noatime,compress=no,ssd,space_cache=v2,subvol=/@tmp          	0 1
+/dev/mapper/cryptroot	/data     	btrfs     	rw,noatime,compress=zstd:5,ssd,space_cache=v2,subvol=/@data     	0 2
+
+# /dev/mapper/cryptdata LABEL=DATA UUID=...
+/dev/mapper/cryptdata	/data2    	btrfs     	rw,noatime,compress=zstd:5,ssd,space_cache=v2,subvol=/@data     	0 2
+/dev/mapper/cryptdata	/backups  	btrfs     	rw,noatime,compress=zstd:10,ssd,space_cache=v2,subvol=/@backups 	0 2

 # endregion
 # region: Bind mounts

-# Write kernel images to /efi/arch-1, not directly to the efi system partition (esp), to avoid conflicts when dual booting
-/efi/arch-1      	 /boot                              	 none  	 rw,bind  	 0 0
+# Write kernel images to /efi/arch-1, not directly to efi system partition (esp), to avoid conflicts when dual booting
+/mnt/efi/arch-1 	    /boot     	none      	rw,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro,bind 	0 0

 # endregion
 ```
@ -268,7 +313,7 @@ device mapping name. (shown later)
 # Add `keyboard keymap` after `autodetect` (if these hooks are already there,
 # just keep them, but make sure they're after `autodetect`).
 # Lastly add `encrypt` before `filesystems`.
-sudo nvim /etc/mkinitcpio.conf
+nvim /etc/mkinitcpio.conf
 ```

 This will configure `mkinitcpio` to build support for the keyboard input, and
@ -280,13 +325,13 @@ If you wish, you can also follow the instructions below to auto-enable numlock:
 ```bash
 sudo -u itsdrike yay -S mkinitcpio-numlock
 # Go to HOOKS and add `numlock` after `keyboard` in:
-sudo nvim /etc/mkinitcpio.conf
+nvim /etc/mkinitcpio.conf
 ```

 Now regenerate the initial ramdisk environment image:

 ```bash
-sudo mkinitcpio -P
+mkinitcpio -P
 ```

 ### Configure systemd-boot
@ -294,7 +339,10 @@ sudo mkinitcpio -P
 Install systemd-boot to the EFI system partition (ESP)

 ```bash
-sudo bootctl --esp-path=/efi install
+bootctl --esp-path=/efi install
+# This might report a warning about permissions for the /efi mount point,
+# these were addressed in the fstab file above (changed fmask and dmask),
+# if you copied those to your fstab, the permissions will be fixed after reboot
 ```

 Add boot menu entries
@ -310,8 +358,8 @@ sort-key 0
 linux /arch-1/vmlinuz-linux
 initrd /arch-1/amd-ucode.img
 initrd /arch-1/initramfs-linux.img
-options cryptdevice=LABEL=LINUXROOT:cryptroot:allow-discards
-options root=/dev/mapper/cryptroot
+options cryptdevice=LABEL=ARCH_LUKS:cryptroot:allow-discards
+options root=/dev/mapper/cryptroot rootflags=subvol=/@
 options rw loglevel=3
 ```