Update installation guide

2024-11-10 02:39:40 +00:00 · 2023-12-30 21:13:10 +01:00 · 2023-12-30 21:13:10 +01:00 · 770e9f46c1
parent 9538d5c1b1
commit 770e9f46c1
1 changed files with 84 additions and 36 deletions
--- a/guides/installation.md
+++ b/guides/installation.md
@ -15,9 +15,12 @@ Create partitions for the drives
 ```bash
 fdisk /dev/nvme0n1
-# Create new GPT table and make 5 partitions
+# Create new GPT table and make 3 partitions
 # first for boot (1G), second for swap (16G),
-# third for root (256G), fifth for data (rest ~680G)
+# third for btrfs (root + /home + data) (rest of the space)
 fdisk /dev/nvme0n2
 # Create a single partition for btrfs data
 ```
 Format partitions that shouldn't be encrypted
@ -31,39 +34,69 @@ mkswap -L SWAP /dev/nvme0n1p2
 Format drives using LUKS for encryption and open them to mapper devices
 ```bash
-cryptsetup luksFormat --type luks2 --label LINUXROOT /dev/nvme0n1p3
+cryptsetup luksFormat --type luks2 --label ARCH_LUKS /dev/nvme0n1p3
-cryptsetup luksFormat --type luks2 --label DATA /dev/nvme0n1p4
+cryptsetup luksFormat --type luks2 --label DATA /dev/nvme0n2p1
-cryptsetup luksOpen /dev/disk/by-label/LINUXROOT cryptroot
+cryptsetup luksOpen /dev/disk/by-label/ARCH_LUKS cryptroot
 cryptsetup luksOpen /dev/disk/by-label/DATA cryptdata
 ```
 Create BTRFS filesystem on the encrypted drives
 ```bash
-mkfs.btrfs -f -L CRYPTROOT /dev/mapper/cryptroot
+mkfs.btrfs -f -L ARCH /dev/mapper/cryptroot
 mkfs.btrfs -f -L DATA /dev/mapper/cryptdata
 ```
-Mount the drives
+Mount btrfs and create subvolumes
 ```bash
-mount /dev/mapper/cryptroot /mnt
+# Cryptroot
-mount /dev/disk/by-label/BOOT /mnt/efi --mkdir
+# - We set `noatime` to disable updating of the file access time
-mkdir /mnt/efi/arch-1
+#  every time a file is read. This is done for performance improvements,
-mount --bind /mnt/efi/arch-1 /mnt/boot --mkdir
+#  especially on SSDs, and we don't really need to know this information
-mount /dev/mapper/cryptdata /mnt/mnt/data --mkdir
+#  anyway.
-swapon /dev/disk/by-label/SWAP
+# - We set `compress=zstd:1` to enable level 1 zstd compression (lowest),
 # which still provides quite fast read/write speeds, while saving some space.
 mount -o noatime,compress=zstd:1 /dev/mapper/cryptroot /mnt
 btrfs subvolume create /mnt/@       # / (root)
 btrfs subvolume create /mnt/@home   # /home
 btrfs subvolume create /mnt/@log    # /var/log
 btrfs subvolume create /mnt/@cache  # /var/cache
 btrfs subvolume create /mnt/@tmp    # /tmp
 btrfs subvolume create /mnt/@data   # /data
 btrfs subvolume create /mnt/@snapshots
 umount /mnt
 # cryptdata
 # - We use same options for mounting the root btrfs drive as
 #  we did for cryptroot here, however we will use a bigger compression
 #  rate for the individual subvolumes when mounting them.
 mount -o noatime,compress=zstd:1 /dev/mapper/cryptdata /mnt
 btrfs subvolume create /mnt/@data     # /data2
 btrfs subvolume create /mnt/@backups  # /backups
 btrfs subvolume create /mnt/@snapshots
 umount /mnt
 ```
-Create BTRFS subvolumes
+Mount the subvolumes and drives
 ```bash
-btrfs subvolume create /mnt/home
+# cryptroot btrfs subvolumes
-btrfs subvolume create /mnt/var
+mount -o defaults,noatime,compress=zstd:1,subvol=@ /dev/mapper/cryptroot /mnt
-btrfs subvolume create /mnt/var/log
+mount -o defaults,noatime,compress=zstd:1,subvol=@home /dev/mapper/cryptroot /mnt/home --mkdir
-btrfs subvolume create /mnt/var/cache
+mount -o defaults,noatime,compress=zstd:2,subvol=@log /dev/mapper/cryptroot /mnt/var/log --mkdir
-btrfs subvolume create /mnt/var/tmp
+mount -o defaults,noatime,compress=zstd:3,subvol=@cache /dev/mapper/cryptroot /mnt/var/cache --mkdir
 mount -o defaults,noatime,compress=no,subvol=@tmp /dev/mapper/cryptroot /mnt/tmp --mkdir
 mount -o defaults,noatime,compress=zstd:5,subvol=@data /dev/mapper/cryptroot /mnt/data --mkdir
 # cryptdata btrfs subvolumes
 mount -o defaults,noatime,compress=zstd:5,subvol=@data /dev/mapper/cryptdata /mnt/data2 --mkdir
 mount -o defaults,noatime,compress=zstd:10,subvol=@backups /dev/mapper/cryptdata /mnt/backups --mkdir
 # physical partitions
 mount /dev/disk/by-label/EFI /mnt/efi --mkdir
 mkdir /mnt/efi/arch-1
 mount --bind /mnt/efi/arch-1 /mnt/boot --mkdir
 swapon /dev/disk/by-label/SWAP
 ```
 ## Base installation
@ -72,13 +105,16 @@ btrfs subvolume create /mnt/var/tmp
 reflector --save /etc/pacman.d/mirrorlist --latest 10 --protocol https --sort rate
 pacstrap -K /mnt base linux linux-firmware linux-headers amd-ucode # or intel-ucode
 genfstab -U /mnt >> /mnt/etc/fstab
 # Note: We'll need to edit fstab later on, to use UUIDs, and to set proper compression levels
 # as the generated options will just use zstd:1 everywhere, the final fstab is shown late.
 # during bootloader config
 arch-chroot /mnt
 ```
 Configure essentials
 ```bash
-pacman -S git btrfs-progs
+pacman -S git btrfs-progs neovim
 ln -sf /usr/share/zoneinfo/CET /etc/localtime
 hwclock --systohc
 sed -i 's/^#en_US.UTF-8/en_US.UTF-8/g' /etc/locale.gen
@ -227,25 +263,34 @@ interfaces for them, to mount those to a concrete directory, we still use
 # <file system> <dir> <type> <options> <dump> <pass>
-# region: LUKS encrypted devices (opened from /etc/crypttab, or mounted from initramfs)
+# region: Physical partitions
-/dev/mapper/cryptroot     	 /               	 btrfs   	 rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard     	 0 1
+# /dev/nvme0n1p2 LABEL=SWAP UUID=d262a2e5-a1a3-42b1-ac83-18639f5e8f3d
-/dev/mapper/cryptdata     	 /mnt/data       	 btrfs   	 rw,realtime,ssd,space_cache=v2,subvolid=5,subvol=/,discard     	 0 2
+/dev/disk/by-label/SWAP 	none          	swap      	defaults  	0 0
-# Or, an example with ext4 filesystem
+# /dev/nvme0n1p1 LABEL=EFI  UUID=44E8-EB26
-#/dev/mapper/cryptdata     	 /mnt/data       	 ext4    	 rw,relatime,nofail,discard     	 0 2
+/dev/disk/by-label/EFI  	/efi          	vfat      	rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 	0 2
 # endregion
-# region: Physical devices
+# region: BTRFS subvolumes on /dev/disk/by-label/ARCH (decrypted from ARCH_LUKS)
-LABEL=BOOT   	 /efi     	 vfat   	 rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro  	0 2
+# /dev/mapper/cryptroot LABEL=ARCH UUID=bffc7a62-0c7e-4aa9-b10e-fd68bac477e0
-LABEL=SWAP   	 none     	 swap   	 defaults    	 0 0
+/dev/mapper/cryptroot	/         	btrfs     	rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvol=/@         	0 1
 /dev/mapper/cryptroot	/home     	btrfs     	rw,noatime,compress=zstd:1,ssd,space_cache=v2,subvol=/@home     	0 1
 /dev/mapper/cryptroot	/var/log  	btrfs     	rw,noatime,compress=zstd:2,ssd,space_cache=v2,subvol=/@log      	0 1
 /dev/mapper/cryptroot	/var/cache	btrfs     	rw,noatime,compress=zstd:3,ssd,space_cache=v2,subvol=/@cache    	0 1
 /dev/mapper/cryptroot	/tmp      	btrfs     	rw,noatime,compress=no,ssd,space_cache=v2,subvol=/@tmp          	0 1
 /dev/mapper/cryptroot	/data     	btrfs     	rw,noatime,compress=zstd:5,ssd,space_cache=v2,subvol=/@data     	0 2
 # /dev/mapper/cryptdata LABEL=DATA UUID=...
 /dev/mapper/cryptdata	/data2    	btrfs     	rw,noatime,compress=zstd:5,ssd,space_cache=v2,subvol=/@data     	0 2
 /dev/mapper/cryptdata	/backups  	btrfs     	rw,noatime,compress=zstd:10,ssd,space_cache=v2,subvol=/@backups 	0 2
 # endregion
 # region: Bind mounts
-# Write kernel images to /efi/arch-1, not directly to the efi system partition (esp), to avoid conflicts when dual booting
+# Write kernel images to /efi/arch-1, not directly to efi system partition (esp), to avoid conflicts when dual booting
-/efi/arch-1      	 /boot                              	 none  	 rw,bind  	 0 0
+/mnt/efi/arch-1 	    /boot     	none      	rw,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro,bind 	0 0
 # endregion
 ```
@ -268,7 +313,7 @@ device mapping name. (shown later)
 # Add `keyboard keymap` after `autodetect` (if these hooks are already there,
 # just keep them, but make sure they're after `autodetect`).
 # Lastly add `encrypt` before `filesystems`.
-sudo nvim /etc/mkinitcpio.conf
+nvim /etc/mkinitcpio.conf
 ```
 This will configure `mkinitcpio` to build support for the keyboard input, and
@ -280,13 +325,13 @@ If you wish, you can also follow the instructions below to auto-enable numlock:
 ```bash
 sudo -u itsdrike yay -S mkinitcpio-numlock
 # Go to HOOKS and add `numlock` after `keyboard` in:
-sudo nvim /etc/mkinitcpio.conf
+nvim /etc/mkinitcpio.conf
 ```
 Now regenerate the initial ramdisk environment image:
 ```bash
-sudo mkinitcpio -P
+mkinitcpio -P
 ```
 ### Configure systemd-boot
@ -294,7 +339,10 @@ sudo mkinitcpio -P
 Install systemd-boot to the EFI system partition (ESP)
 ```bash
-sudo bootctl --esp-path=/efi install
+bootctl --esp-path=/efi install
 # This might report a warning about permissions for the /efi mount point,
 # these were addressed in the fstab file above (changed fmask and dmask),
 # if you copied those to your fstab, the permissions will be fixed after reboot
 ```
 Add boot menu entries
@ -310,8 +358,8 @@ sort-key 0
 linux /arch-1/vmlinuz-linux
 initrd /arch-1/amd-ucode.img
 initrd /arch-1/initramfs-linux.img
-options cryptdevice=LABEL=LINUXROOT:cryptroot:allow-discards
+options cryptdevice=LABEL=ARCH_LUKS:cryptroot:allow-discards
-options root=/dev/mapper/cryptroot
+options root=/dev/mapper/cryptroot rootflags=subvol=/@
 options rw loglevel=3
 ```