Getting started with Arch Linux

Last updated on 2022-04-11 Tagged under  # arch  # linux

Arch logo

Arch Linux is a community developed, x86-64 GNU/Linux distribution based on a rolling-release model.

Rolling-release is a very different model from my longtime favourite Linux distro Debian, which roughly every two years makes a new stable release with packages locked to a specific version, receiving only security patches and bugfixes until the next release. Debian strives for stability by minimizing change, which might bring in system breaking surprises. Its an excellent Linux for servers.

Arch is not like that. The idea is the system will receive a continuous, incremental stream of updates to the latest stable versions of software. Below is my walk-through of the excellent installation guide and the choices I make along the way to create a basic encrypted Arch environment.

My setup

1. Pre-installation

1.1 Prepare USB install media

Download and verify checksums for archlinux-VERSION-x86_64.iso. Prepare a USB storage device as an installer using one of these two methods.

1.1.1 Ventoy

I now use Ventoy to create a multiboot installer. Simply copy an iso to the USB device, reboot, and the auto-generated menu lists all the disk images available to boot. Create a multiboot USB installer with Ventoy

1.1.2 dd

Write the installer to an unmounted USB storage device using the dd command as root.

BE VERY CAREFUL TO NOTE THE PROPER DEVICE. ALL DATA ON THE DEVICE WILL BE OVERWRITTEN.

Example: On a Linux system, if a USB device appears as sdx1, then write the installer to sdx (no partition number) ...

dd if=archlinux-VERSION-x86_64.iso of=/dev/sdx bs=4M status=progress oflag=sync

1.2 Boot live environment

Insert installer in target device and boot. Logged in automatically as root.

Optional: Continue install from another Linux system via SSH.

Enable SSH ...

systemctl start sshd.service

Set password for root ...

passwd

Look up IP address ...

ip a

Now, from the other system, ssh into the Arch installer ...

ssh root@ip.address.of.arch-installer

1.3 Console keyboard layout

Default console keymap is us. List available layouts ...

localectl list-keymaps

Optional: Load a preferred keymap (example: colemak) ...

loadkeys colemak

1.4 Verify boot mode

If UEFI mode is enabled on an UEFI motherboard, Archiso will boot Arch Linux accordingly via systemd-boot.

Verify by listing contents of efivars ...

ls /sys/firmware/efi/efivars

If the directory does not exist, the system is booted in BIOS mode.

1.5 Connect to internet

Ethernet: auto-configured.

Wireless: see wireless network configuration and iwd.

1.6 Update system clock

timedatectl set-ntp true
timedatectl status

1.7 Set disk for install

Identify disks with lsblk -f.

Set disk for install (example: sdX) ...

export disk="/dev/sdX"

1.8 Delete old partition scheme

wipefs -af $disk
sgdisk --zap-all --clear $disk

1.9 Optional: Wipe disk

Wipe disk by using dd command to fill space with random data (this may take some time) ...

dd if=/dev/urandom of=${disk} bs=4096 status=progress

1.10 Partition disk

Use sgdisk to create partitions.

List partition type codes ...

sgdisk --list-types

Set up for a single SSD with a GPT partition table that contains two partitions:

sgdisk -n 0:0:+1GiB -t 0:ef00 -c 0:esp $disk
sgdisk -n 0:0:0 -t 0:8309 -c 0:luks $disk

Print the new partition table...

sgdisk -p $disk

In lieu of using a partition or swapfile as system swap, post-installation I assign space in memory using zram.

1.11 Encrypt linux partition

Initialize the LUKS partition ...

cryptsetup --type luks2 -y -v luksFormat ${disk}2

1.12 Logical Volume Manager (LVM)

Open the LUKS device mapped to cryptdev ...

cryptsetup open ${disk}2 cryptdev

Create physical volume...

pvcreate /dev/mapper/cryptdev

Create volume group vg ...

vgcreate vg /dev/mapper/cryptdev

1.13 LV containers

1.13.1 Root LV

If $disk is <= 128GB, I create a single root LV container and assign it 90% of free space ...

lvcreate -l +90%FREE vg -n root

1.13.2 Root + home LVs

Otherwise, I create separate root and home LVs. Its a more flexible arrangement, and makes any re-install or parallel install of a Linux OS easier (while leaving user files untouched).

Create an LV container for root and assign 30G of disk space ...

lvcreate -L 30G vg -n root

Create an LV container for home and assign +90% of free space ...

lvcreate -l +90%FREE vg -n home

View modifications ...

lvdisplay

1.14 Format the partitions

ESP partition is formatted vfat, and the Linux LVs ext4 ...

mkfs.vfat -F32 -n ESP ${disk}1
mkfs.ext4 /dev/vg/root

If separate home LV was created ...

mkfs.ext4 /dev/vg/home

1.15 Mount file systems

mount /dev/vg/root /mnt
mkdir /mnt/boot
mount /dev/disk/by-label/ESP /mnt/boot

Again, if separate home exists ...

mkdir /mnt/home
mount /dev/vg/home /mnt/home

2. Installation

2.1 Select mirrors

Synchronize package databases ...

pacman -Syy

Generate a new mirror selection using reflector.

Example: Verbosely select the 5 most recently synchronized HTTPS mirrors located in either Canada or Germany, sort them by download speed, and overwrite mirrorlist ...

reflector --verbose --protocol https --latest 5 --sort rate --country Canada --country Germany --save /etc/pacman.d/mirrorlist

2.2 Install base system

Install the base system on target device.

In addition, install an appropriate microcode package to load updates and security fixes from processor vendors.

View cpuinfo ...

grep vendor_id /proc/cpuinfo

Depending on the processor, install either:

pacstrap /mnt base base-devel intel-ucode (or amd-ucode) linux linux-firmware bash-completion cryptsetup curl htop lvm2 man-db neovim networkmanager openssh reflector sudo terminus-font tmux

3. Configure system

3.1 Fstab

genfstab -U -p /mnt >> /mnt/etc/fstab

3.2 Chroot

arch-chroot /mnt /bin/bash

3.3 Hostname

Assign a hostname (example: foobox) ...

echo "foobox" > /etc/hostname

Add matching entries to /etc/hosts ...

cat > /etc/hosts <<EOF
127.0.0.1	localhost
::1         localhost
127.0.1.1	foobox.localdomain foobox
EOF

3.4 Locale

Set locale (example: en_CA.UTF-8) ...

locale="en_CA.UTF-8"
sed -i "s/^#\(${locale}\)/\1/" /etc/locale.gen
echo "LANG=${locale}" > /etc/locale.conf
locale-gen

3.5 Console font and keymap

Set a default font (example: terminus ter-224n) ...

echo "FONT=ter-v22n" > /etc/vconsole.conf

Set a keyboard layout choice (example: colemak) ...

echo "KEYMAP=colemak" >> /etc/vconsole.conf

3.6 Editor

Set a system-wide default editor (example: neovim) ...

echo "EDITOR=nvim" > /etc/environment && echo "VISUAL=nvim" >> /etc/environment

3.7 HOOKS

Add the systemd, keyboard, sd-vconsole, sd-encrypt, and lvm2 hooks to /etc/mkinitcpio.conf ...

HOOKS=(base systemd keyboard autodetect sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck)

[Order of the hooks is important:

Recreate the initramfs image ...

mkinitcpio -P

3.8 Timezone

Set desired timezone (example: America/Toronto) and update system clock ...

ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime
hwclock --systohc

3.9 Root password

Assign password to root ...

passwd

3.10 Add user

Create user (example: foo) with superuser privileges ...

useradd -m -G wheel -s /bin/bash foo
passwd foo

Activate wheel group access for sudo ...

sed -i "s/# %wheel ALL=(ALL:ALL) ALL/%wheel ALL=(ALL:ALL) ALL/" /etc/sudoers

3.11 Boot loader

Install systemd-boot ...

bootctl --esp-path=/boot install

Create /boot/loader/loader.conf ...

cat > /boot/loader/loader.conf <<EOF
default arch.conf
timeout 3
console-mode max
editor yes
EOF

Determine the UUID of the encrypted partition, which is pasted into the boot entry created in the next step ...

blkid -s UUID -o value ${disk}2

Create /boot/loader/entries/arch.conf:

title Arch
linux /vmlinuz-linux
initrd /intel-ucode.img (or /amd-ucode.img for AMD CPU)
initrd /initramfs-linux.img
options rd.luks.name=UUID-OF-LUKS-PARTITION=cryptdev root=/dev/vg/root rw

List boot loader entries ...

bootctl list

3.12 Network manager

Enable networkmanager to start at boot ...

systemctl enable NetworkManager

Wired network connection activated by default. Run nmtui and choose Activate a connection to setup a wireless connection.

3.13 SSH

Enable openssh server ...

systemctl enable sshd.service

After the install is complete and system has rebooted, secure remote access using SSH keys.

3.14 Reboot

Exit chroot and reboot ...

exit
umount -R /mnt
reboot

4. Post-installation

4.1 Check for errors

Failed systemd services ...

systemctl --failed

High priority errors in the systemd journal ...

journalctl -p 3 -xb

4.2 Sudo

Allow a user (example: foo) to execute superuser commands using sudo without being prompted for a password.

Create the file /etc/sudoers.d/sudoer_foo with ...

echo "foo ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/sudoer_foo

4.3 Pacman

Bring the spirit of Pacman to the package manager with the ILoveCandy option.

Modify /etc/pacman.conf ...

# Misc options
Color
ILoveCandy

Update system ...

$ sudo pacman -Syu

4.4 Update systemd-boot

Create ...

$ sudo mkdir /etc/pacman.d/hooks

Automatically update the boot manager whenever a new version of systemd-boot is reinstalled by creating /etc/pacman.d/hooks/100-systemd-boot.hook ...

[Trigger]
Type = Package
Operation = Upgrade
Target = systemd

[Action]
Description = Updating systemd-boot
When = PostTransaction
Exec = /usr/bin/bootctl update

4.5 Mirrors

As during the install, use reflector to generate a fresh mirrorlist.

Set parameters in /etc/xdg/reflector/reflector.conf ...

--save /etc/pacman.d/mirrorlist
--protocol https
--country Canada,Germany
--latest 5
--sort rate

Reflector ships with a systemd service and timer: /usr/lib/systemd/system/reflector.{service,timer}

Enable and start the timer (default is weekly update, edit reflector.timer to change) ...

$ sudo systemctl enable --now reflector.timer

4.6 Linux LTS kernel

Install the LTS kernel in Arch Linux

4.7 Fallback boot entries

Every time a kernel is installed or upgraded, mkinitcpio creates two initial ramdisk images: 1. A default image as per instructions in /etc/mkinitcpio.conf and /etc/mkinitcpio.d; 2. A fallback image that includes a whole range of modules built-in and bootable on most systems.

Create boot entries for these fallback images by copying /boot/loader/entries/arch.conf to /boot/loader/entries/arch-fallback.conf.

Modify the copied arch-fallback.conf with fallback settings ...

title Arch fallback

[...]

initrd /initramfs-linux-fallback.img

4.8 Use zram for swap

Create a swap device in RAM with the kernel module zram. Use zram for swap

4.9 Command: 'locate'

$ sudo pacman -S mlocate
$ sudo updatedb

Package mlocate contains an updatedb.timer unit, which invokes a database update each day. The timer is enabled after install.

4.10 SSD

Periodic TRIM optimizes performance on SSD storage. Enable a weekly task that discards unused blocks on the drive ...

$ sudo systemctl enable fstrim.timer

4.11 Command-not-found

Automatically search the official repositories when entering an unrecognized command, courtesy of pkgfile ...

$ sudo pacman -S pkgfile
$ sudo pkgfile --update

Package includes systemd timer pkgfile-update.timer for automatically synchronizing the database. Activate daily updates ...

$ sudo systemctl enable pkgfile-update.timer

Edit ~/.bashrc ...

source /usr/share/doc/pkgfile/command-not-found.bash

4.12 Sound

Default Arch installation already includes the kernel sound system (ALSA). Install pipewire as sound server ...

$ sudo pacman -S pipewire pipewire-alsa pipewire-pulse pipewire-jack wireplumber alsa-utils

Reboot. Test ...

$ pactl info | grep Pipe
Server Name: PulseAudio (on PipeWire 0.3.48)
$ speaker-test -c 2 -t wav -l 1

4.13 AUR

The Arch User Repository (AUR) is a community-driven software package repository.

Compile/install/upgrade packages manually or use an AUR helper (example: yay).

Install ...

$ git clone https://aur.archlinux.org/yay-git.git
$ cd yay-git
$ makepkg -si

To install an AUR package (example: qt5-styleplugins) ...

$ yay -S qt5-styleplugins

4.14 Desktop

Many choices! Install a full-featured desktop such as GNOME, or put together a custom desktop built around a lightweight window manager. I like Openbox.

4.15 Arch news

Keep up-to-date with the latest news from the Arch development team by subscribing to arch-announce or the news feed:

Happy hacking!


» Later: Use zram for swap

« Earlier: Virtualization using KVM + QEMU + libvirt