Getting started with Arch Linux

Last updated on 2021-11-14 Tagged under  # arch  # linux

Arch Linux is a community developed, x86-64 GNU/Linux distribution based on a rolling-release model.

Rolling-release is a very different model from my longtime favourite Linux distro Debian, which roughly every two years makes a new stable release with packages locked to a specific version, receiving only security patches and bugfixes until the next release. Debian strives for stability by minimizing change, which might bring in system breaking surprises. Its an excellent Linux for servers, and I've happily run stable on desktops. There are ways to obtain newer software packages, such as backports.

Arch is not like that. Its goal is to be installed once on a system, than receive a continuous, incremental stream of updates to the latest stable versions of software. You get to play with all the new toys, but some might have sharp edges! One of the things I've always loved about Debian is the ability to start with a console-only, minimal install as my base, then make the kind of system I want. Arch practically requires this approach!

The Arch Wiki is one of my primary sources of Linux information, regardless of distribution. Below is my walk-through of Arch's excellent installation guide and the choices I made along the way.

Let's go!

Setup:

Prepare USB installer

Download and verify archlinux-VERSION-x86_64.iso.

Prepare the USB installer. My preferred method is to use Ventoy to setup the USB install medium.

The old way: Write the installer to an unmounted USB storage device using the dd command as root.

BE VERY CAREFUL TO NOTE THE PROPER DEVICE. ALL DATA ON THE DEVICE WILL BE OVERWRITTEN.

Example: On a Linux system, if a USB stick appears as sdX1, then write the installer to sdX (no partition number) ...

dd if=archlinux-VERSION-x86_64.iso of=/dev/sdX bs=4M status=progress oflag=sync

Booting the system

Insert USB installer in target device and boot. Logged in automatically as root.

Default console keymap is us. List available layouts ...

localectl list-keymaps

Load my preferred keymap (example: colemak) ...

loadkeys colemak

Load a temporary, bigger font during the install ...

setfont ter-v22n

... or any other larger font from /usr/share/kbd/consolefonts/.

Network part 1-3

Ethernet: auto-configured OK. Wireless: see wireless network configuration and iwd.

Optional: Continue install from other machine via SSH

Enable SSH ...

systemctl start sshd.service

Set password for root ...

passwd

Look up IP address ...

ip a

Now, on the other machine, ssh into Arch ...

ssh root@ip-of-arch-machine

... and continue with the install.

System clock

timedatectl set-ntp true
timedatectl status

Create partitions

Identify devices with lsblk -f.

Set device for install (example: sdX) ...

export DEVICE="sdX"

Wipe device by using dd command to zero-fill the storage ...

dd if=/dev/zero of=/dev/$DEVICE bs=4096 status=progress

Use sgdisk to create partitions. Print partition table (there should be no partitions), and list partition type codes ...

sgdisk -p /dev/$DEVICE
sgdisk --list-types

Setup for a single SSD with a GPT partition table that contains 2 partitions:

sgdisk -n 0:0:+512MiB -t 0:ef00 -c 0:esp /dev/$DEVICE
sgdisk -n 0:0:0 -t 0:8309 -c 0:linux /dev/$DEVICE
sgdisk -p /dev/$DEVICE

Note: Instead of using a partition or swapfile as my swap device, after the install is complete and system has rebooted I assign space in memory using zram.

Encrypt linux partition

Initialize the LUKS partition ...

cryptsetup --type luks2 -y -v luksFormat /dev/${DEVICE}2

Open the LUKS device and set the mapping name as (example: cryptroot) ...

export MAP="cryptroot"
cryptsetup open /dev/${DEVICE}2 $MAP

Format partitions

ESP partition is formatted vfat, and the Linux partition ext4 ...

mkfs.vfat -F32 -n ESP /dev/${DEVICE}1
mkfs.ext4 -L root /dev/mapper/$MAP

Mount partitions

mount /dev/disk/by-label/root /mnt
mkdir /mnt/boot
mount /dev/disk/by-label/ESP /mnt/boot

Select mirrors

Synchronize package databases ...

pacman -Syy

Backup /etc/pacman.d/mirrorlist ...

cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak

Generate a new mirror selection using reflector . Example: Verbosely select the 5 most recently synchronized HTTPS mirrors located in either Canada or Germany, sort them by download speed, and overwrite mirrorlist ...

reflector --verbose --protocol https --latest 5 --sort rate --country Canada --country Germany --save /etc/pacman.d/mirrorlist

Base system

Install the base system on the target device. In addition, install an appropriate microcode package to load updates and security fixes from processor vendors.

Depending on target device's processor, install either:

pacstrap /mnt base base-devel linux linux-firmware bash-completion cryptsetup htop neovim terminus-font tmux intel-ucode

Generate fstab ...

genfstab -U -p /mnt >> /mnt/etc/fstab

Chroot into base system ...

arch-chroot /mnt /bin/bash

Console font

Set a default font (example: terminus ter-224n) ...

echo FONT=ter-v22n >> /etc/vconsole.conf

Timezone

Set desired timezone (example: Canada/Eastern) ...

ln -sf /usr/share/zoneinfo/Canada/Eastern /etc/localtime
hwclock --systohc

Editor

Set a system-wide default editor (example: neovim). Add to /etc/environment ...

echo EDITOR=nvim >> /etc/environment && echo VISUAL=nvim >> /etc/environment

Localization

Open /etc/locale.gen and uncomment needed locales (example: en_CA.UTF-8 UTF-8).

Generate the locales ...

locale-gen

Set the LANG variable ...

echo LANG=en_CA.UTF-8 >> /etc/locale.conf

Make my keyboard layout choice (example: colemak) ...

echo KEYMAP=colemak >> /etc/vconsole.conf

Network part 2-3

Assign this machine a hostname (example: foobox) ...

echo foobox >> /etc/hostname

Add matching entries to /etc/hosts ...

127.0.0.1	localhost
::1         localhost
127.0.1.1	foobox.localdomain foobox

Initramfs

Add the keyboard, sd-vconsole, and sd-encrypt [hooks]((https://wiki.archlinux.org/title/Mkinitcpio#Common_hooks) to /etc/mkinitcpio.conf ...

HOOKS=(base systemd keyboard autodetect sd-vconsole modconf block sd-encrypt filesystems fsck)

Extra hooks:

Recreate the initramfs image ...

mkinitcpio -P

Root password

Assign password to root ...

passwd

Add user

Create user (example: foo) ...

useradd -m -G wheel -s /bin/bash foo
passwd foo

Sudo

Configure the sudo command and uncomment the wheel group ...

EDITOR=nvim visudo -s

Boot loader

Install systemd-boot into the ESP ...

bootctl --esp-path=/boot/ install

Configure /boot/loader/loader.conf ...

default arch.conf
timeout 3
console-mode max

Determine the UUID of the encrypted partition (${DEVICE}2), which we paste into the config that we create in the next step ...

# blkid -s UUID -o value /dev/${DEVICE}2

Create /boot/loader/entries/arch.conf, where UUID_OF_LUKS_PARTITION is the output string of blkid, and we use our earlier mapping device cryptroot ...

title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options rd.luks.name=UUID_OF_LUKS_PARTITION=cryptroot root=/dev/mapper/cryptroot rw

Confirm the configuration is valid by listing boot loader entries ...

bootctl list

Network part 3-3

Install networkmanager ...

pacman -S networkmanager
systemctl enable NetworkManager

Wired network connection activated by default. Run nmtui and choose Activate a connection to setup a wireless connection.

SSH

Install and enable openssh server ...

pacman -S openssh
systemctl enable sshd.service

Note: After the install is complete and system has rebooted, secure remote access using SSH keys.

Finish

Exit chroot and reboot ...

exit
umount -R /mnt
cryptsetup close /dev/mapper/$MAP
reboot

Welcome to Arch!

» Later: Install the LTS kernel in Arch Linux

« Earlier: Use zram for swap