Install Arch Linux

This blog post is not a general purpose guide, but rather a personal guide how to install Arch Linux in a way I like to set it up. So this guide won’t only show you how to install Arch, but also how to encrypt your home and root drives and how to configure hibernation correctly.

Pre-installation: Prepare live session

Before we can start installing Arch. We may need to adjust and set some things up, like internet connection or keyboard layout.

Set keyboard layout

First we (maybe) need to load a different keyboard layout, depending on your keyboard. To show all available keyboard layouts use this command:

ls /usr/share/kbd/keymaps/**/*.map.gz | less

Or this simpler one:

localectl list-keymaps

To load a specific keyboard layout use this one:

loadkeys de-latin1

Check if UEFI or BIOS (Legacy)

Most modern systems should use UEFI anyways, but just to be sure your system booted into UEFI type in this quick command:

ls /sys/firmware/efi/efivars

If this directory exists then you are booted into UEFI if not then BIOS. This guide is only for UEFI, but the biggest difference for BIOS should only be in partitioning and formatting your drives.

Connect to the internet

Either use ethernet or in case for whatever reason you have to use wifi connect with iwctl.

Set timezone

Systemd comes with timedatectl, so you’ll only need to enable ntp and set the timezone:

timedatectl set-ntp true
timdatectl set-timezone Europe/Berlin

Now its all done and we can start with installing Arch!

Install Arch

Partitioning

Now the first interesting part: Drive Partitioning!

With fdisk -l you can list all available drives and its partitions.

And with fdisk /dev/<drive name> you start partition your drives. For example for SATA drives the command should look something like this: fdisk /dev/sda and for NVME drives it should be something like this: fdisk /dev/nvme0n1.

Here is an overview of the most important fdisk commands:

• ESP should be set to “EFI System”

• Boot should be Default or “Linux Filesystem”

• Root should be Default or “Linux Filesystem”

• EFI System Partition (ESP) should min. 550Mb

• Boot Partition around min. 2Gb

• Root as big as you want it to be

I like to partition my system as follows:

NVME #1
  |> boot/efi [EFI (ESP)]: ~1gb
  |> boot:                 ~2gb
  |> root:                 >250gb

NVME #2
  |> home:                 All the space

TODO: go more in-depth on how to partition drive for boot/efi, boot, home, root

The ESP Partition has the bootloader so it needs to be fat32, so that the machine knows how to boot, while home, root & boot can be formatted to ext4 or whatever you like.

mkfs.fat -F 32 /dev/<ESP partition>
mkfs.ext4 /dev/<boot partition>
mkfs.ext4 /dev/<home partition>
mkfs.ext4 /dev/<root partition>

Mount partitions to the system

Once partitioning and formatting is done. You can start mounting those partition, exactly in this order:

mount /dev/<root> /mnt
mount --mkdir /dev/<boot> /mnt/boot
mount --mkdir /dev/<efi> /mnt/boot/efi
mount --mkdir /dev/<home> /mnt/home

Install the base system

Now we can install Arch!

pacstrap -K /mnt base linux linux-firmware

Generate fstab File

After installing the base system we’ll need to generate the fstab file with the genfstab command. fstab tells the system how to mount all the drives and partitions.

genfstab -U /mnt >> /mnt/etc/fstab

Now all is done and you can chroot into your arch install.

arch-chroot /mnt

The base is installed, but we still need to do some things!

Create swapfile

If you have big RAM like me, you don’t need a big swapfile. The rule is, if you have small RAM, like 2~8Gb, then make the swapfile x2 and if you have more than 16Gb then create a swapfile half of that size.

dd if=/dev/zero of=/swapfile bs=1M count=16000 status=progress
chmod 600 /swapfile
mkswap -U clear /swapfile
swapon /swapfile

Nwo we’ll need to add the swapfile to the already created fstab file.

#<device> <dir> <type> <options> <dump> <fsck>
/swapfile none  swap   defaults  0      0

Set time

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

TODO: better explanation

| ln | creates a link between two files | | -f | delete link if it already exists | | -s | create symbolic link instead of hard link |

TODO: better explanation

hwclock is a administrations tool for “time clocks”
--systohc sets the hardware clock of the system clock and updates the timestamps in /etc/adjtime

hwclock --systohc

Set language

Uncomment your language(s) in /etc/locale.gen. I have en_US.UTF-8 UTF-8 and de_DE.UTF-8 UTF-8 uncommented.

LANG=en_US.UTF-8
LC_TIME=de_DE.UTF-8

After that execute locale-gen in the console.

locale-gen

Then you may want to set the default keyboard layout for all the ttys by editing the /etc/vconsole.conf and setting the KEYMAP variable.

KEYMAP=de-latin1

Set the hostname of your machine:

<hostname>

and edit /etc/hosts to this:

127.0.0.1    localhost
::1          localhost
127.0.1.1    <hostname>.localdomain    <hostname>

Create a user

First lets set a password for the root user:

passwd

Now we can add a new user and give him all the necessary groups:

useradd -m <username>
passwd <username>
usermod -aG wheel,audio,video,optical,storage,docker <username>

Install sudo and enable root access with password

pacman -S sudo
EDITOR=vim visudo

The file should look something like this:

...

##
## User privilege specification
##
root ALL=(ALL:ALL) ALL

## Uncomment to allow memebers of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL

...

Internet service

pacman -S networkmanager network-manager-applet
systemctl enable NetworkManager

Install a bootloader

Install grub:

pacman -S grub
pacman -S efibootmgr dosfstools os-prober mtools

And then

grub-install

Or if there are any erros try this command instead:

grub-install --efi-directory=/boot/efi --target=x86_64-efi --bootloader-id=grub_uefi --recheck

It seems to be that the bootloader-id can be anything.

Generate the grub config file:

grub-mkconfig -o /boot/grub/grub.cfg

Restart the system

Now we can un-chroot and reboot the machine.

exit
umount -l /mnt
reboot

Hurray! We’ve successfully installed Arch btw.!

Post-installation

Even though Arch is installed, we still need to do some things to have a real nice usable system.

Setup for accurate time

The first thing is always correct time.

sudo pacman -S ntp

The /etc/ntp.conf should look like this:

# Please consider joining the pool:
#
#     http://www.pool.ntp.org/join.html
#
# For additional information see:
# - https://wiki.archlinux.org/index.php/Network_Time_Protocol_daemon
# - http://support.ntp.org/bin/view/Support/GettingStarted
# - the ntp.conf man page

# Associate to Arch's NTP pool
# server 0.arch.pool.ntp.org
# server 1.arch.pool.ntp.org
# server 2.arch.pool.ntp.org
# server 3.arch.pool.ntp.org

# German NTP Pool
server 0.de.pool.ntp.org
server 1.de.pool.ntp.org
server 2.de.pool.ntp.org
server 3.de.pool.ntp.org

# By default, the server allows:
# - all queries from the local host
# - only time queries from remote hosts, protected by rate limiting and kod
restrict default kod limited nomodify nopeer noquery notrap
restrict 127.0.0.1
restrict ::1

# Location of drift file
driftfile /var/lib/ntp/ntp.drift

Install video drivers

For AMD GPU:

sudo pacman -S xf86-video-amdgpu mesa lib32-mesa vulkan-radeon lib32-vulkan-radeon

For Intel GPU:

sudo pacman -S xf86-video-intel mesa lib32-mesa vulkan-intel lib32-vulkan-intel

For Nvidia GPU:

sudo pacman -S nvidia nvidia-utils lib32-nvidia-utils

For a laptop like the system76 Darter Pro or Tuxedo InfinityBook S 15 Gen 6 you’ll also need to install some extra driver packages for better perfomance:

sudo pacman -S intel-media-driver

Without the intel-media-driver installed the system’s animations won’t be smooth and will lag.

And then you can install xorg with a window tiling manager. If you’re not sigma enough like me, you can install a desktop environment instead:

sudo pacman -S xorg qtile

Configure LightDM

sudo pacman -S lightdm lightdm-gtk-greeter lightdm-slick-greeter
sudo systemctl enable lightdm

Edit /etc/lightdm/lightdm.conf:

...
greeter-session=lightdm-slick-greeter
...

And then slick-greeter’s config as well in /etc/lightdm/slick-greeter.conf:

[Greeter]
background = /usr/share/backgrounds/temple_blur.jpg
draw-user-backgrounds=false
draw-grid=false
show-hostname=true
show-power=true
show-keyboard=true
show-clock=true
show-quit=true

Hibernation

To make hiberantion work the way I like edit /etc/systemd/logind.conf like this:

[Login]
HandlePowerKey=ignore
HandlePowerKeyLongPress=poweroff
HandleLidSwitch=hibernate
HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore
IdleAction=ignore
IdleActionSec=0s

And then run:

sudo systemctl restart systemd-logind

Now when you close the lid the laptop will hibernate, but you will also need to edit your mkinit hooks. For that go to the Special sauce: Luks your drives chapter.

Install an AUR helper

sudo pacman -S --needed base-devel git
git clone https://aur.archlinux.org/paru.git
cd paru
makepkg -si

Japanese, Korean Input

Chinese, Korean & Japanese Input

sudo pacman -S fcitx5 fcitx5-im fctix5-hangul fcitx5-mozc fcitx5-chewing fcitx5-configtool fcitx5-gtk fcitx5-qt fcitx5-nord

Bluetooth

sudo pacman -S bluez bluez-tools bluez-cups bluez-utils bluez-hid2hci bluez-libs bluez-cups gnome-bluetooth blueberry

sudo systemctl enable bluetooth
sudo systemctl start bluetooth

TODO: Sometimes I have problem with blueberry guis and so bluetoothctl solves the problem.

1. Connect with device.
2. Trust device.
3. And even if it seems it doesn’t work restart bluetooth and the gui and it might work without a problem.

Audio

sudo pacman -S pipewire lib32-pipewire pipewire-docs pipewire-audio pipewire-pulse pipewire-alsa pavucontrol wireplumber helvum

Restart the system or run:

sudo systemctl stop pulseaudio
sudo systemctl disable pulseaudio
sudo systemctl start pipewire-pulse
sudo systemctl enable pipewire-pulse
sudo systemctl disable pipewire-alsa # maybe needed

Create Home folders

sudo pacman -S xdg-user-dirs
xdg-user-dirs-update

My dotfiles

git clone git@gitlab.com:marcempunkt/dotfiles.stow.git .dotfiles.stow
cd .dotfiles.stow
stow .

eGpu

TODO check if there is a better more modern way

paru -S egpu-switcher

sudo egui-switcher config
sudo egui-switcher enable

Restart the system.

Make printing work

Install cups

sudo pacman -S avahi cups cups-pdf

foomatic for more printer support but not necessary for hp printer

sudo pacman -S foomatic-db-engine foomatic-db foomatic-db-ppds foomatic-db-nonfree foomatic-db-nonfree-ppds

Install hp driver

sudo pacman -S hplip

Enable avahi-deamon and install nss-mdns

sudo pacman -S nss-mdns

Edit /etc/nsswitch.conf and change the hosts line to:

hosts: ... mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns ...

Install GUI for adding Printers

sudo pacman -S system-config-printer

And voilá you can print with hp officejet 4720 series

Special sauce: Luks your drives

I like to encrypt my home and root partitions. Yes both. I like to seperate them. While it may be only necessary, security-wise, to encrypt the home partition and not the root one. The advantage, that I found is that I can configure systemd to hibernate on laptop’s lid closed and it will power off the machine into hibernate mode and let me reboot into the hibernated image, only after I put into the password of the root drive. It’s basically a slower workaround to the “Encrypt on lid close” project.

Before formatting you’ll need to encrypt your partitions or whole drive, depending on your usecase.

cryptsetup luksFormat -v -s 512 -h sha512 /dev/<drive or partition>

Open the encrypted partition. For example here I open the root partition as “luks_home”:

cryptsetup open /dev/sda3 luks_root

I like to name the root partition luks_root and the home partition luks_home. This will “mount” the partition to /dev/mapper/<opened luks drive name>

To format the drives to ext4 use this command:

mkfs.ext4 /dev/mapper/luks_root

And then you can mount the encrypted partition/drive. For example here is how to mount the root drive:

mount /dev/mapper/luks_root /mnt

Continue the normal installation of Arch Linux until you’ve installed grub.

After installing grub edit /etc/default/grub and change GRUB_CMDLINE_LINUX to this:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdaX:luks_root"

# or even better

GRUB_CMDLINE_LINUX="cryptdevice=UUID=<UUID of your luks encrypted (unopened) root partition>:luks_root"

Important you’ll need to add here the UUID of the luks encrypted drive. Not the unlocked, already mapped drive. Only in fstab you’ll need the UUIDs of the real drives that you want to mount to the system.

To get the UUID of the luks encrypted drive you can use this command:

cryptsetup luksUUID /dev/<drive or partition>

or this command to get all UUID of all connected drives and partitions:

ls -l /dev/disk/by-uuid/

After that re-create the grub config file and maybe you’ll need to also re-install the grub bootloader!

Then edit /etc/mkinitcpio.conf HOOKS section and add “encrypt” and “resume” like this, in the exact-ish order:

HOOKS=(base udev ... block encrypt ... keyboard resume fsck)

Don’t forget to add “resume” after encrypt to make hibernation work with LUKS and then run:

mkinitcpio -P

Grub will automatically decrypt and mount the root partition, but for the home partition we’ll need to use crypttab, which is kinda like fstab but it only tries to unlock the specified drives, before fstab gets executed.

vim /etc/crypttab

#home
luks_home    /dev/disk/by-uuid/UUID-COMES-HERE     none    luks

TODO: make it a cool card

Another tip: If you decide to encrypt your root drive then choose a completely different password. Because grubs “enter a password for luks drive”-method lets you re-enter the wrong password unlimited times, which would mean you could more easily bruteforce the correct one.

Edit: It seems like I don’t need to unlock the root drive at the grub bootloader step. But this is something I need to test and how it would behave with hibernation. If you can still read this, then I havn’t tested it yet!