Following steps are already on arch
wiki page, but they are
simplified for my personal use. Feel free to use them for your own but beware
of differences between my system and yours. For example, if you have NVME
storage drives on your laptop, you system might name your drives nvme0n1
as
well, but they also might be named like sda
, etc. So you need to customize
these steps too.
I don't regularly reinstall Arch Linux, I do it once in two or three years, not because it fails to be as operative as it was back in its first day, but because I make my systems a mess time to time. That is, I make mistakes which Windows users might not be able to do so. And yes, Linux users might have this habbit of cleaning their system by reinstalling Linux time to time, it's because they usually learn to use it more appropriately and more expertly in time which is rare between Windows users. And of course the reason to all of this is due to the complexity of Linux systems and how long it takes to know them very well, which for me it seems to take forever.
First you need to make sure that Secure Boot is disabled on your system.
Then, check if Arch Linux live booted in UEFI mode. If not, reboot and change boot mode on your system:
ls /sys/firmware/efi/efivars
Based on my experience, wireless devices seem to be blocked by rfkill
on Arch
Linux live boot, so you need to check if they are blocked and unblock them if
necessary:
rfkill list # check if wlan0 is blocked
rfkill unblock all # specify wlan0 or all to unblock
ip link set wlan0 up # also set the interface up for use
When interface is prepared, connect to a wireless using iwctl
by following
these commands:
iwctl station wlan0 scan
iwctl station wlan0 get-networks
iwctl station wlan0 connect <BSSID> # replace BSSID with access point name
dhclient # just to make sure you got an ip
ping archlinux.org # check if you're connected to network
After you're connected to the network, update your system's time:
timedatectl set-ntp true
Now partition your system:
fdisk /dev/nvme0n1
Make sure fdisk
is set on gpt partition table. If it's not, just hit
g. Assuming you have 1TB of NVME storage drive, partition as follows:
- uefi: /dev/nvme0n1p1 (1G)
- swap: /dev/nvme0n1p2 (2G)
- lvm: /dev/nvme0n1p3 (rest)
Make file systems:
mkfs.fat -F 32 /dev/nvme0n1p1
mkswap /dev/nvme0n1p2
Don't format the LVM partition just yet.
Encrypt the file system:
cryptsetup luksFormat /dev/nvme0n1p3
cryptsetup luksFormat /dev/nvme0n1p4
Then decrypt the partitions to include them in fstab:
cryptsetup open --type luks /dev/nvme0n1p3 root_storage
cryptsetup open --type luks /dev/nvme0n1p4 home_storage
At this point you can setup LVM:
pvcreate /dev/mapper/root_storage
vgcreate vg_system /dev/mapper/root_storage
lvcreate -L 100GB vg_system -n lv_root
lvcreate -L 500GB vg_system -n lv_home
vgdisplay
lvdisplay
modprobe dm_mod
vgscan
vgchange -ay
Then create filesystem on LVM partitions:
mkfs -t ext4 /dev/vg_system/lv_root
mkfs -t ext4 /dev/vg_system/lv_home
Mount partitions accordingly:
mount /dev/vg_system/lv_root /mnt
mount --mkdir /dev/nvme0n1p2 /mnt/boot
mount --mkdir /dev/vg_system/lv_home /mnt/home
swapon /dev/nvme0n1p2
Now that partitions are ready to be used, but before installing the Linux
itself, there's a small chance that pacman
has outdated keyrings. To make
sure no errors will occur during installation, just update keyring:
pacman -Sy archlinux-keyring
Now Linux packages can be installed on the mounted partition:
pacstrap /mnt base linux linux-headers linux-firmware linux-hardened sof-firmware amd-ucode amd-headers grub efibootmgr
You might also need these packages: NOTE: there will be Gnome Desktop installed on your system afterwards.
pacstrap /mnt acpi amd-ucode amdvlk amvlk archlinux-keyring automake base base-devel bash bc bind binutils bison boost boost-libs bpf bpftrace bridge-utils bzip2 ca-certificates cargo ccache clang cmake cmatrix coreutils ctags cups curl docker doxygen eog evince fakeroot ffmpeg firewalld flatpak fprintd gcc gdb git github-cli gnome gnupg gperf gperftools grep grub gstreamer gtest gzip htop inettools jq jsoncpp kicad kicad-library less lesspipe linux linux-api-headers linux-firmware linux-hardened-headers linux-headers llvm llvm-libs lsof lynx lz4 make man man-db man-pages mdadm mesa mesa-utils meson mirro-rs mkinicpio mtr mutt nasm ncurses neovim neovim-lspconfig net-tools networkmanager nftables nmap ntfs-3g nvim openssh openssl openvpn pacman pacman-mirrorlist pacutils pam pambase patch patchutils perf picocom pinentry pkgconf plantuml protobuf protobuf-c python qemu-base qemu-docs qemu-system-aarch64 qemu-system-arm qemu-system-arm-firmware qemu-system-riscv qemu-system-riscv-firmware qemu-system-x86 qemu-system-x86-firmware qemu-tools qt5-base qt6-base rapidjson rpcsvc-proto rsync samba sed shadow shellcheck shellharden smbclient strace sudo systemd systemd-libs systemd-sysvcompat tar telegram-desktop texlive-basic texlive-bibtexextra texlive-fontsextra texlive-fontsrecommended texlive-formatsextra texlive-latex texlive-latexextra texlive-latexrecommended texlive-pictures texlive-plaingeneric tmux traceroute ttf-sourcecodepro-nerd tzdata uboot-tools unrar unzip urlscan usbutils util-linux util-linux-libs valgrind vim virtualbox virtualbox-guest-iso virtualbox-guest-utils virtualbox-host-modules-arch vlc vulkan-headers vulkan-icd-loader vulkan-mesa-layers vulkan-radeon wget which wireless_tools wpa_supplicant xsel xz zip
You should probably install these packages later as they will not be available now:
aircrack-ng bash-completion g++ google-chrome steam wine winetricks zoom
Then generate file system table for next reboot:
genfstab -U /mnt >> /mnt/etc/fstab
If partitions are locked by cryptsetup
, then make sure the root partition is
not specified by UUID, but as /dev/mapper/root_storage
. This is because
the encrypted parition should be decrypted first and fstab should know where
should be the decrypted path.
But make sure the rest of encrypted partitions are written with UUID of decrypted paths.
When using encrypted drives, you should also write the following records into
/etc/crypttab
:
home_storage UUID=1234-abcd none luks
There should not be root partition address here because initcpio should already be decrypting the root partition on boot, this is just for the rest of encrypted partitions.
Now chroot into the Linux installed partition:
arch-chroot /mnt
Setup your time zone and verify your system time by date
command:
ln -s /usr/share/zoneinfo/<Region>/<City> /etc/localtime
hwclock --systohc
date
Uncomment en_US.UTF-8
in /etc/locale.gen
and then execute:
locale-gen
Setup system language:
echo 'LANG=en_US.UTF-8' >> /etc/locale.conf
And your host name which will be seen on your prompt user@hostname
:
echo '<hostname>' > /etc/hostname
Now this is not necessary, but it would be if you have made LVM, RAID, or LUKS
configurations, see mkinitcpio.conf(5)
. Generally the /etc/mkinitcpio.conf
file should have this hook when LUKS used:
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap encrypt consolefont block filesystems fsck)
Then run:
mkinitcpio -P
This is where amd-ucode
, grub
and efibootmgr
is needed so that the system
can boot:
If using encrypted drives, make sure you also include this in kernel command line GRUB_CMDLINE_LINUX
inside /etc/default/grub
:
GRUB_CMDLINE_LINUX="cryptdevice=UUID=1234-abcd:root_storage root=/dev/mapper/root_storage"
Then generate grub configurations:
grub-install --target x86_64-efi --efi-directory /boot --bootloader-id GRUB
grub-mkconfig -o /boot/grub/grub.cfg
Add boot parameter in /etc/default/grub
:
cryptdevice=/dev/nvme0n1p3:vg_system
Create users and set passwords:
passwd
useradd -m <username>
passwd <username>
And give users privileges using visudo
command, so that you won't have to log
into the root
user anymore.
Also if this is a remote server, configure SSH so that service is on different
port and root
login cannot be made.
You might realize that Arch Linux makes a lot of loud beeps because of PC
speaker module. To disable it, pcspkr
driver should be blocked:
rmmod pcspkr
echo 'blacklist pcspkr' > /etc/modprobe.d/pcspkr.conf
You might also face problems when running a virtual machine instance, VirtualBox complaining that module is not loaded. This is simple to fix by loading its module:
modprobe vboxdrv
Now go back to live boot shell and unmount all partitions:
exit
umout -R /mnt
reboot
After reboot, enable desired services:
systemctl enable --now gdm
systemctl enable --now sshd
systemctl enable --now NetworkManager
systemctl enable --now bluetooth