Enter iwctl
$ iwctlWhen inside, check for the name of your wireless devices.
device listIf your device name is wlan0, connect using the following command
station wlan0 connect <SSID>Make sure to enter in your password
exit when complete
exitEnable sshd (should be done by default)
$ systemctl enable sshdset a password for the current user
$ passwdList blocks. In my case, my drives are nvme0n1 and nvme1n1. Your's might be the same, or the might be an sdx drive, such as sda or sdb.
$ lsblkWrite random data into your drive.
$ dd if=/dev/urandom of=/dev/nvme0n1 status=progress bs=4096Get the names of the blocks
$ lsblkFor both partition setups, you'll want to setup a table on your primary drive.
$ gdisk /dev/nvme0n1Inside of gdisk, you can print the table using the p command.
To create a new partition use the n command. The below table shows
the disk setup I have for my primary drive
| partition | first sector | last sector | code |
|---|---|---|---|
| 1 | default | +512M | ef00 |
| 2 | default | +4G | ef02 |
| 3 | default | default | 8309 |
If you have a second drive for your home disk, then your table would be as follows.
| partition | first sector | last sector | code |
|---|---|---|---|
| 1 | default | default | 8302 |
Load the encryption modules to be safe.
$ modprobe dm-crypt
$ modprobe dm-modSetting up encryption on our luks lvm partiton
$ cryptsetup luksFormat -v -s 512 -h sha512 /dev/nvme0n1p3Enter in your password and Keep it safe. There is no "forgot password" here.
If you have a home partition, then initialize this as well
$ cryptsetup luksFormat -v -s 512 -h sha512 /dev/nvme1n1p1Mount the drives:
$ cryptsetup open /dev/nvme0n1p3 luks_lvmIf you have a home parition:
$ cryptsetup open /dev/nvme1n1p1 arch-homeCreate the volume and volume group
$ pvcreate /dev/mapper/luks_lvm
$ vgcreate arch /dev/mapper/luks_lvmCreate a volume for your swap space. A good size for this is your RAM size + 2GB. In my case, 64GB of RAM + 2GB = 66G.
$ lvcreate -n swap -L 66G archNext you have a few options depending on your setup
If you have a single disk, you can either have a single volume for your root and home, or two separate volumes.
Single volume is the most straightforward. To do this, just use the entire disk space for your root volume
$ lvcreate -n root -l +100%FREE archFor two volumes, you'll need to estimate the max size you want for either your root or home volumes. With a root volume of 200G, this looks like:
$ lvcreate -n root -L 200G archThen use remaining disk space for home
$ lvcreate -n home -l +100%FREE archIf you have two disks, then create a single volume on your LVM disk.
$ lvcreate -n root -l +100%FREE archFAT32 on EFI partiton
$ mkfs.fat -F32 /dev/nvme0n1p1 EXT4 on Boot partiton
$ mkfs.ext4 /dev/nvme0n1p2BTRFS on root
$ mkfs.btrfs -L root /dev/mapper/arch-rootBTRFS on home if exists
$ mkfs.btrfs -L home /dev/mapper/arch-homeSetup swap device
$ mkswap /dev/mapper/arch-swapMount swap
$ swapon /dev/mapper/arch-swap
$ swapon -aMount root
$ mount /dev/mapper/arch-root /mntCreate home and boot
$ mkdir -p /mnt/{home,boot}Mount the boot partiton
$ mount /dev/nvme0n1p2 /mnt/bootMount the home partition if you have one, otherwise skip this
$ mount /dev/mapper/arch-home /mnt/homeCreate the efi directory
$ mkdir /mnt/boot/efiMount the EFI directory
$ mount /dev/nvme0n1p1 /mnt/boot/efi$ pacstrap -K /mnt base linux linux-firmwareWith base-devel
$ pacstrap -K /mnt base base-devel linux linux-firmwareLoad the file table
$ genfstab -U -p /mnt > /mnt/etc/fstabchroot into your installation
$ arch-chroot /mnt /bin/bashInstall a text editor
$ pacman -S neovim$ pacman -S nanoOpen up mkinitcpio.conf
$ nvim /etc/mkinitcpio.confadd encrypt and lvm2 into the hooks
HOOKS=(... block encrypt lvm2 filesystems fsck)install lvm2
$ pacman -S lvm2Install grub and efibootmgr
$ pacman -S grub efibootmgrSetup grub on efi partition
$ grub-install --efi-directory=/boot/efiobtain your lvm partition device UUID
blkid /dev/nvme0n1p3Copy this to your clipboard
$ nvim /etc/default/grubAdd in the following kernel parameters
root=/dev/mapper/arch-root cryptdevice=UUID=<uuid>:luks_lvm$ mkdir /secureRoot keyfile
$ dd if=/dev/random of=/secure/root_keyfile.bin bs=512 count=8Home keyfile if home partition exists
$ dd if=/dev/random of=/secure/home_keyfile.bin bs=512 count=8Change permissions on these
$ chmod 000 /secure/*Add to partitions
$ cryptsetup luksAddKey /dev/nvme0n1p3 /secure/root_keyfile.bin
# skip below if using single disk
$ cryptsetup luksAddKey /dev/nvme1n1p1 /secure/home_keyfile.bin$ nvim /etc/mkinitcpio.confFILES=(/secure/root_keyfile.bin)Get uuid of home partition
$ blkid /dev/nvme1n1p1Open up the crypt table.
$ nvim /etc/crypttabAdd in the following line at the bottom of the table
arch-home UUID=<uuid> /secure/home_keyfile.binReload linux
$ mkinitcpio -p linuxCreate grub config
$ grub-mkconfig -o /boot/grub/grub.cfg
$ grub-mkconfig -o /boot/efi/EFI/arch/grub.cfgln -sf /usr/share/zoneinfo/America/Chicago /etc/localtime$ nvim /etc/systemd/timesyncd.confAdd in the NTP servers
[Time]
NTP=0.arch.pool.ntp.org 1.arch.pool.ntp.org 2.arch.pool.ntp.org 3.arch.pool.ntp.org
FallbackNTP=0.pool.ntp.org 1.pool.ntp.orgEnable timesyncd
# systemctl enable systemd-timesyncd.service$ nvim /etc/locale.genuncomment the UTF8 lang you want
en_US.UTF-8 UTF-8$ locale-gen$ nvim /etc/locale.confLANG=en_US.UTF-8enter it into your /etc/hostname file
$ nvim /etc/hostnameor
$ echo "mymachine" > /etc/hostnameFirst secure the root user by setting a password
$ passwdThen install the shell you want
$ pacman -S zshAdd a new user as follows
$ useradd -m -G wheel -s /bin/zsh userset the password on the user
$ passwd userAdd the wheel group to sudoers
$ EDITOR=nvim visudo%wheel ALL=(ALL:ALL) ALL$ pacman -S networkmanager
$ systemctl enable NetworkManager$ pacman -S gnome$ systemctl enable gdmFor AMD
$ pacman -S amd-ucodeFor intel
$ pacman -S intel-ucode$ grub-mkconfig -o /boot/grub/grub.cfg
$ grub-mkconfig -o /boot/efi/EFI/arch/grub.cfg$ exit
$ umount -R /mnt
$ reboot now