Linux Install¶

These are rough notes written for me, hope it helps somebody.

I'm currently running Arch Linux on my desktop, but this would be applicable to Fedora with a minimal install (somewhat) etc.

I wanted my Linux install to have these things:

UEFI and GPT
systemd-boot instead of GRUB
btrfs with subvolumes
trying out zstd:1
- default on Fedora
https://man.archlinux.org/man/btrfs.5#COMPRESSION_LEVELS
support for btrfs snapshots in the future if I want them
LUKS2 encrypted main partition
unencrypted /boot
- see xkcd
no LVM
- similar to https://fedoraproject.org/wiki/Changes/BtrfsByDefault#Detailed_Description
dual boot with Windows
secure boot (not done right now)
- https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition_with_TPM2_and_Secure_Boot

Based off:

TODO¶

snapshots and restore
dual boot with Windows working properly
- systemctl reboot --boot-loader-entry=x.conf

Arch Installation¶

Disable the PC speaker (depending on PC, this is annoying): rmmod pcspkrZZZZ
Follow the Arch Installation Guide, check here for steps changes

Pre-installation/Set the console keyboard layout and font¶

Ignore this

Pre-installation/Partition the disks¶

Partition¶

Based on:

https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition
https://github.com/egara/arch-btrfs-installation
Where BOOT_PARTITION is boot partition
Where ROOT_PARTITION is root/data partition

+-----------------------+------------------------+
| Boot partition        | LUKS2 encrypted root   |
|                       | partition              |
|                       |                        |
| /boot                 | /                      |
|                       |                        |
|                       | /dev/mapper/root       |
|                       |------------------------|
| /dev/BOOT_PARITTION   | /dev/ROOT_PARTITION    |
+-----------------------+------------------------+

Provision the drive with fdisk DRIVE, find with fdisk -l
Delete existing partitions (use d) ? I think 3. handles this
Type g to create a GPT drive
Make EFI partition
1. Press n
2. Partition type: Primary
3. Partition number: 1
4. First sector: continue
5. Last sector: +512M
6. Press t to change the type, press L to list types
7. Select the type for EFI System
  1. The types seem to differ per motherboard (?), so double check
8. Don't worry about making/marking as bootable
Make primary partition
1. Press n
2. Partition type: Primary
3. Partition number: 2
4. First sector: continue
5. Last sector: continue
6. Press t to change the type, press L to list types
7. Select the type for Linux filesystem
  1. The types seem to differ per motherboard (?), so double check
Type p to list the paritions and double check
1. Validate (see Validate drives below)
Type w to write to the drive

Validate drives¶

Validate with fdisk -l

Look for the following:

Disklabel type: GPT

It should look like:

Disk /dev/nvme1n1: 1.82 TiB, 2000398934016 bytes, 3907029168 sectors
Disk model: Samsung SSD 980 PRO 2TB
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: x

Device           Start        End    Sectors  Size Type
/dev/nvme1n1p1    2048    1050623    1048576  512M EFI System
/dev/nvme1n1p2 1050624 3907028991 3905978368  1.8T Linux filesystem

Format boot partition¶

mkfs.fat -F 32 /dev/BOOT_PARTITION

Setup LUKS & btrfs¶

Make LUKS container and initialise btrfs¶

Following https://github.com/egara/arch-btrfs-installation but substituting /dev/mapper/root
You should be able to follow any guide and do the same

cryptsetup -y -v luksFormat /dev/ROOT_PARTITION
cryptsetup open /dev/ROOT_PARTITION root
mkfs.btrfs -L arch /dev/mapper/root
mount /dev/mapper/root /mnt

Check mapping works as intended

umount /mnt
cryptsetup close root
cryptsetup open /dev/ROOT_PARTITION root
mount /dev/mapper/root /mnt

Setup BTRFS subvolumes¶

cd /mnt
btrfs subvolume create _active
btrfs subvolume create _active/rootvol
btrfs subvolume create _active/homevol
btrfs subvolume create _snapshots
btrfs subvolume create _swap

Mount them¶

For the boot partition, systemd-boot throws a warning if your permissions are too open, somebody on reddit suggested these masks:
https://www.reddit.com/r/archlinux/comments/15slhtp/deleted_by_user/

cd ..
umount /mnt
mount -o subvol=_active/rootvol,compress=zstd:1,discard=async /dev/mapper/root /mnt
mkdir /mnt/{home,boot,btrfs_root}
mount -o fmask=0137,dmask=0027 /dev/BOOT_PARTITION /mnt/boot
mount -o subvol=_active/homevol,compress=zstd:1,discard=async /dev/mapper/root /mnt/home
mount -o subvol=/,compress=zstd:1,discard=async /dev/mapper/root /mnt/btrfs_root
mount -o subvol=_swap,discard=async /dev/mapper/root /mnt/swap

Swap File¶

Follow https://wiki.archlinux.org/title/btrfs#Swap_file
1. Create in the _swap subvolume
Set the swap size to RAM size for hibrenation

Swap files generated with btrfs are excluded from COW

Installation/Select the mirrors¶

These get copied, so set them up properly now

pacman -Syy
pacman -S reflector
reflector -c AU -f 10 --save /etc/pacman.d/mirrorlist

Installation/Install essential packages¶

Where CPU_MICROCODE is intel-ucode or amd-ucode or whatever else

pacstrap -K /mnt base linux linux-firmware neovim networkmanager dhclient sudo chrony CPU_MICROCODE

Configure the system/Fstab¶

Run genfstab -U /mnt >> /mnt/etc/fstab
In /mnt/etc/fstab remove subvolid= references on each btrfs mount to help with snapshot rollback in the future

It should look like this:

# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
# /dev/mapper/root LABEL=arch
UUID=x  /           btrfs       rw,relatime,compress=zstd:1,ssd,discard=async,space_cache=v2,subvol=/_active/rootvol    0 0

# /dev/nvme0n1p1
UUID=x          /boot       vfat        rw,relatime,fmask=0137,dmask=0027,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2

# /dev/mapper/root LABEL=arch
UUID=x  /home       btrfs       rw,relatime,compress=zstd:1,ssd,discard=async,space_cache=v2,subvol=/_active/homevol    0 0

# /dev/mapper/root LABEL=arch
UUID=x  /btrfs_root btrfs       rw,relatime,compress=zstd:1,ssd,discard=async,space_cache=v2,subvol=/   0 0

/swap/swapfile          none            swap            defaults        0 0

Configure the system/Localization¶

Make sure to uncomment en_US.UTF-8 UTF-8 and do the rest of the steps, ignore console keyboard layout

Configure the system/Network configuration¶

In addition to /etc/hostname, make an /etc/hosts with the following:

127.0.0.1 localhost
::1 localhost
127.0.0.1 HOSTNAME

Configure the system/Initramfs & Configure the system/Boot loader¶

systemd-boot and LUKS initramfs¶

See the following:

https://wiki.archlinux.org/title/systemd-boot
https://wiki.archlinux.org/title/dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio
Setup these hooks: HOOKS=(base systemd autodetect modconf kms keyboard block sd-encrypt filesystems fsck)
systemd keyboard sd-encrypt are the important ones
Add sd-vconsole if using non-default console font/non-US keyboard
I've put btrfs in HOOKS, it can probably go in HOOKS after sd-encrypt or keymap (not sure if it matters)
HOOKS=( ... btrfs ... )
Run bootctl install
Re-generate the initramfs via mkinitcpio -P

Enable systemd-boot updating on boot¶

https://wiki.archlinux.org/title/systemd-boot#systemd_service
Run: sudo systemctl enable systemd-boot-update.service

Edit bootloader config¶

Edit /boot/loader/loader.conf

and put

default arch.conf
timeout 10
console-mode max
editor no

Add a loader for arch¶

Edit esp/loader/entries/arch.conf
Where CPU_MICROCODE is intel-ucode or amd-ucode or whatever else
Validate the below files are in the /boot folder, if not then do the below
- vmlinuz-linux: linux
- CPU_MICROCODE: package from earlier
- initramfs-linux.img: mkinitcpio -P
Make sure that your initrd CPU_MICROCODE is BEFORE initrd initramfs-linux.img otherwise you'll get a failure
Where UUID is your UUID of your root partition
You can use :read ! blkid /dev/ROOT_PARTITION in vim to get it, or the same command in a terminal and type it out
Add resume and resume_offset for suspend to disk
- resume_offset=x
- where x is from https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Acquire_swap_file_offset for BTRFS
  - btrfs inspect-internal map-swapfile -r /swap/swapfile

title Arch Linux
sort-key 01
linux /vmlinuz-linux
initrd /CPU_MICROCODE.img
initrd /initramfs-linux.img
options rd.luks.name=UUID=root root=/dev/mapper/root rootflags=subvol=_active/rootvol rds.luks.options=discard resume=/dev/mapper/root resume_offset=x rw quiet splash

Repeat above for fallback-initramfs¶

Same config, but reference /initramfs-fallback instead

Configure the system/Root password¶

Don't forget to do this

Clock sync¶

Using chrony as systemd-timesyncd does not support NTS

Edit /etc/chrony.conf and replace the Arch pool server with the Cloudflare NTS one:
- server time.cloudflare.com iburst nts
- https://wiki.archlinux.org/title/Chrony#Using_NTS_servers
systemctl enable --now chronyd
Run sudo chronyc -a makestep to force a sync

Reboot¶

Reboot and that's the end of the Arch Installation

Bootstrap & User setup¶

Allow wheel group in sudoers¶

Create a user account¶

Create user
Add to wheel group
Test sudo

Run bootstrap as user¶

Other people: please don't use this script

Not tested (sorry future me):

curl -fL https://raw.githubusercontent.com/itsjfx/dotfiles/master/scripts/bootstrap/run_bootstrap.sh >run_bootstrap.sh

bash run_bootstrap.sh

Copy root files¶

Copy the root files ~/.root-files/ over as they will setup X11 and part of the NVIDIA stuff below correctly

TODO have a script to do this and run diffs

NVIDIA steps¶

After installing NVIDIA drivers from bootstrap there's a couple of things needed

Remove nouveau/kms from mkinitcpio¶

I'm not sure if this is needed if you don't install nouveau but listed here https://wiki.archlinux.org/title/NVIDIA#Installation

Remove kms from mkinitcpio.conf and regenerate the initramfs

Setup DRM kernel mode setting¶

1.3 DRM kernel mode setting
- Should be done in ~/.root-files/etc/modprobe.d/nvidia.conf
- Latest drivers are >545 in Arch so no need to set anything in the kernel parameters
- To check:
  - cat /sys/module/nvidia_drm/parameters/modeset and fbdev should return Y
1.3.1.1 mkinitcpio Add early loading to the kernel
- Follow these steps
- https://wiki.archlinux.org/title/Kernel_mode_setting#mkinitcpio
- Add MODULES=(... nvidia nvidia_modeset nvidia_uvm nvidia_drm ...) to the mkinitcpio.conf
- Re-generate the initramfs
1.3.1.3 pacman hook pacman hook
- Should be done in ~/.root-files/etc/pacman.d/hooks/nvidia.hook

sudo sysfsutils | less you should see multiple entries from nvidia from earlier

Setup Windows dual boot¶

I couldn't get this working:

https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431

I followed this again and it worked:

https://wiki.archlinux.org/title/systemd-boot#Boot_from_another_disk
Get the UEFI shell working: https://wiki.archlinux.org/title/Systemd-boot#UEFI_Shells_or_other_EFI_applications
In the UEFI shell, run map to list the partitions
Run ls FS0:... and figure out which one is the Windows EFI partition
Confirm the bootmgfw.efi file exists by using ls FSX:EFI\Microsoft\Boot\bootmgfw.efi
I made mine lowercase as it's the correct casing, not sure if its case sensitive
I also added sort-key 02 to my entry to put it below Arch

Get Windows fonts¶

Probably needed for some stuff.

See: https://wiki.archlinux.org/title/Microsoft_fonts#Installation

Copy from a Windows Install
or use the AUR provided package which grabs them from the ISO

Snapshots¶

TODO