For those looking to install Arch Linux, it is my hope that this guide will prove useful. Most of the information here is from https://wiki.archlinux.org/. The advantage of this guide is all the information being available on one opinionated page. This guide assumes that we know how to download an Arch Linux image and boot into it, along with the system booting into UEFI mode. We will be messing with our systems so I strongly recommend to read this guide carefully. With that out of the way let's begin.
Change console keymap
Those using a different keyboard layout may want to change the console keymap. To change to dvorak, run:
loadkeys dvorak
Connectivity
Next we will want to connect to the internet. If your device is plugged in via Ethernet cable then you should be good to go. Otherwise, we can connect to a Wi-Fi network using iwctl:
iwctl
Find out the name of your wireless device:
device list
Scan for networks:
station <device name> scan
List network SSID:
station <device name> get-networks
Connect to network:
station <device-name> connect <SSID>
Leave iwctl by sending a SIGINT signal with Ctrl+c.
Test connection:
ping archlinux.org
If we get a response then we can stop pinging using Ctrl+c.
Update system clock
With connectivity taken care of let's enable and start network time synchronisation:
timedatectl set-ntp true
Partitioning
Now we start the process for partitioning the disks. First we will identify disks in /proc/partitions:
fdisk -l
We are looking for a drive we want to install Arch on. The section labeled Disk model should help us identify what drive we want. In the image above, if we wanted to install on the SanDisk, the location of the block device would be /dev/sda.
Since we are going to encrypt our root directory, let's securely erase the drive. First, create a container called to_be_wiped:
cryptsetup open --type plain -d /dev/urandom /dev/<block-device> to_be_wiped
Next we will zero out the container:
dd bs=1M if=/dev/zero of=/dev/mapper/to_be_wiped status=progress
Then we close the container:
cryptsetup close to_be_wiped
With the drive erased, we will now use fdisk to partition the disk. fdisk is interactive and we will walk through the process together. First lets manipulate the drive we want to partition:
fdisk /dev/<block-device>
We can enter m to see the available commands. The first thing we want to do is create a new partition table. We can do that by entering g.
We need two partitions: An EFI system partition to boot and a root directory / partition to hold our data. Let's create them now with n.
We will be prompted to assign a partition number, leave it at the default by hitting enter. Similarly, leave the first sector at the default and hit enter. Our first partition will be 512M so for the last sector enter +512M.
Change the partition type with t then 1 for EFI.
Next we create another partition with n and leave everything at their default values.
If we enter p fdisk will print out our partition table and we should see something like this:
Finally, we write the partition table to disk with w.
Format partitions
We can now format the partitions. First we will format the boot partition, we are looking for the device with the type EFI System. Partition it to FAT32 and label it ESP with:
mkfs.fat -F32 -n ESP /dev/<boot-partition>
In order to encrypt our data, we will need to create a Linux Unified Key Setup (LUKS) partition. Look for the device with the type Linux filesystem. Format and label it ARCH_LUKS with:
cryptsetup luksFormat --label ARCH_LUKS /dev/<linux-partition>
After setting a password, let's open the LUKS partition and map it to the device name of cryptroot. If using a SSD, we can disable internal read and write workqueue for increased performance with encryption using cryptsetup --perf-no_read_workqueue --perf-no_write_workqueue --persistent open /dev/<luks-partition> cryptroot. Otherwise:
cryptsetup open /dev/<luks-partition> cryptroot
Our LUKS partition is now mapped to /dev/mapper/cryptroot. Next we'll finally format cryptroot to Btrfs and label it ARCH:
mkfs.btrfs -L ARCH /dev/mapper/cryptroot
List block devices and view filesystem info with lsblk:
lsblk -f
Mounting
We will first mount our Btrfs filesystem cryptroot. To improve performance we will disable access time metadata updates. We will also use ZSTD compression with a level of 1 to prioritise performance:
mount -o noatime,compress=zstd:1 /dev/mapper/cryptroot /mnt
Now that we have mounted cryptroot we will create subvolumes. Create root and home with:
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
Unmount cryptroot:
umount /mnt
We will now mount the subvolumes root and home at the appropriate locations instead of the toplevel subvolume. This is done to simplify the creation of snapshots:
mount -o noatime,compress=zstd:1,subvol=root /dev/mapper/cryptroot /mnt
mount --mkdir -o noatime,compress=zstd:1,subvol=home /dev/mapper/cryptroot /mnt/home
Finally mount the boot partition we previously created:
mount --mkdir /dev/<boot-partition> /mnt/boot
Install essential packages
Use pacstrap to install some packages so we can start using our system:
pacstrap /mnt base linux linux-firmware btrfs-progs networkmanager vim man-db man-pages
Fstab
Use genfstab to create a fstab file:
genfstab -L /mnt >> /mnt/etc/fstab
Chroot
chroot into our new system:
arch-chroot /mnt
Congratulations! We are now in our now system.
Time zone
Set the time zone, we can use tab completion to view possible options:
ln -sf /usr/share/zoneinfo/<region>/<city> /etc/localtime
Set the Hardware Clock:
hwclock --systohc
Localisation
We will use vim as our text editor to uncomment locales in /etc/locale.gen, we should at least uncomment en_US.UTF-8 UTF-8. Afterwards generate locales with:
locale-gen
create locale.conf and set the LANG variable:
vim /etc/locale.conf
LANG=en_US.UTF-8
If we previously changed the console keymap then make it persist with:
vim /etc/vconsole.conf
KEYMAP=dvorak
Network configuration
Create the hostname file and set the hostname as you wish, for example arch:
vim /etc/hostname
arch
Enable networkmanager so we will have connectivity once we leave the live environment:
systemctl enable NetworkManager
Initramfs
Since we are using encryption, we will need to edit mkinitcpio, the script used to create the initial ramdisk. Edit the file /etc/mkinitcpio.conf. Go to the HOOKS line that isn't commented out and replace udev with systemd, and add sd-vconsole (if we changed the keymap) and sd-encrypt hooks after keyboard. Then recreate initramfs:
mkinitcpio -P
Root password
Set the root password:
passwd
Boot loader
Next install GRUB bootloader and microcode updates. If using Intel processor, replace amd-ucode with intel-ucode:
pacman -S grub efibootmgr amd-ucode
We will now install the GRUB EFI application and its modules and name the bootloader GRUB using:
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
Let's edit our kernel parameters file. We previously labeled everything but unfortunately need the UUID of our ARCH_LUKS partition. Find the UUID with lsblk -f then edit /etc/default/grub:
All the following parameters need to be appended to GRUB_CMDLINE_LINUX_DEFAULT.
Unlock our device in initramfs by appending rd.luks.name=<UUID>=cryptroot.
Enable TRIM support, append rd.luks.options=discard.
Disable and blacklist watchdog module, append nowatchdog module_blacklist=iTCO_wdt.
Regenerate grub.cfg
grub-mkconfig -o /boot/grub/grub.cfg
Our work in chroot is done, exit out with exit or Ctrl+d and reboot.
Post-installation
After rebooting and decrypting our drive, we should be greeted with a login screen. The only user we have right now is root so enter that as our login username and supply the appropriate password.
Connectivity
If we need to connect to Wi-Fi, use nmcli:
nmcli device wifi list
nmcli device wifi connect <SSID> password <PASSWORD>
Package management
Arch usespacman as its package manager. Enable color output and parallel downloads by editing /etc/pacman.conf and uncommenting Color along with ParallelDownloads and changing the value from 5 to 10. We can also an arguably nicer progress bar by adding ILoveCandy right after ParallelDownloads.
Remaining packages
The choice of desktop environment if any at all is entirely up to the user. For the purposes of this guide we will be using GNOME.
The packages required for display drivers varies based on hardware. I will link the appropriate wiki pages where we can find the correct packages to install:
AMD
Intel
NVIDIA
An example for AMD would be:
pacman -S sudo pacman-contrib archlinux-contrib reflector mesa vulkan-radeon libva-mesa-driver gnome gnome-tweaks pipewire pipewire-alsa pipewire-pulse pipewire-jack wireplumber firewalld $(pacman -Ssq noto-fonts)
The display driver packages are mesa vulkan-radeon libva-mesa-driver. mesa provides 3D acceleration, vulkan-radeon provides vulkan support, and accelerated video decoding is provided by libva-mesa-driver.
Users and groups
Let's create an unprivileged user and add it to the wheel group:
useradd -m -G wheel <user>
passwd <user>
Privilege elevation
We will use sudo to allow the user to run privileged commands. Since we have already added our user to the wheel group, we just need to uncomment %wheel ALL=(ALL) ALL:
EDITOR=vim visudo
We will use reflector to keep our mirrors up to date. To choose mirrors based in our country, and sort them by download rate. Edit /etc/xdg/reflector/reflector.conf, uncomment and update country and sort age to sort rate.
Let's enable some timers and services:
systemctl enable fstrim.timer paccache.timer reflector.timer gdm firewalld bluetooth
Finally reboot and login using our newly created user.
Finishing touches
After decrypting our drive and logging in we should now be inside the GNOME desktop environment. If we changed our keymap, then the GNOME login will unfortunately be in qwerty, we will fix that now.
Go to Settings->Keyboard and add in the desired keyboard layout. Next open terminal and enter (replacing us and dvorak with the appropriate text:
localectl set-x11-keymap us dvorak
localectl set-keymap dvorak
If you are the only user and don't wish to enter a password to login after decrypting our drive, we can go to Settings->Users click unlock and check Automatic Login. Since we are no longer root we need to use sudo to install packages. For tracking unowned files, zsh, firefox, and gvim we will install the following packages:
sudo pacman -S pacutils zsh grml-zsh-config firefox gvim
gvim will conflict with vim-minimal that we installed earlier. Enter y to remove vim-minimal.
Start and configure zsh:
zsh
Change zsh to our default shell:
chsh -s $(which zsh)
Make vim our default editor and enable wayland for Firefox by setting some environmental variables:
mkdir .config/environment.d
Create .config/environment.d/envvars.conf and have the following as the contents:
EDITOR=vim
MOZ_ENABLE_WAYLAND=1
Source the environmental variables by restarting gdm:
systemctl restart gdm
With that we are finally done! I hope this guide was helpful and we learned some things along the way.
Top comments (0)