ansulev · July 23, 2025 19:37 · roxolid · Apr 3, 2020 · ansulev · Apr 3, 2020
diff --git a/install-arch-linux-on-btrfs-subvolume-inside-luks b/install-arch-linux-on-btrfs-subvolume-inside-luks
 # Install Arch Linux with full encrypted btrfs subvolume inside luks
 # filename: install-arch-linux-on-btrfs-subvolume-inside-luks.txt
 # The official guide: https://wiki.archlinux.org/index.php/Installation_Guide

 # Download the archiso image from https://www.archlinux.org/download/
 # Copy to a usb-drive
 dd bs=16M if=archlinux.img of=/dev/sdX status=progress && sync # on linux

 # Boot from the usb.
 # Set spanish keymap
 loadkeys es

 # This assumes a wifi only system...
 wifi-menu

 # Create a primary partition - entire disk
 parted -s /dev/sda mklabel msdos
 parted -s /dev/sda mkpart primary 2048s 100%

 # Create luks container and btrfs filesystem
 cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random \
                    --verify-passphrase luksFormat /dev/sda1
 #cryptsetup -y -v luksFormat /dev/sda1
 cryptsetup open /dev/sda1 cryptroot
 mkfs -t btrfs -L linuxroot /dev/mapper/cryptroot

 # Create btrfs subvolumes
 mount -t btrfs -o compress=lzo /dev/mapper/cryptroot /mnt
 btrfs subvolume create /mnt/@
 btrfs subvolume create /mnt/@home
 btrfs subvolume create /mnt/@snapshots

 # Unmount and remount with the corect partitions
 umount /mnt
 mount -o compress=lzo,subvol=@ /dev/mapper/cryptroot /mnt
 mkdir -p /mnt/home
 mount -o compress=lzo,subvol=@home /dev/mapper/cryptroot /mnt/home
 mkdir -p /mnt/.snapshots
 mount -o compress=lzo,subvol=@snapshots /dev/mapper/cryptroot /mnt/.snapshots

 # Install the system, wifi and some tools
 pacstrap /mnt base base-devel btrfs-progs snapper zsh mlocate htop \
                net-tools wireless_tools wpa_supplicant arch-wiki-lite \
                intel-ucode grub vim aria2 hping elinks dialog

 # Generate fstab
 genfstab -L -p /mnt >> /mnt/etc/fstab

 # Edit /mnt/etc/fstab and add the following options:
 LABEL=linuxroot   /           btrfs       rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@ 0 0
 LABEL=linuxroot   /home       btrfs       rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@home 0 0
 LABEL=linuxroot   /.snapshots btrfs       rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@snapshots 0 0
 # swap in zram
 # /dev/zram0        none    swap    defaults      0 0
 # mount /tmp on tmpfs
 # tmpfs                                     /tmp            tmpfs   rw,nodev,nosuid 0 0

 # Enter the new system
 arch-chroot /mnt /bin/bash

 # Setup system clock
 ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime
 hwclock --systohc --utc

 # Set the hostname
 echo arch > /etc/hostname

 # Generate and set default locale
 vim /etc/locale.gen
 # Uncomment en_US.UTF-8, es_ES.UTF-8, bg_BG.UTF-8
 locale-gen
 echo LANG=en_US.utf8 >> /etc/locale.conf
 echo LANGUAGE=en_US >> /etc/locale.conf
 echo LC_ALL=C >> /etc/locale.conf

 # Set virtul console lang and font
 echo KEYMAP=es > /etc/vconsole.conf
 echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf

 # Set password for root
 passwd

 # Create user
 useradd -m -G wheel angel
 passwd angel

 # Configure mkinitcpio
 vim /etc/mkinitcpio.conf

 # Early modules load
 MODULES="i915"
 # Embed btrfs to initramfs
 BINARIES="/usr/sbin/btrfs"
 # Add 'encrypt' to HOOKS before filesystems
 HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"

 # Regenerate initrd image
 mkinitcpio -p linux

 # Setup grub
 In /etc/default/grub add GRUB_ENABLE_CRYPTODISK=y
 and GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@"
 run:
 grub-mkconfig -o /boot/grub/grub.cfg
 grub-install /dev/sda
 # Exit new system and go into the cd shell
 exit

 # Unmount all partitions
 umount -R /mnt

 # Reboot into the new system, don't forget to remove the cd/usb
 reboot

 # Create keyfile for paswordless login
 dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
 cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
 and add to /etc/mkinitcpio.conf
 FILES=/crypto_keyfile.bin
 run:
 mkinitcpio -p linux
 # Reboot again, you’ll only need to enter your password once.
 reboot

 # Secure keyfile and /boot
 chmod 000 /crypto_keyfile.bin  # actually, even root doesn't need to access this
 chmod -R g-rwx,o-rwx /boot     # just to be safe

 # Install Zen Kernel , X, DE, some basic tools
 pacman -S linux-zen linux-zen-headers irqbalance cpupower x86_energy_perf_policy
 pacman -S xorg-server xf86-video-intel xf86-video-nouveau xf86-input-synaptics \
            xorg-utils xorg-xbacklight xorg-xinit xterm rxvt-unicode compton \
            openbox tint2 spacefm conky scite dmenu clipit volumeicon slock \
            nitrogen scrot xarchiver unzip unrar ark zip p7zip bash-completion \
            rfkill ttf-liberation ttf-droid ttf-hack terminus-font powertop \
            elinks wget whois ethtool qt5-tools archey3 gvim tlc tk lzop

 # Office programs
 pacman -S scribus homebank libreoffice-fresh fbreader epdfview

 # Some graphics applications
 pacman -S gimp inkscape dia mtpaint gpicview graphicsmagick cups-pdf simple-scan

 # Utilities
 pacman -S stardict-lite aspell-en aspell-es hunspell-en hunspell-es \
            mythes-en mythes-es hyphen-en hyphen-es perl-file-mimeinfo \
            keepassx cherrytree zim gprename galculator gsimplecal

 # System tools
 pacman -S bleachbit nethogs gparted dosfstools ntfs-3g grsync gsmartcontrol \
            lxterminal lxappearance lxtask obconf geany scite sshfs gpart \
            arch-wiki-lite hping nmap macchanger ghex yajl pssh wpa_actiond \
            ifplugd gvfs dnsutils grsync xdotool alsa-plugins alsa-utils lsof

 # Multimedia
 pacman -S avidemux-gtk audacity guvcview gtk-recordmydesktop pragha winff \
            handbrake mpv youtube-dl rtmpdump atomicparsley smplayer deadbeef \
            gst-plugins-bad gst-plugins-ugly gst-libav openshot libquicktime \
            frei0r-plugins flashplayer

 # Network
 pacman -S --needed pidgin pidgin-otr purple-skypeweb linphone xchat \
            uget transmission-gtk filezilla claws-mail opera wireshark-gtk

 # Virtualisation
 pacman -S virtualbox virtualbox-host-dkms wine-staging

 # Nvidia Optimus
 pacman -S --needed bumblebee primus bbswitch-dkms libva-intel-driver \
            libva-mesa-driver  libva-vdpau-driver mesa-vdpau nvidia-dkms \
            nvidia-utils nvidia-settings mesa-demos

 # Development
 pacman -S nginx-mainline php php-apcu php-fpm php-gd php-mcrypt php-snmp \
            php-tidy composer apache-openrc nghttp2 lighttpd-openrc openvpn \
            mariadb xdebug nodejs npm colordiff

 # Install from AUR
 pacman -U package-query yaourt

 yaourt -S thermald icecat-bin inox-bin chromium-pepper-flash-standalone jdk8 \
            sublime-text-dev qpdfview megasync dbeaver virtualbox-ext-oracle \
            cdw genymotion arch32-light netcfg-git profile-cleaner playerctl \
            freeplane ananicy-git vibrancy-colors xfce-theme-blackbird \
            xfce-theme-greybird spacefm-gtk2 ruby-sass purple-facebook \
            purple-hangouts-hg nodejs-jshint megasync-qt5 gtk-theme-numix-sx
            numix-themes-archblue-git numix-themes-archblue-git
            gtk-engine-unico csslint nodejs-jshint
	# Install Arch Linux with full encrypted btrfs subvolume inside luks
	# filename: install-arch-linux-on-btrfs-subvolume-inside-luks.txt
	# The official guide: https://wiki.archlinux.org/index.php/Installation_Guide

	# Download the archiso image from https://www.archlinux.org/download/
	# Copy to a usb-drive
	dd bs=16M if=archlinux.img of=/dev/sdX status=progress && sync # on linux

	# Boot from the usb.
	# Set spanish keymap
	loadkeys es

	# This assumes a wifi only system...
	wifi-menu

	# Create a primary partition - entire disk
	parted -s /dev/sda mklabel msdos
	parted -s /dev/sda mkpart primary 2048s 100%

	# Create luks container and btrfs filesystem
	cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random \
	--verify-passphrase luksFormat /dev/sda1
	#cryptsetup -y -v luksFormat /dev/sda1
	cryptsetup open /dev/sda1 cryptroot
	mkfs -t btrfs -L linuxroot /dev/mapper/cryptroot

	# Create btrfs subvolumes
	mount -t btrfs -o compress=lzo /dev/mapper/cryptroot /mnt
	btrfs subvolume create /mnt/@
	btrfs subvolume create /mnt/@home
	btrfs subvolume create /mnt/@snapshots

	# Unmount and remount with the corect partitions
	umount /mnt
	mount -o compress=lzo,subvol=@ /dev/mapper/cryptroot /mnt
	mkdir -p /mnt/home
	mount -o compress=lzo,subvol=@home /dev/mapper/cryptroot /mnt/home
	mkdir -p /mnt/.snapshots
	mount -o compress=lzo,subvol=@snapshots /dev/mapper/cryptroot /mnt/.snapshots

	# Install the system, wifi and some tools
	pacstrap /mnt base base-devel btrfs-progs snapper zsh mlocate htop \
	net-tools wireless_tools wpa_supplicant arch-wiki-lite \
	intel-ucode grub vim aria2 hping elinks dialog

	# Generate fstab
	genfstab -L -p /mnt >> /mnt/etc/fstab

	# Edit /mnt/etc/fstab and add the following options:
	LABEL=linuxroot / btrfs rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@ 0 0
	LABEL=linuxroot /home btrfs rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@home 0 0
	LABEL=linuxroot /.snapshots btrfs rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@snapshots 0 0
	# swap in zram
	# /dev/zram0 none swap defaults 0 0
	# mount /tmp on tmpfs
	# tmpfs /tmp tmpfs rw,nodev,nosuid 0 0

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Setup system clock
	ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime
	hwclock --systohc --utc

	# Set the hostname
	echo arch > /etc/hostname

	# Generate and set default locale
	vim /etc/locale.gen
	# Uncomment en_US.UTF-8, es_ES.UTF-8, bg_BG.UTF-8
	locale-gen
	echo LANG=en_US.utf8 >> /etc/locale.conf
	echo LANGUAGE=en_US >> /etc/locale.conf
	echo LC_ALL=C >> /etc/locale.conf

	# Set virtul console lang and font
	echo KEYMAP=es > /etc/vconsole.conf
	echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf

	# Set password for root
	passwd

	# Create user
	useradd -m -G wheel angel
	passwd angel

	# Configure mkinitcpio
	vim /etc/mkinitcpio.conf

	# Early modules load
	MODULES="i915"
	# Embed btrfs to initramfs
	BINARIES="/usr/sbin/btrfs"
	# Add 'encrypt' to HOOKS before filesystems
	HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"

	# Regenerate initrd image
	mkinitcpio -p linux

	# Setup grub
	In /etc/default/grub add GRUB_ENABLE_CRYPTODISK=y
	and GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@"
	run:
	grub-mkconfig -o /boot/grub/grub.cfg
	grub-install /dev/sda
	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot

	# Create keyfile for paswordless login
	dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
	cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
	and add to /etc/mkinitcpio.conf
	FILES=/crypto_keyfile.bin
	run:
	mkinitcpio -p linux
	# Reboot again, you’ll only need to enter your password once.
	reboot

	# Secure keyfile and /boot
	chmod 000 /crypto_keyfile.bin # actually, even root doesn't need to access this
	chmod -R g-rwx,o-rwx /boot # just to be safe

	# Install Zen Kernel , X, DE, some basic tools
	pacman -S linux-zen linux-zen-headers irqbalance cpupower x86_energy_perf_policy
	pacman -S xorg-server xf86-video-intel xf86-video-nouveau xf86-input-synaptics \
	xorg-utils xorg-xbacklight xorg-xinit xterm rxvt-unicode compton \
	openbox tint2 spacefm conky scite dmenu clipit volumeicon slock \
	nitrogen scrot xarchiver unzip unrar ark zip p7zip bash-completion \
	rfkill ttf-liberation ttf-droid ttf-hack terminus-font powertop \
	elinks wget whois ethtool qt5-tools archey3 gvim tlc tk lzop

	# Office programs
	pacman -S scribus homebank libreoffice-fresh fbreader epdfview

	# Some graphics applications
	pacman -S gimp inkscape dia mtpaint gpicview graphicsmagick cups-pdf simple-scan

	# Utilities
	pacman -S stardict-lite aspell-en aspell-es hunspell-en hunspell-es \
	mythes-en mythes-es hyphen-en hyphen-es perl-file-mimeinfo \
	keepassx cherrytree zim gprename galculator gsimplecal

	# System tools
	pacman -S bleachbit nethogs gparted dosfstools ntfs-3g grsync gsmartcontrol \
	lxterminal lxappearance lxtask obconf geany scite sshfs gpart \
	arch-wiki-lite hping nmap macchanger ghex yajl pssh wpa_actiond \
	ifplugd gvfs dnsutils grsync xdotool alsa-plugins alsa-utils lsof

	# Multimedia
	pacman -S avidemux-gtk audacity guvcview gtk-recordmydesktop pragha winff \
	handbrake mpv youtube-dl rtmpdump atomicparsley smplayer deadbeef \
	gst-plugins-bad gst-plugins-ugly gst-libav openshot libquicktime \
	frei0r-plugins flashplayer

	# Network
	pacman -S --needed pidgin pidgin-otr purple-skypeweb linphone xchat \
	uget transmission-gtk filezilla claws-mail opera wireshark-gtk

	# Virtualisation
	pacman -S virtualbox virtualbox-host-dkms wine-staging

	# Nvidia Optimus
	pacman -S --needed bumblebee primus bbswitch-dkms libva-intel-driver \
	libva-mesa-driver libva-vdpau-driver mesa-vdpau nvidia-dkms \
	nvidia-utils nvidia-settings mesa-demos

	# Development
	pacman -S nginx-mainline php php-apcu php-fpm php-gd php-mcrypt php-snmp \
	php-tidy composer apache-openrc nghttp2 lighttpd-openrc openvpn \
	mariadb xdebug nodejs npm colordiff

	# Install from AUR
	pacman -U package-query yaourt

	yaourt -S thermald icecat-bin inox-bin chromium-pepper-flash-standalone jdk8 \
	sublime-text-dev qpdfview megasync dbeaver virtualbox-ext-oracle \
	cdw genymotion arch32-light netcfg-git profile-cleaner playerctl \
	freeplane ananicy-git vibrancy-colors xfce-theme-blackbird \
	xfce-theme-greybird spacefm-gtk2 ruby-sass purple-facebook \
	purple-hangouts-hg nodejs-jshint megasync-qt5 gtk-theme-numix-sx
	numix-themes-archblue-git numix-themes-archblue-git
	gtk-engine-unico csslint nodejs-jshint
No results found