ansulev · July 23, 2025 19:37 · roxolid · Apr 3, 2020 · ansulev · Apr 3, 2020
diff --git a/install-arch-linux-on-btrfs-subvolume-inside-luks b/install-arch-linux-on-btrfs-subvolume-inside-luks
 # Install Arch Linux with full encrypted btrfs subvolume inside luks
 # filename: install-arch-linux-on-btrfs-subvolume-inside-luks.txt
 # The official guide: https://wiki.archlinux.org/index.php/Installation_Guide

 # Download the archiso image from https://www.archlinux.org/download/
 # Copy to a usb-drive
 dd bs=16M if=archlinux.img of=/dev/sdX status=progress && sync # on linux

 # Boot from the usb.
 # Set spanish keymap
 loadkeys es

 # This assumes a wifi only system...
 wifi-menu

 # Create a primary partition - entire disk
 parted -s /dev/sda mklabel msdos
 parted -s /dev/sda mkpart primary 2048s 100%

 # Create luks container and btrfs filesystem
 cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random \
                    --verify-passphrase luksFormat /dev/sda1
 #cryptsetup -y -v luksFormat /dev/sda1
 cryptsetup open /dev/sda1 cryptroot
 mkfs -t btrfs -L linuxroot /dev/mapper/cryptroot

 # Create btrfs subvolumes
 mount -t btrfs -o compress=lzo /dev/mapper/cryptroot /mnt
 btrfs subvolume create /mnt/@
 btrfs subvolume create /mnt/@home
 btrfs subvolume create /mnt/@snapshots

 # Unmount and remount with the corect partitions
 umount /mnt
 mount -o compress=lzo,subvol=@ /dev/mapper/cryptroot /mnt
 mkdir -p /mnt/home
 mount -o compress=lzo,subvol=@home /dev/mapper/cryptroot /mnt/home
 mkdir -p /mnt/.snapshots
 mount -o compress=lzo,subvol=@snapshots /dev/mapper/cryptroot /mnt/.snapshots

 # Install the system, wifi and some tools
 pacstrap /mnt base base-devel btrfs-progs snapper zsh mlocate htop \
                net-tools wireless_tools wpa_supplicant arch-wiki-lite \
                intel-ucode grub vim aria2 hping elinks dialog

 # Generate fstab
 genfstab -L -p /mnt >> /mnt/etc/fstab

 # Edit /mnt/etc/fstab and add the following options:
 LABEL=linuxroot   /           btrfs       rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@ 0 0
 LABEL=linuxroot   /home       btrfs       rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@home 0 0
 LABEL=linuxroot   /.snapshots btrfs       rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@snapshots 0 0
 # swap in zram
 # /dev/zram0        none    swap    defaults      0 0
 # mount /tmp on tmpfs
 # tmpfs                                     /tmp            tmpfs   rw,nodev,nosuid 0 0

 # Enter the new system
 arch-chroot /mnt /bin/bash

 # Setup system clock
 ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime
 hwclock --systohc --utc

 # Set the hostname
 echo arch > /etc/hostname

 # Generate and set default locale
 vim /etc/locale.gen
 # Uncomment en_US.UTF-8, es_ES.UTF-8, bg_BG.UTF-8
 locale-gen
 echo LANG=en_US.utf8 >> /etc/locale.conf
 echo LANGUAGE=en_US >> /etc/locale.conf
 echo LC_ALL=C >> /etc/locale.conf

 # Set virtul console lang and font
 echo KEYMAP=es > /etc/vconsole.conf
 echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf

 # Set password for root
 passwd

 # Create user
 useradd -m -G wheel angel
 passwd angel

 # Configure mkinitcpio
 vim /etc/mkinitcpio.conf

 # Early modules load
 MODULES="i915"
 # Embed btrfs to initramfs
 BINARIES="/usr/sbin/btrfs"
 # Add 'encrypt' to HOOKS before filesystems
 HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"

 # Regenerate initrd image
 mkinitcpio -p linux

 # Setup grub
 In /etc/default/grub add GRUB_ENABLE_CRYPTODISK=y and GRUB_DISABLE_SUBMENU=y
 # GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@"
 GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot"

 # Extra kernel options to add to GRUB_CMDLINE_LINUX
 acpi_osi=Linux acpi=force acpi_enforce_resources=lax ath9k.ps_enable=1
 pcie_aspm=force i915.enable_rc6=1 i915.enable_fbc=1 i915.lvds_downclock=1
 i915.semaphores=1

 run:
 grub-mkconfig -o /boot/grub/grub.cfg
 grub-install /dev/sda
 # Exit new system and go into the cd shell
 exit

 # Unmount all partitions
 umount -R /mnt

 # Reboot into the new system, don't forget to remove the cd/usb
 reboot

 # Create keyfile for paswordless login
 dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
 cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
 and add to /etc/mkinitcpio.conf
 FILES=/crypto_keyfile.bin
 run:
 mkinitcpio -p linux
 # Reboot again, you’ll only need to enter your password once.
 reboot

 # Secure keyfile and /boot
 chmod 000 /crypto_keyfile.bin  # actually, even root doesn't need to access this
 chmod -R g-rwx,o-rwx /boot     # just to be safe

 # Optional: Install Light Desktop, Replace SystemD with OpenRC

 # Install Zen Kernel , X, DE, some basic tools
 pacman -S linux-zen linux-zen-headers irqbalance cpupower x86_energy_perf_policy \
 pacman -S xorg-server xf86-video-intel xf86-video-nouveau xf86-input-synaptics \
            xorg-utils xorg-xbacklight xorg-xinit xterm rxvt-unicode compton \
            openbox tint2 spacefm conky scite dmenu clipit volumeicon slock \
            nitrogen scrot xarchiver unzip unrar zip p7zip bash-completion \
            rfkill ttf-liberation ttf-droid ttf-hack terminus-font powertop \
            wget whois ethtool archey3 gvim tlc tk lzop udevil

 # Look and feel
 pacman -S gtk-engine-murrine numix-themes faenza-icon-theme

 # Office programs
 pacman -S scribus homebank libreoffice-fresh fbreader epdfview

 # Some graphics applications
 pacman -S gimp inkscape dia mtpaint gpicview graphicsmagick cups-pdf simple-scan

 # Utilities
 pacman -S stardict-lite aspell-en aspell-es hunspell-en hunspell-es \
            mythes-en mythes-es hyphen-en hyphen-es perl-file-mimeinfo \
            keepassx cherrytree zim gprename galculator gsimplecal

 # System tools
 pacman -S bleachbit nethogs gparted dosfstools ntfs-3g grsync gsmartcontrol \
            lxterminal lxappearance lxtask obconf geany scite sshfs gpart \
            nmap macchanger ghex yajl pssh wpa_actiond ifplugd gvfs dnsutils\
            ifplugd gvfs dnsutils grsync xdotool alsa-plugins alsa-utils lsof

 # Multimedia
 pacman -S avidemux-gtk audacity guvcview gtk-recordmydesktop pragha winff \
            handbrake mpv easytag smplayer deadbeef gst-plugins-bad \
            gst-plugins-ugly gst-libav openshot libquicktime \
            frei0r-plugins flashplayer youtube-dl rtmpdump atomicparsley

 # Network
 pacman -S pidgin pidgin-otr purple-skypeweb linphone xchat transmission-gtk \
            uget filezilla claws-mail opera wireshark-gtk openvpn pptpclient \
            xl2tpd torsocks

 # Virtualisation
 pacman -S virtualbox virtualbox-host-dkms wine-staging

 # Nvidia Optimus
 pacman -S --needed bumblebee primus bbswitch-dkms libva-intel-driver \
            libva-mesa-driver  libva-vdpau-driver mesa-vdpau nvidia-dkms \
            nvidia-utils nvidia-settings mesa-demos

 # Development
 pacman -S nginx-mainline php php-apcu php-fpm php-gd php-mcrypt php-snmp \
            php-tidy composer apache nghttp2 lighttpd openvpn \
            mariadb xdebug nodejs ruby npm colordiff git jdk8-openjdk

 # Security
 pacman -S rkhunter clamav gufw

 # Install complementary software from AUR
 pacman -U package-query yaourt

 yaourt -S ananicy-git cdw csslint dbeaver evince2-light freeplane \
            freshplayerplugin genymotion gtk-theme-numix-sx icecat-bin \
            inox-bin lostfiles netcfg-git nodejs-jshint pepper-flash \
            playerctl profile-cleaner purple-facebook purple-hangouts-hg \
            spacefm-gtk2 sublime-text-dev thermald vibrancy-colors \
            virtualbox-ext-oracle arch32-light megasync \
            numix-themes-archblue-git numix-themes-archblue-git

 #################### Get rid of SystemD and Install OpenRC ####################

 # Add openrc-eudev repo to pacman.conf
 ...
 [openrc-eudev]
 SigLevel=PackageOptional
 Server=http://downloads.sourceforge.net/project/archopenrc/$repo/$arch
 ...

 # Sync OpenRC repo
 pacman -Syl openrc-eudev

 # Download packages
 pacman -Sw sysvinit openrc eudev udev-openrc eudev-systemd libeudev \
              libeudev-systemd dbus-openrc procps-ng-nosystemd \
              syslog-ng-nosystemd

 # Remove SystemD
 pacman -Rdd systemd libsystemd

 # Install OpenRC packages
 pacman -S --needed sysvinit openrc eudev udev-openrc eudev-systemd libeudev \
              libeudev-systemd dbus-openrc procps-ng-nosystemd upower-pm-utils

 # Install basic system packages
 pacman -S --needed acpid-openrc alsa-utils-openrc autofs-openrc consolekit \
              consolekit-openrc cgmanager-openrc cronie-openrc cups-openrc \
              dbus-openrc dnsmasq fuse-openrc gnome-polkit haveged-openrc \
              hdparm-openrc samba-openrc syslog-ng-openrc udisks2-nosystemd \
              privoxy-openrc tor-openrc samba-openrc device-mapper-openrc lvm2-openrc

 # Some openrc start scripts and services
 pacman -S avahi-openrc apache-openrc thermald-openrc ntp-openrc tlp-pmu \
              cpupower-openrc

 # TODO: Finish Configuration, Update
	# Install Arch Linux with full encrypted btrfs subvolume inside luks
	# filename: install-arch-linux-on-btrfs-subvolume-inside-luks.txt
	# The official guide: https://wiki.archlinux.org/index.php/Installation_Guide

	# Download the archiso image from https://www.archlinux.org/download/
	# Copy to a usb-drive
	dd bs=16M if=archlinux.img of=/dev/sdX status=progress && sync # on linux

	# Boot from the usb.
	# Set spanish keymap
	loadkeys es

	# This assumes a wifi only system...
	wifi-menu

	# Create a primary partition - entire disk
	parted -s /dev/sda mklabel msdos
	parted -s /dev/sda mkpart primary 2048s 100%

	# Create luks container and btrfs filesystem
	cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random \
	--verify-passphrase luksFormat /dev/sda1
	#cryptsetup -y -v luksFormat /dev/sda1
	cryptsetup open /dev/sda1 cryptroot
	mkfs -t btrfs -L linuxroot /dev/mapper/cryptroot

	# Create btrfs subvolumes
	mount -t btrfs -o compress=lzo /dev/mapper/cryptroot /mnt
	btrfs subvolume create /mnt/@
	btrfs subvolume create /mnt/@home
	btrfs subvolume create /mnt/@snapshots

	# Unmount and remount with the corect partitions
	umount /mnt
	mount -o compress=lzo,subvol=@ /dev/mapper/cryptroot /mnt
	mkdir -p /mnt/home
	mount -o compress=lzo,subvol=@home /dev/mapper/cryptroot /mnt/home
	mkdir -p /mnt/.snapshots
	mount -o compress=lzo,subvol=@snapshots /dev/mapper/cryptroot /mnt/.snapshots

	# Install the system, wifi and some tools
	pacstrap /mnt base base-devel btrfs-progs snapper zsh mlocate htop \
	net-tools wireless_tools wpa_supplicant arch-wiki-lite \
	intel-ucode grub vim aria2 hping elinks dialog

	# Generate fstab
	genfstab -L -p /mnt >> /mnt/etc/fstab

	# Edit /mnt/etc/fstab and add the following options:
	LABEL=linuxroot / btrfs rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@ 0 0
	LABEL=linuxroot /home btrfs rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@home 0 0
	LABEL=linuxroot /.snapshots btrfs rw,noatime,compress=lzo,space_cache,autodefrag,commit=60,subvol=@snapshots 0 0
	# swap in zram
	# /dev/zram0 none swap defaults 0 0
	# mount /tmp on tmpfs
	# tmpfs /tmp tmpfs rw,nodev,nosuid 0 0

	# Enter the new system
	arch-chroot /mnt /bin/bash

	# Setup system clock
	ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime
	hwclock --systohc --utc

	# Set the hostname
	echo arch > /etc/hostname

	# Generate and set default locale
	vim /etc/locale.gen
	# Uncomment en_US.UTF-8, es_ES.UTF-8, bg_BG.UTF-8
	locale-gen
	echo LANG=en_US.utf8 >> /etc/locale.conf
	echo LANGUAGE=en_US >> /etc/locale.conf
	echo LC_ALL=C >> /etc/locale.conf

	# Set virtul console lang and font
	echo KEYMAP=es > /etc/vconsole.conf
	echo FONT=Lat2-Terminus16 >> /etc/vconsole.conf

	# Set password for root
	passwd

	# Create user
	useradd -m -G wheel angel
	passwd angel

	# Configure mkinitcpio
	vim /etc/mkinitcpio.conf

	# Early modules load
	MODULES="i915"
	# Embed btrfs to initramfs
	BINARIES="/usr/sbin/btrfs"
	# Add 'encrypt' to HOOKS before filesystems
	HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"

	# Regenerate initrd image
	mkinitcpio -p linux

	# Setup grub
	In /etc/default/grub add GRUB_ENABLE_CRYPTODISK=y and GRUB_DISABLE_SUBMENU=y
	# GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot root=/dev/mapper/cryptroot rootflags=subvol=@"
	GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:cryptroot"

	# Extra kernel options to add to GRUB_CMDLINE_LINUX
	acpi_osi=Linux acpi=force acpi_enforce_resources=lax ath9k.ps_enable=1
	pcie_aspm=force i915.enable_rc6=1 i915.enable_fbc=1 i915.lvds_downclock=1
	i915.semaphores=1

	run:
	grub-mkconfig -o /boot/grub/grub.cfg
	grub-install /dev/sda
	# Exit new system and go into the cd shell
	exit

	# Unmount all partitions
	umount -R /mnt

	# Reboot into the new system, don't forget to remove the cd/usb
	reboot

	# Create keyfile for paswordless login
	dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
	cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
	and add to /etc/mkinitcpio.conf
	FILES=/crypto_keyfile.bin
	run:
	mkinitcpio -p linux
	# Reboot again, you’ll only need to enter your password once.
	reboot

	# Secure keyfile and /boot
	chmod 000 /crypto_keyfile.bin # actually, even root doesn't need to access this
	chmod -R g-rwx,o-rwx /boot # just to be safe

	# Optional: Install Light Desktop, Replace SystemD with OpenRC

	# Install Zen Kernel , X, DE, some basic tools
	pacman -S linux-zen linux-zen-headers irqbalance cpupower x86_energy_perf_policy \
	pacman -S xorg-server xf86-video-intel xf86-video-nouveau xf86-input-synaptics \
	xorg-utils xorg-xbacklight xorg-xinit xterm rxvt-unicode compton \
	openbox tint2 spacefm conky scite dmenu clipit volumeicon slock \
	nitrogen scrot xarchiver unzip unrar zip p7zip bash-completion \
	rfkill ttf-liberation ttf-droid ttf-hack terminus-font powertop \
	wget whois ethtool archey3 gvim tlc tk lzop udevil

	# Look and feel
	pacman -S gtk-engine-murrine numix-themes faenza-icon-theme

	# Office programs
	pacman -S scribus homebank libreoffice-fresh fbreader epdfview

	# Some graphics applications
	pacman -S gimp inkscape dia mtpaint gpicview graphicsmagick cups-pdf simple-scan

	# Utilities
	pacman -S stardict-lite aspell-en aspell-es hunspell-en hunspell-es \
	mythes-en mythes-es hyphen-en hyphen-es perl-file-mimeinfo \
	keepassx cherrytree zim gprename galculator gsimplecal

	# System tools
	pacman -S bleachbit nethogs gparted dosfstools ntfs-3g grsync gsmartcontrol \
	lxterminal lxappearance lxtask obconf geany scite sshfs gpart \
	nmap macchanger ghex yajl pssh wpa_actiond ifplugd gvfs dnsutils\
	ifplugd gvfs dnsutils grsync xdotool alsa-plugins alsa-utils lsof

	# Multimedia
	pacman -S avidemux-gtk audacity guvcview gtk-recordmydesktop pragha winff \
	handbrake mpv easytag smplayer deadbeef gst-plugins-bad \
	gst-plugins-ugly gst-libav openshot libquicktime \
	frei0r-plugins flashplayer youtube-dl rtmpdump atomicparsley

	# Network
	pacman -S pidgin pidgin-otr purple-skypeweb linphone xchat transmission-gtk \
	uget filezilla claws-mail opera wireshark-gtk openvpn pptpclient \
	xl2tpd torsocks

	# Virtualisation
	pacman -S virtualbox virtualbox-host-dkms wine-staging

	# Nvidia Optimus
	pacman -S --needed bumblebee primus bbswitch-dkms libva-intel-driver \
	libva-mesa-driver libva-vdpau-driver mesa-vdpau nvidia-dkms \
	nvidia-utils nvidia-settings mesa-demos

	# Development
	pacman -S nginx-mainline php php-apcu php-fpm php-gd php-mcrypt php-snmp \
	php-tidy composer apache nghttp2 lighttpd openvpn \
	mariadb xdebug nodejs ruby npm colordiff git jdk8-openjdk

	# Security
	pacman -S rkhunter clamav gufw

	# Install complementary software from AUR
	pacman -U package-query yaourt

	yaourt -S ananicy-git cdw csslint dbeaver evince2-light freeplane \
	freshplayerplugin genymotion gtk-theme-numix-sx icecat-bin \
	inox-bin lostfiles netcfg-git nodejs-jshint pepper-flash \
	playerctl profile-cleaner purple-facebook purple-hangouts-hg \
	spacefm-gtk2 sublime-text-dev thermald vibrancy-colors \
	virtualbox-ext-oracle arch32-light megasync \
	numix-themes-archblue-git numix-themes-archblue-git

	#################### Get rid of SystemD and Install OpenRC ####################

	# Add openrc-eudev repo to pacman.conf
	...
	[openrc-eudev]
	SigLevel=PackageOptional
	Server=http://downloads.sourceforge.net/project/archopenrc/$repo/$arch
	...

	# Sync OpenRC repo
	pacman -Syl openrc-eudev

	# Download packages
	pacman -Sw sysvinit openrc eudev udev-openrc eudev-systemd libeudev \
	libeudev-systemd dbus-openrc procps-ng-nosystemd \
	syslog-ng-nosystemd

	# Remove SystemD
	pacman -Rdd systemd libsystemd

	# Install OpenRC packages
	pacman -S --needed sysvinit openrc eudev udev-openrc eudev-systemd libeudev \
	libeudev-systemd dbus-openrc procps-ng-nosystemd upower-pm-utils

	# Install basic system packages
	pacman -S --needed acpid-openrc alsa-utils-openrc autofs-openrc consolekit \
	consolekit-openrc cgmanager-openrc cronie-openrc cups-openrc \
	dbus-openrc dnsmasq fuse-openrc gnome-polkit haveged-openrc \
	hdparm-openrc samba-openrc syslog-ng-openrc udisks2-nosystemd \
	privoxy-openrc tor-openrc samba-openrc device-mapper-openrc lvm2-openrc

	# Some openrc start scripts and services
	pacman -S avahi-openrc apache-openrc thermald-openrc ntp-openrc tlp-pmu \
	cpupower-openrc

	# TODO: Finish Configuration, Update
No results found