# load kernel modules
modprobe dm-crypt
modprobe dm-mod

# connect to the internet and set date
wifi-menu
timedatectl set-ntp true

# verify boot by systemd-boot
ls /sys/firmware/efi/efivars

# dev/sda2 is apparently in use by the system; will not make a filesystem here! 
# https://superuser.com/questions/668347/installing-arch-linux-unable-to-format-filesystem#comment844950_668347
# dmsetup ls
# dmsetup remove VolumeGroup-swap
# dmsetup remove VolumeGroup-root
# dmsetup remove VolumeGroup-home

# lsblk
# NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
# sda             8:0    0  1.8T  0 disk
# └─sda1          252:0  0  1.8T  0 crypt

# hardisk erasure
cryptsetup open --type plain -d /dev/urandom /dev/sda sda1
dd if=/dev/zero of=/dev/mapper/sda1 status=progress
cryptsetup close sda1

cfdisk /dev/sda
# sda1 Boot, EFI Primary Linux - 1G FAT32 (UEFI)
# sda2                   ext2    1G ext2
# sda3           Primary Linux   ~  ext4  (Linux)
# lsblk -f || fdisk -l

# LVM on LUKS filesystem:
# encrypted container
cryptsetup luksFormat --type luks2 /dev/sda3
# open container
cryptsetup open /dev/sda3 cryptlvm
# preparing the locical volumes
pvcreate /dev/mapper/cryptlvm
vgcreate t460pVolGroup /dev/mapper/cryptlvm
lvcreate -L 32G t460pVolGroup -n root
lvcreate -L 16G t460pVolGroup -n swap
lvcreate -l 100%FREE t460pVolGroup -n home
mkfs.fat -F32 /dev/sda1
mkfs.ext2 /dev/sda2
mkfs.ext4 /dev/t460pVolGroup/root
mkfs.ext4 /dev/t460pVolGroup/home
mkswap /dev/t460pVolGroup/swap
swapon /dev/t460pVolGroup/swap

# mount points:
mount /dev/t460pVolGroup/root /mnt
mkdir /mnt/boot
mount /dev/sda2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi
mkdir /mnt/home
mount /dev/t460pVolGroup/home /mnt/home

pacstrap /mnt base base-devel efibootmgr
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
vi /etc/mkinitcpio.conf
# update /etc/mkinitcpio.conf hooks:
# HOOKS=(base systemd autodetect keyboard sd-vconsole consolefont modconf block sd-encrypt sd-lvm2 resume filesystems fsck)
echo "KEYMAP=us" > /etc/vconsole.conf
mkinitcpio -p linux
pacman -S grub
# update /etc/default/grub kernel parameter for bootloader:
# lsblk -f | grep '/dev/sda3' >> /etc/default/grub
# GRUB_CMDLINE_LINUX="... rd.luks.name=UUID=<device-UUID>=cryptlvm root=/dev/t460pVolGroup/root resume=/dev/t460pVolGroup/swap" ...
# GRUB_ENABLE_CRYPTODISK=y
grub-mkconfig -o /boot/grub/grub.cfg
grub-mkconfig -o /boot/efi/EFI/arch/grub.cfg
grub-install --target=x86_64-efi --efi-directory=/boot/efi 

ln -sf /usr/share/zoneinfo/Greenwich /etc/localtime
hwclock --systohc
# uncomment in /etc/locale.gen en_US.UTF8 UTF-8
locale-gen
echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf
echo "t460p" > /etc/hostname

# update /etc/hosts:
# 127.0.0.1	localhost
# ::1	      localhost
# 127.0.1.1	t460p.localdomain	t460p

# set root password
passwd

exit
umount -R /mnt
reboot

# add user
useradd -m rblanco
passwd rblanco