A Reasonable, Minimal Arch Linux Configuration

This post is a guide for setting up Arch Linux with reasonable defaults. Since this also doubles as documentation for my personal computer configuration, I'll update this post as I make changes.

Please follow this guide at your own risk. Arch is a hobbyist distro, and I am not responsible for any damage you may do to, or data you may lose from, your computer.

Disk Partitioning and Encryption

Overwriting the Disk

First, writing random data to the disk will ensure security by overwriting previous data on the disk, and also making it more difficult to determine the used size of the encrypted volume. The shred command will overwrite the disk with random data (make sure you've backed up your hard drive!):

$ shred --verbose --random-source =/dev/urandom --iterations=3 /dev/sda

Note that with 3 iterations, this may take around 7 hours.

Configuring Partitions

Next, we'll configure our two partitions. The first partition will be a 100 megabyte boot partition, and the second will hold all of our data, encrypted.

$ cfdisk /dev/sda
New > Partition Size: 100M > primary > Bootable
New > Partition Size: [RET] > primary

Configuring Encryption

On the second partition we created, we'll use cryptsetup to initialize an encrypted volume (which may then be mounted like any other device or drive):

$ cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda2

Then, we'll mount the second encrypted partition under the name cryptroot.

$ cryptsetup open --type luks /dev/sda2 cryptroot

Partitioning Disks

Format the boot partition as ext4:

$ mkfs.ext4 /dev/sda1

and then format our main (encrypted) partition also as ext4:

$ mkfs.ext4 /dev/mapper/cryptroot

Then, mount the newly created filesystems:

$ mount -t ext4 /dev/mapper/cryptroot /mnt
$ mkdir -p /mnt/boot
$ mount -t ext4 /dev/sda1 /mnt/boot

Installing the Base System

To install the base system and the base developer utilities (required for building packages from the Arch User Repository), use Arch's package manager pacman to write these to our new root partition:

$ pacstrap -i /mnt base base-devel

Then, you'll need to generate something called an fstab. The fstab (FileSystem TABle) tells the computer which partitions to mount at boot:

$ genfstab -U -p /mnt >> /mnt/etc/fstab

Then, changeroot into the new root partition (tell the Linux kernel to use the new filesystem as the root one), so you can operate in the new OS:

$ arch-chroot /mnt

Configuring Locale

Locale is an important parameter of Linux. It tells applications how to render text in the language specified, how to display dates, and other things.

Since you're reading this guide in English, I'm going to assume you'll want US English, UTF-8 encoding. Open up your locale.conf:

$ nano /etc/locale.gen

and uncomment the line that reads:

#en_US.UTF-8 UTF-8

so that it now says:

en_US.UTF-8 UTF-8

Then, generate your newly configured locale:

$ locale-gen

Create your locale.conf:

$ echo LANG=en_US.UTF-8 > /etc/locale.conf

And tell your current running shell to use this new locale:

$ export LANG=en_US.UTF-8

Setting Time Zone

To set your time zone, make a symlink from one of the timezones in /usr/share/zoneinfo to /etc/localtime, like so:

$ ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime

If you're not in Chicago, shell autocomplete (or ls /usr/share/zoneinfo) can help you find your appropriate timezone.

Set your hardware clock time to UTC:

$ hwclock --systohc --utc

Setting Hostname

To set your hostname, just write to the /etc/hostname file with the desired name:

echo dreammachine > /etc/hostname

Configuring Users

First, we'll need to configure a password for the root user. Enter your desired password after running:

$ passwd root

To add a new user with reasonable defaults, use the following like (with username replaced with your desired username):

useradd -m -g users -G wheel,games,power,optical,storage,scanner,lp,audio,video -s /bin/bash username

The -G flag indicates which groups you'd like this new user to be a part of, which indicates what kinds of operations they can perform on the system. wheel is the standard name for users who can use the sudo command (coming from the old-timey phrase "big wheel" meaning somebody important). Other groups are not necessarily necessary, but are standard and may be used by other software.

To set a password for this new user, use the passwd command we used earlier with the username of the user you just created:

passwd lschumm

Configuring grub

GNU GRUB (GNU GRand Unified Bootloader), is a simple libre bootloader. We'll need to install this in order to tell the computer how to boot the new OS.

First, you'll need to install the grub and grub-bios packages on the new system:

$ pacman -S grub grub-bios

Then, you'll need to tell grub that you're using an encrypted drive. Open up your grub configuration:

$ nano /etc/default/grub

and change

GRUB_CMDLINE_LINUX=""

to

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:cryptroot"

Configuring mkinitcpio

mkinitcpio generates the initial ramdisk loaded by Linux. You'll also need to tell this that you're using an encrypted disk by adding encrypt to it's list of "hooks". Open mkinitcpio's configuration file:

$ nano /etc/mkinitcpio.conf

and change this line:

HOOKS="base udev autodetect modconf block filesystems keyboard fsck"

to

HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck"

Then, regenerate the initramfs image by running the mkinitcpio utility again:

$ mkinitcpio -p linux

Preparing for First Boot

To wrap up all of our configuration, first let's finish the GRUB configuration:

$ grub-install --recheck /dev/sda
$ grub-mkconfig --output /boot/grub/grub.cf

Then exit the system and reboot:

$ exit
$ umount -R /mnt/boot
$ umount -R /mnt
$ cryptsetup close cryptroot
$ systemctl reboot

First Boot

Now that our system is booting, let's get started with configuration. Since we'll have to run pacman and we haven't configured sudo yet, log in as root.

Connecting to the Internet

For this guide, you'll need an ethernet cable. With your computer plugged in to this cable, run:

$ dhcpcd

This will get an IP for your computer and connect you to the internet.

Give your packages a quick update:

$ pacman -Syy

And then give your system an update:

$ pacman -Syu

And reboot:

$ reboot

Configuring Wifi

To get Wi-Fi working with the default wifi-menu interface, you'll have to install the dialog and wpa_supplicant packages:

$ pacman -S dialog wpa_supplicant

Launching wifi-menu then scans for networks and lets you connect:

$ wifi-menu

Configuring sudo

First, install sudo (it's not included by default in arch base or base-devel):

$ pacman -S sudo

After that's finished installing, you'll need to tell sudo to let users of group wheel use it. Open /etc/sudoers with nano:

$ nano /etc/sudoers

and uncomment the line which says:

# %wheel ALL=(ALL) ALL

This allows wheel users to run execute all commands with root privileges.

Reboot, and log in as your user account.

Configuring i3 and Xorg

First, install Xorg:

$ sudo pacman -S xorg-server xorg-server-utils xorg-xinit

Then, install the i3 window manager:

$ sudo pacman -S i3-wm

And tell Xorg to launch i3 on startup:

$ echo "exec i3" > ~/.xinitrc

To start the window manager, just run:

$ startx

Other Configuration

All of my app-specific configuration is stored in public configuration files on my GitLab.

Credits

  • Most of the initial setup for this guide was taken from this HowtoForge tutorial with added explanation and notes.