This post is a guide for setting up Arch Linux with reasonable defaults. Since this also doubles as documentation for my personal computer configuration, I'll update this post as I make changes.
Please follow this guide at your own risk. Arch is a hobbyist distro, and I am not responsible for any damage you may do to, or data you may lose from, your computer.
Disk Partitioning and Encryption
Overwriting the Disk
First, writing random data to the disk will ensure security by overwriting previous data on the disk, and also making it more difficult to determine the used size of the encrypted volume. The
shred command will overwrite the disk with random data (make sure you've backed up your hard drive!):
Note that with 3 iterations, this may take around 7 hours.
Next, we'll configure our two partitions. The first partition will be a 100 megabyte boot partition, and the second will hold all of our data, encrypted.
On the second partition we created, we'll use
cryptsetup to initialize an encrypted volume (which may then be mounted like any other device or drive):
$ cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat /dev/sda2
Then, we'll mount the second encrypted partition under the name
Format the boot partition as ext4:
and then format our main (encrypted) partition also as
Then, mount the newly created filesystems:
Installing the Base System
To install the base system and the base developer utilities (required for building packages from the Arch User Repository), use Arch's package manager
pacman to write these to our new root partition:
Then, you'll need to generate something called an
fstab (FileSystem TABle) tells the computer which partitions to mount at boot:
Then, changeroot into the new root partition (tell the Linux kernel to use the new filesystem as the root one), so you can operate in the new OS:
Locale is an important parameter of Linux. It tells applications how to render text in the language specified, how to display dates, and other things.
Since you're reading this guide in English, I'm going to assume you'll want US English, UTF-8 encoding. Open up your
and uncomment the line that reads:
so that it now says:
Then, generate your newly configured locale:
And tell your current running shell to use this new locale:
Setting Time Zone
To set your time zone, make a symlink from one of the timezones in
/etc/localtime, like so:
If you're not in Chicago, shell autocomplete (or
ls /usr/share/zoneinfo) can help you find your appropriate timezone.
Set your hardware clock time to UTC:
To set your hostname, just write to the
/etc/hostname file with the desired name:
First, we'll need to configure a password for the
root user. Enter your desired password after running:
To add a new user with reasonable defaults, use the following like (with
username replaced with your desired username):
useradd -m -g users -G wheel,games,power,optical,storage,scanner,lp,audio,video -s /bin/bash username
-G flag indicates which groups you'd like this new user to be a part of, which indicates what kinds of operations they can perform on the system.
wheel is the standard name for users who can use the
sudo command (coming from the old-timey phrase "big wheel" meaning somebody important). Other groups are not necessarily necessary, but are standard and may be used by other software.
To set a password for this new user, use the
passwd command we used earlier with the username of the user you just created:
GNU GRUB (GNU GRand Unified Bootloader), is a simple libre bootloader. We'll need to install this in order to tell the computer how to boot the new OS.
First, you'll need to install the
grub-bios packages on the new system:
Then, you'll need to tell
grub that you're using an encrypted drive. Open up your
mkinitcpio generates the initial ramdisk loaded by Linux. You'll also need to tell this that you're using an encrypted disk by adding
encrypt to it's list of "hooks". Open
mkinitcpio's configuration file:
and change this line:
Then, regenerate the initramfs image by running the
mkinitcpio utility again:
Preparing for First Boot
To wrap up all of our configuration, first let's finish the GRUB configuration:
Then exit the system and reboot:
Now that our system is booting, let's get started with configuration. Since we'll have to run
pacman and we haven't configured
sudo yet, log in as
Connecting to the Internet
For this guide, you'll need an ethernet cable. With your computer plugged in to this cable, run:
This will get an IP for your computer and connect you to the internet.
Give your packages a quick update:
And then give your system an update:
To get Wi-Fi working with the default
wifi-menu interface, you'll have to install the
wifi-menu then scans for networks and lets you connect:
sudo (it's not included by default in arch
After that's finished installing, you'll need to tell
sudo to let users of group
wheel use it. Open
and uncomment the line which says:
wheel users to run execute all commands with root privileges.
Reboot, and log in as your user account.
- Most of the initial setup for this guide was taken from this HowtoForge tutorial with added explanation and notes.