Mirrors/spark
1
0
Fork 0
mirror of https://github.com/pigmonkey/spark.git synced 2026-01-23 02:24:09 +00:00
Code Issues Projects Releases Wiki Activity
spark/INSTALL.md
Pig Monkey 5177a67809 fix skylake lid close freeze 
Disabling Intel pstate is only necessary on Skylake machines with the
current kernel. The bug is fixed in 4.6RC2, so this is only temporary.
2016-04-08 20:25:34 -07:00

3.4 KiB
Raw Blame History

The following is a brief installation tutorial for Arch Linux. It assumes familiarity with the Arch Beginner's Guide and Installation Guide.

It will provide a system with full-disk encryption using LVM on LUKS. There is no separate /boot partition. The entire installation is encrypted and booted via Grub's crypto hooks.

Boot into the Arch installer.

Verify that the system clock is up to date.

$ timedatectl set-ntp true

Create a single partition for LUKS.

$ parted -s /dev/sda mklabel msdos
$ parted -s /dev/sda mkpart primary 2048s 100%

Create and mount the encrypted filesystem.

$ cryptsetup luksFormat /dev/sda1
$ cryptsetup luksOpen /dev/sda1 lvm
$ pvcreate /dev/mapper/lvm
$ vgcreate arch /dev/mapper/lvm
$ lvcreate -L 8G arch -n swap
$ lvcreate -L 30G arch -n root
$ lvcreate -l +100%FREE arch -n home
$ mkswap -L swap /dev/mapper/arch-swap
$ mkfs.ext4 /dev/mapper/arch-root
$ mkfs.ext4 /dev/mapper/arch-home
$ mount /dev/mapper/arch-root /mnt
$ mkdir /mnt/home
$ mount /dev/mapper/arch-home /mnt/home
$ swapon /dev/mapper/arch-swap

Optionally edit the mirror list.

$ vi /etc/pacman.d/mirrorlist

Install the base system.

$ pacstrap -i /mnt base base-devel

Generate and verify fstab.

$ genfstab -U -p /mnt >> /mnt/etc/fstab
$ less /mnt/etc/fstab

Change root into the base install and perform base configuration tasks.

$ arch-chroot /mnt /bin/bash
$ echo en_US.UTF-8 UTF-8 >> /etc/locale.gen
$ locale-gen
$ echo LANG=en_US.UTF-8 > /etc/locale.conf
$ export LANG=en_US.UTF-8
$ ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
$ hwclock --systohc --utc
$ echo mymachine > /etc/hostname
$ systemctl enable dhcpcd.service
$ passwd

Add a key file to decrypt the volume and properly set the hooks.

$ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
$ cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
$ chmod 000 /crypto_keyfile.bin
$ sed -i 's/^FILES=.*/FILES="\/crypto_keyfile.bin"/' /etc/mkinitcpio.conf
$ sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 resume filesystems fsck"/' /etc/mkinitcpio.conf
$ mkinitcpio -p linux

Install GRUB.

$ pacman -S grub
$ echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
$ sed -i 's/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="cryptdevice=\/dev\/sda1:lvm:allow-discards resume=\/dev\/mapper\/arch-swap intel_pstate=no_hwp"/' /etc/default/grub
$ grub-mkconfig -o /boot/grub/grub.cfg
$ grub-install /dev/sda
$ chmod -R g-rwx,o-rwx /boot

Cleanup and reboot!

$ exit
$ umount -R /mnt
$ reboot

Run ansible!