-
Introduction
-The goal of this guide is to set up a minimal installation of Artix Linux with OpenRC as an init system and full disk encryption on an UEFI or BIOS system. This guide is meant to be read alongside the wiki’s.
--
Acquire an installation image
--
-
- Go to the downloads page https://artixlinux.org/download.php -
- Scroll down to the Official ISO images section. -
- Under the base section, download the file starting with
artix-base-openrcand ending with.iso
-
-
Prepare an installation medium
-Windows
-Use Rufus, here is a guide if you need it.
-Linux
--
-
- Insert a USB flash drive into your PC with at least 2 GB of space available on it. -
- Find the corresponding block device for the flash drive in
/devfolder. Usually it is/dev/sdb.
- - Burn the image to the flash drive (assuming your flash drive is /dev/sdb and that your terminal is opened in the directory of the image) -
sudo dd bs=4M if=./artix-base-openrc-YYYY.MM.DD-x86_64.iso of=/dev/sdb conv=fsync oflag=direct status=progress-
Boot the live environment
-Artix Linux installation images do not support Secure Boot. You will need to disable Secure Boot to boot the installation medium.
--
-
- Power off your PC. -
- Insert the flash drive into the computer on which you are installing Artix Linux. -
- Power on your PC and press boot menu key. -
- Boot the installation medium. -
-
Enter the live environment
-Login with the default credentials.
--
-
- Username:
root
- - Password:
artix
-
Connect to the internet
-Via Ethernet
-Connect the computer via an Ethernet cable
-Via WiFi
-When encountering a code block as below throughout this guide, execute the commands within it directly in the terminal.
-sudo rfkill unblock wifi
-sudo ip link set wlan0 up
-connmanctlNetwork names can be tab-completed.
-agent on
-scan wifi
-servicesconnect wifi_dc85de828967_38303944616e69656c73_managed_psk
-connect {WiFi name}
-quitVerify internet connectivity
-Check for internet
-ping artixlinux.org-
Update the system clock
-Activate the NTP daemon to synchronize the computer’s real-time clock:
-rc-service ntpd start-
Partition the disk
--
-
- Install
gdisk.
-
pacman -Sy gdisk-
-
- Partition your drive. You can find your drive name using the
lsblkcommand.
-
I will be using nvme0n1 as my drive throughout this guide, please adapt it to your disk name.
-If you have an hdd, your drive name may ressemble something like sda.
gdisk /dev/nvme0n1-
-
- Delete any existing partitions -
Command (m for help): d-
-
- Create a boot partition -
Command (m for help): n
-Partition number (1-128, default 1):
-First sector (...):
-Last sector (...): +512M
-Hex code or GUID (...): ef00-
-
- Create a root partition -
Command (m for help): n
-Partition number (2-128, default 1):
-First sector (...):
-Last sector (...):
-Hex code or GUID (...): 8300-
-
- Save the changes -
Command (m for help): w
-Do you want to proceed? (Y/N): y-
-
- Verify partitioning -
lsblkIt should look something like this:
-NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
-nvme0n1 259:0 0 465,8G 0 disk
-├─nvme0n1p1 259:1 0 512M 0 part
-└─nvme0n1p2 259:2 0 465,3G 0 part-
Encrypt root partition
--
-
- Encrypt your root partition. -
Make sure to to enter a secure passphrase and to write it down in a secure place as you will not be able to change it later
-cryptsetup luksFormat /dev/nvme0n1p2
-Are you sure (Type `yes` in capital letters): YES-
-
- Open the encrypted partition -
cryptsetup open /dev/nvme0n1p2 root-
Create file systems
--
-
- Create the boot file system -
mkfs.fat -F32 /dev/nvme0n1p1-
-
- Create the root file system -
mkfs.ext4 /dev/mapper/root-
Mount file systems
--
-
- Mount the root file system -
mount /dev/mapper/root /mnt-
-
- Mount the boot file system -
mount -m /dev/nvme0n1p1 /mnt/boot-
-
- Verify mounting -
lsblkIt should look something like this:
-NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
-nvme0n1 259:0 0 465,8G 0 disk
-├─nvme0n1p1 259:1 0 512M 0 part /mnt/boot
-└─nvme0n1p2 259:2 0 465,3G 0 part
- └─root 254:0 0 465,2G 0 crypt /mnt-
Install Essentials
-Install the base system, kernel, init system and other essential packages.
-basestrap /mnt base linux linux-firmware openrc elogind-openrc cryptsetup cryptsetup-openrc efibootmgr doas nanoInstall AMD or Intel microcode, depending on your system’s CPU
-AMD CPU
-Install AMD CPU microcode updates
-basestrap /mnt amd-ucodeIntel CPU
-Install Intel CPU microcode updates
-basestrap /mnt intel-ucode-
Generate File System Table
-fstabgen -U /mnt >> /mnt/etc/fstab-
Switch to New Installation
-artix-chroot /mnt bash-
Network stack
-pacman -S wpa_supplicant networkmanager networkmanager-openrc iwd iwd-openrc
-rc-update add NetworkManager
-rc-update add iwd
-
-cat << EOF >> /etc/NetworkManager/conf.d/wifi_backend.conf
-[device]
-wifi.backend=iwd
-EOFMAC randomization
-MAC randomization can be used for increased privacy by not disclosing your real MAC address to the WiFi network.
-cat << EOF >> /etc/NetworkManager/conf.d/00-macrandomize.conf
-[device-mac-randomization]
-wifi.scan-rand-mac-address=yes
-
-[connection-mac-randomization]
-ethernet.cloned-mac-address=random
-wifi.cloned-mac-address=random
-EOFLocalization
-Set the locale
-Feel free to change en_DK.UTF-8 to your preferred locale such as en_US.UTF-8 or en_GB.UTF-8
-
-
- Un-comment
en_DK.UTF-8
-
nano /etc/locale.gen-
-
- Generate locales. -
locale-gen
-echo 'LANG=en_DK.UTF-8' > /etc/locale.conf-
Set the time zone
-ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime-
Set hardware clock from system clock
-hwclock --systohc-
Hostname and Host
-Change artix to your desired hostname in all of the following commands
echo 'artix' > /etc/hostname-
-
- Edit
/etc/conf.d/hostname
-
nano /etc/conf.d/hostname-
-
-
-
Replace
-hostname="localhost"withhostname="artix"
- -
-
Edit
-/etc/hosts
-
nano /etc/hosts-
-
- Add the following: -
127.0.0.1 localhost
-::1 localhost
-127.0.1.1 artix.localdomain artix-
Initramfs
--
-
- Edit
/etc/mkinitcpio.conf
-
nano /etc/mkinitcpio.conf-
-
- In the
HOOKSarray, addencryptbetweenblockandfilesystems
-
It should look something like this:
-HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)-
-
- Run this -
mkinitcpio -P-
Add a user
--
-
- Set the root password. -
passwd-
-
- Create a user and set his password. -
Change artix to your desired username
useradd -m artix
-passwd artix-
Configure doas
--
-
- Create the config file. -
touch /etc/doas.conf
-chown -c root:root /etc/doas.conf
-chmod -c 0400 /etc/doas.conf-
-
- Edit
/etc/doas.conf
-
nano /etc/doas.conf-
-
- Add the following: -
permit artix as root
-permit nopass artix as root cmd pacman-
Boot Loader
-Check for UEFI support
-If you see a bunch of files listed, use EFISTUB. -If you do not see a bunch of files listed, your system does not support UEFI and you should use GRUB.
-ls /sys/firmware/efi/efivarsEFISTUB
--
-
- Get the UUID of your root partition. -
blkid -s UUID -o value /dev/nvme0n1p2-
-
- Create a boot entry where xxxx is the UUID that you obtained earlier. -
Replace xxxx with the UUID that you obtained earlier.
-Replace intel-ucode.img with amd-ucode.img if you have an AMD CPU
efibootmgr -c -d /dev/nvme0n1 -p 1 -l /vmlinuz-linux -L "Artix" -u "cryptdevice=UUID=xxxx:root root=/dev/mapper/root rw initrd=\intel-ucode.img initrd=\initramfs-linux.img loglevel=3 quiet"GRUB
--
-
- Install grub on your boot partition -
pacman -S grub
-grub-install /dev/sda-
-
- Get the UUID of your root partition. -
blkid -s UUID -o value /dev/nvme0n1p2-
-
- Edit
/etc/default/grub
-
nano /etc/default/grub-
-
- Add the following to the
GRUB_CMDLINE_LINUXline, where xxxx is the UUID that you obtained earlier.
-
cryptdevice=UUID=xxxx:root root=/dev/mapper/rootIt should look something like this:
-GRUB_CMDLINE_LINUX="cryptdevice=UUID=550e8400-e29b-41d4-a716-446655440000:root root=/dev/mapper/root"-
-
-
-
Un-comment
-#GRUB_ENABLE_CRYPTODISK=y
- -
-
Generate the config file.
-
-
grub-mkconfig -o /boot/grub/grub.cfg-
Reboot
--
-
- You can reboot and enter into your new installation. -
exit
-umount -R /mnt
-reboot nowUnplug your flash drive after the screen turns black.
--
Post install
-You will now be greeted with a similar screen as when you first booted from the flash drive.
-Login using the credentials that you set, if you followed the example your username would be artix.
Add arch repositories and sort for fastest mirrors
-Add arch extra repository
--
-
- Install packages -
doas pacman -Syu artix-archlinux-support curl
-doas pacman-key --populate archlinux
-doas sh -c "curl https://archlinux.org/mirrorlist/all -o /etc/pacman.d/mirrorlist-arch"-
-
- Edit
/etc/pacman.d/mirrorlist-arch
-
doas nano /etc/pacman.d/mirrorlist-arch-
-
-
-
Un-comment the first server entries under the worldwide section
-
- -
-
Edit
-/etc/pacman.conf
-
doas nano /etc/pacman.conf-
-
- Add the following to the bottom of the file -
##Arch
-[extra]
-Include = /etc/pacman.d/mirrorlist-arch
-
-##[multilib]
-##Include = /etc/pacman.d/mirrorlist-archSort for fastest mirrors
-doas pacman -Syu reflector pacman-contrib
-doas reflector --verbose -p https -l 30 -f 5 --sort rate --save /etc/pacman.d/mirrorlist-arch
-doas sh -c "curl https://gitea.artixlinux.org/packages/artix-mirrorlist/raw/branch/master/mirrorlist -o /etc/pacman.d/mirrorlist.bak"
-doas sh -c "rankmirrors -v -n 5 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist"AUR
-Install Paru
-doas pacman -S --needed base-devel
-git clone https://aur.archlinux.org/paru.git
-cd paru
-makepkg -si
-cd ..
-rm -rf paruReplace sudo with doas
-doas pacman -Rdd sudo
-doas ln -s /usr/bin/doas /usr/bin/sudoLaptop power profiles
-Install and enable the powerprofiles daemon
-doas pacman -S power-profiles-daemon power-profiles-daemon-openrc
-doas rc-update add power-profiles-daemon
-doas rc-service power-profiles-daemon startAdd swap
-doas fallocate -l 4G /swapfile
-doas chmod 600 /swapfile
-daos mkswap /swapfile
-doas swapon /swapfile
-doas cp /etc/fstab /etc/fstab.bak
-echo '/swapfile none swap sw 0 0' | doas tee -a /etc/fstabAuto-mount an external LUKS encrypted drive
-doas fdisk /dev/sdb
->g, n, w
-
-doas cryptsetup luksFormat /dev/sdb1
-doas cryptsetup luksOpen /dev/sdb1 hdd1
-doas mkfs.ext4 /dev/mapper/hdd1
-doas mkdir /mnt/hdd1
-doas mount /dev/mapper/hdd1 /mnt/hdd1
-doas chown vega:vega /mnt/hdd1
-doas dd if=/dev/urandom of=/root/keyfile_hdd1 bs=512 count=4
-doas chmod 0400 /root/keyfile_hdd1
-doas cryptsetup luksAddKey /dev/sdb1 /root/keyfile_hdd1
-UUID=$(doas blkid -s UUID -o value /dev/sdb1)
-
-doas sh -c "cat << EOF >> /etc/conf.d/dmcrypt
-target=hdd1
-source=UUID='$UUID'
-key=/root/keyfile_hdd1
-wait=2
-EOF"
-
-doas rc-update add dmcrypt boot
-doas reboot