Introduction
The goal of this guide is to set up a minimal installation of Artix Linux with OpenRC as an init system and full disk encryption on an UEFI or BIOS system. This guide is meant to be read alongside the wiki’s.
Acquire an installation image
- Go to the downloads page https://artixlinux.org/download.php
- Scroll down to the Official ISO images section.
- Under the base section, download the file starting with
artix-base-openrcand ending with.iso
Prepare an installation medium
Windows
Use Rufus, here is a guide if you need it.
Linux
- Insert a USB flash drive into your PC with at least 2 GB of space available on it.
- Find the corresponding block device for the flash drive in
/devfolder. Usually it is/dev/sdb. - Burn the image to the flash drive (assuming your flash drive is /dev/sdb and that your terminal is opened in the directory of the image)
sudo dd bs=4M if=./artix-base-openrc-YYYY.MM.DD-x86_64.iso of=/dev/sdb conv=fsync oflag=direct status=progressBoot the live environment
Artix Linux installation images do not support Secure Boot. You will need to disable Secure Boot to boot the installation medium.
- Power off your PC.
- Insert the flash drive into the computer on which you are installing Artix Linux.
- Power on your PC and press boot menu key.
- Boot the installation medium.
Enter the live environment
Login with the default credentials.
- Username:
root - Password:
artix
Connect to the internet
Via Ethernet
Connect the computer via an Ethernet cable
Via WiFi
When encountering a code block as below throughout this guide, execute the commands within it directly in the terminal.
sudo rfkill unblock wifi
sudo ip link set wlan0 up
connmanctlNetwork names can be tab-completed.
agent on
scan wifi
servicesconnect wifi_dc85de828967_38303944616e69656c73_managed_psk
connect {WiFi name}
quitVerify internet connectivity
Check for internet
ping artixlinux.orgUpdate the system clock
Activate the NTP daemon to synchronize the computer’s real-time clock:
rc-service ntpd startPartition the disk
- Install
gdisk.
pacman -Sy gdisk- Partition your drive. You can find your drive name using the
lsblkcommand.
I will be using nvme0n1 as my drive throughout this guide, please adapt it to your disk name.
If you have an hdd, your drive name may ressemble something like sda.
gdisk /dev/nvme0n1- Delete any existing partitions
Command (m for help): d- Create a boot partition
Command (m for help): n
Partition number (1-128, default 1):
First sector (...):
Last sector (...): +512M
Hex code or GUID (...): ef00- Create a root partition
Command (m for help): n
Partition number (2-128, default 1):
First sector (...):
Last sector (...):
Hex code or GUID (...): 8300- Save the changes
Command (m for help): w
Do you want to proceed? (Y/N): y- Verify partitioning
lsblkIt should look something like this:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 465,8G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part
└─nvme0n1p2 259:2 0 465,3G 0 partEncrypt root partition
- Encrypt your root partition.
Make sure to to enter a secure passphrase and to write it down in a secure place as you will not be able to change it later
cryptsetup luksFormat /dev/nvme0n1p2
Are you sure (Type `yes` in capital letters): YES- Open the encrypted partition
cryptsetup open /dev/nvme0n1p2 rootCreate file systems
- Create the boot file system
mkfs.fat -F32 /dev/nvme0n1p1- Create the root file system
mkfs.ext4 /dev/mapper/rootMount file systems
- Mount the root file system
mount /dev/mapper/root /mnt- Mount the boot file system
mount -m /dev/nvme0n1p1 /mnt/boot- Verify mounting
lsblkIt should look something like this:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
nvme0n1 259:0 0 465,8G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part /mnt/boot
└─nvme0n1p2 259:2 0 465,3G 0 part
└─root 254:0 0 465,2G 0 crypt /mntInstall Essentials
Install the base system, kernel, init system and other essential packages.
basestrap /mnt base linux linux-firmware openrc elogind-openrc cryptsetup cryptsetup-openrc efibootmgr doas nanoInstall AMD or Intel microcode, depending on your system’s CPU
AMD CPU
Install AMD CPU microcode updates
basestrap /mnt amd-ucodeIntel CPU
Install Intel CPU microcode updates
basestrap /mnt intel-ucodeGenerate File System Table
fstabgen -U /mnt >> /mnt/etc/fstabSwitch to New Installation
artix-chroot /mnt bashNetwork stack
pacman -S wpa_supplicant networkmanager networkmanager-openrc iwd iwd-openrc
rc-update add NetworkManager
rc-update add iwd
cat << EOF >> /etc/NetworkManager/conf.d/wifi_backend.conf
[device]
wifi.backend=iwd
EOFMAC randomization
MAC randomization can be used for increased privacy by not disclosing your real MAC address to the WiFi network.
cat << EOF >> /etc/NetworkManager/conf.d/00-macrandomize.conf
[device-mac-randomization]
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
EOFLocalization
Set the locale
Feel free to change en_DK.UTF-8 to your preferred locale such as en_US.UTF-8 or en_GB.UTF-8
- Un-comment
en_DK.UTF-8
nano /etc/locale.gen- Generate locales.
locale-gen
echo 'LANG=en_DK.UTF-8' > /etc/locale.confSet the time zone
ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime
ln -sf /usr/share/zoneinfo/Region/City /etc/localtimeSet hardware clock from system clock
hwclock --systohcHostname and Host
Change artix to your desired hostname in all of the following commands
echo 'artix' > /etc/hostname- Edit
/etc/conf.d/hostname
nano /etc/conf.d/hostname-
Replace
hostname="localhost"withhostname="artix" -
Edit
/etc/hosts
nano /etc/hosts- Add the following:
127.0.0.1 localhost
::1 localhost
127.0.1.1 artix.localdomain artixInitramfs
- Edit
/etc/mkinitcpio.conf
nano /etc/mkinitcpio.conf- In the
HOOKSarray, addencryptbetweenblockandfilesystems
It should look something like this:
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt filesystems fsck)- Run this
mkinitcpio -PAdd a user
- Set the root password.
passwd- Create a user and set his password.
Change artix to your desired username
useradd -m artix
passwd artixConfigure doas
- Create the config file.
touch /etc/doas.conf
chown -c root:root /etc/doas.conf
chmod -c 0400 /etc/doas.conf- Edit
/etc/doas.conf
nano /etc/doas.conf- Add the following:
permit artix as root
permit nopass artix as root cmd pacmanBoot Loader
Check for UEFI support
If you see a bunch of files listed, use EFISTUB. If you do not see a bunch of files listed, your system does not support UEFI and you should use GRUB.
ls /sys/firmware/efi/efivarsEFISTUB
- Get the UUID of your root partition.
blkid -s UUID -o value /dev/nvme0n1p2- Create a boot entry where xxxx is the UUID that you obtained earlier.
Replace xxxx with the UUID that you obtained earlier.
Replace intel-ucode.img with amd-ucode.img if you have an AMD CPU
efibootmgr -c -d /dev/nvme0n1 -p 1 -l /vmlinuz-linux -L "Artix" -u "cryptdevice=UUID=xxxx:root root=/dev/mapper/root rw initrd=\intel-ucode.img initrd=\initramfs-linux.img loglevel=3 quiet"GRUB
- Install grub on your boot partition
pacman -S grub
grub-install /dev/sda- Get the UUID of your root partition.
blkid -s UUID -o value /dev/nvme0n1p2- Edit
/etc/default/grub
nano /etc/default/grub- Add the following to the
GRUB_CMDLINE_LINUXline, where xxxx is the UUID that you obtained earlier.
cryptdevice=UUID=xxxx:root root=/dev/mapper/rootIt should look something like this:
GRUB_CMDLINE_LINUX="cryptdevice=UUID=550e8400-e29b-41d4-a716-446655440000:root root=/dev/mapper/root"-
Un-comment
#GRUB_ENABLE_CRYPTODISK=y -
Generate the config file.
grub-mkconfig -o /boot/grub/grub.cfgReboot
- You can reboot and enter into your new installation.
exit
umount -R /mnt
reboot nowUnplug your flash drive after the screen turns black.
Post install
You will now be greeted with a similar screen as when you first booted from the flash drive.
Login using the credentials that you set, if you followed the example your username would be artix.
Add arch repositories and sort for fastest mirrors
Add arch extra repository
- Install packages
doas pacman -Syu artix-archlinux-support curl
doas pacman-key --populate archlinux
doas sh -c "curl https://archlinux.org/mirrorlist/all -o /etc/pacman.d/mirrorlist-arch"- Edit
/etc/pacman.d/mirrorlist-arch
doas nano /etc/pacman.d/mirrorlist-arch-
Un-comment the first server entries under the worldwide section
-
Edit
/etc/pacman.conf
doas nano /etc/pacman.conf- Add the following to the bottom of the file
##Arch
[extra]
Include = /etc/pacman.d/mirrorlist-arch
##[multilib]
##Include = /etc/pacman.d/mirrorlist-archSort for fastest mirrors
doas pacman -Syu reflector pacman-contrib
doas reflector --verbose -p https -l 30 -f 5 --sort rate --save /etc/pacman.d/mirrorlist-arch
doas sh -c "curl https://gitea.artixlinux.org/packages/artix-mirrorlist/raw/branch/master/mirrorlist -o /etc/pacman.d/mirrorlist.bak"
doas sh -c "rankmirrors -v -n 5 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist"AUR
Install Paru
doas pacman -S --needed base-devel
git clone https://aur.archlinux.org/paru.git
cd paru
makepkg -si
cd ..
rm -rf paruReplace sudo with doas
doas pacman -Rdd sudo
doas ln -s /usr/bin/doas /usr/bin/sudoLaptop power profiles
Install and enable the powerprofiles daemon
doas pacman -S power-profiles-daemon power-profiles-daemon-openrc
doas rc-update add power-profiles-daemon
doas rc-service power-profiles-daemon startAdd swap
doas fallocate -l 4G /swapfile
doas chmod 600 /swapfile
daos mkswap /swapfile
doas swapon /swapfile
doas cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | doas tee -a /etc/fstabAuto-mount an external LUKS encrypted drive
doas fdisk /dev/sdb
>g, n, w
doas cryptsetup luksFormat /dev/sdb1
doas cryptsetup luksOpen /dev/sdb1 hdd1
doas mkfs.ext4 /dev/mapper/hdd1
doas mkdir /mnt/hdd1
doas mount /dev/mapper/hdd1 /mnt/hdd1
doas chown vega:vega /mnt/hdd1
doas dd if=/dev/urandom of=/root/keyfile_hdd1 bs=512 count=4
doas chmod 0400 /root/keyfile_hdd1
doas cryptsetup luksAddKey /dev/sdb1 /root/keyfile_hdd1
UUID=$(doas blkid -s UUID -o value /dev/sdb1)
doas sh -c "cat << EOF >> /etc/conf.d/dmcrypt
target=hdd1
source=UUID='$UUID'
key=/root/keyfile_hdd1
wait=2
EOF"
doas rc-update add dmcrypt boot
doas reboot