Arch/Artix Minimal Desktop Setup

1. Foreword
2. Internet Connectivity
   1. On Artix
   2. On Arch
3. Disk Partitioning
4. Encrypting Root
5. Preparing and Bootstrapping Root
6. The Chroot Encironment
   1. mkinitcpio Configuration
7. Bootloader Configuration
   1. On Arch w/ systemd-boot
   2. On Artix w/ efibootmgr
8. First Reboot

Foreword⌗

The end state of this guide is to have a clean, functional install ready for desktop and internet use. The Artix install will assume you’re using runit Here is what the end state of this guide is.

• Bare Minimal Install
  • Only packages required for function as well as a text editor will be installed.
• LUKS Full Disk Encryption
  • we will be utilizing cryptsetup to set up strong full disk encryption.
• efibootmgr // efistub OR systemd-boot
  • we will be utilizing efibootmgr to set up an extremely minimal boot partition entry called an efistub supporting the above encryption. systemd-boot will be described as an alternative for arch users.
• iwd
  • we will be using iwd as our wireless daemon.

Internet Connectivity⌗

On Artix⌗

Artix utilizes conman out of the box, we will utilize it to connect to the internet but not on our end machine.

• note, this is only necessary if you’re not using a live image with a GUI and frontend for network manager

$ conmanctl enable wifi 
$ conmanctl scan wifi 
$ conmanctl services 
$ conmanctl connect <your associated service code> 

Note: Use the output of conmanctl services as the input for conmanctl connect. If any of the conman commands give you errors, run the following

$ sudo rfkill unblock wifi

On Arch⌗

Arch ships iwd out of the box, so we will simply utilize it to connect

$ iwctl 
$ station 

Disk Partitioning⌗

Here, we will partition and asign filesystems to the new partitions. We will not be creating a swap partition, as if you’re a desktop user with more than 8gb of RAM, it’s laregely unneeded in my experience.

$ cgdisk /dev/nvme0n1
... 
# 256mb	EFI Filesystem  / ef00 (for boot)
# 100%	Linux Filesystem / 8300 (for LUKS)
...
$ mkfs.fat -F 32 /dev/nvme0n1p1

Encrypting Root⌗

Now, we will encrypt our empty 2nd partition and unlock it

$ cryptsetup -c aes-xts-plain64 -y -s 512 luksFormat /dev/nvme0n1p2 
$ cryptsetup luksOpen /dev/nvme0n1p2 cryptroot 

Preparing and Bootstrapping Root⌗

Let’s give it a filesystem and proceed with bootstrapping via either basestrap or pacstrap

$ mkfs.ext4 /dev/mapper/cryptroot 
$ mount /dev/mapper/cryptroot /mnt
$ mkdir /mnt/boot 
$ mount /dev/nvme0n1p2 /mnt/boot 

• note: on some host distros, you may need to mount your efivars in order to configure systemd-boot/efibootmgr. please refer here

On Artix:

$ basestrap /mnt efibootmgr cryptsetup base base-devel runit elogind-runit dbus-runit iwd-runit nano amd-ucode linux linux-firmware linux-headers seatd-runit 

On Arch:

$ pacstrap /mnt base base-devel linux 
linux-firmware iwd nano amd-ucode  

The Chroot Environment⌗

Now, we’ll generate our fstab and proceed into the newly installed system

On Artix:

$ fstabgen -U /mnt >> /mnt/etc/fstab 

On Arch:

$ genfstab -pU /mnt | tee -a /mnt/etc/fstab 

This next step is optional but generally recommended on any distro

$ nano /mnt/etc/fstab 
... 
# change "atime" to "noatime" under your root partition

Now, we will enter the system

$ arch-chroot /mnt 

Now we will set the locale, hostname etc.

$ ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime 
$ hwclock --systohc --utc 
... 
$ echo MyHostname > /etc/hostname 
... 
$ nano /etc/locale.gen 
# uncomment your locale, in my case, en_US UTF-8
$ locale-gen 
$ localectl set-locale LANG=en_US.UTF-8 
...
$ useradd -mG wheel MyUsername 
$ EDITOR=nano visudo 
... 
# uncomment the block that allows "wheel" to execute any command 
$ passwd MyUsername 
... 
# enter your desired username password

mkinitcpio configuration⌗

now we will configure mkinitcpio for ext4 and encryption

$ nano /etc/mkinitcpio.conf
###
# add "ext4" to MODULES
# add "encrypt" to HOOKS before "filesystems"
$ mkinitcpio -p linux

bootloader configuration⌗

On Arch w/ systemd-boot⌗

$ bootctl --path=/boot install
$ nano /boot/loader/loader.conf
...
default arch 
auto-firmware 0 
timeout 3
console-mode max

Now, we will get the UUID of our root device and generate the appropriate entry the above is pointing to

$ blkid | grep nvme0n1p2 | cut -d '"' -f 2 >> /boot/loader/entries/arch.conf
$ nano /boot/loader/entries/arch.conf
...
title Arch Linux
linux /vmlinuz-linux
initrd /amd-ucode.img
options cryptdevice=AAAA-AAAA-AAAA=cryptroot root=/dev/mapper/cryptroot rw quiet systemd.show_status=0 splash

On Artix w/ efibootmgr⌗

• note: on some host distros, you may need to mount your efivars in order to configure systemd-boot/efibootmgr. please refer here

efibootmgr -d /dev/sdb -p 1 -c -L Artix -l /vmlinuz-linux -u 'loglevel=4 cryptdevice=UUID=abcdef6h1jklmn0p:artix root=/dev/mapper/artix initrd=\amd-ucode.img initrd=\initramfs-linux.img'

First Reboot ( wip )⌗

On Arch⌗

On Artix⌗