sam
/
baseddata.io
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
baseddata.io/content/blog/install-artix.md

356 lines
10 KiB
Markdown
Raw Blame History

---
title: "Artix Linux Installation Guide"
date: 2024-02-24T17:04:21Z
author:
name: "Sam Chance"
header_image: "/pics/blog/artix-logo.webp"
draft: False
summary: "This guide will run through the process of installing Artix Linux with runit as the init system on an encrypted disk partition."
---
This guide will run through the process of installing Artix Linux, which is a
fork of Arch Linux without SystemD. For the init system I'll be installing
Runit, but you can install any init system of your choosing.
I'll be creating an encrypted partition and installing on a UEFI system.
If you wish to install using legacy boot, or you don't need to encrypt your
drive, then follow the installation guide on the [Artix Wiki](https://wiki.artixlinux.org/Main/Installation) instead.
Download the latest Artix ISO from [here](https://artixlinux.org/download.php)
and write to a usb flashdrive. I recommend using
[Ventoy](https://www.ventoy.net/en/index.html), but you can use the dd command
to burn the ISO image directly to the usb drive (just make sure there is no
important data on the disk beforehand)
{{< highlight shell >}}
dd if=artix-linux.iso of=/dev/sdX status=progress
{{</ highlight >}}
Boot into the ISO image and select the appropriate keyboard layout. Then start
the live environment. The first step is to partition the hard drive. In this
guide I'll be using an encrypted partition on an UEFI system. If if you want a
different configuration, please consult the [Arch
wiki](https://wiki.archlinux.org/title/Partitioning#Example_layouts).
![artix-keyboard-select](/pics/blog/artix-keyboard-select.webp)
## Partition layout
The layout for this installation is as follows:
| mount point | drive | partition type | size |
|-------------|-----------|-------------------------|---------------|
| boot/efi | /dev/sda1 | efi partition | 1G |
| / | /dev/sda2 | encrypted luks partiton | rest of drive |
There is a 1GB efi partition at the beginning of the drive for the bootloader,
then the rest of the drive will be encrypted and contain our root and home
directory.
This installation assums the system will boot using UEFI. If you wish to
install on a legacy system, this process will not work. To check if your system
is UEFI, the run this command:
{{< highlight shell >}}
cat /sys/firmware/efi/fw_platform_size
{{</ highlight >}}
If the command returns `64`, then the system uses UEFI to boot.
## Create New Partition
Login to the Artix live cd using with username: `root`, password: `artix`
List all drives attached to system:
{{< highlight shell >}}
lsblk
{{</ highlight >}}
![artix-lsblk](/pics/blog/artix-lsblk.webp)
Locate the target drive (in this case `/dev/sda`) where we will install Artix.
Run:
{{< highlight shell >}}
fdisk /dev/sda
{{</ highlight >}}
Run through the options to partition the disk:
* Press (g) to create a new empty GPT partition table
* Press (n) to add a new partition
* Choose default partition number (1)
* Choose default first sector (2048)
* Set last sector as (+1G)
* Press (t) to change partition type
* Set partition type to "EFI System" (usually option 1 - press L to see all options)
* Press (n) to create a second partition for the rest of the drive. Choose all default settings
* Press (w) to write and exit
You should now have two partitions under `/dev/sda`:
![artix-lsblk1](/pics/blog/artix-lsblk1.webp)
`/dev/sda1` is the unencrypted boot partition, and `/dev/sda2` will be where we store our encrypted volume.
## Encryption using luks cryptsetup
Firstly create an encrypted container on the second partition. For this we will use luks encryption:
{{< highlight shell >}}
cryptsetup luksFormat /dev/sda2
{{</ highlight >}}
Enter a suitably strong passphrase.
Next we need to open and mount the encrypted vault to install Artix.
{{< highlight shell >}}
cryptsetup luksOpen /dev/sda2 crypt
{{</ highlight >}}
Enter your passphrase. This will open the encrypted vault and make it mountable
under the name "crypt" (accessible from `/dev/mapper/crypt`). You can choose a different name if you wish.
## Create Filesystems
Format the boot/efi partition using fat32:
{{< highlight shell >}}
mkfs.fat -F32 /dev/sda1
{{</ highlight >}}
And create a btrfs file system on the opened and decrypted luks vault:
{{< highlight shell >}}
mkfs.btrfs /dev/mapper/crypt
{{</ highlight >}}
To check everything is in order, run:
{{< highlight shell >}}
lsblk -f
{{</ highlight >}}
It should look something like this:
![artix-lsblk2](/pics/blog/artix-lsblk2.webp)
Note the UUIDs - they will be needed later for setting up decryption during boot.
Then we mount the partitions:
{{< highlight shell >}}
mount /dev/mapper/crypt /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
{{</ highlight >}}
## Install Artix
Use the `basestrap` command to install Artix linux and other essential packages
to the mounted partition. You can also install packages from the Arch repos
here too:
{{< highlight shell >}}
basestrap -i /mnt base base-devel runit elogind-runit linux linux-firmware grub efibootmgr
networkmanager networkmanager-runit cryptsetup lvm2 lvm2-runit neovim vim
openssh openssh-runit
{{</ highlight >}}
This will install about 1.4GB of packages onto your system.
## Generate Fstab
This generates an fstab file for automatically mounting drives during system boot.
{{< highlight shell >}}
fstabgen -U /mnt >> /mnt/etc/fstab
{{</ highlight >}}
## Chroot Into the Install
Chroot will transport us into the installation:
{{< highlight shell >}}
artix-chroot /mnt
{{</ highlight >}}
## General Arch Setup
More info about each of these steps on the [Artix Wiki](https://wiki.artixlinux.org/Main/Installation) and the [Arch Wiki](https://wiki.archlinux.org/title/Installation_guide#Time_zone)
Set timezone
{{< highlight shell >}}
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
{{</ highlight >}}
Set system clock
{{< highlight shell >}}
hwclock --systohc
{{</ highlight >}}
Set locales
{{< highlight shell >}}
vim /etc/locale.gen
# uncomment your layouts, e.g. for me: "en_GB.UTF-8 UTF-8"
{{</ highlight >}}
Generate locale
{{< highlight shell >}}
locale-gen
{{</ highlight >}}
Set systemwide locale
{{< highlight shell >}}
vim /etc/locale.conf
#and append:
export LANG="en_GB.UTF-8 UTF-8"
export LC_COLLATE="C"
{{</ highlight >}}
## Setup mkinitcpio.conf
`/etc/mkinitcpio.conf` is the configuration file for setting up the initial
ramdisk environment. This is an small environment which loads various kernel
modules and sets the system up before handing control to the init system. As we
have installed Linux on an encrypted partition, we need to tell the ramdisk
environment how to decrypt this partition.
To do this we need to add some modules to the HOOKS line:
{{< highlight text >}}
HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems fsck)
add these modules---------------------------------------------------------^-------^
{{</ highlight >}}
Here we add `encrypt` and `lvm2` to the HOOKS. These modules will now get
loaded before boot and will enable the system to decrypt the root partition.
Next, regenerate the ramdisk environment based on the `linux` preset:
{{< highlight shell >}}
mkinitcpio --preset linux
{{</ highlight >}}
## Grub Bootloader
We now need to tell the bootloader where both our encrypted luks
vault is (so it can decrypt it) and where the decrypted root partition is in
order to boot the system. For this, we'll need two UUIDs, one for the encrypted
luks vault (referenced as `cryptdevice=UUID`), and another for the decrypted
filesystem (referenced as `root=UUID`). We can obtain this information from the
`lsblk -f` command
We can output this to the `/etc/default/grub` file. We can do this using the
following command, I advice double checking this command before running it, as
it may not work on your system if it is set it up differently (e.g. you're
not using btrfs):
Also, REMEMBER TO `APPEND` USING TWO ARROWS `>>`!! Else you'll overwrite the
grub file and will need to reinstall.
{{< highlight shell >}}
lsblk -f | grep "crypto_LUKS\|btrfs" | sed "s/crypto_LUKS/#cryptdevice=UUID/;s/btrfs/#root=UUID/" | awk '{print $2"="$3}' >> /etc/default/grub
{{</ highlight >}}
This will append the following to the grub file:
{{< highlight text >}}
#cryptdevice=UUID=<long-uuid-string>
#root=UUID=<long-uuid-string>
{{</ highlight >}}
Now we can open `/etc/default/grub`. We need to insert the two new strings at
the bottom of the file into the `GRUB_CMDLINE_LINUX_DEFAULT` string. It should
look something like this (remember to also add a volume name after the
cryptdevice=UUID string - e.g. here I've called it `cryptlvm` - you can call it
whatever you like)
{{< highlight text >}}
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=<long-uuid-string>:cryptlvm root=UUID=<long-uuid-string>"
{{</ highlight >}}
## Install grub
For efi systems grub is installed with the following command:
{{< highlight shell >}}
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub
grub-mkconfig -o /boot/grub/grub.cfg
{{</ highlight >}}
![artix-grub-install](/pics/blog/artix-grub-install.webp)
## Add Users
Set a password for the root user:
{{< highlight shell >}}
passwd
{{</ highlight >}}
Create regular user and add to wheel group. Set a password for that user.
{{< highlight shell >}}
useradd -G wheel -m user
passwd user
{{</ highlight >}}
Edit the sudoers file to allow sudo root commands for user.
{{< highlight shell >}}
EDITOR=vim visudo`
{{</ highlight >}}
Then uncomment the following line:
{{< highlight text >}}
%wheel ALL=(ALL:ALL) ALL
{{</ highlight >}}
## Network Config
set hostname (replace `<my-hostname>` with a suitable name for your system)
{{< highlight shell >}}
echo "<my-hostname>" > /etc/hostname
{{</ highlight >}}
Add hosts to `/etc/hosts`
{{< highlight text >}}
127.0.0.1 localhost
::1 localhost
127.0.1.1 <my-hostname>.localdomain <my-hostname>
{{</ highlight >}}
Install dhcp client
{{< highlight shell >}}
pacman -S dhcpcd
{{</ highlight >}}
Enable networkmanager service with runit
{{< highlight shell >}}
ln -s /etc/runit/sv/NetworkManager /etc/runit/runsvdir/current
{{</ highlight >}}
## Exit chroot, unmount partition and reboot
{{< highlight shell >}}
exit
umount -R /mnt
reboot
{{</ highlight >}}
If everything worked, then the system should be successfully setup. After
reboot, it should ask for a passphrase to access the encrypted partition. You
can then login using the user account that we created. At this point, we can
install a graphical environment.
Reference in New Issue View Git Blame Copy Permalink