This guide isn’t just a tech manual; it’s a roller coaster ride through the exhilarating world of Arch Linux. Imagine combining the thrill of skydiving with the satisfaction of solving a Rubik’s cube - that’s what installing Arch with full disk encryption is like, and I’m here to show you how.

As we navigate the labyrinth of Linux installation, we’ll transform a potentially mundane process into an epic digital odyssey. Whether you’re a Linux rookie eager to learn or a seasoned pro, this guide is your ticket to a secure, lightning-fast system.

I’ve been an Arch Linux devotee for years and wouldn’t dream of going back. It’s a realm of unmatched power and flexibility.

Let’s get going!

Table of Contents

Prerequisites

  • Arch Linux ISO on a bootable USB flash drive.1
  • Comfortable with a root shell? Hope so, because that’s where the magic happens.

Connect to the Internet

Alright, internet warriors, let’s get you connected!

If you’re plugged in via ethernet, let’s do a quick check to see if your machine is already chatting with the internet.

Pop open your terminal and type:

ip addr show # You should see an RFC1918 compliant IP address assigned to the ethernet adapter.
ping google.com # Do a quick reality check to confirm your connection.

If you’re a Wi-Fi wizard, brace yourself for a mini-adventure.

iwctl # Summoning the Internet Wireless Daemon (IWD) within your shell.

[iwd] device list # Let's see if your wireless adapter is ready for action.
[iwd] station wlan0 scan # Command your wifi card to scan the surroundings.
[iwd] station wlan0 get-networks # Unveil the list of available networks.
[iwd] station wlan0 connect "<Wireless-Network>" # Time to connect! It'll ask for the network's secret passphrase.

# Hold your horses for a few seconds, then gracefully exit IWD with CTRL+D.

ip addr show # Behold! An IP address for your wireless interface should now appear.
ping google.com # Do a quick reality check to confirm your connection.

With our internet powers activated, let’s give the Arch Package Repository index a fresh update.

pacman -Syyy

Feeling a bit sluggish? Maybe your digital carrier pigeons are flying to a far-off land.

Install Reflector and retrieve the latest mirror list:

pacman -S reflector rsync curl
reflector --latest 20 --protocol https --sort rate --save /etc/pacman.d/mirrorlist

This is like telling those pigeons to make a pit stop closer to home.

Faster updates, happier you!

Set up the Disk

Alright, fellow tech adventurers, it’s time to play wizard with your disk.

First things first, ensure UEFI is not just enabled in the BIOS, but is ready to party.

Partition the Disk

Ready for some disk partitioning magic? Here’s a spell for you, but feel free to freestyle your own enchantments.

fdisk -l # Peek at the name of your soon-to-be enchanted disk.
fdisk /dev/nvme0n1 # That's my disk's name; yours might be different.
Command (m for help): p # Unveil your current partition lineup.
Command (m for help): g # I'm crafting a shiny new GPT layout. Warning: This erases old partitions!
Command (m for help): n # Time to conjure a new partition.

# Create 1 partition of type EFI (1) of size 1G.
# Create 1 partition Linux Filesystem of size 1G.
# Create 1 partition with the remaining space that will be type 30 Linux LVM.

Command (m for help): w # Seal the deal on your partition masterpiece.

fdisk -l # Quick reality check to ensure your disk is ready for its new destiny.

# Now, let's give these partitions some personality by formatting them.

mkfs.fat -F32 /dev/nvme0n1p1 # Set up a FAT32 partition.
mkfs.ext4 /dev/nvme0n1p2 # Format the second partition as EXT4. Alternatively you could also consider BTRFS, ZFS or XFS file systems depending on your use case.

Encrypt the Disk

Now, let’s start the encryption process.

cryptsetup luksFormat /dev/nvme0n1p3 

# Enter passphrase, you will get this prompted when you boot the system. 
# You do not want to forget this, as you can't un-encrypt your hard drive without it.

cryptsetup open --type luks /dev/nvme0n1p3 lvm # Unlock the partition so we can work with it.

Create Dynamic Partitions

Behold the creation of a new Logical Volume Manager (LVM) realm inside the encrypted land:

# Lay the foundation for our LVM kingdom.
pvcreate --dataalignment 1m /dev/mapper/lvm

# Summon a volume group, a mighty container of logical volumes.
vgcreate volgroup0 /dev/mapper/lvm
lvcreate -L 150G volgroup0 -n lv_root # Assign as much space as you please.
lvcreate -l 100%FREE volgroup0 -n lv_home

# Awaken our LVM setup.
modprobe dm_mod
vgscan
vgchange -ay 

# Time to format the created logical volumes.
mkfs.ext4 /dev/volgroup0/lv_root
mkfs.ext4 /dev/volgroup0/lv_home

Mount the Volumes

Mounting time! Let’s give these volumes a home:

mount /dev/volgroup0/lv_root /mnt 

mkdir /mnt/home
mount /dev/volgroup0/lv_home /mnt/home

mkdir /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot

# Time to generate the fstab file that is required for a successful boot.
mkdir /mnt/etc
genfstab -U -p /mnt >> /mnt/etc/fstab

# Peek at the fstab to ensure it’s telling the right tale.
cat /mnt/etc/fstab

And just like that, you’ve turned your disk into a realm of encrypted wonders and dynamic partitions! 🧙‍♂️✨

Install Arch Linux

Great job on prepping your disk! It’s like you’ve laid the foundation for a digital castle.

Now, let’s build it up with Arch Linux. Ready? Let’s roll!

pacstrap -i /mnt base # Install all base packages for Arch Linux.

arch-chroot /mnt # Dive into your work-in-progress installation. It's configuration time!

pacman -S linux linux-lts linux-headers linux-lts-headers # Grabbing the Linux Kernels. Why settle for one when you can have both LTS and the latest, switchable at boot for those just-in-case moments?

pacman -S vim # You need a trusty editor to tweak files. Vim's my sidekick, but pick your own hero.

pacman -S base-devel openssh networkmanager wpa_supplicant wireless_tool netctl dialog # Some packages to facilitate networking.

systemctl enable NetworkManager # Like teaching your network manager to wake up on its own.

pacman -S lvm2 # Essential for booting up your encrypted drive.

# Now, let's make sure your boot process is in tune with your setup.

vim /etc/mkinitcpio.conf # Sneak in 'encrypt lvm2' between block and filesystems in the hooks.
mkinitcpio -p linux
mkinitcpio -p linux-lts

vim /etc/locale.gen # Find your locale and uncomment.
locale-gen

passwd # Time to set a secret code for root access. Choose wisely!
useradd -m -g users -G wheel sergiu # Creating your digital alter-ego. Swap 'sergiu' with your chosen name.
passwd sergiu # Don't forget to password-protect your alter-ego.

EDITOR=vim visudo # Unleash the power of the wheel group by uncommenting %wheel ALL=(ALL) ALL

And just like that, you’re architecting a robust, personalized system.

Think of it as building your own digital fortress, brick by brick, command by command. 🏗️🐧✨

Install a Boot Manager

The goal now is to make our installation standalone so that when we reboot our computer we want everything to boot up automatically and to do that we will install GRUB, but feel free to skip over this section if you want to install a different boot manager.

pacman -S grub efibootmgr dosfstools os-prober mtools # Install grub and related packages.

mkdir /boot/EFI
mount /dev/nvme0n1p1 /boot/EFI # Swap in your partition's name here.

grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck # Commanding GRUB to take its throne.

cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo # Ensure /boot/grub/locale exists and select a different language if desired.

vim /etc/default/grub # Uncomment GRUB_ENABLE_CRYPTODISK=y and then add to GRUB_CMDLINE_LINUX_DEFAULT in between the options cryptdevice=/dev/nvme0n1p3:volgroup0:allow-discards paying attention to your device name.

grub-mkconfig -o /boot/grub/grub.cfg # Generate the grub configuration file.

The Moment of Truth

It’s time for the grand test: Can your Arch rise like a phoenix?

exit 
umount -a 
reboot

Post-Install Tweaks

Your installation is a success, and your machine is up and running.

Let’s sprinkle some extra magic for an even better Linux experience.

# Swap memory time! It's like giving your computer a memory cushion.
fallocate -l 16G /swapfile
chmod 600 /swapfile
mkswap /swapfile
echo '/swapfile none swap sw 0 0' | tee -a /etc/fstab

# Naming your digital beast. I chose 'my-computer', but you can be more creative.
hostnamectl set-hostname my-computer
vim /etc/hosts # Add 127.0.0.1 localhost and 127.0.0.1 my-computer lines.

# Feeling graphical? Let's install a GUI. Here's one for Gnome fans.
sudo pacman -Syyy && sudo pacman -S gnome gnome-extra
sudo systemctl enable gdm

And there you have it, a fully functional, customized Arch Linux system, ready to tackle whatever digital dragons you encounter. 🐲💻✨

  1. If you don’t know where to start, look here↩︎