6/1/2015 - 4:41 PM

Arch Linux step-by-step installation on btrfs

= Arch Linux step-by-step installation =
= =

== Boot the installation CD ==

== Create partition ==

cfdisk /dev/sda
 * Create a partition with code 8300 (Linux)

== Format the partition ==

mkfs.btrfs -L "Arch Linux" /dev/sda1

== Mount the partition ==

mkdir /mnt/btrfs-root
mount -o defaults,relatime,discard,ssd,nodev,nosuid /dev/sda1 /mnt/btrfs-root

== Create the subvolumes ==

mkdir -p /mnt/btrfs/__snapshot
mkdir -p /mnt/btrfs/__current
btrfs subvolume create /mnt/btrfs-root/__current/root
btrfs subvolume create /mnt/btrfs-root/__current/home

== Mount the subvolumes ==

mkdir -p /mnt/btrfs-current

mount -o defaults,relatime,discard,ssd,nodev,subvol=__current/root /dev/sda1 /mnt/btrfs-current
mkdir -p /mnt/btrfs-current/home

mount -o defaults,relatime,discard,ssd,nodev,nosuid,subvol=__current/home /dev/sda1 /mnt/btrfs-current/home

== Install Arch Linux ==

nano /etc/pacman.d/mirrorlist 
 * Select the mirror to be used

pacstrap /mnt/btrfs-current base base-devel
genfstab -U -p /mnt/btrfs-current >> /mnt/btrfs-current/etc/fstab
nano /mnt/btrfs-current/etc/fstab
 * copy the partition info for / and mount it on /run/btrfs-root (remember to remove subvol parameter! and add nodev,nosuid,noexec parameters)

== Configure the system ==
arch-chroot /mnt/btrfs-current /bin/bash

pacman -S btrfs-progs

nano /etc/locale.gen
 * Uncomment en_US.UTF-8
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8

ln -s /usr/share/zoneinfo/Europe/Kiev /etc/localtime
hwclock --systohc --utc

echo 'idv-HP-EliteBook-840-G1' > /etc/hostname
nano /etc/nsswitch
 * set the hostname

pacman -S wicd
systemctl enable wicd.service

nano /etc/mkinitcpio.conf
 * Remove fsck and add btrfs to HOOKS
mkinitcpio -p linux

groupadd idv
useradd -m -g idv -G users,wheel,storage,power,network -s /bin/bash -c "Ihor Dvoretskyi" idv
passwd idv

== Install boot loader ==

pacman -S grub-bios
grub-install --target=i386-pc --recheck /dev/sda
nano /etc/default/grub
 * Edit settings (e.g., disable gfx, quiet, etc.)
grub-mkconfig -o /boot/grub/grub.cfg

== Unmount and reboot ==


umount /mnt/btrfs-current/home
umount /mnt/btrfs-current
umount /mnt/btrfs-root


== Post installation configuration ==

=== Power management ===

nano /etc/modprobe.d/blacklist.conf
 * blacklist nouveau

Download and compile bbswitch from

nano /etc/mkinitcpio.conf
 * Add "i915 bbswitch" to MODULES
 * Add "/etc/modprobe.d/i915.conf /etc/modprobe.d/bbswitch.conf" to FILES
nano /etc/modprobe.d/i915.conf
 options i915 modeset=1
 options i915 i915_enable_rc6=1
 options i915 i915_enable_fbc=1
 options i915 lvds_downclock=1
nano /etc/modprobe.d/bbswitch.conf
 options bbswitch load_state=0
 options bbswitch unload_state=1
mkinitcpio -p linux

=== Hardening ===

chmod 700 /boot /etc/{iptables,arptables}

nano /etc/securetty
 * Comment tty1

nano /etc/iptables/iptables.rules
 :INPUT DROP [0:0]
 -A INPUT -i lo -j ACCEPT 
 -A INPUT -p udp --sport 53 -j ACCEPT
 -A INPUT -p icmp -j REJECT
 -A INPUT -p tcp -j REJECT --reject-with tcp-reset 
 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable 
 -A INPUT -j REJECT --reject-with icmp-proto-unreachable 
systemctl enable iptables.service

nano /etc/sysctl.conf
 * net.ipv4.conf.all.log_martians = 1
 * net.ipv4.conf.all.rp_filter = 1
 * net.ipv4.icmp_echo_ignore_broadcasts = 1
 * net.ipv4.icmp_ignore_bogus_error_responses = 1

=== Snapshot ===

echo `date "+%Y%m%d-%H%M%S"` > /run/btrfs-root/__current/ROOT/SNAPSHOT
echo "Fresh install" >> /run/btrfs-root/__current/ROOT/SNAPSHOT
btrfs subvolume snapshot -r /run/btrfs-root/__current/ROOT /run/btrfs-root/__snapshot/ROOT@`head -n 1 /run/btrfs-root/__current/ROOT/SNAPSHOT`
cd /run/btrfs-root/__snapshot/
ln -s ROOT@`cat /run/btrfs-root/__current/ROOT/SNAPSHOT` fresh-install
rm /run/btrfs-root/__current/ROOT/SNAPSHOT 

==== Software Installation ===
 * Enable sudo for wheel