-
If necessary, connect to a WLAN with iwd.
-
Set keyboard layout and clock:
loadkeys us timedatectl set-ntp true -
Configure proxies and certs if needed:
- Set proxies:
export http_proxy="http://10.0.0.15:8080" export https_proxy="http://10.0.0.15:8080"
- Prepare system for scp:
systemctl start sshd useradd --create-home temp passwd temp - Transfer proxy cert to /home/temp from separate host using scp.
scp cert.crt temp@<IP_ADDRESS>:~
- Add proxy cert to trust store:
trust anchor /home/temp/cert.crt
- Set proxies:
-
Verify system is UEFI. BIOS systemd do not have this directory:
ls /sys/firmware/efi/efivars
-
Partition devices with fdisk.
fdisk /dev/sda
- Ensure /dev/sda1 has label
EFI System Partitionand is 260-512M in size.
- Ensure /dev/sda1 has label
-
Create filesystems.
- EFI boot partition must be FAT32:
mkfs.vfat -F32 /dev/sda1
- EFI boot partition must be FAT32:
-
Mount filesystems:
mount /dev/sda1 /mnt mkdir /mnt/boot mount /dev/sda2 /mnt/boot
-
Install base system:
- * Only install iwd if required to access WLAN networks.
pacstrap /mnt base linux linux-firmware man-db man-pages texinfo sudo vim openssh iwd* -
Generate fstab:
genfstab -U /mnt >> /mnt/etc/fstab -
Chroot into system:
arch-chroot /mnt
-
Set timezone and localization settings:
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime hwclock --systohc locale-gen echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen echo "LANG=en_US.UTF-8" > /etc/locale.conf echo "KEYMAP=us" > /etc/vconsole.conf
-
Configure network:
/etc/hostname hostname/etc/hosts 127.0.0.1 localhost ::1 localhost 127.0.1.1 hostname.domain hostname -
Set root password:
passwd
-
Install bootloader:
bootctl --path=/boot install
/boot/loader/entries/arch.conf title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options root=/dev/sda2 rw -
Reboot
-
Configure DNS
- Enable DNSSEC and configure DNS servers in in
/etc/systemd/resolved.conf - Start and enable resolved:
systemctl enable systemd-resolved --now - Enable DNSSEC and configure DNS servers in in
-
Configure network
- For LAN:
- Configure networkd unit file, see /usr/lib/systemd/network for examples.
- Start and enable systemd-networkd:
systemctl enable systemd-networkd --now - For WLAN:
- Start and enable iwd:
systemctl enable iwd --now- Authenticate to WLAN:
# See manpage for syntax: man iwctl
- For LAN:
-
Start and enable homed:
systemctl enable systemd-homed --now -
Create user:
homectl create austin --member-of=wheel --disk-space=75G --storage=luks
-
Create homed file for pam:
/etc/pam.d/homed auth sufficient pam_systemd_home.so account sufficient pam_systemd_home.so password sufficient pam_systemd_home.so session optional pam_systemd_home.so -
Reference homed in other pam files:
/etc/pam.d/su #%PAM-1.0 auth include homed auth sufficient pam_rootok.so auth required pam_unix.so account include homed account required pam_unix.so session include homed session required pam_unix.so/etc/pam.d/system-auth #%PAM-1.0 auth include homed auth required pam_unix.so try_first_pass nullok auth optional pam_permit.so auth required pam_env.so account include homed account required pam_unix.so account optional pam_permit.so account required pam_time.so password include homed password required pam_unix.so try_first_pass nullok sha512 shadow password optional pam_permit.so session include homed session required pam_limits.so session required pam_unix.so session optional pam_permit.so/etc/pam.d/system-login #%PAM-1.0 auth required pam_tally2.so onerr=succeed file=/var/log/tallylog auth required pam_shells.so auth include homed auth requisite pam_nologin.so auth include system-auth account required pam_tally2.so account required pam_access.so account include homed account required pam_nologin.so account include system-auth password include system-auth session optional pam_loginuid.so session optional pam_keyinit.so force revoke session include system-auth session optional pam_motd.so motd=/etc/motd session optional pam_mail.so dir=/var/spool/mail standard quiet -session optional pam_systemd.so session required pam_env.so