z0x

College Student

Artix Linux install guide

Guide to installing Artix Linux with OpenRC and full disk encryption for UEFI and BIOS systems

Introduction

The goal of this guide is to set up a minimal installation of Artix Linux with OpenRC as an init system and full disk encryption on an UEFI or BIOS system. This guide is meant to be read alongside the Artix and Arch wiki respectively. It does not cover implementing Secure Boot

Acquire an installation image

  1. Go to the downloads page https://artixlinux.org/download.php
  2. Scroll down to the Official ISO images section.
  3. Under the base section, download the file starting with artix-base-openrc and ending with .iso

Prepare an installation medium

Windows

Use Rufus

Linux

  1. Insert a USB flash drive into your PC with at least 2 GB of space available on it.
  2. Find the corresponding block device for the flash drive in /dev folder. Usually it is /dev/sdb1
  3. Write the image to the flash drive (assuming your flash drive is /dev/sdb1).
Warning

This command will wipe the /dev/sdb1 partition

Terminal window
doas dd bs=4M if=~/Downloads/artix-base-openrc-*-x86_64.iso of=/dev/sdb1 conv=fsync oflag=direct status=progress

Boot the live environment

Info

Artix Linux installation images do not support Secure Boot. You will need to disable Secure Boot in your BIOS to boot the installation medium.

  1. Power off your PC.
  2. Insert the flash drive into the computer on which you are installing Artix Linux.
  3. Power on your PC and press your boot menu key.
  4. Boot the installation medium.

Enter the live environment

Login with the default credentials.

  • Username: root
  • Password: artix

Connect to the internet

Via Ethernet

Connect the computer via an Ethernet cable

Via WiFi

Terminal window
rfkill unblock wifi
ip link set wlan0 up
connmanctl
Terminal window
agent on
scan wifi
services
Tip

Network names can be tab-completed.

Example

connect wifi_dc85de_383039_managed_psk

Terminal window
connect {your WiFi name}
quit

Verify internet connectivity

Terminal window
ping artixlinux.org

Update the system clock

Activate the NTP daemon to synchronize the computer’s real-time clock

Terminal window
rc-service ntpd start

Partition the disk

Throughout this guide nvme0n1 will be used as the target install drive.

  1. Install and run gdisk
Terminal window
pacman -Sy gdisk
gdisk /dev/nvme0n1
  1. Delete any existing partitions. Repeat until none are left.
Command (m for help): d
  1. Create a boot partition
Command (m for help): n
Partition number (1-128, default 1):
First sector (...):
Last sector (...): +512M
Hex code or GUID (...): ef00
  1. Create a root partition
Command (m for help): n
Partition number (2-128, default 1):
First sector (...):
Last sector (...):
Hex code or GUID (...): 8300
  1. Write the changes
Command (m for help): w
Do you want to proceed? (Y/N): y
  1. Verify partitioning
Terminal window
lsblk
Note

It should look something like this

lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE
nvme0n1     259:0    0 465,8G  0 disk
├─nvme0n1p1 259:1    0   512M  0 part
└─nvme0n1p2 259:2    0 465,3G  0 part

Encrypt root partition

  1. Encrypt your root partition
Tip

Make sure to enter a secure passphrase and to write it down

Terminal window
cryptsetup luksFormat /dev/nvme0n1p2
Are you sure (Type `yes` in capital letters): YES
  1. Open the encrypted partition
Terminal window
cryptsetup open /dev/nvme0n1p2 root

Create filesystems

  1. Create the boot file system
Terminal window
mkfs.fat -F32 /dev/nvme0n1p1
  1. Create the root file system
Terminal window
mkfs.ext4 /dev/mapper/root

Mount file systems

  1. Mount the root file system
Terminal window
mount /dev/mapper/root /mnt
  1. Mount the boot file system
Terminal window
mount -m /dev/nvme0n1p1 /mnt/boot
  1. Verify mounting
Terminal window
lsblk
Note

It should look something like this

lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINTS
nvme0n1     259:0    0 465,8G  0 disk
├─nvme0n1p1 259:1    0   512M  0 part  /mnt/boot
└─nvme0n1p2 259:2    0 465,3G  0 part
  └─root    254:0    0 465,2G  0 crypt /mnt

Install essentials

Install the base system, kernel, init system and other essential packages.

Terminal window
basestrap /mnt base linux linux-firmware openrc elogind-openrc cryptsetup cryptsetup-openrc efibootmgr doas nano
Note

Install AMD or Intel microcode, depending on your system’s CPU

AMD CPU

Install AMD CPU microcode updates

Terminal window
basestrap /mnt amd-ucode

Intel CPU

Install Intel CPU microcode updates

Terminal window
basestrap /mnt intel-ucode

Generate file system table

Terminal window
fstabgen -U /mnt >> /mnt/etc/fstab

Switch to new Installation

Terminal window
artix-chroot /mnt bash

Network stack

Terminal window
pacman -S wpa_supplicant networkmanager networkmanager-openrc iwd iwd-openrc
rc-update add NetworkManager
rc-update add iwd
/etc/NetworkManager/conf.d/wifi_backend.conf
[device]
wifi.backend=iwd

MAC randomization

Info

MAC randomization can be used for increased privacy by not disclosing your real MAC address to the WiFi network.

/etc/NetworkManager/conf.d/00-macrandomize.conf
[device-mac-randomization]
wifi.scan-rand-mac-address=yes


[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random

Localization

Set the locale

Tip

Feel free to change en_DK.UTF-8 to your preferred locale such as en_US.UTF-8 or en_GB.UTF-8

  1. Uncomment en_DK.UTF-8
/etc/locale.gen
#en_CA.UTF-8 UTF-8
#en_CA ISO-8859-1
en_DK.UTF-8 UTF-8
#en_DK ISO-8859-1
#en_GB.UTF-8 UTF-8
#en_GB ISO-8859-1
  1. Generate locales
Terminal window
echo 'LANG=en_DK.UTF-8' > /etc/locale.conf
locale-gen

Set the timezone

Example

ln -sf /usr/share/zoneinfo/Asia/Dubai /etc/localtime

Terminal window
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

Set hardware clock from system clock

Terminal window
hwclock --systohc

Hostname

Set your preferred hostname, I will be using artixmachine throughout this guide.

Terminal window
echo 'artixmachine' > /etc/hostname
/etc/conf.d/hostname
# Use fallback hostname if /etc/hostname doesn't exist
hostname="localhost"
hostname="artixmachine"
/etc/hosts
# Static table lookup for hostnames.
# See hosts(5) for details.


127.0.0.1     localhost
::1           localhost
127.0.1.1     artixmachine.localdomain     artixmachine

Initramfs

In the HOOKS array, add encrypt between block and filesystems

/etc/mkinitcpio.conf
HOOKS=(... block encrypt filesystems ...)

Generate initramfs images

Terminal window
mkinitcpio -P

Add a user

  1. Set the root password.
Terminal window
passwd
  1. Create a user and set his password.
Terminal window
useradd -m artixuser
passwd artixuser

Configure doas

  1. Create the config file and set the appropriate permissions
Terminal window
touch /etc/doas.conf
chown -c root:root /etc/doas.conf
chmod -c 0400 /etc/doas.conf
  1. Add the following
/etc/doas.conf
permit artixuser as root
permit nopass artixuser as root cmd pacman

Boot loader

Check for UEFI support

Tip

If you see a bunch of files listed when executing the following command, use EFISTUB. If you do not see a bunch of files listed, your system does not support UEFI and you should use GRUB.

Terminal window
ls /sys/firmware/efi/efivars

EFISTUB

  1. Get the UUID of your root partition
Terminal window
blkid -s UUID -o value /dev/nvme0n1p2
  1. Create a boot entry
Tip

Replace xxxx with the UUID that you just obtained.

Replace intel-ucode.img with amd-ucode.img if you have an AMD CPU.

Terminal window
efibootmgr -c -d /dev/nvme0n1 -p 1 -l /vmlinuz-linux -L "Artix" -u "cryptdevice=UUID=xxxx:root root=/dev/mapper/root rw initrd=\intel-ucode.img initrd=\initramfs-linux.img loglevel=3 quiet"

GRUB

  1. Install grub on your boot partition
Terminal window
pacman -S grub
grub-install /dev/nvme0n1
  1. Get the UUID of your root partition
Terminal window
blkid -s UUID -o value /dev/nvme0n1p2
  1. Edit the GRUB config file
Note

It should look something like this with xxxx being the UUID that you just obtained

GRUB_CMDLINE_LINUX="cryptdevice=UUID=550e8400-e29b-41d4-a716-446655440000:root root=/dev/mapper/root"
GRUB_ENABLE_CRYPTODISK=y
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=UUID=xxxx:root root=/dev/mapper/root"
#GRUB_ENABLE_CRYPTODISK=y
  1. Generate the config file
Terminal window
grub-mkconfig -o /boot/grub/grub.cfg

Reboot

  1. You can now reboot and enter into your new installation
Note

Unplug your flash drive after the screen turns black

Terminal window
exit
umount -R /mnt
reboot now

Post install

You will now be greeted with a similar screen as when you first booted from the flash drive. Login using the credentials that you set, if you followed the example your username would be artixuser.

Add arch repositories and sort for fastest mirrors

Add arch extra repository

  1. Install packages and fetch mirrorlist
Terminal window
doas pacman -Syu artix-archlinux-support curl
doas pacman-key --populate archlinux
doas sh -c "curl https://archlinux.org/mirrorlist/all -o /etc/pacman.d/mirrorlist-arch"
  1. Activate Arch mirrors
/etc/pacman.d/mirrorlist-arch
#Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch
#Server = https://ftpmirror.infania.net/mirror/archlinux/$repo/os/$arch
#Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch
#Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch
  1. Edit the pacman config file
/etc/pacman.conf
##Arch
[extra]
Include = /etc/pacman.d/mirrorlist-arch


##[multilib]
##Include = /etc/pacman.d/mirrorlist-arch

Sort for fastest mirrors

Terminal window
doas pacman -Syu reflector pacman-contrib
doas reflector --verbose -p https -l 30 -f 5 --sort rate --save /etc/pacman.d/mirrorlist-arch
doas sh -c "curl https://gitea.artixlinux.org/packages/artix-mirrorlist/raw/branch/master/mirrorlist -o /etc/pacman.d/mirrorlist.bak"
doas sh -c "rankmirrors -v -n 5 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist"

AUR

Add Chaotic-AUR

Terminal window
doas pacman-key --recv-key 3056513887B78AEB --keyserver keyserver.ubuntu.com
doas pacman-key --lsign-key 3056513887B78AEB
doas pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-keyring.pkg.tar.zst'
doas pacman -U 'https://cdn-mirror.chaotic.cx/chaotic-aur/chaotic-mirrorlist.pkg.tar.zst'
/etc/pacman.conf
[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist

Install paru

Terminal window
doas pacman -Syu
doas pacman -S paru

Replace sudo with doas

Terminal window
doas pacman -Rdd sudo
doas ln -s /usr/bin/doas /usr/bin/sudo

Laptop power profiles

Install and enable the powerprofiles daemon

Terminal window
doas pacman -S power-profiles-daemon power-profiles-daemon-openrc
doas rc-update add power-profiles-daemon
doas rc-service power-profiles-daemon start

Add swap

Terminal window
doas fallocate -l 4G /swapfile
doas chmod 600 /swapfile
doas mkswap /swapfile
doas swapon /swapfile
doas cp /etc/fstab /etc/fstab.bak
echo '/swapfile none swap sw 0 0' | doas tee -a /etc/fstab

Auto-mount an external LUKS encrypted drive

Terminal window
doas pacman -S cryptsetup-openrc fdisk
doas fdisk /dev/sdb
>g, n, w


doas cryptsetup luksFormat /dev/sdb1
doas cryptsetup luksOpen /dev/sdb1 hdd1
doas mkfs.ext4 /dev/mapper/hdd1
doas mkdir /mnt/hdd1
doas mount /dev/mapper/hdd1 /mnt/hdd1
doas chown artixuser:artixuser /mnt/hdd1
doas dd if=/dev/urandom of=/root/keyfile_hdd1 bs=512 count=4
doas chmod 0400 /root/keyfile_hdd1
doas cryptsetup luksAddKey /dev/sdb1 /root/keyfile_hdd1
UUID=$(doas blkid -s UUID -o value /dev/sdb1)
/etc/conf.d/dmcrypt
target=hdd1
source=UUID='$UUID'
key=/root/keyfile_hdd1
wait=2
Terminal window
doas rc-update add dmcrypt boot
doas reboot