To set up a network connection in the live environment, go through the following steps:
- Ensure your network interface is listed and enabled, for example with ip-link(8):
ip link
-
For wireless and WWAN, make sure the card is not blocked with rfkill.
-
Connect to the network:
-
The connection may be verified with ping:
For example, assuming your wireless device named wlan0
:
iwctl station wlan0 connect <SSID>
Test your connection:
ping -с 3 archlinux.org
Note
In the installation image, systemd-networkd, systemd-resolved, iwd and ModemManager are preconfigured and enabled by default. That will not be the case for the installed system.
In the live environment systemd-timesyncd is enabled by default and time will be synced automatically once a connection to the internet is established.
Use timedatectl(1) to ensure the system clock is synchronized:
timedatectl set-ntp true
timedatectl status
When recognized by the live system, disks are assigned to a block device such as /dev/sda
, /dev/nvme0n1
or /dev/mmcblk0
. To identify these devices, use lsblk.
lsblk -o +PARTLABEL
Results ending in rom
, loop
or airoot
may be ignored.
The following partitions are required for a chosen device:
- One partition for the root directory
/
. - For booting in UEFI mode: an EFI system partition.
Warning
If you want to create any stacked block devices do it now.
Given:
~1000G
- NVME SSD on/dev/nvme0n1
device16G
- RAM
Use sgdisk to modify partition tables.
export DRIVE=/dev/nvme0n1
Disk partition example:
Mount point Partition number Partition type Suggested size
/mnt/boot /dev/nvme0n1p1 EFI system partition 1G, or at least 550 MiB
[SWAP] /dev/nvme0n1p2 Linux swap 32G, about 2*RAM size
/mnt /dev/nvme0n1p3 Linux root (x86-64) 128G, or at least 23–32 GiB
/mnt/home /dev/nvme0n1p4 Linux home Remainder of the device
See also Partitioning#Example layouts.
Tip
On UEFI-booted systems, if specific conditions are met, systemd-gpt-auto-generator(8) will automount GPT partitions following the Discoverable Partitions Specification.
Zap the disk:
sgdisk --zap-all $DRIVE
Warning
Zap (destroy) the GPT and MBR data structures and then exit. This option works much like -z, but as it wipes the MBR as well as the GPT, it's more suitable if you want to repartition a disk after using this option, and completely unsuitable if you've already repartitioned the disk.
Create the partitions:
sgdisk --new=1:0:+1GiB --typecode=1:ef00 --change-name=1:EFI $DRIVE
sgdisk --new=2:0:+32GiB --typecode=2:8200 --change-name=2:swap $DRIVE
sgdisk --new=3:0:+128GiB --typecode=3:8304 --change-name=3:system $DRIVE
sgdisk --new=4:0:0 --typecode=4:8302 --change-name=4:home $DRIVE
Tip
Usesgdisk -L | less
to list all available partition type codes.
Check the partitions:
lsblk -o +PARTLABEL
Once the partitions have been created, each newly created partition must be formatted with an appropriate file system. See File systems#Create a file system for details.
[Format](https://wiki.archlinux.org/title/ EFI_system_partition#Format_the_partition) EFI system partition:
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI
Warning
Only format the EFI system partition if you created it during the partitioning step. If there already was an EFI system partition on disk beforehand, reformatting it can destroy the boot loaders of other installed operating systems.
Format and mount root partition:
mkfs.ext4 -L system /dev/disk/by-partlabel/system
Format home partition:
mkfs.ext4 -L home /dev/disk/by-partlabel/home
Format and enable swap partition:
mkswap -L swap /dev/disk/by-partlabel/swap
swapon -L swap
Mount system partitions to /mnt
:
mount -o noatime LABEL=system /mnt
mount -o noatime --mkdir LABEL=EFI /mnt/boot
mount -o noatime --mkdir LABEL=home /mnt/home
Use the pacstrap(8) script to install the base package, Linux kernel and firmware for common hardware:
pacstrap -K /mnt base linux-lts linux-firmware
Tip
The base package does not include all tools from the live installation, so installing other packages may be necessary for a fully functional base system.
In particular, consider installing:
- userspace utilities for the management of file systems that will be used on the system,
- utilities for accessing RAID or LVM partitions,
- specific firmware for other devices not included in linux-firmware (e.g. sof-firmware for sound cards),
- software necessary for networking, for example NetworkManager and BlueZ,
- a text editor, for example nano or vim
- packages for accessing documentation in man and info pages: man-db, man-pages and texinfo.
To install other packages or package groups, append the names to the pacstrap command above (space separated) or use pacman while chrooted into the new system.
For comparison, packages available in the live system can be found in pkglist.x86_64.txt.
Generate an fstab file (use -U
or -L
to define by UUID or labels, respectively):
genfstab -L /mnt >> /mnt/etc/fstab
Check the resulting /mnt/etc/fstab
file, and edit it in case of errors. Also, you can add corresponding mount options to extend your ssd lifespan.
Change root into the new system:
arch-chroot /mnt
Set the time zone, for example Asia/Yekaterinburg
:
ln -sf /usr/share/zoneinfo/Asia/Yekaterinburg /etc/localtime
Run hwclock(8) to generate /etc/adjtime
:
hwclock --systohc
This command assumes the hardware clock is set to UTC. See System time#Time standard for details.
Edit /etc/locale.gen
and uncomment or add your preffered locales and en_US.UTF-8 UTF-8
which is commonly used as a fallback locale.
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
echo "ru_RU.UTF-8 UTF-8" >> /etc/locale.gen
Generate the locales by running:
locale-gen
Create the locale.conf(5) file, and set the LANG variable accordingly.
Create /etc/locale.conf
with the follwing content:
echo "LANG=ru_RU.UTF-8" > /etc/locale.conf
If you set the console keyboard layout, make the changes persistent in vconsole.conf(5).
Available layouts can be listed with:
localectl list-keymaps
For example, create /etc/vconsole.conf
with following content, to set a russian keyboard layout:
echo "KEYMAP=ru" >> /etc/vconsole.conf
Console fonts are located in /usr/share/kbd/consolefonts/
and can likewise be set with setfont(8).
ls -l /usr/share/kbd/consolefonts/ | grep -i '.psfu.gz'
Add FONT
variable to /etc/vconsole.conf
according to your display density. For HiDPI displays:
echo "FONT=latarcyrheb-sun32" >> /etc/vconsole.conf
For low DPI displays:
echo "FONT=latarcyrheb-sun16" >> /etc/vconsole.conf
Create the hostname file:
echo "my-hostname" > /etc/hostname
Complete the network configuration for the newly installed environment. That may include installing suitable network management software.
Set the root password:
passwd
Creating a new initramfs is usually not required, because mkinitcpio was run on installation of the kernel package with pacstrap.
For system encryption modify mkinitcpio.conf(5) and recreate the initramfs image:
mkinitcpio -P
Select the CPU architecture:
export CPU_ARCH=amd # amd or intel
Enable microcode updates.
pacman -S $CPU_ARCH-ucode
Basic set of essential packages:
pacman -Sy \
base-devel \
man-db man-pages \
nano nano-syntax-highlighting \
networkmanager iw wireless-regdb \
bluez bluez-utils
To verify the boot mode, list the efivars directory:
ls /sys/firmware/efi/efivars
If the command shows the directory without error, then the system is booted in UEFI mode.
Choose and install a Linux-capable boot loader. For example systemd-boot.
Use bootctl(1) to install systemd-boot to the ESP mountpoint, e.g. /boot
:
bootctl install
This will copy the systemd-boot EFI boot manager to the ESP: on an x64 architecture system /usr/lib/systemd/boot/efi/systemd-bootx64.efi
will be copied to /boot/EFI/systemd/systemd-bootx64.efi
and /boot/EFI/BOOT/BOOTX64.EFI
, and systemd-boot will be set as the default EFI application.
Note
- When running
bootctl install
,systemd-boot
will try to locate the ESP at/efi
,/boot
, and/boot/efi
. (See bootctl(1) § OPTIONS for details.)- Installing systemd-boot will overwrite any existing
esp/EFI/BOOT/BOOTX64.EFI
, e.g. Microsoft's version of the file.
The loader configuration is stored in the file /boot/loader/loader.conf
. See loader.conf(5) § OPTIONS for details.
Note
Ifoptions
is present in a boot entry and Secure Boot is disabled, the value ofoptions
will override any.cmdline
string embedded in the EFI image that is specified byefi
orlinux
(see Unified kernel image#Preparing a unified kernel image). With Secure Boot, however,options
(and any edits made to the kernel command line in the bootloader UI) will be ignored, and only the embedded.cmdline
will be used.
Use the initrd
option to load the microcode, before the initial ramdisk. If not compiled into the kernel, microcode must be loaded by the early loader. It can be passed to the loader as part of a unified kernel image, or as an initrd image.
The latest microcode *-ucode.img
must be available at boot time in your ESP. The ESP must be mounted as /boot
in order to have the microcode updated every time microcode is updated.
An example of loader files launching Arch from a volume labeled ARCH_OS
and loading AMD CPU microcode is provided below.
Contents of /boot/loader/loader.conf
:
default arch.conf
timeout 3
editor no
#console-mode keep
Contents of /boot/loader/entries/arch.conf
:
title Arch Linux
linux /vmlinuz-linux-lts
initrd /amd-ucode.img
initrd /initramfs-linux-lts.img
options root="LABEL=ARCH_OS" rw nmi_watchdog=0
Contents of /boot/loader/entries/arch-fallback.conf
:
title Arch Linux Fallback
linux /vmlinuz-linux-lts
initrd /amd-ucode.img
initrd /initramfs-linux-lts-fallback.img
options root="LABEL=ARCH_OS" rw nmi_watchdog=0
Tip
- The available boot entries which have been configured can be listed with the command
bootctl list
.- An example entry file is located at
/usr/share/systemd/bootctl/arch.conf
.- The kernel parameters for scenarios such as LUKS or dm-crypt can be found on the relevant pages.
Optionally manually unmount all the partitions with
umount -R /mnt
this allows noticing any "busy" partitions, and finding the cause with fuser(1).
Exit the chroot environment by pressing Ctrl+d
or typing
exit
Finally, restart the machine by typing
reboot
any partitions still mounted will be automatically unmounted by systemd. Remember to remove the installation medium and then login into the new system with the root account.
See General recommendations for system management directions and post-installation tutorials (like creating unprivileged user accounts, setting up a graphical user interface, sound or a touchpad).
For a list of applications that may be of interest, see List of applications.
Enable NetworkManager:
systemctl enable --now NetworkManager.service
systemctl enable --now systemd-resolved.service
Connect to the network using nmtui
nmtui
Enable Bluetooth:
systemctl enable --now bluetooth.service
A new installation leaves you with only the superuser account, better known as "root". Logging in as root for prolonged periods of time, possibly even exposing it via SSH on a server, is insecure. Instead, you should create and use unprivileged user account(s) for most tasks, only using the root account for system administration. See Users and groups#User management for details.
Users and groups are a mechanism for access control; administrators may fine-tune group membership and ownership to grant or deny users and services access to system resources. Read the Users and groups article for details and potential security risks.
NEWUSER=<USERNAME>
To add a new user, use the useradd
command:
useradd -m -G sys,rfkill,wheel -s /bin/bash $NEWUSER
Set password for this user with passwd command:
passwd $NEWUSER
Read Security for recommendations and best practices on hardening the system.
For a list of applications to allow running commands or starting an interactive shell as another user (e.g. root), see List of applications/Security#Privilege elevation.
Install the sudo package.
pacman -S sudo
To allow members of group wheel sudo access, create /etc/sudoers.d/wheel
:
echo "%wheel ALL=(ALL:ALL) ALL" > /etc/sudoers.d/wheel
Tip
When creating new administrators, it is often desirable to enable sudo access for thewheel
group and add the user to it, since by default Polkit treats the members of thewheel
group as administrators. If the user is not a member ofwheel
, software using Polkit may ask to authenticate using the root password instead of the user password.
systemctl enable --now fstrim.timer
Also you can install smartctl tool
pacman -Sy smartmontools
Install power-profiles-daemon:
pacman -Sy power-profiles-daemon
Install PipeWire and WirePlumber:
Tip
Packagespipewire-alsa
,pipewire-pulse
andpipewire-jack
ships configuration that prompt media-session to activate PipeWire's audio features.
pacman -Sy \
sof-firmware \
alsa-firmware \
pipewire \
wireplumber \
pipewire-alsa \
pipewire-pulse \
pipewire-jack \
alsa-utils
pacman -Sy \
gnome \
gst-plugin-pipewire \
xdg-desktop-portal-gnome \
dconf-editor \
gnome-shell-extensions \
gnome-shell-extension-appindicator \
gnome-software-packagekit-plugin
Enable GDM
systemctl enable gdm.service
Restart the machine by typing reboot
.
See MAINTENANCE.md
See DEVICES.md