To set up a network connection in the live environment, go through the following steps:
- Ensure your network interface is listed and enabled, for example with ip-link(8):
ip link-
For wireless and WWAN, make sure the card is not blocked with rfkill.
-
Connect to the network:
-
The connection may be verified with ping:
For example, assuming your wireless device named wlan0:
iwctl station wlan0 connect <SSID>Test your connection:
ping -с 3 archlinux.orgNote
In the installation image, systemd-networkd, systemd-resolved, iwd and ModemManager are preconfigured and enabled by default. That will not be the case for the installed system.
In the live environment systemd-timesyncd is enabled by default and time will be synced automatically once a connection to the internet is established.
Use timedatectl(1) to ensure the system clock is synchronized:
timedatectl set-ntp true
timedatectl statusWhen recognized by the live system, disks are assigned to a block device such as /dev/sda, /dev/nvme0n1 or /dev/mmcblk0. To identify these devices, use lsblk.
lsblk -o +PARTLABELResults ending in rom, loop or airoot may be ignored.
The following partitions are required for a chosen device:
- One partition for the root directory
/. - For booting in UEFI mode: an EFI system partition.
Warning
If you want to create any stacked block devices do it now.
Given:
~1000G- NVME SSD on/dev/nvme0n1device16G- RAM
Use sgdisk to modify partition tables.
export DRIVE=/dev/nvme0n1Disk partition example:
Mount point Partition number Partition type Suggested size
/mnt/boot /dev/nvme0n1p1 EFI system partition 1G, or at least 550 MiB
[SWAP] /dev/nvme0n1p2 Linux swap 32G, about 2*RAM size
/mnt /dev/nvme0n1p3 Linux root (x86-64) 128G, or at least 23–32 GiB
/mnt/home /dev/nvme0n1p4 Linux home Remainder of the device
See also Partitioning#Example layouts.
Tip
On UEFI-booted systems, if specific conditions are met, systemd-gpt-auto-generator(8) will automount GPT partitions following the Discoverable Partitions Specification.
Zap the disk:
sgdisk --zap-all $DRIVE
Warning
Zap (destroy) the GPT and MBR data structures and then exit. This option works much like -z, but as it wipes the MBR as well as the GPT, it's more suitable if you want to repartition a disk after using this option, and completely unsuitable if you've already repartitioned the disk.
Create the partitions:
sgdisk --new=1:0:+1GiB --typecode=1:ef00 --change-name=1:EFI $DRIVE
sgdisk --new=2:0:+32GiB --typecode=2:8200 --change-name=2:swap $DRIVE
sgdisk --new=3:0:+128GiB --typecode=3:8304 --change-name=3:system $DRIVE
sgdisk --new=4:0:0 --typecode=4:8302 --change-name=4:home $DRIVETip
Usesgdisk -L | lessto list all available partition type codes.
Check the partitions:
lsblk -o +PARTLABELOnce the partitions have been created, each newly created partition must be formatted with an appropriate file system. See File systems#Create a file system for details.
[Format](https://wiki.archlinux.org/title/ EFI_system_partition#Format_the_partition) EFI system partition:
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFIWarning
Only format the EFI system partition if you created it during the partitioning step. If there already was an EFI system partition on disk beforehand, reformatting it can destroy the boot loaders of other installed operating systems.
Format and mount root partition:
mkfs.ext4 -L system /dev/disk/by-partlabel/systemFormat home partition:
mkfs.ext4 -L home /dev/disk/by-partlabel/homeFormat and enable swap partition:
mkswap -L swap /dev/disk/by-partlabel/swap
swapon -L swapMount system partitions to /mnt:
mount -o noatime LABEL=system /mnt
mount -o noatime --mkdir LABEL=EFI /mnt/boot
mount -o noatime --mkdir LABEL=home /mnt/homeUse the pacstrap(8) script to install the base package, Linux kernel and firmware for common hardware:
pacstrap -K /mnt base linux-lts linux-firmwareTip
The base package does not include all tools from the live installation, so installing other packages may be necessary for a fully functional base system.
In particular, consider installing:
- userspace utilities for the management of file systems that will be used on the system,
- utilities for accessing RAID or LVM partitions,
- specific firmware for other devices not included in linux-firmware (e.g. sof-firmware for sound cards),
- software necessary for networking, for example NetworkManager and BlueZ,
- a text editor, for example nano or vim
- packages for accessing documentation in man and info pages: man-db, man-pages and texinfo.
To install other packages or package groups, append the names to the pacstrap command above (space separated) or use pacman while chrooted into the new system.
For comparison, packages available in the live system can be found in pkglist.x86_64.txt.
Generate an fstab file (use -U or -L to define by UUID or labels, respectively):
genfstab -L /mnt >> /mnt/etc/fstabCheck the resulting /mnt/etc/fstab file, and edit it in case of errors. Also, you can add corresponding mount options to extend your ssd lifespan.
Change root into the new system:
arch-chroot /mntSet the time zone, for example Asia/Yekaterinburg:
ln -sf /usr/share/zoneinfo/Asia/Yekaterinburg /etc/localtimeRun hwclock(8) to generate /etc/adjtime:
hwclock --systohcThis command assumes the hardware clock is set to UTC. See System time#Time standard for details.
Edit /etc/locale.gen and uncomment or add your preffered locales and en_US.UTF-8 UTF-8 which is commonly used as a fallback locale.
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
echo "ru_RU.UTF-8 UTF-8" >> /etc/locale.genGenerate the locales by running:
locale-genCreate the locale.conf(5) file, and set the LANG variable accordingly.
Create /etc/locale.conf with the follwing content:
echo "LANG=ru_RU.UTF-8" > /etc/locale.confIf you set the console keyboard layout, make the changes persistent in vconsole.conf(5).
Available layouts can be listed with:
localectl list-keymapsFor example, create /etc/vconsole.conf with following content, to set a russian keyboard layout:
echo "KEYMAP=ru" >> /etc/vconsole.confConsole fonts are located in /usr/share/kbd/consolefonts/ and can likewise be set with setfont(8).
ls -l /usr/share/kbd/consolefonts/ | grep -i '.psfu.gz'Add FONT variable to /etc/vconsole.conf according to your display density. For HiDPI displays:
echo "FONT=latarcyrheb-sun32" >> /etc/vconsole.confFor low DPI displays:
echo "FONT=latarcyrheb-sun16" >> /etc/vconsole.confCreate the hostname file:
echo "my-hostname" > /etc/hostnameComplete the network configuration for the newly installed environment. That may include installing suitable network management software.
Set the root password:
passwdCreating a new initramfs is usually not required, because mkinitcpio was run on installation of the kernel package with pacstrap.
For system encryption modify mkinitcpio.conf(5) and recreate the initramfs image:
mkinitcpio -PSelect the CPU architecture:
export CPU_ARCH=amd # amd or intelEnable microcode updates.
pacman -S $CPU_ARCH-ucodeBasic set of essential packages:
pacman -Sy \
base-devel \
man-db man-pages \
nano nano-syntax-highlighting \
networkmanager iw wireless-regdb \
bluez bluez-utilsTo verify the boot mode, list the efivars directory:
ls /sys/firmware/efi/efivarsIf the command shows the directory without error, then the system is booted in UEFI mode.
Choose and install a Linux-capable boot loader. For example systemd-boot.
Use bootctl(1) to install systemd-boot to the ESP mountpoint, e.g. /boot:
bootctl installThis will copy the systemd-boot EFI boot manager to the ESP: on an x64 architecture system /usr/lib/systemd/boot/efi/systemd-bootx64.efi will be copied to /boot/EFI/systemd/systemd-bootx64.efi and /boot/EFI/BOOT/BOOTX64.EFI, and systemd-boot will be set as the default EFI application.
Note
- When running
bootctl install,systemd-bootwill try to locate the ESP at/efi,/boot, and/boot/efi. (See bootctl(1) § OPTIONS for details.)- Installing systemd-boot will overwrite any existing
esp/EFI/BOOT/BOOTX64.EFI, e.g. Microsoft's version of the file.
The loader configuration is stored in the file /boot/loader/loader.conf. See loader.conf(5) § OPTIONS for details.
Note
Ifoptionsis present in a boot entry and Secure Boot is disabled, the value ofoptionswill override any.cmdlinestring embedded in the EFI image that is specified byefiorlinux(see Unified kernel image#Preparing a unified kernel image). With Secure Boot, however,options(and any edits made to the kernel command line in the bootloader UI) will be ignored, and only the embedded.cmdlinewill be used.
Use the initrd option to load the microcode, before the initial ramdisk. If not compiled into the kernel, microcode must be loaded by the early loader. It can be passed to the loader as part of a unified kernel image, or as an initrd image.
The latest microcode *-ucode.img must be available at boot time in your ESP. The ESP must be mounted as /boot in order to have the microcode updated every time microcode is updated.
An example of loader files launching Arch from a volume labeled ARCH_OS and loading AMD CPU microcode is provided below.
Contents of /boot/loader/loader.conf:
default arch.conf
timeout 3
editor no
#console-mode keep
Contents of /boot/loader/entries/arch.conf:
title Arch Linux
linux /vmlinuz-linux-lts
initrd /amd-ucode.img
initrd /initramfs-linux-lts.img
options root="LABEL=ARCH_OS" rw nmi_watchdog=0
Contents of /boot/loader/entries/arch-fallback.conf:
title Arch Linux Fallback
linux /vmlinuz-linux-lts
initrd /amd-ucode.img
initrd /initramfs-linux-lts-fallback.img
options root="LABEL=ARCH_OS" rw nmi_watchdog=0
Tip
- The available boot entries which have been configured can be listed with the command
bootctl list.- An example entry file is located at
/usr/share/systemd/bootctl/arch.conf.- The kernel parameters for scenarios such as LUKS or dm-crypt can be found on the relevant pages.
Optionally manually unmount all the partitions with
umount -R /mntthis allows noticing any "busy" partitions, and finding the cause with fuser(1).
Exit the chroot environment by pressing Ctrl+d or typing
exitFinally, restart the machine by typing
rebootany partitions still mounted will be automatically unmounted by systemd. Remember to remove the installation medium and then login into the new system with the root account.
See General recommendations for system management directions and post-installation tutorials (like creating unprivileged user accounts, setting up a graphical user interface, sound or a touchpad).
For a list of applications that may be of interest, see List of applications.
Enable NetworkManager:
systemctl enable --now NetworkManager.service
systemctl enable --now systemd-resolved.serviceConnect to the network using nmtui
nmtuiEnable Bluetooth:
systemctl enable --now bluetooth.serviceA new installation leaves you with only the superuser account, better known as "root". Logging in as root for prolonged periods of time, possibly even exposing it via SSH on a server, is insecure. Instead, you should create and use unprivileged user account(s) for most tasks, only using the root account for system administration. See Users and groups#User management for details.
Users and groups are a mechanism for access control; administrators may fine-tune group membership and ownership to grant or deny users and services access to system resources. Read the Users and groups article for details and potential security risks.
NEWUSER=<USERNAME>To add a new user, use the useradd command:
useradd -m -G sys,rfkill,wheel -s /bin/bash $NEWUSERSet password for this user with passwd command:
passwd $NEWUSER
Read Security for recommendations and best practices on hardening the system.
For a list of applications to allow running commands or starting an interactive shell as another user (e.g. root), see List of applications/Security#Privilege elevation.
Install the sudo package.
pacman -S sudoTo allow members of group wheel sudo access, create /etc/sudoers.d/wheel:
echo "%wheel ALL=(ALL:ALL) ALL" > /etc/sudoers.d/wheelTip
When creating new administrators, it is often desirable to enable sudo access for thewheelgroup and add the user to it, since by default Polkit treats the members of thewheelgroup as administrators. If the user is not a member ofwheel, software using Polkit may ask to authenticate using the root password instead of the user password.
systemctl enable --now fstrim.timerAlso you can install smartctl tool
pacman -Sy smartmontoolsInstall power-profiles-daemon:
pacman -Sy power-profiles-daemonInstall PipeWire and WirePlumber:
Tip
Packagespipewire-alsa,pipewire-pulseandpipewire-jackships configuration that prompt media-session to activate PipeWire's audio features.
pacman -Sy \
sof-firmware \
alsa-firmware \
pipewire \
wireplumber \
pipewire-alsa \
pipewire-pulse \
pipewire-jack \
alsa-utilspacman -Sy \
gnome \
gst-plugin-pipewire \
xdg-desktop-portal-gnome \
dconf-editor \
gnome-shell-extensions \
gnome-shell-extension-appindicator \
gnome-software-packagekit-pluginEnable GDM
systemctl enable gdm.serviceRestart the machine by typing reboot.
See MAINTENANCE.md
See DEVICES.md