- Arch Linux
- Encrypted volume on RAID1
- UEFI Boot with grub
- Tweaks for MacbookPro
Assuming the system has 2 identical disks of same size for RAID1 (mirroring):
sgdisk --clear /dev/sda
sgdisk --new=1:0:+512M --typecode=1:ef00 --change-name=1:"EFI System" /dev/sda
sgdisk --new=2:0:0 --typecode=2:fd00 --change-name=2:"Linux RAID" /dev/sda
# Copy partition table to second disk
sgdisk --replicate=/dev/sdb /dev/sda
sgdisk --randomize-guids /dev/sdb
# Create RAID1 for root partition
mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda2 /dev/sdb2
# Monitor RAID sync (optional)
watch cat /proc/mdstat
# Encrypt RAID array
cryptsetup luksFormat /dev/md0
cryptsetup open /dev/md0 cryptroot
# Create filesystems
mkfs.fat -F32 /dev/sda1 # EFI partition (only one needed)
mkfs.fat -F32 /dev/sdb1 # EFI partition (for redundancy)
mkfs.ext4 /dev/mapper/cryptroot
# Mount filesystems
mount /dev/mapper/cryptroot /mnt
mkdir -p /mnt/{boot,boot2}
mount /dev/sda1 /mnt/boot
mount /dev/sdb2 /mnt/boot2
# Install base system
pacstrap /mnt base linux linux-firmware mdadm
# Generate fstab
genfstab -U /mnt >> /mnt/etc/fstab
# Chroot
arch-chroot /mnt
# Basic config
ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
hwclock --systohc
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo "hostname" > /etc/hostname
# Install essential packages
pacman -S grub efibootmgr networkmanager sudo neovim
# Configure mdadm
mdadm --detail --scan >> /etc/mdadm.conf
# Configure mkinitcpio
vim /etc/mkinitcpio.conf
# HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block mdadm_udev encrypt filesystems fsck)
# Rebuild initramfs
mkinitcpio -P
# Install GRUB
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
grub-install --target=x86_64-efi --efi-directory=/boot2 --bootloader-id=GRUB-BACKUP
# Configure GRUB for encryption
vim /etc/default/grub
# GRUB_CMDLINE_LINUX="cryptdevice=/dev/md0:cryptroot"
# Generate GRUB config
grub-mkconfig -o /boot/grub/grub.cfg
# Set root password
passwd
# Create user
useradd -m -G wheel username
passwd username
visudo # Uncomment %wheel ALL=(ALL:ALL) ALL
# Enable services
systemctl enable NetworkManager
# Exit and reboot
exit
umount -R /mnt
reboot
# Check RAID status
cat /proc/mdstat
mdadm --detail /dev/md0
# Update MAILADDR to
MAILADDR root
# Install mutt
pacman -S mutt
# Enable RAID monitoring
systemctl enable mdmonitor
# install paru
sudo pacman -S --needed base-devel
git clone https://aur.archlinux.org/paru.git
cd paru
makepkg -si
paru -S mbpfan
sudo systemctl enable mbpfan
sudo systemctl start mbpfan
sudo nvim /etc/systemd/logind.conf
Change the following lines to ignore:
HandleLidSwitch=ignore
HandleLidSwitchExternalPower=ignore
HandleLidSwitchDocked=ignore
sudo nvim /etc/default/grub
# add consoleblank-30 to GRUB_CMDLINE_LINUX (will turn display off after 30 secs)
GRUB_CMDLINE_LINUX="cryptdevice=/dev/md0:cryptroot consoleblank=30"
# then update grub config file
grub-mkconfig -o /boot/grub/grub.cfg
# thermald
paru -S thermald
sudo systemctl enable thermald
sudo systemctl start thermald
# cpupower
paru -S cpupower
sudo systemctl enable cpupower
sudo systemctl start cpupower
# set governor to powersave mode
cpupower frequency-set -g powersave
# powertop
paru -S powertop
sudo cat > /etc/systemd/system/powertop.service <<EOF
[Unit]
Description=Powertop Service
[Service]
Type=oneshot
ExecStart=/usr/bin/powertop --auto-tune
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable powertop
sudo systemctl start powertop
sudo cat > /etc/modprobe.d/50-disabling.conf <<EOF
blacklist bluetooth
blacklist btusb
blacklist uvcvideo
EOF
sudo cat > /etc/modprobe.d/60-snd_hda_intel.conf <<EOF
# Enable Power Saving on Intel HDA Audio
options snd_hda_intel power_save=1
EOF
sudo cat > /etc/modprobe.d/60-i915.conf <<EOF
# Experimental options to improve power saving on Intel Graphics
options i915 enable_rc6=1 enable_fbc=1 lvds_downclock=1
EOF
Fish and starship:
paru -S fish
chsh -s $(which fish)
paru -S starship
echo 'starship init fish | source' >> ~/.config/fish/config.fish
# run fish to reload config
paru -S git htop btop nmon ranger httpie curl wget tar zip unzip less bat lsd byobu gnu-netcat lm_sensors nload openssh rustup
- Install
tinysshand required mkinit hooks
paru -S mkinitcpio-netconf mkinitcpio-tinyssh mkinitcpio-utils mkinitcpio-busybox busybox
- Copy your SSH pub key to tinyssh config folder
cat myPub.key > /etc/tinyssh/root_key
- Configure
mkinitcpio.conf
Firs the modules:
MODULES=(btrfs tg3)
Find network driver and replace the tg3 if necessary:
lspci -k | grep -A 3 Ethernet
It should tell the network adapter and the driver name.
Then HOOKS:
HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block netconf tinyssh encryptssh filesystems fsck)
- Update GRUB defaults
Add the ip=dhcp to Kernel params GRUB_CMDLINE_LINUX_DEFAULT option in /etc/default/grub then run sudo grub-mkconfig -o /boot/grub/grub.cfg.
- Generate initramfs
sudo mkinitcpio -P
- Restart the host
Now you should be able to ssh into it and unlock the disk.
ssh root@<IP>
It will promptly ask for the password for unlocking the disk and will disconnect automatically once disk is unlocked.
Wait a few seconds and you're good to SSH into the system.
Follow the steps below if you see the blinking folder icon when powering up the device:
- Hold Option at startup to see the boot menu.
- Highlight the EFI Boot icon (your Arch drive).
- Hold the Control key. The arrow below the icon will turn into a circular "Refresh/Set Default" icon [Method 1].
- Click that circular arrow while holding Control. Your Mac's hardware will now remember Arch as the permanent first choice, bypassing the need for Linux-level configuration.
That's it! Enjoy your Linux system :D