Synchronize system time with network time servers.
timedatectl set-ntp true
Partition the NVMe storage device with GPT layout.
gdisk /dev/nvme0n1
## Command (? for help): o
## This option deletes all partitions and creates a new protective MBR.
## Proceed? (Y/N): y
##
## Command (? for help): n
## Partition number (1-128, default 1): 1
## First sector (34-4000797326, default = 2048) or {+-}size{KMGTP}: 0
## Last sector (2048-4000797326, default = 4000797326) or {+-}size{KMGTP}: +1M
## Current type is 8300 (Linux filesystem)
## Hex code or GUID (L to show codes, Enter = 8300): ef02
## Changed type of partition to 'BIOS boot partition'
##
## Command (? for help): n
## Partition number (2-128, default 2): 2
## First sector (34-4000797326, default = 4096) or {+-}size{KMGTP}: 4096
## Last sector (4096-4000797326, default = 4000797326) or {+-}size{KMGTP}: +550M
## Current type is 8300 (Linux filesystem)
## Hex code or GUID (L to show codes, Enter = 8300): ef00
## Changed type of partition to 'EFI system partition'
##
## Command (? for help): n
## Partition number (3-128, default 3): 3
## First sector (34-4000797326, default = 1130496) or {+-}size{KMGTP}: 1130496
## Last sector (1329152-500118158, default = 500117503) or {+-}size{KMGTP}: 4000797326
## Current type is 8300 (Linux filesystem)
## Hex code or GUID (L to show codes, Enter = 8300): 8309
## Changed type of partition to 'Linux LUKS'
##
## Command (? for help): w
##
## Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
## PARTITIONS!!
##
## Do you want to proceed? (Y/N): y
## OK; writing new GUID partition table (GPT) to /dev/nvme0n1.
## The operation has completed successfully.
Create LUKS1 encrypted container with robust cryptographic parameters.
cryptsetup luksFormat --type luks1 --use-random -S 1 -s 512 -h sha512 -i 5000 /dev/nvme0n1p3
## WARNING: Device /dev/nvme0n1p3 already contains a 'crypto_LUKS' superblock signature.
##
## WARNING!
## ========
## This will overwrite data on /dev/nvme0n1p3 irrevocably.
##
## Are you sure? (Type 'yes' in capital letters): YES
## Enter passphrase for /dev/nvme0n1p3:
## Verify passphrase:
Unlock the encrypted partition for use.
cryptsetup open /dev/nvme0n1p3 cryptlvm
## Enter passphrase for /dev/nvme0n1p3:
Create Btrfs filesystem and establish subvolume structure.
mkfs.btrfs -L arch /dev/mapper/cryptlvm
mount /dev/mapper/cryptlvm /mnt
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@swap
btrfs filesystem mkswapfile --size 8g --uuid clear /mnt/@swap/swapfile
umount /mnt
Mount the filesystem hierarchy with appropriate options.
mount -o noatime,compress=zstd,subvol=@ /dev/mapper/cryptlvm /mnt
mkdir /mnt/home
mount -o noatime,compress=zstd,subvol=@home /dev/mapper/cryptlvm /mnt/home
mkdir /mnt/swap
mount -o noatime,subvol=@swap /dev/mapper/cryptlvm /mnt/swap
swapon /mnt/swap/swapfile
Format and mount the EFI system partition.
mkfs.fat -F32 /dev/nvme0n1p2
mkdir /mnt/efi
mount /dev/nvme0n1p2 /mnt/efi
Install the base system packages.
pacstrap /mnt base dhcpcd linux linux-firmware btrfs-progs mkinitcpio openssh sudo vim
Generate filesystem table and enter system environment.