After many hours I've finally been able to get Arch Linux ARM running on my Raspberry Pi server. I wanted to document the journey.
To start we will need the 64 bit raspbian on the SD card so that we can setup the SSD. Once you have it flashed, do a full system update followed by updating the eeprom and installing the required packages: btrfs-progs, cryptsetup and lvm2. You'll have to reboot after that for the eeprom update to go through.
apt update
apt full-upgrade
rpi-eeprom-update -a
apt install btrfs-progs cryptsetup lvm2
reboot
Now that everything is up to date, we can start by formatting the SSD as described in the Arch Linux ARM installation guide
fdisk /dev/sdX
o p # create and display new dos table
n ENTER ENTER +256M t c # boot partition
n ENTER ENTER ENTER # crypt partition
w
Once the SSD is formatted, we can setup LVM on LUKS.
cryptsetup luksFormat /dev/sdX2
cryptsetup open /dev/sdX2 crypt
pvcreate /dev/mapper/crypt
vgcreate vg0 /dev/mapper/crypt
lvcreate -L 8G vg0 -n swap
lvcreate -L 32G vg0 -n root
lvcreate -l 100%FREE vg0 -n home
Once lvm is set up, we can format and mount the partitions. I'm going to be using btrfs for both root and home, but ext4 will work just fine.
mkfs.btrfs /dev/vg0/root
mkfs.btrfs /dev/vg0/home
mkswap /dev/vg0/swap
mkfs.vfat /dev/sdX1
mount /dev/vg0/root /mnt
mkdir /mnt/boot /mnt/home
mount /dev/vg0/home /mnt/home
mount /dev/sdX1 /mnt/boot
Now we can download the archlinuxarm aarch64 rootfs.
curl -JLO http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-aarch64-latest.tar.gz
tar vxpf ArchLinuxARM-rpi-aarch64-latest.tar.gz -C /mnt
sync
At this point we have to chroot into the arch rootfs to set everything up.
cd /mnt
mount -t proc /proc proc/
mount -t sysfs /sys sys/
mount --rbind /dev dev/
cp /etc/resolv.conf etc/resolv.conf
rm -f etc/resolv.conf # if copying fails
chroot /mnt /bin/bash
And we're in!
We'll start by completing the Arch Linux ARM guide.
pacman-key --init
pacman-key --populate archlinuxarm
pacman -Syyu
The setup in the Arch Linux installation guide is also worth doing.
# generating fstab from the chroot
pacman -S arch-install-scripts
genfstab -U / >> /etc/fstab
# edit /etc/fstab to make sure everything looks good
pacman -Rsn arch-install-scripts # optional
After that we can replace the default kernel for raspberry pi's.
pacman -Rsn linux-aarch64 uboot-raspberrypi
pacman -S linux-rpi
Our first priority is to setup the ramfs to decrypt, mount lvm and do all that
over ssh.
I'd start by adding the required hooks in /etc/mkinitcpio.conf, they should look
something like base udev autodetect keyboard keymap modconf block net
tinyssh encryptssh lvm2 filesystems fsck. Instead of
tinyssh, you could use
dropbear.
You'll also need the public ssh keys of clients you want to connect from during
initramfs stored in /etc/tinyssh/root_key
pacman -S tinyssh mkinitcpio-tinyssh mkinitcpio-utils mkinitcpio-nfs-utils
mkinitcpio -P # installing the packages should do this automatically
To enable ssh once the system has booted, enable the tinyssh socket. tinyssh
only uses public key authentication, so make sure you have keys in
~/.ssh/authorized_keys
systemctl enable tinyssh@22.socket
Finally, I would recommend you read through Arch's general recommendations.
And that's the setup, from here you can set up things like dendrite, git server, syncthing, website
My editor of choice is neovim.
pacman -S nvim
pacman -Rsn nano vi
ln -sf nvim /bin/vim
Instead of sudo, is use doas.
pacman -S opendoas
echo "permit nopass :wheel" > /etc/doas.conf # could use vim
pacman -Rsn sudo
ln -sf doas /bin/sudo