Raspberry Pi server on Arch Linux

After many hours I've finally been able to get Arch Linux ARM running on my Raspberry Pi server. I wanted to document the journey.


Raspbian setup

To start we will need the 64 bit raspbian on the SD card so that we can setup the SSD. Once you have it flashed, do a full system update followed by updating the eeprom and installing the required packages: btrfs-progs, cryptsetup and lvm2. You'll have to reboot after that for the eeprom update to go through.

apt update
apt full-upgrade
rpi-eeprom-update -a
apt install btrfs-progs cryptsetup lvm2

SSD Setup

Now that everything is up to date, we can start by formatting the SSD as described in the Arch Linux ARM installation guide

fdisk /dev/sdX
o p # create and display new dos table
n ENTER ENTER +256M t c # boot partition
n ENTER ENTER ENTER # crypt partition

Once the SSD is formatted, we can setup LVM on LUKS.

cryptsetup luksFormat /dev/sdX2
cryptsetup open /dev/sdX2 crypt
pvcreate /dev/mapper/crypt
vgcreate vg0 /dev/mapper/crypt
lvcreate -L 8G vg0 -n swap
lvcreate -L 32G vg0 -n root
lvcreate -l 100%FREE vg0 -n home

Once lvm is set up, we can format and mount the partitions. I'm going to be using btrfs for both root and home, but ext4 will work just fine.

mkfs.btrfs /dev/vg0/root
mkfs.btrfs /dev/vg0/home
mkswap /dev/vg0/swap
mkfs.vfat /dev/sdX1
mount /dev/vg0/root /mnt
mkdir /mnt/boot /mnt/home
mount /dev/vg0/home /mnt/home
mount /dev/sdX1 /mnt/boot

Now we can download the archlinuxarm aarch64 rootfs.

curl -JLO http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-aarch64-latest.tar.gz
tar vxpf ArchLinuxARM-rpi-aarch64-latest.tar.gz -C /mnt

At this point we have to chroot into the arch rootfs to set everything up.

cd /mnt
mount -t proc /proc proc/
mount -t sysfs /sys sys/
mount --rbind /dev dev/
cp /etc/resolv.conf etc/resolv.conf
rm -f etc/resolv.conf # if copying fails
chroot /mnt /bin/bash

And we're in!

Arch setup

We'll start by completing the Arch Linux ARM guide.

pacman-key --init
pacman-key --populate archlinuxarm
pacman -Syyu

The setup in the Arch Linux installation guide is also worth doing.

# generating fstab from the chroot
pacman -S arch-install-scripts
genfstab -U / >> /etc/fstab
# edit /etc/fstab to make sure everything looks good
pacman -Rsn arch-install-scripts # optional

After that we can replace the default kernel for raspberry pi's.

pacman -Rsn linux-aarch64 uboot-raspberrypi
pacman -S linux-rpi

Our first priority is to setup the ramfs to decrypt, mount lvm and do all that over ssh. I'd start by adding the required hooks in /etc/mkinitcpio.conf, they should look something like base udev autodetect keyboard keymap modconf block net tinyssh encryptssh lvm2 filesystems fsck. Instead of tinyssh, you could use dropbear.

You'll also need the public ssh keys of clients you want to connect from during initramfs stored in /etc/tinyssh/root_key

pacman -S tinyssh mkinitcpio-tinyssh mkinitcpio-utils mkinitcpio-nfs-utils
mkinitcpio -P # installing the packages should do this automatically

To enable ssh once the system has booted, enable the tinyssh socket. tinyssh only uses public key authentication, so make sure you have keys in ~/.ssh/authorized_keys

systemctl enable tinyssh@22.socket

Finally, I would recommend you read through Arch's general recommendations.

And that's the setup, from here you can set up things like dendrite, git server, syncthing, website

Personal tweaks

My editor of choice is neovim.

pacman -S nvim
pacman -Rsn nano vi
ln -sf nvim /bin/vim

Instead of sudo, is use doas.

pacman -S opendoas
echo "permit nopass :wheel" > /etc/doas.conf # could use vim
pacman -Rsn sudo
ln -sf doas /bin/sudo