Add Installing Arch Linux on a Thinkpad X220

7 files changed, 610 insertions, 2 deletions

diff --git a/config.php b/config.php
index 63f47f9..d8db889 100644
--- a/config.php
+++ b/config.php
@@ -11,7 +11,7 @@ return [
     'siteName'        => 'davidtsadler.com',
     'siteDescription' => 'My little bit of the Internet',
     'siteAuthor'      => 'David T. Sadler',
-    'perPage'         => 2,
+    'perPage'         => 50,
 
     // Collections
     'collections' => [
diff --git a/source/_assets/sass/_tags.scss b/source/_assets/sass/_tags.scss
index fc7e5ec..a2256e8 100644
--- a/source/_assets/sass/_tags.scss
+++ b/source/_assets/sass/_tags.scss
@@ -5,6 +5,11 @@
       @apply text-white;
     }
 
+    &.arch {
+      background-color: #1793D1;
+      @apply text-white;
+    }
+
     &.linux {
       background-color: #FFFFFF;
       @apply text-black;
diff --git a/source/_posts/installing_arch_linux_on_a_x220_thinkpad.md b/source/_posts/installing_arch_linux_on_a_x220_thinkpad.md
new file mode 100644
index 0000000..1fa280c
--- /dev/null
+++ b/source/_posts/installing_arch_linux_on_a_x220_thinkpad.md
@@ -0,0 +1,594 @@
+---
+extends: _layouts.post
+section: content
+title: Installing Arch Linux on a Thinkpad X220
+description: This is a guide to how I installed Arch Linux onto my Thinkpad X220.
+tags: [Arch]
+---
+
+## Introduction
+
+So I purchased a used Thinkpad X220 for about £90 on eBay and decided to install Arch Linux onto it. This guide is the steps that I took to achieve this.
+
+Now when it comes to Linux there is always more than one way of doing things and this guide is just my preferred way. Feel free to follow it for your own installation, just keep in mind that you may have to change some of the steps to suit your own circumstances. Also there is every chance that the information presented here will be out of date so I recommend that you at least read the through the [official installation guide](https://www.archlinux.org/Installation_guide/) for the most up-to-date information.
+
+## Download the Arch Linux ISO Image
+
+The Arch Linux [download](https://www.archlinux.org/download/) page provides direct download and torrent links. You should also download the PGP signature to the same location and use the *gpg* command to verify that the ISO has not been compromised.
+
+```shell
+$ gpg --keyserver-options auto-key-retrieve --verify archlinux-2020.05.01-x86_64.iso.sig
+```
+
+## Create a live USB of Arch Linux
+
+Flash the image to a USB drive using [Etcher](https://www.balena.io/etcher/). Alternatively you can use the dd command. Just ensure that */path/to/archlinux.iso* is to where you have downloaded the image and that */dev/sdx* is your USB drive.
+
+```shell
+dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync
+```
+
+## Boot the live environment
+
+I wanted to make sure that the Thinkpad was using UEFI as I would be using EFISTUB to load the Linux kernel as an EFI executable. This is done through the BIOS which can be gotten to by pressing the *ThinkVantage* button as the machine is booting before pressing *F1* to get to the BIOS settings. From there navigate to *Startup* and changed the *UEFI/Legacy Boot* option to be *UEFI Only*. Press *F10* to save and exit the BIOS and then power down the machine.
+
+With the USB drive plugged in power the machine back on, all the while pressing *F12* until the boot menu appears and select *USB HDD: Mass Storage Device* and wait for the installation image to boot. When prompted select *Arch Linux archiso X86_64 UEFI CD* where you will be take to the live environment's terminal. 
+
+## Set the keyboard layout
+
+The default console map is US which meant that for me pressing *Shift+3* was displaying the hash symbol (#) instead of the pound symbol (£). So the UK keyboard layout needed to be loaded.
+
+```shell
+$ loadkeys uk
+```
+
+You can get a list of supported keyboard layouts if you need to load a different one.
+
+```shell
+ls /usr/share/kbd/keymaps/**/*.map.gz
+```
+
+## Verify the boot mode
+
+To verify that the Thinkpad has UEFI enabled check that the *efivars* directory exists.
+
+```shell
+$ ls /sys/firmware/efi/efivars
+```
+
+## Connect to the internet
+
+Verify that the machine can connect to the internet with the *ping* command.
+
+```shell
+$ ping -c3 davidtsadler.com
+```
+
+Before booting the machine I plugged in an Ethernet cable that was connected directly to my home network's router. The installation environment detected the network connection and obtained an IP address via DHCP. 
+
+## Update the system clock
+
+Ensure the system clock is correct.
+
+```shell
+$ timedatectl set-ntp true
+```
+
+## Partition the disks
+
+Use the *lsblk* command to determine which disks and partitions exist on the system.
+
+```shell
+$ lsblk
+
+NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
+loop0    7:0    0   535M  1 loop /run/archiso/sfs/airootfs
+sda      8:0    0 298.1G  0 disk
+sdb      8:16   1   7.4G  0 disk
+├─sdb1   8:17   1   652M  0 part /run/archiso/bootmnt
+└─sdb2   8:18   1    64M  0 part
+```
+
+From the above output I could see that my hard drive was *sda* as *sdb* was the USB drive and *loop0* could just be ignored.
+
+I knew that I wanted to have an encrypted partition and make use of LVM on it so my disk layout would be.
+
+```
++-------------------+ +--------------------------------------------------------+
+| Boot partition    | | Logical volume 1 | Logical volume 2 | Logical volume 3 |
+|                   | |                  |                  |                  |
+| /boot             | | /                | [SWAP]           | /home            |
+|                   | |                  |                  |                  |
+|                   | | 50G              | 16G              | 200G             |
+|                   | |                  |                  |                  |
+|                   | | /dev/vg0/root    | /dev/vg0/swap    | /dev/vg0/home    |
+|                   | |_ _ _ _ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ |
+|                   | |                                                        |
+|                   | |              LUKS2 encrypted partition                 |
+| /dev/sda1 (512MB) | |                    /dev/sda2                           |
++-------------------+ +--------------------------------------------------------+
+```
+
+The hard drive would be split into two partitions. The first, *sdb1* would be 512MB in size and mounted in the file system at */boot*. This would be the EFI system partition. The reminder of the disk space would be given to the partition *sda2* and encrypted using LUKS2. LVM would then be used to create the volume group *vg0* that would be divided into three partitions as logical volumes.
+
+- */dev/vg0/root* 50G root partition.
+- */dev/vg0/swap* 16G swap partition.
+- */dev/vg0/home* 200G home partition.
+
+Use *fdisk* to create the partitions.
+
+```shell
+$ fdisk /dev/sda
+```
+
+Enter **g** to create a new empty GPT partition table
+
+```shell
+Command (m for help): g
+Created a new GPT disklabel (GUID: 6987D065-936E-1547-9F02-F78145025A96).
+```
+
+Since this is a UEFI system there must be a EFI partition at the beginning of the disk. Enter **n** to add a new partition and enter **1** to assign it as the first partition. Use the default value for the first sector but enter **+512M** for the last sector.
+
+```shell
+Command (m for help): n
+Partition number (1-128, default 1): 1
+First sector (2048-625142414, default 2048): 
+Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-625142414, default 625142414): +512M
+
+Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.
+```
+
+Enter **t** to change the partition type and enter **1** to make it an EFI System. You can also get a list of partition types by pressing **L**.
+
+```shell
+Command (m for help): t
+Selected partition 1
+Partition type (type L to list all types): 1
+Changed type of partition 'Linux filesystem' to 'EFI System'.
+```
+
+To create the second partition enter **n** again to add another partition, and then enter **2** to assign it as the second partition. Use the default values for both first and last sectors to allocate the remainder of the drive.
+
+```shell
+Command (m for help): n
+Partition number (2-128, default 2): 2
+First sector (1050624-625142414, default 1050624): 
+Last sector, +/-sectors or +/-size{K,M,G,T,P} (1050624-625142414, default 625142414): 
+
+Created a new partition 2 of type 'Linux filesystem' and of size 297.6 GiB.
+```
+
+Enter **w** to write the changes and quit.
+
+```shell
+Command (m for help): w
+The partition table has been altered.
+Calling ioctl() to re-read partition table.
+Syncing disks.
+```
+
+Use *lsblk* to confirm that two partitions have been created.
+
+```shell
+$ lsblk /dev/sda
+
+NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
+sda      8:0    0 298.1G  0 disk
+├─sda1   8:1    0   512M  0 part
+└─sda2   8:2    0 297.6G  0 part
+```
+
+## LUKS
+
+Encrypt the second partition with the *cryptsetup* command. 
+
+```shell
+$ cryptsetup luksFormat /dev/sda2
+```
+
+When prompted enter **YES** in capitals to overwrite any data that is currently on the partition. 
+
+```shell
+WARNING!
+========
+This will overwrite data on /dev/sda2 irrevocably.
+
+Are you sure? (Type 'yes' in capital letters): YES
+```
+
+Enter and verify a passphrase. Whenever the machine is now booted you will be prompted to enter this passphrase in order for the partition to be decrypted.
+
+```shell
+Enter passphrase for /dev/sda2: 
+Verify passphrase: 
+cryptsetup luksFormat /dev/sda2  17.01s user 1.05s system 105% cpu 17.106 total
+```
+
+## LVM on LUKS
+
+Before setting up LVM decrypt the partition.
+
+```shell
+$ cryptsetup open /dev/sda2 cryptlvm
+```
+
+You will be prompted to enter the passphrase that you set up earlier.
+
+```shell
+Enter passphrase for /dev/sda2: 
+cryptsetup open /dev/sda2 cryptlvm  6.48s user 0.36s system 92% cpu 7.436 total
+```
+
+Create a physical volume.
+
+```shell
+$ pvcreate /dev/mapper/cryptlvm
+```
+
+Create a volume group called *vg0*.
+
+```shell
+$ vgcreate vg0 /dev/mapper/cryptlvm
+```
+
+Create three logical volumes for the root, swap and home partitions.
+
+```shell
+$ lvcreate -L 50G vg0 -n root
+$ lvcreate -L 16G vg0 -n swap
+$ lvcreate -L 200G vg0 -n home
+```
+
+Make use of *lsblk* again to verify that LVM has been setup as expected.
+
+```shell
+$ lsblk /dev/sda
+
+NAME           MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
+sda              8:0    0 298.1G  0 disk  
+├─sda1           8:1    0   512M  0 part  
+└─sda2           8:2    0 297.6G  0 part  
+  └─cryptlvm   254:0    0 297.6G  0 crypt 
+    ├─vg0-root 254:1    0    50G  0 lvm   
+    ├─vg0-swap 254:2    0    16G  0 lvm   
+    └─vg0-home 254:3    0   200G  0 lvm
+```
+
+## Format the partitions
+
+Format the boot partition at */dev/sda1* with a FAT32 file system as the UEFI specification requires the usage of it.
+
+```shell
+$ mkfs.fat -F32 /dev/sda1
+```
+
+The root and home partitions can be formatted with ext4.
+
+```shell
+$ mkfs.ext4 /dev/vg0/root
+$ mkfs.ext4 /dev/vg0/home
+```
+
+Initialise the swap partition.
+
+```shell
+$ mkswap /dev/vg0/swap
+$ swapon /dev/vg0/swap
+```
+
+## Mount the file systems
+
+Mount the root partition into */mnt*.
+
+```shell
+$ mount /dev/vg0/root /mnt
+```
+
+Mount the boot partition into */mnt/boot*. 
+
+```shell
+$ mkdir /mnt/boot
+$ mount /dev/sda1 /mnt/boot
+```
+
+Finally mount the home partition into */mnt/home*.
+
+```shell
+$ mkdir /mnt/home
+$ mount /dev/vg0/home /mnt/home
+```
+
+## Select the mirrors
+
+All mirror servers defined in */etc/pacman.d/mirrorlist* where done at the time the installation image was built. Since it's ideal to try and use servers that are close to your location you can rebuild the list using the *rankmirrors* utility. This is not included by default on the live environment so you will need to download it.
+
+First sync the pacman repository.
+
+```shell
+pacman -Syy
+```
+
+Then download the *pacmain-contrib* package which contains the *rankmirrors* utility.
+
+```shell
+$ pacman -S pacman-contrib
+```
+
+The official [Pacman Mirrorlist Generator](https://www.archlinux.org/mirrorlist/) can be used to get an up-to-date list of servers for your country. The below command obtains a list of UK servers that support https and pass it to *rankmirrors* to obtain the 5 fastest.
+
+```shell
+$ curl -s "https://www.archlinux.org/mirrorlist/?country=GB&protocol=https&use_mirror_status=on" | sed -e 's/^#Server/Server/' -e '/^#/d' | rankmirrors -n 5 - > /etc/pacman.d/mirrorlist
+```
+
+## Install essential packages
+
+The *pacstrap* script is used to install the base package, Linux kernel and firmware.
+
+```shell
+$ pacstrap /mnt base linux linux-firmware vim wpa_supplicant dhcpcd cryptsetup lvm2 efibootmgr intel-ucode
+```
+
+I also installed a few other packages that I knew I was going to need.
+
+- *vim*. Allows you to edit files instead of using *nano*.
+- *wpa_supplicant*. Provides tools for connecting to a WPA2 protected wireless network.
+- *dhcpcd*. Needed so that you machine can obtain an IP address from your home router via dhcp.
+- *cryptsetup*. Since the partition is encrypted this package is required in order for it to be decrypted during booting. 
+- *lvm2*. Provides the LVM tools to manage the LVM partition.
+- *efibootmgr*. Needed to configure the system to boot via UEFI.
+- *intel-ucode*. Enables microcode updates during boot.
+
+## Fstab
+
+Create a *fstab* file on the new system.
+
+```shell
+$ genfstab -U /mnt >> /mnt/etc/fstab
+```
+
+## Chroot
+
+Use *arch-chroot* to enter the new system as the root user. From now on you will be configuring the new system.
+
+```shell
+$ arch-chroot /mnt
+```
+
+## Time zone
+
+Setup the timezone. Replace *Europe/London* with your timezone.
+
+```shell
+$ ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
+```
+
+Update the hardware clock.
+
+```shell
+$ hwclock --systohc
+```
+
+## Localization
+
+Use *vim* to edit */etc/locale.gen*.
+
+```shell
+$ vim /etc/locale.gen
+```
+
+Uncomment your preferred language. For me this meant *en_GB.UTF-8 UTF-8*. Save the file and exit before generating the locales.
+
+```shell
+$ locale-gen
+```
+
+Edit */etc/locale.conf*.
+
+```shell
+$ vim /etc/locale.conf
+```
+
+Add the below line. Replace *en_GB.UTF-8* with the language that you chose ealier.
+
+```
+LANG=en_GB.UTF-8
+```
+
+If you used *loadkeys* earlier you will need to edit */etc/vconsole.conf* and add your chosen keymap.
+
+```shell
+$ vim /etc/vconsole.conf
+```
+
+For me this meant adding the UK keymap.
+
+```
+KEYMAP=uk
+```
+
+## Network configuration
+
+Create the file */etc/hostname* and add an entry to it. This hostname will be the name of the machine on your network. I tend to name by devices after characters from the book [Howl's Moving Castle](https://en.wikipedia.org/wiki/Howl%27s_Moving_Castle).
+
+```shell
+$ echo suliman > /etc/hostname
+```
+
+You then need to edit the */etc/hosts* file.
+
+```shell
+$ vim /etc/hosts
+```
+
+Add the following lines to this file. Replace *suliman* with the hostname you set up earlier.
+
+```shell
+127.0.0.1	localhost
+::1		    localhost
+127.0.0.1	suliman.localdomain suliman
+```
+
+## Wireless
+
+Use the`ip` command to determine the name of the wireless network interface.
+
+
+```shell
+$ip link
+
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
+    link/ether f0:de:f1:86:e1:75 brd ff:ff:ff:ff:ff:ff
+3: wwp0s29u1u4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
+    link/ether 86:06:37:c4:9b:41 brd ff:ff:ff:ff:ff:ff
+4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
+    link/ether 08:11:96:02:10:ac brd ff:ff:ff:ff:ff:ff
+```
+
+Looking at the output of the *ip* command this is *wlan0*. This name however will not be the name of the interface once the installation has been completed. You see the Arch installation environment does not use predictable names for interfaces. This is due to it using *iwd* which is unable to cope with interface renaming and so it is disabled for wireless interfaces. When the system boots into the installed system predictable names for interfaces will be enabled and *wlan0* will be assigned a different name.
+
+In order to find out what name will be assigned use the *udevadm* command.
+
+```shell
+$ udevadm test-builtin net_id /sys/class/net/wlan0
+
+Load module index
+Parsed configuration file /usr/lib/systemd/network/99-default.link
+Parsed configuration file /usr/lib/systemd/network/80-iwd.link
+Created link configuration context.
+Using default interface naming scheme 'v245'.
+ID_NET_NAMING_SCHEME=v245
+ID_NET_NAME_MAC=wlx0811960210ac
+ID_OUI_FROM_DATABASE=Intel Corporate
+ID_NET_NAME_PATH=wlp3s0
+Unload module index
+Unloaded link configuration context.
+```
+
+What we are interested in is the value of *ID_NET_NAME_PATH* which is *wlp3s0*.
+
+My wireless network is a WPA2 protected network with a hidden SSID. Since *wpa_supplicant* has been installed when running *pacstrap* it is possible to use *wpa_passphrase* to generate the configuration file that *wpa_supplicant* will use to connect to the wireless network. Replace *&lt;SSID&gt;* and *&lt;PASSWORD&gt;* with your details. Note that the name of the configuration file contains the name of the network interface *wlp3s0*. Replace this with the name of your network interface.
+
+```shell
+$ wpa_passphrase <SSID> <PASSWORD> > /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf
+```
+If your wireless network uses a hidden SSID you will need to edit the configuration file.
+
+```shell
+$ vim /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf
+```
+
+And add the below line. 
+
+```shell
+scan_ssid=1
+```
+
+Make sure that *wpa_supplicant* starts at boot.
+
+```shell
+$ systemctl enable wpa_supplicant@wlp3s0.service
+```
+
+Have an IP address assigned via DHCP during booting.
+
+```shell
+$ systemctl enable dhcpcd@wlp3s0.service
+```
+
+## Initramfs
+
+You will need to rebuild the initial ramdisk and the current one is not aware that the filesystem will be encrypted. Before rebuilding it some configuration changes need to be made.
+
+
+```shell
+$ vim /etc/mkinitcpio.conf
+```
+
+Locate the section where the *HOOKS* are configured and replace it with the line below.
+
+```
+HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck)
+```
+
+This ensures that the keyboard is present before the filesystem is detected so that you are enter the passphrase to decrypt the partition. It also ensures that the decryption is done before the *LVM* is handled.
+
+Save the changes and exist before rebuilding with the *mkinitcpio* command. 
+
+```shell
+mkinitcpio -P
+```
+
+## EFISTUB Booting and Microcode
+
+The Thinkpad X220 UEFI implementation allows an operating system to be booted without the need for an intermediate bootloader such as GRUB. It is possible to add a UEFI boot entry to the motherboard itself and have Arch booted directly.
+
+Modifying the motherboard boot entries is done using *efibootmgr*. However usage of this command can be quite verbose so it is recommended to create a shell script instead. 
+
+```shell
+vim /usr/local/sbin/mkefibootentry
+```
+
+The shell script will call *efibootmgr* with the required arguments. 
+
+```
+#!/bin/sh
+
+# Determine the UUID of the partition that is encrypted
+PARTUUID=`blkid /dev/sda2 -s PARTUUID -o value`
+
+efibootmgr \
+  --disk /dev/sda --part 1 \
+  --create --label "Arch Linux" \
+  --loader /vmlinuz-linux \
+  --unicode 'cryptdevice=PARTUUID='$PARTUUID':cryptlvm root=/dev/vg0/root rw initrd=\intel-ucode.img initrd=\initramfs-linux.img' \
+  --verbose 
+```
+
+The *--unicode* argument is where the kernel parameters are specified. This tells the system that the partition identified by *PARTUUID* is encrypted and that the root filesystem to mount is the logical volume called *root* that is part of the volume group *vg0*. The microcode is also loaded with *initrd=\intel-ucode.img*.
+
+Make this script executable.
+
+```shell
+chmod u+x /usr/local/sbin/mkefibootentry
+```
+
+Run the script to add to the motherboard boot entries.
+
+```shell
+$ mkefibootentry
+```
+
+## Root password
+
+Create a secure password for the root user.
+
+```shell
+$ passwd
+```
+
+## Reboot
+
+Return to the Arch live installation environment.
+
+```shell
+$ exit
+```
+
+Umount the partitions.
+
+```shell
+$ umount -R /mnt
+```
+
+Restart the machine with *reboot*. Remember to remove any installation media such as a USB drive.
+
+```shell
+$ reboot
+```
+
+Provided nothing has gone wrong your machine will boot into a fresh installation of Arch Linux. Don't forget that during the boot you will be prompted to enter the passphrase to decrypt the system partition. 
+
+Following this guide will leave you with a very minimal system where you can login as the root user. From this point how you configure the system is up to you as it will be very different to how I configure my own. If you interested in seeing how I do it then see my other posts on the subject. 
diff --git a/source/_tags/arch.md b/source/_tags/arch.md
new file mode 100644
index 0000000..e965189
--- /dev/null
+++ b/source/_tags/arch.md
@@ -0,0 +1,4 @@
+---
+extends: _layouts.tag
+description: All the Arch Linux posts
+---
diff --git a/source/assets/build/css/main.css b/source/assets/build/css/main.css
index 2363e7c..bd465fc 100644
--- a/source/assets/build/css/main.css
+++ b/source/assets/build/css/main.css
@@ -779,6 +779,11 @@ ul {
   color: #fff;
 }
 
+#main-sidebar-container a.arch {
+  background-color: #1793D1;
+  color: #fff;
+}
+
 #main-sidebar-container a.linux {
   background-color: #FFFFFF;
   color: #000;
diff --git a/source/assets/build/mix-manifest.json b/source/assets/build/mix-manifest.json
index cc47247..5296b69 100644
--- a/source/assets/build/mix-manifest.json
+++ b/source/assets/build/mix-manifest.json
@@ -1,4 +1,4 @@
 {
     "/js/main.js": "/js/main.js?id=c056074a8c43f32ffbad",
-    "/css/main.css": "/css/main.css?id=bd25631159b154898f8c"
+    "/css/main.css": "/css/main.css?id=50c9d45c7204075649d0"
 }
diff --git a/source/assets/images/brave.png b/source/assets/images/brave.png
new file mode 100644
index 0000000..560aef9
--- /dev/null
+++ b/source/assets/images/brave.png