If using an old drive

$ fdisk -l
$ fdisk /dev/nvme0n1
# d if existing partitions exist
$ cryptsetup open --type plain -d /dev/urandom /dev/nvme0n1 to_be_wiped
$ dd if=/dev/zero of /dev/mapper/to_be_wiped bs=1M status progress
$ cryptsetup close to_be_wiped

partition with grub

fdisk /dev/nvme0n1
g
n
t
1
n
enter enter enter
w

create encrypted container

cryptsetup luksFormat /dev/nvme0np2

create and enter a password

open the new container

cryptsetup open /dev/nvme0n1p2 cryptlvm

enter your password

prep logical volumes

pvcreate /dev/mapper/cryptlvm 
vgcreate VolGroup /dev/mapper/cryptlvm 
lvcreate -L 10G VolGroup -n swap 
lvcreate -L 128G VolGroup -n root 
lvcreate -l 100%FREE VolGroup -n home

Format the LVM volumes

mkfs.btrfs /dev/VolGroup/root
mkfs.btrfs /dev/VolGroup/home
mkfs.fat -F32 /dev/nvme0n1p1
mkswap /dev/VolGroup/swap

Mount the new volumes to begin os installation

mount /dev/MyVolGroup/root /mnt
mount --mkdir /dev/VolGroup/home /mnt/home 
mount /dev/nvme0n1p1 /mnt/boot 
swapon /dev/VolGroup/swap

installation

do the entire 2. Installation section and 3. Configure the System up to "3.5. Network configuration" from the Arch Wiki

NOTE: if you get the "Fix "invalid or corrupted package (PGP signature)" error then do

pacman -S archlinux-keyring

and rerun the pacstrap command

NOTE: include "btrfs-progs' in the pacstrap command

pacstrap /mnt base linux linux-firmware btrfs-progs lvm2

for "3.6 Initramfs" go back to the dm-crypt article and do 3.4. Configuring mkinitcpio and "3.5 configuring the bootloader"

bootloader

First, install the bootloader, I just use grub.

pacman -S grub

use blkid to get the UUID of the 2nd partition with type "crypt-luks"

nano /etc/defualt/grub

and add the following to the line

"GRUB_CMDLINE_LINUX=" cryptdevice=UUID=<insert your UUID here>:cryptlvm root=/dev/VolGroup/root"

run the grub installer

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Encrypted Arch"

grub-mkconfig -o /boot/grub/grub.cfg

LUKS on LVM