diff --git a/.gitignore b/.gitignore index 1d74e21..b05ae27 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .vscode/ +venv/ \ No newline at end of file diff --git a/arch/base.md b/arch/base.md index 5216c5b..d838b7a 100644 --- a/arch/base.md +++ b/arch/base.md @@ -9,8 +9,6 @@ I have instructions for building a: ## Table of Contents - - - [Arch Base](#arch-base) - [Table of Contents](#table-of-contents) - [Installation](#installation) @@ -25,6 +23,11 @@ I have instructions for building a: - [Install Apparmor](#install-apparmor) - [Custom Profiles](#custom-profiles) - [ClamAV](#clamav) + - [btrbk](#btrbk) + - [fstab](#fstab) + - [Snapshots](#snapshots) + - [Backups](#backups) + - [Backing up a snapshot](#backing-up-a-snapshot) - [Chroots](#chroots) - [Fingerprint Reader Support](#fingerprint-reader-support) - [Setup](#setup) @@ -37,31 +40,20 @@ I have instructions for building a: - [Don't sleep while plugged in](#dont-sleep-while-plugged-in) - [Bluetooth](#bluetooth) - [Audio](#audio) - - [Apps](#apps) - - [Podman](#podman) + - [Software Stores](#software-stores) - [AppImage Support](#appimage-support) - - [Transmission](#transmission) - - [Firefox](#firefox) - - [RDP Remote Desktop](#rdp-remote-desktop) - - [Virtualization](#virtualization) - - [Arch Guests](#arch-guests) - - [CUPS Printing](#cups-printing) + - [Troubleshooting](#troubleshooting) - [Flatpak](#flatpak) + - [Apps](#apps) + - [Firefox](#firefox) + - [Gnome Extensions](#gnome-extensions) + - [CUPS Printing](#cups-printing) - [Discord](#discord) - [Steam](#steam) - [XWayland](#xwayland) - - [Wireguard](#wireguard) - - [btrbk](#btrbk) - - [Snapshots](#snapshots) - - [Backups](#backups) - [ISCSI](#iscsi) - - [Backing up a snapshot](#backing-up-a-snapshot) - - [VSCode](#vscode) - - [Iperf](#iperf) - - [Git](#git) - [Wine](#wine) - [Spotify](#spotify) - - [Kubernetes](#kubernetes) - [Yubikey](#yubikey) - [Bashrc](#bashrc) - [Unecessary](#unecessary) @@ -73,7 +65,6 @@ I have instructions for building a: - [Deprecated Security](#deprecated-security) - [Firejail](#firejail) - ## Installation @@ -151,27 +142,28 @@ Follow most of the instructions here: ``` 12. Mount the root partition with `mount -o subvol=root /dev/mapper/root /mnt` -13. Mount the boot partition with `mount --mkdir /dev/vda1 /mnt/boot` -14. If on VM: Mount the conf files with `mount --mkdir /dev/sr1 /mnt/media` -15. `pacstrap -K /mnt base linux linux-firmware` +13. Mount the home partition with `mount -o subvol=home /dev/mapper/root /mnt/home` +14. Mount the boot partition with `mount --mkdir /dev/vda1 /mnt/boot` +15. If on VM: Mount the conf files with `mount --mkdir /dev/sr1 /mnt/media` +16. `pacstrap -K /mnt base linux linux-firmware` This command might show an error. This is ok, we'll fix it later. -16. `genfstab -U /mnt >> /mnt/etc/fstab` -17. `arch-chroot /mnt` -18. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime` -19. `hwclock --systohc` -20. `echo 'LANG=en_US.UTF-8' > /etc/locale.gen` -21. `echo 'KEYMAP=us' > /etc/vconsole.conf` -22. `echo 'hostname' > /etc/hostname` -23. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth` +17. `genfstab -U /mnt >> /mnt/etc/fstab` +18. `arch-chroot /mnt` +19. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime` +20. `hwclock --systohc` +21. `echo 'LANG=en_US.UTF-8' > /etc/locale.gen` +22. `echo 'KEYMAP=us' > /etc/vconsole.conf` +23. `echo 'hostname' > /etc/hostname` +24. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth` - dhclient/dhcpcd provides dhcp for network - bash-completion provides tab complete - btrfs-progs provides fsck for btrfs - plymouth gives a nice bootloader screen -24. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt +25. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt /etc/mkinitcpio.conf @@ -179,8 +171,8 @@ Follow most of the instructions here: HOOKS=(systemd plymouth autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck) ``` -25. `mkinitcpio -P` -26. Install systemd-boot +26. `mkinitcpio -P` +27. Install systemd-boot @@ -191,7 +183,7 @@ Follow most of the instructions here: If this raises an error like "efi partition not found" you probably forgot to format /mnt/boot as an EFI partition. Edit this by reformatting it with gdisk (ef00 is the hex code). -27. edit your loader.conf with some defaults +28. edit your loader.conf with some defaults /boot/loader/loader.conf @@ -202,7 +194,7 @@ Follow most of the instructions here: editor no ``` -28. Create a loader (/usr/share/systemd/bootctl/loader.conf for example) +29. Create a loader (/usr/share/systemd/bootctl/loader.conf for example) /boot/loader/entries/main.conf @@ -220,21 +212,21 @@ Follow most of the instructions here: blkid | grep /dev/vda2 >> /boot/loader/entries.conf ``` -29. `useradd ducoterra` -30. `passwd ducoterra` -31. `groupadd sudo` -32. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege -33. `usermod -aG sudo ducoterra` -34. `usermod -aG wheel ducoterra` -35. `mkdir /home/ducoterra` -36. `chown ducoterra:ducoterra /home/ducoterra` -37. `locale-gen` -38. `systemctl enable dhcpcd` -39. If on VM install guest drivers: `pacman -S qemu-guest-agent spice-vdagent` -40. `exit` -41. `reboot` -42. Remove your installation medium and boot into arch -43. Add a pacman hook for systemd-boot updates +30. `useradd ducoterra` +31. `passwd ducoterra` +32. `groupadd sudo` +33. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege +34. `usermod -aG sudo ducoterra` +35. `usermod -aG wheel ducoterra` +36. `mkdir /home/ducoterra` +37. `chown ducoterra:ducoterra /home/ducoterra` +38. `locale-gen` +39. `systemctl enable dhcpcd` +40. If on VM install guest drivers: `pacman -S qemu-guest-agent spice-vdagent` +41. `exit` +42. `reboot` +43. Remove your installation medium and boot into arch +44. Add a pacman hook for systemd-boot updates /etc/pacman.d/hooks/95-systemd-boot.hook @@ -354,8 +346,8 @@ Using `--tpm2-pcrs=7` enforces secure boot and will require password if secure b #### Firewall ```bash -sudo pacman -S ufw -sudo ufw enable +pacman -S ufw +ufw enable ``` #### AppArmor @@ -366,9 +358,9 @@ Apparmor protects your system by limiting the access binaries have to specific f All binaries which are protected by apparmor profiles have a whitelist of allowed paths they can touch, even if they run as root. -1. `sudo pacman -S apparmor` -2. `sudo systemctl enable --now apparmor` -3. `sudo systemctl enable --now auditd` +1. `pacman -S apparmor` +2. `systemctl enable --now apparmor` +3. `systemctl enable --now auditd` 4. Add the correct kernel parameters /boot/loaders/entries/arch.conf @@ -443,379 +435,52 @@ Access Modes #### ClamAV -1. `sudo pacman -S clamav` -2. `sudo freshclam` -3. `sudo systemctl enable --now clamav-freshclam.service` -4. `sudo systemctl enable --now clamav-daemon.service` -5. `clamdscan --multiscan --fdpass /home/ducoterra` +1. `pacman -S clamav` +2. `clamscan --recursive /path/to/dir` -#### Chroots +- OR - -You can create chroot environments to run firejails or just use for testing purposes. +1. `freshclam` +2. `systemctl enable --now clamav-freshclam.service` +3. `systemctl enable --now clamav-daemon.service` +4. `clamdscan --multiscan --fdpass /home/ducoterra` -1. `mkdir /chroots` -2. `mkdir /testing` -3. `pacman -S arch-install-scripts` -4. `pacstrap -K /chroots/testing/ base base-devel` -5. `arch-chroot /chroots/testing` - -#### Fingerprint Reader Support - -##### Setup - -1. `sudo pacman -S fprintd` -2. `sudo systemctl enable --now fprintd` -3. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint) - - /etc/pam.d/sudo - - ```conf - # fingerprint auth - auth sufficient pam_fprintd.so - ``` - -##### Turn Off Fingerprint When Laptop Lid Closed - -To disable fingerprint authentication when the laptop lid is closed, and -re-enable when it is reopened, we will use acpid to bind to the button/lid.* -event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo. - -Usually we'd just `systemctl mask fprintd` but this breaks gdm (as of 08/06/23). See - and -. - -1. `pacman -S acpid` and then `systemctl enable --now acpid` -2. Create file /etc/acpi/laptop-lid.sh with the following contents: - - ```bash - #!/bin/bash - - if grep -Fq closed /proc/acpi/button/lid/LID0/state # && - # This is used to detect if a display is connected. - # For USB C displayport use: - # grep -Fxq connected /sys/class/drm/card1-DP-2/status - # For hdmi use: - # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status - then - # comment out fprintd - sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo - else - # uncomment fprintd - sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo - - fi - ``` - -3. Make the file executable with - - `chmod +x /etc/acpi/laptop-lid.sh` - -4. Create file /etc/acpi/events/laptop-lid with the following contents: - - ```bash - event=button/lid.* - action=/etc/acpi/laptop-lid.sh - ``` - -5. Restart the acpid service with: - - `systemctl restart acpid` - -Now the fingerprint will be used only when the lid is open. - -In order to ensure the correct state after suspend we need a service file which -runs our script on wake. - -1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: - - ```bash - [Unit] - Description=Laptop Lid - After=suspend.target - - [Service] - ExecStart=/etc/acpi/laptop-lid.sh - - [Install] - WantedBy=multi-user.target - WantedBy=suspend.target - ``` - -2. Reload the systemd config files with - - `sudo systemctl daemon-reload` - -3. Start and enable the service with - - `sudo systemctl enable --now laptop-lid.service` - -Now the status should be correct even after connecting/disconnecting when the computer is off. - -## Desktop Environment - -### Gnome - -1. `pacman -S gdm gnome` - - - choose pipewire-jack - - choose wireplumber - - choose noto-fonts-emoji - -2. `sudo systemctl enable --now gdm` - -## Hardware Management - -### Hardware Acceleration - -(This helps enable hardware encoding/decoding for steam streaming) - -Intel +#### btrbk ```bash -sudo pacman -S libva-utils intel-media-driver -vainfo +cd Downloads +wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk +clamscan . +chmod +x btrbk +sudo mv btbrk /usr/bin/ ``` -AMD +##### fstab + +You'll need to mount your btrfs volumes in a location which exposes their subvolumes. ```bash -sudo pacman -S vulkan-radeon libva-utils libva-mesa-driver xf86-video-amdgpu +mkdir -p /btr_pools/root ``` -### Power Management - -1. For laptops install `tlp` - - ```bash - sudo pacman -S tlp tlp-rdw - sudo systemctl enable --now tlp - sudo systemctl mask systemd-rfkill.service - sudo systemctl mask systemd-rfkill.socket - ``` - -2. Then configure it with the following settings (optional) - - /etc/tlp.conf - - ```conf - # I've seen some issues with usb autosuspend - USB_AUTOSUSPEND=0 - # Restore bluetooth/wifi state on reboot - # Otherwise it defaults to on - RESTORE_DEVICE_STATE_ON_STARTUP=1 - # Disable wifi when plugged in - # You might not want this for continuity - eg. you're copying a file to a network - # share over wifi - plugging in will cancel the copy with this option enabled. - DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" - # Re-enable wifi when unplugged. - DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" - ``` - -3. For desktops install cpupower - - ```bash - sudo pacman -S cpupower - systemctl enable --now cpupower - ``` - - Temporarily set power profile with `cpupower frequency-set -g performance` - - Edit /etc/default/cpupower - - ```conf - governor='performance' - ``` - -### Don't sleep while plugged in - -This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock -will prevent it from waking up. - -/etc/systemd/logind.conf +/etc/fstab ```conf -... -HandleLidSwitchExternalPower=lock -HandleLidSwitchDocked=ignore -... -``` - -### Bluetooth - -1. `sudo pacman -S bluez bluez-utils` -2. `sudo systemctl enable --now bluetooth` - -### Audio - -Without pipewire-pulse the audio level/device will reset every reboot. - -1. `sudo pacman -S pipewire-pulse` (remove conflicting packages) - -## Apps - -### Podman - -1. `sudo pacman -S podman cni-plugins slirp4netns` -2. `podman pull docker.io/debian:latest` -3. `podman run -it debian:latest bash` - -### AppImage Support - -fuse is required to run most appimages. - -Also chmod +x before running. - -1. `sudo pacman -S fuse` -2. `cp ~/Downloads/xxxxxxx.appimage ~/Applications -3. Write a .desktop entry at ~/.local/share/applications/ - - ```conf - [Desktop Entry] - Encoding=UTF-8 - Name= - Exec=/home/ducoterra/Applications/ - Icon=/home/ducoterra/Applications/ - Type=Application - Categories=; - ``` - -### Transmission - -```bash -sudo pacman -S gtk4 transmission-gtk -``` - -### Firefox - -You'll want firefox and gnome-browser-connector (for gnome extension management). - -```bash -sudo pacman -S firefox gnome-browser-connector -``` - -Choose noto-free-fonts - -### RDP Remote Desktop - -1. `sudo pacman -S remmina freerdp` - -### Virtualization - -1. Install virtualization capabilties - - ```bash - sudo pacman -S qemu-full libvirt iptables-nft dnsmasq virt-manager qemu-desktop swtpm - sudo usermod -aG libvirt ducoterra - ``` - -2. Edit /etc/libvirt/libvirtd.conf - - ```conf - ... - unix_sock_group = 'libvirt' - ... - unix_sock_rw_perms = '0770' - ... - ``` - -3. Edit /etc/libvirt/qemu.conf - - ```conf - # Some examples of valid values are: - # - # user = "qemu" # A user named "qemu" - # user = "+0" # Super user (uid=0) - # user = "100" # A user named "100" or a user with uid=100 - # - user = "ducoterra" - - # The group for QEMU processes run by the system instance. It can be - # specified in a similar way to user. - group = "ducoterra" - ``` - -4. `sudo systemctl enable --now libvirtd` -5. `sudo virsh net-autostart default` - -If you get a blank screen when launching a VM check that you've used the correct bios - -either secboot or not secboot. This is the most common problem. - -#### Arch Guests - -In order to get drivers for spice you'll need the guest spice drivers: - -```bash -sudo pacman -S qemu-guest-agent spice-vdagent -``` - -### CUPS Printing - -1. `sudo pacman -S cups cups-pdf avahi` -2. `sudo vim /etc/nsswitch.conf` - - ```conf - hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns - ``` - -3. `sudo systemctl start cups` -4. `sudo systemctl start avahi-daemon` - -### Flatpak - -```bash -sudo pacman -S flatpak -``` - -### Discord - -1. `flatpak install com.discordapp.Discord` - -### Steam - - - -Edit /etc/pacman.conf - -```conf -[multilib] -Include = /etc/pacman.d/mirrorlist +# btr_pools +UUID=84153269-f194-43f7-a4fe-e72aaffdb97a /btr_pools/root btrfs rw,relatime,ssd,space_cache=v2,subvolid=256,subvolid=5 0 0 ``` ```bash -sudo pacman -S steam steam-native +systemctl daemon-reload +mount -a +btrfs sub create /btr_pools/root/.snapshots +btrbk -c /etc/btrbk/snapshots.conf dryrun +btrbk -c /etc/btrbk/snapshots.conf run ``` -When prompted, use vulkan-radeon +##### Snapshots -`steam-native` allows vaapi hardware encoding for steam remote play. - -You may have to edit your firejail config to get steam to launch: - -~/.config/firejail/steam.local - -```conf -ignore apparmor -``` - -### XWayland - -Provides compatibility with X server applications (like wine) - -1. `sudo pacman -S xorg-xwayland` - -### Wireguard - -Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your -vpn likely won't activate. - -1. `sudo pacman -S wireguard-tools` - -### btrbk - -#### Snapshots - -1. Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk. -2. Create a snapshot config +1. Create a snapshot config /etc/btrbk/snapshots.conf @@ -823,24 +488,28 @@ vpn likely won't activate. snapshot_preserve_min 24h snapshot_preserve 14d - volume /mnt/btr_pool + # root + volume /mnt/btr_pools/root subvolume root snapshot_dir .snapshots - volume /mnt/btr_pool + # home + volume /mnt/btr_pools/root subvolume home snapshot_dir .snapshots - volume /mnt/btr_pool + # libvirt + volume /mnt/btr_pools/root subvolume libvirt snapshot_dir .snapshots - volume /mnt/btr_pool + # nextcloud + volume /mnt/btr_pools/root subvolume nextcloud snapshot_dir .snapshots ``` -3. Then create a snapshot service +2. Then create a snapshot service /etc/systemd/system/btrbk_snapshots.service @@ -849,10 +518,10 @@ vpn likely won't activate. Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf [Service] - ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run + ExecStart=/usr/bin/btrbk -c /etc/btrbk/snapshots.conf -v run ``` -4. Then create a timer for the service +3. Then create a timer for the service /etc/systemd/system/btrbk_snapshots.timer @@ -871,13 +540,13 @@ vpn likely won't activate. WantedBy=timers.target ``` -5. Then enable the service +4. Then enable the service ```bash - systemctl enable --now btrbk_snapshots.conf + systemctl enable --now btrbk_snapshots.timer ``` -#### Backups +##### Backups Before you begin, go through the usual process of setting up an encrypted drive: @@ -989,6 +658,323 @@ Before you begin, go through the usual process of setting up an encrypted drive: systemctl enable --now btrbk_backup.conf ``` +##### Backing up a snapshot + +```bash +pacman -S pv + +btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscsi +``` + +#### Chroots + +You can create chroot environments to run firejails or just use for testing purposes. + +1. `mkdir /chroots` +2. `mkdir /testing` +3. `pacman -S arch-install-scripts` +4. `pacstrap -K /chroots/testing/ base base-devel` +5. `arch-chroot /chroots/testing` + +#### Fingerprint Reader Support + +##### Setup + +1. `pacman -S fprintd` +2. `systemctl enable --now fprintd` +3. `fprintd-enroll ducoterra` +4. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint) + + /etc/pam.d/sudo + + ```conf + # fingerprint auth + auth sufficient pam_fprintd.so + ``` + +##### Turn Off Fingerprint When Laptop Lid Closed + +To disable fingerprint authentication when the laptop lid is closed, and +re-enable when it is reopened, we will use acpid to bind to the button/lid.* +event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo. + +Usually we'd just `systemctl mask fprintd` but this breaks gdm (as of 08/06/23). See + and +. + +1. `pacman -S acpid` and then `systemctl enable --now acpid` +2. Create file /etc/acpi/laptop-lid.sh with the following contents: + + ```bash + #!/bin/bash + + if grep -Fq closed /proc/acpi/button/lid/LID0/state # && + # This is used to detect if a display is connected. + # For USB C displayport use: + # grep -Fxq connected /sys/class/drm/card1-DP-2/status + # For hdmi use: + # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status + then + # comment out fprintd + sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo + else + # uncomment fprintd + sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo + + fi + ``` + +3. Make the file executable with + + `chmod +x /etc/acpi/laptop-lid.sh` + +4. Create file /etc/acpi/events/laptop-lid with the following contents: + + ```bash + event=button/lid.* + action=/etc/acpi/laptop-lid.sh + ``` + +5. Restart the acpid service with: + + `systemctl restart acpid` + +Now the fingerprint will be used only when the lid is open. + +In order to ensure the correct state after suspend we need a service file which +runs our script on wake. + +1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: + + ```bash + [Unit] + Description=Laptop Lid + After=suspend.target + + [Service] + ExecStart=/etc/acpi/laptop-lid.sh + + [Install] + WantedBy=multi-user.target + WantedBy=suspend.target + ``` + +2. Reload the systemd config files with + + `sudo systemctl daemon-reload` + +3. Start and enable the service with + + `sudo systemctl enable --now laptop-lid.service` + +Now the status should be correct even after connecting/disconnecting when the computer is off. + +## Desktop Environment + +### Gnome + +1. `pacman -S gdm gnome` + + - choose pipewire-jack + - choose wireplumber + - choose noto-fonts-emoji + +2. `systemctl enable --now gdm` +3. `pacman -S networkmanager` +4. `systemctl enable --now NetworkManager` +5. `pacman -S gnome-tweaks dconf-editor seahorse` + +## Hardware Management + +### Hardware Acceleration + +(This helps enable hardware encoding/decoding for steam streaming) + +Intel + +```bash +pacman -S libva-utils intel-media-driver +vainfo +``` + +AMD + +```bash +pacman -S vulkan-radeon libva-utils libva-mesa-driver xf86-video-amdgpu +``` + +### Power Management + +1. For laptops install `tlp` + + ```bash + pacman -S tlp tlp-rdw + systemctl enable --now tlp + systemctl mask systemd-rfkill.service + systemctl mask systemd-rfkill.socket + ``` + +2. Then configure it with the following settings (optional) + + /etc/tlp.conf + + ```conf + # I've seen some issues with usb autosuspend + USB_AUTOSUSPEND=0 + # Restore bluetooth/wifi state on reboot + # Otherwise it defaults to on + RESTORE_DEVICE_STATE_ON_STARTUP=1 + # Disable wifi when plugged in + # You might not want this for continuity - eg. you're copying a file to a network + # share over wifi - plugging in will cancel the copy with this option enabled. + DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" + # Re-enable wifi when unplugged. + DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" + ``` + +3. For desktops install cpupower + + ```bash + pacman -S cpupower + systemctl enable --now cpupower + ``` + + Temporarily set power profile with `cpupower frequency-set -g performance` + + Edit /etc/default/cpupower + + ```conf + governor='performance' + ``` + +### Don't sleep while plugged in + +This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock +will prevent it from waking up. + +/etc/systemd/logind.conf + +```conf +... +HandleLidSwitchExternalPower=lock +HandleLidSwitchDocked=ignore +... +``` + +### Bluetooth + +1. `pacman -S bluez bluez-utils` +2. `systemctl enable --now bluetooth` + +### Audio + +Without pipewire-pulse the audio level/device will reset every reboot. + +1. `pacman -S pipewire-pulse` (remove conflicting packages) + +## Software Stores + +### AppImage Support + +Also chmod +x before running. + +1. `cp ~/Downloads/xxxxxxx.appimage ~/Applications` +2. Find an icon online and save it to ~/.icons +3. Write a .desktop entry at ~/.local/share/applications/ + + ```conf + [Desktop Entry] + Name= + Exec=/home/ducoterra/Applications/ + Icon=/home/ducoterra/.icons/ + Type=Application + ``` + +4. `desktop-file-validate ~/.local/share/applications/*.desktop` +5. `update-desktop-database` + +#### Troubleshooting + +fuse may be required to run an appimage. + +```bash +sudo pacman -S fuse +``` + +### Flatpak + +```bash +pacman -S flatpak +``` + +## Apps + +### Firefox + +You'll want firefox and gnome-browser-connector (for gnome extension management). + +```bash +pacman -S firefox gnome-browser-connector +``` + +Choose noto-fonts + +#### Gnome Extensions + +1. AlphabeticalAppGrid@stuarthayhurst +2. Vitals@CoreCoding.com +3. dash-to-dock@micxgx.gmail.com +4. tactile@lundal.io + +### CUPS Printing + +1. `sudo pacman -S cups cups-pdf avahi` +2. `sudo vim /etc/nsswitch.conf` + + ```conf + hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns + ``` + +3. `sudo systemctl start cups` +4. `sudo systemctl start avahi-daemon` + +### Discord + +1. `flatpak install com.discordapp.Discord` + +### Steam + + + +Edit /etc/pacman.conf + +```conf +[multilib] +Include = /etc/pacman.d/mirrorlist +``` + +```bash +sudo pacman -S steam steam-native +``` + +When prompted, use vulkan-radeon + +`steam-native` allows vaapi hardware encoding for steam remote play. + +You may have to edit your firejail config to get steam to launch: + +~/.config/firejail/steam.local + +```conf +ignore apparmor +``` + +### XWayland + +Provides compatibility with X server applications (like wine) + +1. `sudo pacman -S xorg-xwayland` + ### ISCSI 1. Add auth login @@ -1027,48 +1013,6 @@ Before you begin, go through the usual process of setting up an encrypted drive: iscsiadm -m node -u ``` -#### Backing up a snapshot - -```bash -pacman -S pv - -btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscsi -``` - -### VSCode - -For the open source version of code install `code`: - -```bash -sudo pacman -S code -``` - -For the proprietary version of vscode install `yay` and then: - -```bash -yay -S visual-studio-code-bin -``` - -To save a list of installed extensions run: - -```bash -code --list-extensions >> vscode_extensions.txt -``` - -To install that list of extensions run: - -```bash -cat vscode_extensions.txt | xargs -L 1 code --install-extension -``` - -### Iperf - -`pacman -S iperf3` - -### Git - -`pacman -S git` - ### Wine `pacman -S wine` @@ -1077,10 +1021,6 @@ cat vscode_extensions.txt | xargs -L 1 code --install-extension `pacman -S spotify-launcher` -### Kubernetes - -1. `pacman -S kubectl helm` - ### Yubikey You'll need the yubikey manager appimage in addition to the pacman package diff --git a/arch/workstation.md b/arch/workstation.md index 3902156..da91468 100644 --- a/arch/workstation.md +++ b/arch/workstation.md @@ -1,10 +1,173 @@ # Workstation -## Setup +- [Workstation](#workstation) + - [Base Tools](#base-tools) + - [ZSH](#zsh) + - [Podman](#podman) + - [QEMU/KVM](#qemukvm) + - [Arch Guests](#arch-guests) + - [Kubernetes](#kubernetes) + - [VSCode](#vscode) + - [Shell](#shell) + - [Fonts](#fonts) + - [Extensions](#extensions) + - [Remote Desktop](#remote-desktop) + - [Transmission](#transmission) + - [Wireguard](#wireguard) -### Disks +## Base Tools -1. 1GB Fat32 boot sector -2. 1GB Fat32 bios sector -3. 500GB BTRFS Gaming sector -4. Remaining BTRFS Workstation sector +```bash +pacman -S rsync which git iperf3 +``` + +## ZSH + +```bash +pacman -S zsh grml-zsh-config +chsh -s $(which zsh) +echo "autoload -U compinit; compinit" > ~/.zshrc +``` + +## Podman + +1. `pacman -S podman buildah cni-plugins slirp4netns` +2. `podman pull docker.io/debian:latest` +3. `podman run -it debian:latest bash` + +## QEMU/KVM + +1. Install virtualization capabilties + + ```bash + pacman -S qemu-full libvirt iptables-nft dnsmasq virt-manager qemu-desktop swtpm + usermod -aG libvirt ducoterra + ``` + +2. Edit /etc/libvirt/libvirtd.conf + + ```conf + ... + unix_sock_group = 'libvirt' + ... + unix_sock_rw_perms = '0770' + ... + ``` + +3. Edit /etc/libvirt/qemu.conf + + ```conf + # Some examples of valid values are: + # + # user = "qemu" # A user named "qemu" + # user = "+0" # Super user (uid=0) + # user = "100" # A user named "100" or a user with uid=100 + # + user = "ducoterra" + + # The group for QEMU processes run by the system instance. It can be + # specified in a similar way to user. + group = "ducoterra" + ``` + +4. `sudo systemctl enable --now libvirtd` +5. `sudo virsh net-autostart default` + +If you get a blank screen when launching a VM check that you've used the correct bios - +either secboot or not secboot. This is the most common problem. + +### Arch Guests + +In order to get drivers for spice you'll need the guest spice drivers: + +```bash +sudo pacman -S qemu-guest-agent spice-vdagent +``` + +## Kubernetes + +```bash +pacman -S kubectl helm +``` + +## VSCode + +For the open source version of code install `code`: + +```bash +sudo pacman -S code +``` + +For the proprietary version of vscode install `yay` and then: + +```bash +yay -S visual-studio-code-bin +``` + +### Shell + +Edit settings.json + +```json +{ + "terminal.integrated.defaultProfile.linux": "zsh", +} +``` + +### Fonts + +Intel One Mono is designed to be easily readable for developers. + + + +Download and extract the ttf.zip + +```bash +mkdir ~/.local/share/fonts +rsync -av /path/to/download/*.ttf ~/.local/share/fonts/ +``` + +Edit settings.json + +```json +{ + "editor.fontFamily": "IntelOne Mono", + "editor.fontLigatures": true, + "terminal.integrated.fontFamily": "IntelOne Mono", +} +``` + +### Extensions + +To save a list of installed extensions run: + +```bash +code --list-extensions >> vscode_extensions.txt +``` + +To install that list of extensions run: + +```bash +cat vscode_extensions.txt | xargs -L 1 code --install-extension +``` + +## Remote Desktop + +```bash +pacman -S remmina freerdp +``` + +## Transmission + +```bash +pacman -S gtk4 transmission-gtk +``` + +### Wireguard + +Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your +vpn likely won't activate. + +```bash +pacman -S wireguard-tools +```