# Arch with Gnome - [Arch with Gnome](#arch-with-gnome) - [Installation](#installation) - [Post Install](#post-install) - [Locale](#locale) - [Hardware Acceleration](#hardware-acceleration) - [Firewall](#firewall) - [Power Management](#power-management) - [TPM2 LUKS Decryption](#tpm2-luks-decryption) - [Don't sleep while plugged in](#dont-sleep-while-plugged-in) - [Fingerprint Reader Support](#fingerprint-reader-support) - [AppImage Support](#appimage-support) - [Bluetooth](#bluetooth) - [Audio](#audio) - [Firefox](#firefox) - [RDP Remote Desktop](#rdp-remote-desktop) - [Virtualization](#virtualization) - [CUPS Printing](#cups-printing) - [Steam](#steam) - [XWayland](#xwayland) - [Wireguard](#wireguard) - [btrbk](#btrbk) - [VSCode](#vscode) - [Apps](#apps) - [Bashrc](#bashrc) - [Help](#help) - [Update Grub](#update-grub) - [Downgrading Kernel](#downgrading-kernel) ## Installation Follow most of the instructions here: 1. Download Arch 2. Verify the image 3. Create a bootable ISO 4. Disable secureboot (reenable later) 5. Boot into the live image 6. Check for network connectivity ```bash # Check for internet ip a ping archlinux.org ``` 7. `timedatectl` to update system clock 8. Create disk partitions ```bash fdisk -l fdisk /dev/vda ``` - +1G for /boot - t EFI SYSTEM for /boot - remaining for / 9. `mkfs.fat -F 32 /dev/vda1` (/mnt/boot partition) 10. `cryptsetup luksFormat /dev/vda2` 11. `cryptsetup luksOpen /dev/vda2 root` 12. `mkfs.btrfs /dev/mapper/root` (root partition) 13. Mount the root partition with `mount /mnt` 14. Mount the boot partition with `mount --mkdir /mnt/boot` 15. `pacstrap -K /mnt base linux linux-firmware` Note: linux-zen works, linux-hardened breaks appimages 16. `genfstab -U /mnt >> /mnt/etc/fstab` 17. `arch-chroot /mnt` 18. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime` 19. `hwclock --systohc` 20. `echo 'LANG=en_US.UTF-8' > /etc/locale.conf` 21. `echo 'KEYMAP=us' > /etc/vconsole.conf` 22. `echo 'hostname' > /etc/hostname` 23. `pacman -S sudo vim gdm gnome dhclient dhcpcd bash-completion grub` 24. `grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT` (this will fail) 25. Note: for some systems you'll have to move grubx64.efi into an expected location: ```bash cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi ``` 26. Edit /etc/default/grub ```conf GRUB_CMDLINE_LINUX="quiet splash rd.luks.uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" GRUB_ENABLE_CRYPTODISK=y GRUB_DISABLE_SUBMENU=y GRUB_DEFAULT=saved GRUB_SAVEDEFAULT=true ``` 27. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt ```conf HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck) ``` 28. `mkinitcpio -P` 29. `grub-mkconfig -o /boot/grub/grub.cfg` 30. `sudo systemctl enable gdm` 31. `useradd ducoterra` 32. `passwd ducoterra` 33. `groupadd sudo` 34. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege 35. `usermod -aG sudo ducoterra` 36. `usermod -aG wheel ducoterra` 37. `mkdir /home/ducoterra` 38. `chown ducoterra:ducoterra /home/ducoterra` 39. `exit` 40. `reboot` ## Post Install ### Locale Set up locale with correct information (required for certain binaries like minecraft-launcher) 1. `vim /etc/locale.gen` Uncomment the line: en_US.UTF-8 UTF-8 2. `sudo locale-gen` ### Hardware Acceleration (This helps enable hardware encoding/decoding for steam streaming) Intel ```bash sudo pacman -S libva-utils intel-media-driver vainfo ``` AMD ```bash sudo pacman -S libva-utils libva-mesa-driver mesa-vdpau ``` ### Firewall ```bash sudo pacman -S ufw sudo ufw enable ``` ### Power Management 1. For laptops install `tlp` ```bash sudo pacman -S tlp sudo systemctl enable --now tlp ``` 2. For desktops install cpupower ```bash sudo pacman -S cpupower systemctl enable --now cpupower ``` Temporarily set power profile with `cpupower frequency-set -g performance` Edit /etc/default/cpupower ```conf governor='performance' ``` ### TPM2 LUKS Decryption 1. `pacman -S tpm2-tss` 2. `systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""` ### Don't sleep while plugged in This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock will prevent it from waking up. /etc/systemd/logind.conf ```conf ... HandleLidSwitchExternalPower=lock HandleLidSwitchDocked=ignore ... ``` ### Fingerprint Reader Support 1. `sudo pacman -S fprintd` 2. `sudo systemctl enable --now fprintd` 3. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint) sudo vim /etc/pam.d/sudo and at the top of the file: ```conf # fingerprint auth auth sufficient pam_fprintd.so ``` sudo vim /etc/pam.d/system-auth and at the top of the file: ```conf # fingerprint auth auth sufficient pam_fprintd.so ``` **Turn Off Fingerprint When Laptop Lid Closed** To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will stop and mask the fprintd service on lid close, and unmask and start the fprintd service on lid open. We also check that the HDMI cable is connected by testing the contents of /sys/class/drm/card0-HDMI-A-1/status. Follow the steps below: 1. `pacman -S acpid` and then `systemctl enable --now acpid` 2. Create a .locks file in your home dir: `mkdir ~/.locks` 3. Create file /etc/acpi/laptop-lid.sh with the following contents: ```bash #!/bin/bash lock=/home/ducoterra/.locks/fprint-disabled.lock if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then touch "$lock" systemctl stop fprintd systemctl mask fprintd elif [ -f "$lock" ] then systemctl unmask fprintd systemctl start fprintd rm -f "$lock" fi ``` 3. Make the file executable with `chmod +x /etc/acpi/laptop-lid.sh` 4. Create file /etc/acpi/events/laptop-lid with the following contents: ```bash event=button/lid.* action=/etc/acpi/laptop-lid.sh ``` 5. Restart the acpid service with: `systemctl restart acpid` Now the fingerprint will be used only when the lid is open. In order to restore the correct state of the fprintd service if you disconnect/reconnect while the laptop is off, you may call the above script from a systemd init file. The steps to do this are the following: 1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: ```bash [Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target ``` 2. Reload the systemd config files with `sudo systemctl daemon-reload` 3. Start and enable the service with `sudo systemctl enable --now laptop-lid.service` Now the status should be correct even after connecting/disconnecting when the computer is off. ### AppImage Support fuse is required to run most appimages. Also chmod +x before running. 1. `sudo pacman -S fuse` 2. `cp ~/Downloads/xxxxxxx.appimage ~/Applications 3. Write a .desktop entry at ~/.local/share/applications/ ```conf [Desktop Entry] Encoding=UTF-8 Name= Exec=/home/ducoterra/Applications/ Icon=/home/ducoterra/Applications/ Type=Application Categories=; ``` ### Bluetooth 1. `sudo pacman -S bluez bluez-utils` 2. `sudo systemctl enable --now bluetooth` ### Audio Without pipewire-pulse the audio level/device will reset every reboot. 1. `sudo pacman -S pipewire-pulse` (remove conflicting packages) ### Firefox You'll want firefox and gnome-browser-connector (for gnome extension management). ```bash sudo pacman -S firefox gnome-browser-connector ``` ### RDP Remote Desktop 1. `sudo pacman -S remmina freerdp` ### Virtualization 1. Install virtualization capabilties ```bash sudo pacman -S qemu-full sudo pacman -S libvirt sudo pacman -S iptables-nft dnsmasq sudo pacman -S virt-manager qemu-desktop sudo usermod -aG libvirt ducoterra sudo virsh net-autostart default ``` 2. Edit /etc/libvirt/libvirtd.conf ```conf ... unix_sock_group = 'libvirt' ... unix_sock_rw_perms = '0770' ... ``` 3. Edit /etc/libvirt/qemu.**conf** ```conf # Some examples of valid values are: # # user = "qemu" # A user named "qemu" # user = "+0" # Super user (uid=0) # user = "100" # A user named "100" or a user with uid=100 # user = "ducoterra" # The group for QEMU processes run by the system instance. It can be # specified in a similar way to user. group = "ducoterra" ``` 4. `systemctl enable --now libvirtd` If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem. **Arch Guests** In order to get drivers for spice you'll need the guest spice drivers: ```bash sudo pacman -S qemu-guest-agent spice-vdagent ``` ### CUPS Printing 12. `sudo pacman -S cups cups-pdf avahi` 14. `sudo vim /etc/nsswitch.conf` ```conf hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns ``` 15. `sudo systemctl start cups` 16. `sudo systemctl start avahi-daemon` ### Steam Edit /etc/pacman.conf ```conf [multilib] Include = /etc/pacman.d/mirrorlist ``` ```bash sudo pacman -S steam ``` When prompted, use vulkan-radeon ### XWayland Provides compatibility with X server applications (like wine) 1. `sudo pacman -S xorg-xwayland` ### Wireguard Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your vpn likely won't activate. 1. `sudo pacman -S wireguard-tools` ### btrbk 1. Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk. 2. Create a snapshot config /etc/btrbk/snapshots.conf ```conf snapshot_preserve_min 24h snapshot_preserve 14d volume /mnt/btr_pools/root subvolume root snapshot_dir .snapshots volume /mnt/btr_pools/root subvolume home snapshot_dir .snapshots volume /mnt/btr_pools/root subvolume libvirt snapshot_dir .snapshots volume /mnt/btr_pools/root subvolume nextcloud snapshot_dir .snapshots ``` 3. Then create a snapshot service at /etc/systemd/system/btrbk_snapshots.service ```conf [Unit] Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf [Service] ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run ``` 4. Then create a timer for the service at /etc/systemd/system/btrbk_snapshots.timer ```conf [Unit] Description=Run snapshots every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true Unit=btrbk_snapshots.service [Install] WantedBy=timers.target ``` 5. Then enable the service ```bash systemctl enable --now btrbk_snapshots.conf ``` ### VSCode For the open source version of code install `code`: ```bash sudo pacman -S code ``` For the proprietary version of vscode install `yay` and then: ```bash yay -S visual-studio-code-bin ``` To save a list of installed extensions run: ```bash code --list-extensions >> vscode_extensions.txt ``` To install that list of extensions run: ```bash cat vscode_extensions.txt | xargs -L 1 code --install-extension ``` ## Apps | Name | Description | | ---------------- | ------------------------- | | base-devel | makepkg requirement | | kubectl | kubernetes kubectl | | wine | wine64 emulator | | steam | steam | | git | git | | iperf3 | iperf3 network speedtest | | spotify-launcher | official spotify launcher | ## Bashrc ~/.bashrc ```bash # .bashrc # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi # User specific binaries if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]] then PATH="$HOME/.local/bin:$HOME/bin:$PATH" fi export PATH # User specific aliases and functions (source .bashrc.d/) if [ -d ~/.bashrc.d ]; then for rc in ~/.bashrc.d/*; do if [ -f "$rc" ]; then . "$rc" fi done fi # clear var used in for loop unset rc ``` ~/.bashrc.d/aliases.sh ```bash # (Mostly) Taken from https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html # Author: Vivek Gite ## Colorize the ls output ## alias ls="ls --color=auto" ## Colorize the grep command output for ease of use (good for log files)## alias grep='grep --color=auto' alias egrep='egrep --color=auto' alias fgrep='fgrep --color=auto' ## Make mount human readable ## alias mount='mount |column -t' ## show open ports ## alias ports='ss -tulanp' # do not delete / or prompt if deleting more than 3 files at a time # alias rm='rm -I --preserve-root' # confirmation # alias mv='mv -i' alias cp='cp -i' alias ln='ln -i' # Parenting changing perms on / # alias chown='chown --preserve-root' alias chmod='chmod --preserve-root' alias chgrp='chgrp --preserve-root' ## pass options to free ## alias meminfo='free -m -l -t' ## get top process eating memory alias psmem='ps auxf | sort -nr -k 4' alias psmem10='ps auxf | sort -nr -k 4 | head -10' ## get top process eating cpu ## alias pscpu='ps auxf | sort -nr -k 3' alias pscpu10='ps auxf | sort -nr -k 3 | head -10' ## this one saved by butt so many times ## alias wget='wget -c' ## set some other defaults ## alias df='df -H' alias du='du -ch' ## ls but with file sizes, showing largest at the bottom ## alias lst='ls --human-readable --size -1 -S --classify -r' ## ls show only directories alias lsd='ls -d */' ## Count the number of files in a directory alias lsc='find . -type f | wc -l' ## ls sort by last modified ## alias lmt='ls -t -1' ``` ## Help ### Update Grub 1. `grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT` 1. `cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi` ### Downgrading Kernel You can find old kernel versions at You can find old kernel-header versions at If you want to downgrade to a previously installed kernel you can use pacman cache: 1. `cd /var/cache/pacman/pkg` 2. `pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst` 3. `reboot` If you want to downgrade to a kernel that wasn't previously installed: 1. Download linux... and linux-headers... from above 2. `pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst` 3. `reboot`