21 KiB
Arch with Gnome
- Arch with Gnome
- Installation
- Post Install
- Apps
- Bashrc
- Unecessary
- Help
Installation
Follow most of the instructions here: https://wiki.archlinux.org/title/Installation_guide
-
Download Arch
-
Verify the image
-
Create a bootable ISO
-
Disable secureboot (reenable later)
-
Put your machine in setup mode
On framework this is done in the UEFI setup page for Security, sub-page Secure Boot, choose “Erase all Secure Boot Settings.”
-
Boot into the live image
-
Check for network connectivity
# Check for internet ip a ping archlinux.org -
timedatectlto update system clock -
Create disk partitions. Use gdisk or beware "bootctl install is not on a gpt partition table"
fdisk -l gdisk /dev/vda- +1G for /boot
- t EFI SYSTEM for /boot
- remaining for /
-
mkfs.fat -F 32 /dev/vda1(/mnt/boot partition) -
cryptsetup luksFormat /dev/vda2 -
cryptsetup luksOpen /dev/vda2 root -
mkfs.btrfs /dev/mapper/root(root partition) -
Mount the root partition with
mount /mnt -
Mount the boot partition with
mount --mkdir /mnt/boot -
pacstrap -K /mnt base linux linux-firmwareNote: linux-zen works, linux-hardened breaks appimages
-
genfstab -U /mnt >> /mnt/etc/fstab -
arch-chroot /mnt -
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime -
hwclock --systohc -
echo 'LANG=en_US.UTF-8' > /etc/locale.conf -
echo 'KEYMAP=us' > /etc/vconsole.conf -
echo 'hostname' > /etc/hostname -
pacman -S sudo vim gdm gnome dhclient dhcpcd bash-completion tpm2-tss btrfs-progs -
Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt
HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck) -
mkinitcpio -P -
Install systemd-boot
https://wiki.archlinux.org/title/systemd-boot
bootctl install -
edit your loader.conf with some defaults
/boot/loader/loader.conf
default arch.conf timeout 4 console-mode max editor no -
Create a loader (/usr/share/systemd/bootctl/loader.conf)
/boot/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options quiet splash rd.luks.name=d9828faa-2b8c-4184-9e74-9054ae328c6d=root root=/dev/mapper/root rootflags=subvol=root nvme.noacpi=1 acpi_osi="!Windows 2020" mem_sleep_default="deep" rw -
Add a pacman hook for systemd-boot updates
/etc/pacman.d/hooks/95-systemd-boot.hook
[Trigger] Type = Package Operation = Upgrade Target = systemd [Action] Description = Gracefully upgrading systemd-boot... When = PostTransaction Exec = /usr/bin/systemctl restart systemd-boot-update.service -
cd /root/ -
pacman -S efitools -
for var in PK KEK db dbx ; do efi-readvar -v $var -o old_${var}.esl ; done -
pacman -S sbctl -
sbctl create-keys -
sbctl enroll-keys -m -
sbctl status -
sbctl verify -
sbctl sign -s /boot/vmlinuz-linux -
sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI -
sbctl status -
sudo systemctl enable gdm -
useradd ducoterra -
passwd ducoterra -
groupadd sudo -
Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege
-
usermod -aG sudo ducoterra -
usermod -aG wheel ducoterra -
mkdir /home/ducoterra -
chown ducoterra:ducoterra /home/ducoterra -
exit -
reboot
Don't forget to enable secure boot. Don't forget to add a trusted boot loader. There is a pacman hook which will automatically sign new binaries on update.
Post Install
Locale
Set up locale with correct information (required for certain binaries like minecraft-launcher)
-
vim /etc/locale.genUncomment the line:
en_US.UTF-8 UTF-8
-
sudo locale-gen
Hardware Acceleration
(This helps enable hardware encoding/decoding for steam streaming)
Intel
sudo pacman -S libva-utils intel-media-driver
vainfo
AMD
sudo pacman -S vulkan-radeon libva-utils libva-mesa-driver xf86-video-amdgpu
Firewall
sudo pacman -S ufw
sudo ufw enable
Power Management
-
For laptops install
tlpsudo pacman -S tlp tlp-rdw sudo systemctl enable --now tlp sudo systemctl mask systemd-rfkill.service sudo systemctl mask systemd-rfkill.socket -
Then configure it with the following settings (optional)
/etc/tlp.conf
# I've seen some issues with usb autosuspend USB_AUTOSUSPEND=0 # Restore bluetooth/wifi state on reboot # Otherwise it defaults to on RESTORE_DEVICE_STATE_ON_STARTUP=1 # Disable wifi when plugged in # You might not want this for continuity - eg. you're copying a file to a network # share over wifi - plugging in will cancel the copy with this option enabled. DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan" # Re-enable wifi when unplugged. DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan" -
For desktops install cpupower
sudo pacman -S cpupower systemctl enable --now cpupowerTemporarily set power profile with
cpupower frequency-set -g performanceEdit /etc/default/cpupower
governor='performance'
TPM2 LUKS Decryption
pacman -S tpm2-tsssystemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""
Don't sleep while plugged in
This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock will prevent it from waking up.
/etc/systemd/logind.conf
...
HandleLidSwitchExternalPower=lock
HandleLidSwitchDocked=ignore
...
Fingerprint Reader Support
Setup
-
sudo pacman -S fprintd -
sudo systemctl enable --now fprintd -
Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)
/etc/pam.d/sudo
# fingerprint auth auth sufficient pam_fprintd.so
Turn Off Fingerprint When Laptop Lid Closed
To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo.
Usually we'd just systemctl mask fprintd but this breaks gdm (as of 08/06/23). See
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2267 and
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6585.
-
pacman -S acpidand thensystemctl enable --now acpid -
Create file /etc/acpi/laptop-lid.sh with the following contents:
#!/bin/bash if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then # comment out fprintd sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo else # uncomment fprintd sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo fi -
Make the file executable with
chmod +x /etc/acpi/laptop-lid.sh -
Create file /etc/acpi/events/laptop-lid with the following contents:
event=button/lid.* action=/etc/acpi/laptop-lid.sh -
Restart the acpid service with:
systemctl restart acpid
Now the fingerprint will be used only when the lid is open.
In order to ensure the correct state after suspend we need a service file which runs our script on wake.
-
Create a file named /etc/systemd/system/laptop-lid.service with the following contents:
[Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target -
Reload the systemd config files with
sudo systemctl daemon-reload -
Start and enable the service with
sudo systemctl enable --now laptop-lid.service
Now the status should be correct even after connecting/disconnecting when the computer is off.
AppImage Support
fuse is required to run most appimages.
Also chmod +x before running.
-
sudo pacman -S fuse -
`cp ~/Downloads/xxxxxxx.appimage ~/Applications
-
Write a .desktop entry at ~/.local/share/applications/
[Desktop Entry] Encoding=UTF-8 Name= Exec=/home/ducoterra/Applications/ Icon=/home/ducoterra/Applications/ Type=Application Categories=;
Bluetooth
sudo pacman -S bluez bluez-utilssudo systemctl enable --now bluetooth
Audio
Without pipewire-pulse the audio level/device will reset every reboot.
sudo pacman -S pipewire-pulse(remove conflicting packages)
Firefox
You'll want firefox and gnome-browser-connector (for gnome extension management).
sudo pacman -S firefox gnome-browser-connector
RDP Remote Desktop
sudo pacman -S remmina freerdp
Virtualization
-
Install virtualization capabilties
sudo pacman -S qemu-full libvirt iptables-nft dnsmasq virt-manager qemu-desktop swtpm sudo usermod -aG libvirt ducoterra sudo virsh net-autostart default -
Edit /etc/libvirt/libvirtd.conf
... unix_sock_group = 'libvirt' ... unix_sock_rw_perms = '0770' ... -
Edit /etc/libvirt/qemu.conf
# Some examples of valid values are: # # user = "qemu" # A user named "qemu" # user = "+0" # Super user (uid=0) # user = "100" # A user named "100" or a user with uid=100 # user = "ducoterra" # The group for QEMU processes run by the system instance. It can be # specified in a similar way to user. group = "ducoterra" -
systemctl enable --now libvirtd
If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem.
Arch Guests
In order to get drivers for spice you'll need the guest spice drivers:
sudo pacman -S qemu-guest-agent spice-vdagent
CUPS Printing
-
sudo pacman -S cups cups-pdf avahi -
sudo vim /etc/nsswitch.confhosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns -
sudo systemctl start cups -
sudo systemctl start avahi-daemon
Steam
https://wiki.archlinux.org/title/Official_repositories#multilib
Edit /etc/pacman.conf
[multilib]
Include = /etc/pacman.d/mirrorlist
sudo pacman -S steam steam-native
When prompted, use vulkan-radeon
steam-native allows vaapi hardware encoding for steam remote play.
XWayland
Provides compatibility with X server applications (like wine)
sudo pacman -S xorg-xwayland
Wireguard
Wireguard requires linux-headers. If that isn't installed or is misconfigured your
vpn likely won't activate.
sudo pacman -S wireguard-tools
btrbk
Snapshots
-
Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk.
-
Create a snapshot config
/etc/btrbk/snapshots.conf
snapshot_preserve_min 24h snapshot_preserve 14d volume /mnt/btr_pool subvolume root snapshot_dir .snapshots volume /mnt/btr_pool subvolume home snapshot_dir .snapshots volume /mnt/btr_pool subvolume libvirt snapshot_dir .snapshots volume /mnt/btr_pool subvolume nextcloud snapshot_dir .snapshots -
Then create a snapshot service
/etc/systemd/system/btrbk_snapshots.service
[Unit] Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf [Service] ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run -
Then create a timer for the service
/etc/systemd/system/btrbk_snapshots.timer
[Unit] Description=Run snapshots every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true Unit=btrbk_snapshots.service [Install] WantedBy=timers.target -
Then enable the service
systemctl enable --now btrbk_snapshots.conf
Backups
Before you begin, go through the usual process of setting up an encrypted drive:
-
Install udisks2 for automatic usb drive mounting
pacman -S udisks2 -
Crypttab automatically loads keys named
<drive_name>.keyfrom/etc/cryptsetup-keys.dmkdir /etc/cryptsetup-keys.d -
Generate a sufficiently random key
dd if=/dev/urandom of=/etc/cryptsetup-keys.d/btr_backup.key bs=64 count=1` -
Add the key to your backup drive
cryptsetup luksAddKey /dev/sda1 /etc/cryptsetup-keys.d/btr_backup.key -
Create a crypttab entry
/etc/crypttab
btr_backup UUID=a074a34c-1211-4f9a-a88c-071b4775fe54 none nofail -
Create an fstab entry
/etc/fstab
/dev/mapper/btr_backup /mnt/btr_backup btrfs rw,relatime,ssd,space_cache=v2,subvolid=5,comment=x-gvfs-show,nofail 0 0 -
Create a read-only mount point to prevent accidental backups to the wrong disk
btrfs subvolume create /mnt/btr_backup btrfs property set /mnt/btr_backup ro true -
Create a backup config
/etc/btrbk/backups.conf
snapshot_create no target_preserve_min no target_preserve 30d volume /mnt/btr_pools target /mnt/btr_backup subvolume root snapshot_dir .snapshots volume /mnt/btr_pools target /mnt/btr_backup subvolume home snapshot_dir .snapshots volume /mnt/btr_pools target /mnt/btr_backup subvolume libvirt snapshot_dir .snapshots -
Create a backup service
/etc/systemd/system/btrbk_backups.service
[Unit] Description=Runs btrbk with config file at /etc/btrbk/btrbk.conf [Service] ExecStart=btrbk -c /etc/btrbk/btrbk.conf -v run -
Create a timer to activate the service
/etc/systemd/system/btrbk_backups.timer
[Unit] Description=Run btrbk every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true Unit=btrbk.service [Install] WantedBy=timers.target -
Enable the timer
systemctl enable --now btrbk_backup.conf
ISCSI
-
Add auth login
/etc/iscsi/iscsid.conf
node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5 node.session.auth.username = username node.session.auth.password = password -
Initiate and login to the portal
# Add a new target to your list of nodes iscsiadm \ -m discovery \ -t st \ -p driveripper.reeselink.com # Login to the target iscsiadm \ -m node \ --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \ -p driveripper.reeselink.com:3260 \ --login # or login to all targets iscsiadm -m node --loginall all # View current session iscsiadm -m session # Log out of all sessions iscsiadm -m node -u
Backing up a snapshot
pacman -S pv
btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscsi
VSCode
For the open source version of code install code:
sudo pacman -S code
For the proprietary version of vscode install yay and then:
yay -S visual-studio-code-bin
To save a list of installed extensions run:
code --list-extensions >> vscode_extensions.txt
To install that list of extensions run:
cat vscode_extensions.txt | xargs -L 1 code --install-extension
Apps
| Name | Description |
|---|---|
| base-devel | makepkg requirement |
| kubectl | kubernetes kubectl |
| wine | wine64 emulator |
| steam | steam |
| git | git |
| iperf3 | iperf3 network speedtest |
| spotify-launcher | official spotify launcher |
Bashrc
~/.bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific binaries
if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
export PATH
# User specific aliases and functions (source .bashrc.d/)
if [ -d ~/.bashrc.d ]; then
for rc in ~/.bashrc.d/*; do
if [ -f "$rc" ]; then
. "$rc"
fi
done
fi
# clear var used in for loop
unset rc
~/.bashrc.d/aliases.sh
# (Mostly) Taken from https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html
# Author: Vivek Gite
## Colorize the ls output ##
alias ls="ls --color=auto"
## Colorize the grep command output for ease of use (good for log files)##
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
## Make mount human readable ##
alias mount='mount |column -t'
## show open ports ##
alias ports='ss -tulanp'
# do not delete / or prompt if deleting more than 3 files at a time #
alias rm='rm -I --preserve-root'
# confirmation #
alias mv='mv -i'
alias cp='cp -i'
alias ln='ln -i'
# Parenting changing perms on / #
alias chown='chown --preserve-root'
alias chmod='chmod --preserve-root'
alias chgrp='chgrp --preserve-root'
## pass options to free ##
alias meminfo='free -m -l -t'
## get top process eating memory
alias psmem='ps auxf | sort -nr -k 4'
alias psmem10='ps auxf | sort -nr -k 4 | head -10'
## get top process eating cpu ##
alias pscpu='ps auxf | sort -nr -k 3'
alias pscpu10='ps auxf | sort -nr -k 3 | head -10'
## this one saved by butt so many times ##
alias wget='wget -c'
## set some other defaults ##
alias df='df -H'
alias du='du -ch'
## ls but with file sizes, showing largest at the bottom ##
alias lst='ls --human-readable --size -1 -S --classify -r'
## ls show only directories
alias lsd='ls -d */'
## Count the number of files in a directory
alias lsc='find . -type f | wc -l'
## ls sort by last modified ##
alias lmt='ls -t -1'
Unecessary
Plymouth Background Image
sudo cp image.png /usr/share/plymouth/themes/spinner/background-tile.pngsudo plymouth-set-default-theme -R spinner
Help
Update Grub
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOTcp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi
Downgrading Kernel
You can find old kernel versions at https://archive.archlinux.org/packages/l/linux/
You can find old kernel-header versions at https://archive.archlinux.org/packages/l/linux-headers/
If you want to downgrade to a previously installed kernel you can use pacman cache:
cd /var/cache/pacman/pkgpacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zstreboot
If you want to downgrade to a kernel that wasn't previously installed:
- Download linux... and linux-headers... from above
pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zstreboot