server/Workstation

Fork 0

Files

ducoterra 8f01f68fd6 clarify tlp instructions

2023-08-06 09:59:12 -04:00

16 KiB

Raw Blame History

Arch with Gnome

Arch with Gnome

Installation

Follow most of the instructions here: https://wiki.archlinux.org/title/Installation_guide

Download Arch
Verify the image
Create a bootable ISO
Disable secureboot (reenable later)
Boot into the live image

Check for network connectivity

# Check for internet
ip a
ping archlinux.org

timedatectl to update system clock
Create disk partitions
```
fdisk -l
fdisk /dev/vda
```
- +1G for /boot
- t EFI SYSTEM for /boot
- remaining for /
mkfs.fat -F 32 /dev/vda1 (/mnt/boot partition)
cryptsetup luksFormat /dev/vda2
cryptsetup luksOpen /dev/vda2 root
mkfs.btrfs /dev/mapper/root (root partition)
Mount the root partition with mount /mnt
Mount the boot partition with mount --mkdir /mnt/boot
pacstrap -K /mnt base linux linux-firmware

Note: linux-zen works, linux-hardened breaks appimages
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime
hwclock --systohc
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
echo 'KEYMAP=us' > /etc/vconsole.conf
echo 'hostname' > /etc/hostname
pacman -S sudo vim gdm gnome dhclient dhcpcd bash-completion grub
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT (this will fail)
Note: for some systems you'll have to move grubx64.efi into an expected location:
```
cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi
```

Edit /etc/default/grub

GRUB_CMDLINE_LINUX="quiet splash rd.luks.uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
GRUB_ENABLE_CRYPTODISK=y
GRUB_DISABLE_SUBMENU=y
GRUB_DEFAULT=saved
GRUB_SAVEDEFAULT=true

Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt

HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)

mkinitcpio -P
grub-mkconfig -o /boot/grub/grub.cfg
sudo systemctl enable gdm
useradd ducoterra
passwd ducoterra
groupadd sudo
Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege
usermod -aG sudo ducoterra
usermod -aG wheel ducoterra
mkdir /home/ducoterra
chown ducoterra:ducoterra /home/ducoterra
exit
reboot

Post Install

Locale

Set up locale with correct information (required for certain binaries like minecraft-launcher)

vim /etc/locale.gen

Uncomment the line:

en_US.UTF-8 UTF-8
sudo locale-gen

Hardware Acceleration

(This helps enable hardware encoding/decoding for steam streaming)

Intel

sudo pacman -S libva-utils intel-media-driver
vainfo

AMD

sudo pacman -S libva-utils libva-mesa-driver mesa-vdpau

Firewall

sudo pacman -S ufw
sudo ufw enable

Power Management

For laptops install tlp

sudo pacman -S tlp tlp-rdw
sudo systemctl enable --now tlp
sudo systemctl mask systemd-rfkill.service
sudo systemctl mask systemd-rfkill.socket

Then configure it with the following settings (optional)

/etc/tlp.conf

# I've seen some issues with usb autosuspend
USB_AUTOSUSPEND=0
# Restore bluetooth/wifi state on reboot
# Otherwise it defaults to on
RESTORE_DEVICE_STATE_ON_STARTUP=1
# Disable wifi when plugged in
# You might not want this for continuity - eg. you're copying a file to a network
# share over wifi - plugging in will cancel the copy with this option enabled.
DEVICES_TO_DISABLE_ON_LAN_CONNECT="wifi wwan"
# Re-enable wifi when unplugged.
DEVICES_TO_ENABLE_ON_LAN_DISCONNECT="wifi wwan"

For desktops install cpupower
```
sudo pacman -S cpupower
systemctl enable --now cpupower
```
Temporarily set power profile with cpupower frequency-set -g performance

Edit /etc/default/cpupower
```
governor='performance'
```

TPM2 LUKS Decryption

pacman -S tpm2-tss
systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""

Don't sleep while plugged in

This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock will prevent it from waking up.

/etc/systemd/logind.conf

...
HandleLidSwitchExternalPower=lock
HandleLidSwitchDocked=ignore
...

Fingerprint Reader Support

sudo pacman -S fprintd
sudo systemctl enable --now fprintd
Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)

sudo vim /etc/pam.d/sudo and at the top of the file:
```
# fingerprint auth
auth      sufficient pam_fprintd.so
```
sudo vim /etc/pam.d/system-auth and at the top of the file:
```
# fingerprint auth
auth      sufficient pam_fprintd.so
```

Turn Off Fingerprint When Laptop Lid Closed

To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will stop and mask the fprintd service on lid close, and unmask and start the fprintd service on lid open.

We also check that the HDMI cable is connected by testing the contents of /sys/class/drm/card0-HDMI-A-1/status.

Follow the steps below:

pacman -S acpid and then systemctl enable --now acpid
Create a .locks file in your home dir: mkdir ~/.locks

Create file /etc/acpi/laptop-lid.sh with the following contents:

#!/bin/bash

lock=/home/ducoterra/.locks/fprint-disabled.lock

if grep -Fq closed /proc/acpi/button/lid/LID0/state # &&
    # This is used to detect if a display is connected.
    # For USB C displayport use: 
    # grep -Fxq connected /sys/class/drm/card1-DP-2/status
    # For hdmi use:
    # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status
then
    touch "$lock"
    systemctl stop fprintd
    systemctl mask fprintd
elif [ -f "$lock" ]
then
    systemctl unmask fprintd
    systemctl start fprintd
    rm -f "$lock"
fi

Make the file executable with

chmod +x /etc/acpi/laptop-lid.sh
Create file /etc/acpi/events/laptop-lid with the following contents:
```
event=button/lid.*
action=/etc/acpi/laptop-lid.sh
```
Restart the acpid service with:

systemctl restart acpid

Now the fingerprint will be used only when the lid is open.

In order to restore the correct state of the fprintd service if you disconnect/reconnect while the laptop is off, you may call the above script from a systemd init file. The steps to do this are the following:

Create a file named /etc/systemd/system/laptop-lid.service with the following contents:

[Unit]
Description=Laptop Lid
After=suspend.target

[Service]
ExecStart=/etc/acpi/laptop-lid.sh

[Install]
WantedBy=multi-user.target
WantedBy=suspend.target

Reload the systemd config files with

sudo systemctl daemon-reload
Start and enable the service with

sudo systemctl enable --now laptop-lid.service

Now the status should be correct even after connecting/disconnecting when the computer is off.

AppImage Support

fuse is required to run most appimages.

Also chmod +x before running.

sudo pacman -S fuse
`cp ~/Downloads/xxxxxxx.appimage ~/Applications

Write a .desktop entry at ~/.local/share/applications/

[Desktop Entry]
Encoding=UTF-8
Name=
Exec=/home/ducoterra/Applications/
Icon=/home/ducoterra/Applications/
Type=Application
Categories=;

Bluetooth

sudo pacman -S bluez bluez-utils
sudo systemctl enable --now bluetooth

Audio

Without pipewire-pulse the audio level/device will reset every reboot.

sudo pacman -S pipewire-pulse (remove conflicting packages)

Firefox

You'll want firefox and gnome-browser-connector (for gnome extension management).

sudo pacman -S firefox gnome-browser-connector

RDP Remote Desktop

sudo pacman -S remmina freerdp

Virtualization

Install virtualization capabilties

sudo pacman -S qemu-full
sudo pacman -S libvirt
sudo pacman -S iptables-nft dnsmasq
sudo pacman -S virt-manager qemu-desktop
sudo usermod -aG libvirt ducoterra
sudo virsh net-autostart default

Edit /etc/libvirt/libvirtd.conf

...
unix_sock_group = 'libvirt'
...
unix_sock_rw_perms = '0770'
...

Edit /etc/libvirt/qemu.conf

# Some examples of valid values are:
#
#       user = "qemu"   # A user named "qemu"
#       user = "+0"     # Super user (uid=0)
#       user = "100"    # A user named "100" or a user with uid=100
#
user = "ducoterra"

# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "ducoterra"

systemctl enable --now libvirtd

If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem.

Arch Guests

In order to get drivers for spice you'll need the guest spice drivers:

sudo pacman -S qemu-guest-agent spice-vdagent

CUPS Printing

sudo pacman -S cups cups-pdf avahi

sudo vim /etc/nsswitch.conf

hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns

sudo systemctl start cups
sudo systemctl start avahi-daemon

Steam

https://wiki.archlinux.org/title/Official_repositories#multilib

Edit /etc/pacman.conf

[multilib]
Include = /etc/pacman.d/mirrorlist

sudo pacman -S steam

When prompted, use vulkan-radeon

XWayland

Provides compatibility with X server applications (like wine)

sudo pacman -S xorg-xwayland

Wireguard

Wireguard requires linux-headers. If that isn't installed or is misconfigured your vpn likely won't activate.

sudo pacman -S wireguard-tools

btrbk

Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk.

Create a snapshot config

/etc/btrbk/snapshots.conf

snapshot_preserve_min   24h
snapshot_preserve       14d

volume /mnt/btr_pools/root
    subvolume           root
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           home
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           libvirt
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           nextcloud
    snapshot_dir        .snapshots

Then create a snapshot service at /etc/systemd/system/btrbk_snapshots.service

[Unit]
Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf

[Service]
ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run

Then create a timer for the service at /etc/systemd/system/btrbk_snapshots.timer

[Unit]
Description=Run snapshots every hour

[Timer]
OnCalendar=hourly

AccuracySec=10min
Persistent=true
Unit=btrbk_snapshots.service

[Install]
WantedBy=timers.target

Then enable the service

systemctl enable --now btrbk_snapshots.conf

VSCode

For the open source version of code install code:

sudo pacman -S code

For the proprietary version of vscode install yay and then:

yay -S visual-studio-code-bin

To save a list of installed extensions run:

code --list-extensions >> vscode_extensions.txt

To install that list of extensions run:

cat vscode_extensions.txt | xargs -L 1 code --install-extension

Apps

Name	Description
base-devel	makepkg requirement
kubectl	kubernetes kubectl
wine	wine64 emulator
steam	steam
git	git
iperf3	iperf3 network speedtest
spotify-launcher	official spotify launcher

Bashrc

~/.bashrc

# .bashrc

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi

# User specific binaries
if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
    PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
export PATH

# User specific aliases and functions (source .bashrc.d/)
if [ -d ~/.bashrc.d ]; then
        for rc in ~/.bashrc.d/*; do
                if [ -f "$rc" ]; then
                        . "$rc"
                fi
        done
fi

# clear var used in for loop
unset rc

~/.bashrc.d/aliases.sh

# (Mostly) Taken from https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html
# Author: Vivek Gite

## Colorize the ls output ##
alias ls="ls --color=auto"

## Colorize the grep command output for ease of use (good for log files)##
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'

## Make mount human readable ##
alias mount='mount |column -t'

## show open ports ##
alias ports='ss -tulanp'

# do not delete / or prompt if deleting more than 3 files at a time #
alias rm='rm -I --preserve-root'

# confirmation #
alias mv='mv -i'
alias cp='cp -i'
alias ln='ln -i'

# Parenting changing perms on / #
alias chown='chown --preserve-root'
alias chmod='chmod --preserve-root'
alias chgrp='chgrp --preserve-root'

## pass options to free ##
alias meminfo='free -m -l -t'
 
## get top process eating memory
alias psmem='ps auxf | sort -nr -k 4'
alias psmem10='ps auxf | sort -nr -k 4 | head -10'
 
## get top process eating cpu ##
alias pscpu='ps auxf | sort -nr -k 3'
alias pscpu10='ps auxf | sort -nr -k 3 | head -10'

## this one saved by butt so many times ##
alias wget='wget -c'

## set some other defaults ##
alias df='df -H'
alias du='du -ch'

## ls but with file sizes, showing largest at the bottom ## 
alias lst='ls --human-readable --size -1 -S --classify -r'

## ls show only directories
alias lsd='ls -d */'

## Count the number of files in a directory
alias lsc='find . -type f | wc -l'

## ls sort by last modified ##
alias lmt='ls -t -1'

Help

Update Grub

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT
cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi

Downgrading Kernel

You can find old kernel versions at https://archive.archlinux.org/packages/l/linux/

You can find old kernel-header versions at https://archive.archlinux.org/packages/l/linux-headers/

If you want to downgrade to a previously installed kernel you can use pacman cache:

cd /var/cache/pacman/pkg
pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst
reboot

If you want to downgrade to a kernel that wasn't previously installed:

Download linux... and linux-headers... from above
pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst
reboot

16 KiB Raw Blame History