Workstation/arch.md

# Arch with Gnome

<!-- TOC -->

- [Arch with Gnome](#arch-with-gnome)
  - [Installation](#installation)
  - [Post Install](#post-install)
    - [TPM2 LUKS Decryption](#tpm2-luks-decryption)
    - [Fingerprint Reader Support](#fingerprint-reader-support)
    - [AppImage Support](#appimage-support)
    - [Bluetooth](#bluetooth)
    - [Audio](#audio)
    - [RDP Remote Desktop](#rdp-remote-desktop)
    - [Virtualization](#virtualization)
    - [CUPS Printing](#cups-printing)
    - [Steam](#steam)
    - [XWayland](#xwayland)
    - [Wireguard](#wireguard)
    - [btrbk](#btrbk)
  - [Help](#help)
    - [Update Grub](#update-grub)
    - [Downgrading Kernel](#downgrading-kernel)
  - [Packages](#packages)
    - [Official](#official)
    - [AUR](#aur)

<!-- /TOC -->

## Installation

Follow most of the instructions here:
<https://wiki.archlinux.org/title/Installation_guide>

1. Download Arch
2. Verify the image
3. Create a bootable ISO
4. Disable secureboot (reenable later)
5. Boot into the live image
6. Check for network connectivity

    ```bash
    # Check for internet
    ip a
    ping archlinux.org
    ```

7. `timedatectl` to update system clock
8. Create disk partitions

    ```bash
    fdisk -l
    fdisk /dev/vda
    ```

    - +1G for /boot
    - t EFI SYSTEM for /boot
    - remaining for /

9. `mkfs.fat -F 32 /dev/vda1` (/mnt/boot partition)
10. `cryptsetup luksFormat /dev/vda2`
11. `cryptsetup luksOpen /dev/vda2 root`
12. `mkfs.btrfs /dev/mapper/root` (root partition)
13. Mount the root partition with `mount /mnt`
14. Mount the boot partition with `mount --mkdir /mnt/boot`
15. `pacstrap -K /mnt base linux linux-firmware`

    Note: linux-zen works, linux-hardened breaks appimages

16. `genfstab -U /mnt >> /mnt/etc/fstab`
17. `arch-chroot /mnt`
18. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime`
19. `hwclock --systohc`
20. `echo 'LANG=en_US.UTF-8' > /etc/locale.conf`
21. `echo 'hostname' > /etc/hostname`
22. `pacman -S grub`
23. `grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT` (this will fail)
24. Note: for some systems you'll have to move grubx64.efi into an expected location:

    ```bash
    cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi
    ```

25. `pacman -S vim`
26. Edit /etc/default/grub

    ```conf
    GRUB_CMDLINE_LINUX="quiet splash rd.luks.uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
    GRUB_ENABLE_CRYPTODISK=y
    GRUB_DISABLE_SUBMENU=y
    GRUB_DEFAULT=saved
    GRUB_SAVEDEFAULT=true
    ```

27. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt

    ```conf
    HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
    ```

28. `mkinitcpio -P`
29. `grub-mkconfig -o /boot/grub/grub.cfg`
30. `pacman -S gdm gnome dhclient dhcpcd`
31. `sudo systemctl enable gdm`
32. `useradd ducoterra`
33. `passwd ducoterra`
34. `pacman -S sudo`
35. `groupadd sudo`
36. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege
37. `usermod -aG sudo ducoterra`
38. `usermod -aG wheel ducoterra`
39. `mkdir /home/ducoterra`
40. `chown ducoterra:ducoterra /home/ducoterra`
41. `exit`
42. `reboot`

## Post Install

Set up locale with correct information (required for certain binaries like minecraft-launcher)

1. `vim /etc/locale.gen`

    Uncomment the line:

    en_US.UTF-8 UTF-8

2. `sudo locale-gen`

### TPM2 LUKS Decryption

2. `pacman -S tpm2-tss`
3. `systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""`

### Fingerprint Reader Support

1. `sudo pacman -S fprintd`
2. `sudo systemctl enable --now fprintd`
3. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)

    sudo vim /etc/pam.d/sudo and at the top of the file:

    ```conf
    # fingerprint auth
    auth       sufficient                  pam_unix.so try_first_pass likeauth nullok
    auth       sufficient                  pam_fprintd.so
    ```

### AppImage Support

fuse is required to run most appimages.

Also chmod +x before running.

1. `sudo pacman -S fuse`
2. `cp ~/Downloads/xxxxxxx.appimage ~/Applications
3. Write a .desktop entry at ~/.local/share/applications/

    ```conf
    [Desktop Entry]
    Encoding=UTF-8
    Name=
    Exec=/home/ducoterra/Applications/
    Icon=/home/ducoterra/Applications/
    Type=Application
    Categories=;
    ```

### Bluetooth

1. `sudo pacman -S bluez bluez-utils`
2. `sudo systemctl enable --now bluetooth`

### Audio

Without pipewire-pulse the audio level/device will reset every reboot.

1.  `sudo pacman -S pipewire-pulse` (remove conflicting packages)

### RDP Remote Desktop

1. `sudo pacman -S remmina freerdp`

### Virtualization

1. Install virtualization capabilties

    ```bash
    sudo pacman -S qemu-full
    sudo pacman -S libvirt
    sudo pacman -S iptables-nft dnsmasq
    sudo pacman -S virt-manager qemu-desktop
    sudo usermod -aG libvirt ducoterra
    sudo virsh net-autostart default
    ```

2. Edit /etc/libvirt/libvirtd.conf

    ```conf
    ...
    unix_sock_group = 'libvirt'
    ...
    unix_sock_rw_perms = '0770'
    ...
    ```

3. Edit /etc/libvirt/qemu.**conf**

    ```conf
    # Some examples of valid values are:
    #
    #       user = "qemu"   # A user named "qemu"
    #       user = "+0"     # Super user (uid=0)
    #       user = "100"    # A user named "100" or a user with uid=100
    #
    user = "ducoterra"

    # The group for QEMU processes run by the system instance. It can be
    # specified in a similar way to user.
    group = "ducoterra"
    ```

4. `systemctl enable --now libvirtd`

If you get a blank screen when launching windows VMs check that you've used a secboot
loader.

### CUPS Printing

12. `sudo pacman -S cups avahi`
14. `sudo vim /etc/nsswitch.conf`

    ```conf
    hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns
    ```

15. `sudo systemctl start cups`
16. `sudo systemctl start avahi-daemon`

### Steam

<https://wiki.archlinux.org/title/Official_repositories#multilib>

When prompted, use vulkan-radeon

### XWayland

Provides compatibility with X server applications (like wine)

1. `sudo pacman -S xorg-xwayland`

### Wireguard

1. `sudo pacman -S wireguard-tools`

### btrbk

1. Grab the btrbk binary from the github repo. Copy it to /usr/local/bin/btrbk.
2. Create a snapshot config

/etc/btrbk/snapshots.conf

```conf
snapshot_preserve_min   24h
snapshot_preserve       14d

volume /mnt/btr_pools/root
    subvolume           root
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           home
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           libvirt
    snapshot_dir        .snapshots

volume /mnt/btr_pools/root
    subvolume           nextcloud
    snapshot_dir        .snapshots
```

3. Then create a snapshot service at /etc/systemd/system/btrbk_snapshots.service

```conf
[Unit]
Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf

[Service]
ExecStart=/usr/local/bin/btrbk -c /etc/btrbk/snapshots.conf -v run
```

4. Then create a timer for the service at /etc/systemd/system/btrbk_snapshots.timer

```conf
[Unit]
Description=Run snapshots every hour

[Timer]
OnCalendar=hourly

AccuracySec=10min
Persistent=true
Unit=btrbk_snapshots.service

[Install]
WantedBy=timers.target
```

5. Then enable the service

```bash
systemctl enable --now btrbk_snapshots.conf
```

## Help

### Update Grub

1. `grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT`
1. `cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi`

### Downgrading Kernel

1. `cd /var/cache/pacman/pkg`
2. `pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst`
3. `reboot`

## Packages

### Official

| name                    | purpose                           |
| ----------------------- | --------------------------------- |
| grub                    | boot loader                       |
| sudo                    | sudo privilege for non-root users |
| dhclient                | dhcp client tool                  |
| dhcpcd                  | dhcp services                     |
| networkmanager          | Gnome networking in settings      |
| qemu-guest-agent        | Auto resize                       |
| spice-vdagent           | Clipboard                         |
| firefox                 | Firefox browser                   |
| gnome-browser-connector | Firefox gnome connector           |
| base-devel              | makepkg requirement               |
| kubectl                 | kubernetes kubectl                |
| wine                    | wine64 emulator                   |
| code                    | open source vscode                |
| steam                   | steam                             |
| git                     | git                               |
| fprintd                 | fingerprint reader capability     |
| tlp                     | power management                  |
| bluez                   | bluetooth                         |
| bluetoothctl            | bluetooth                         |
| cups                    | cups printing daemon              |
| avahi                   | .local address resolution         |
| cups-pdf                | ipp support for printers          |
| xorg-xwayland           | X server support                  |
| wireguard-tools         | wireguard                         |
| iperf3                  | iperf3 network speedtest          |

### AUR

| name             | purpose                          |
| ---------------- | -------------------------------- |