Workstation/arch.md

Arch with Gnome

• Arch with Gnome
  • Installation
  • Post Install
    • TPM2 LUKS Decryption
    • Fingerprint Reader Support
    • Bluetooth
    • Audio
    • RDP Remote Desktop
    • Virtualization
    • CUPS Printing
    • Steam
  • Help
    • Update Grub
    • Downgrading Kernel
  • Packages
    • Official
    • AUR

Installation

Follow most of the instructions here: https://wiki.archlinux.org/title/Installation_guide

1. Download Arch

2. Verify the image

3. Create a bootable ISO

4. Disable secureboot (reenable later)

5. Boot into the live image

6. Check for network connectivity

   # Check for internet
   ip a
   ping archlinux.org
   

7. timedatectl to update system clock

8. Create disk partitions

   fdisk -l
   fdisk /dev/vda
   

   • +1G for /boot
   • t EFI SYSTEM for /boot
   • remaining for /

9. mkfs.fat -F 32 /dev/vda1 (/mnt/boot partition)

10. cryptsetup luksFormat /dev/vda2

11. cryptsetup luksOpen /dev/vda2 root

12. mkfs.btrfs /dev/mapper/root (root partition)

13. Mount the root partition with mount /mnt

14. Mount the boot partition with mount --mkdir /mnt/boot

15. pacstrap -K /mnt base linux linux-firmware

    Note: linux-zen works, linux-hardened breaks appimages

16. genfstab -U /mnt >> /mnt/etc/fstab

17. arch-chroot /mnt

18. ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime

19. hwclock --systohc

20. echo 'LANG=en_US.UTF-8' > /etc/locale.conf

21. echo 'hostname' > /etc/hostname

22. pacman -S grub

23. grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT (this will fail)

24. Note: for some systems you'll have to move grubx64.efi into an expected location:

    cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi
    

25. pacman -S vim

26. Edit /etc/default/grub

    GRUB_CMDLINE_LINUX="quiet splash rd.luks.uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
    GRUB_ENABLE_CRYPTODISK=y
    GRUB_DISABLE_SUBMENU=y
    GRUB_DEFAULT=saved
    GRUB_SAVEDEFAULT=true
    

27. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt

    HOOKS=(systemd autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
    

28. mkinitcpio -P

29. grub-mkconfig -o /boot/grub/grub.cfg

30. pacman -S gdm gnome dhclient dhcpcd

31. sudo systemctl enable gdm

32. useradd ducoterra

33. passwd ducoterra

34. pacman -S sudo

35. groupadd sudo

36. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege

37. usermod -aG sudo ducoterra

38. usermod -aG wheel ducoterra

39. mkdir /home/ducoterra

40. chown ducoterra:ducoterra /home/ducoterra

41. exit

42. reboot

Post Install

Set up locale with correct information (required for certain binaries like minecraft-launcher)

1. vim /etc/locale.gen

   Uncomment the line:

   en_US.UTF-8 UTF-8

2. sudo locale-gen

TPM2 LUKS Decryption

2. pacman -S tpm2-tss
3. systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=""

Fingerprint Reader Support

1. sudo pacman -S fprintd

2. sudo systemctl enable --now fprintd

3. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)

   sudo vim sudo vim /etc/pam.d/sudo and at the top of the file:

   # fingerprint auth
   auth       sufficient                  pam_unix.so try_first_pass likeauth nullok
   auth       sufficient                  pam_fprintd.so
   

Bluetooth

1. sudo pacman -S bluez bluez-utils
2. sudo systemctl enable --now bluetooth

Audio

Without pipewire-pulse the audio level/device will reset every reboot.

1. sudo pacman -S pipewire-pulse (remove conflicting packages)

RDP Remote Desktop

1. sudo pacman -S remmina freerdp

Virtualization

1. Install virtualization capabilties

   sudo pacman -S qemu-full
   sudo pacman -S libvirt
   sudo pacman -S iptables-nft dnsmasq
   sudo pacman -S virt-manager qemu-desktop
   sudo usermod -aG libvirt ducoterra
   sudo virsh net-autostart default
   

2. Edit /etc/libvirt/libvirtd.conf

   ...
   unix_sock_group = 'libvirt'
   ...
   unix_sock_rw_perms = '0770'
   ...
   

3. Edit /etc/libvirt/qemu.conf

   # Some examples of valid values are:
   #
   #       user = "qemu"   # A user named "qemu"
   #       user = "+0"     # Super user (uid=0)
   #       user = "100"    # A user named "100" or a user with uid=100
   #
   user = "ducoterra"
   
   # The group for QEMU processes run by the system instance. It can be
   # specified in a similar way to user.
   group = "ducoterra"
   

4. systemctl enable --now libvirtd

CUPS Printing

12. sudo pacman -S cups avahi

13. sudo vim /etc/nsswitch.conf

    hosts: mymachines mdns_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns
    

14. sudo systemctl start cups

15. sudo systemctl start avahi-daemon

Steam

https://wiki.archlinux.org/title/Official_repositories#multilib

When prompted, use vulkan-radeon

Help

Update Grub

1. grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=BOOT
2. cp /boot/EFI/BOOT/grubx64.efi /boot/EFI/BOOT/bootx64.efi

Downgrading Kernel

1. cd /var/cache/pacman/pkg
2. pacman -U linux-x.x.x.arch1-1-x86_64.pkg.tar.zst linux-headers-x.x.x.arch1-1-x86_64.pkg.tar.zst
3. reboot

Packages

Official

name	purpose
grub	boot loader
sudo	sudo privilege for non-root users
dhclient	dhcp client tool
dhcpcd	dhcp services
networkmanager	Gnome networking in settings
qemu-guest-agent	Auto resize
spice-vdagent	Clipboard
firefox	Firefox browser
gnome-browser-connector	Firefox gnome connector
base-devel	makepkg requirement
kubectl	kubernetes kubectl
wine	wine64 emulator
code	open source vscode
steam	steam
git	git
fprintd	fingerprint reader capability
tlp	power management
bluez	bluetooth
bluetoothctl	bluetooth
cups	cups printing daemon
avahi	.local address resolution
cups-pdf	ipp support for printers

AUR

name	purpose
appimagelauncher	AppImage launcher and integrator