diff --git a/.gitignore b/.gitignore index 7790b73..864d598 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ secrets/ venv/ tmp/ -.vscode/ \ No newline at end of file +.vscode/ +Unsorted/ \ No newline at end of file diff --git a/infrastructure/graduated/arch/README.md b/infrastructure/graduated/arch/README.md index b183749..0084697 100644 --- a/infrastructure/graduated/arch/README.md +++ b/infrastructure/graduated/arch/README.md @@ -14,10 +14,13 @@ I have instructions for building a: - [Installation](#installation) - [Preparation](#preparation) - [Boot](#boot) + - [Base Tools](#base-tools) + - [ZSH](#zsh) + - [Prompt Themes](#prompt-themes) - [AUR](#aur) - [Security](#security) - [Secure Boot](#secure-boot) - - [TPM2 LUKS Decryption](#tpm2-luks-decryption) + - [TPM2 LUKS Decryption with Secure Boot](#tpm2-luks-decryption-with-secure-boot) - [Re-enroll](#re-enroll) - [FIDO2 LUKS Decryption](#fido2-luks-decryption) - [Firewall](#firewall) @@ -25,7 +28,6 @@ I have instructions for building a: - [Install Apparmor](#install-apparmor) - [Custom Profiles](#custom-profiles) - [ClamAV](#clamav) - - [Config](#config) - [btrbk](#btrbk) - [fstab](#fstab) - [Snapshots](#snapshots) @@ -35,9 +37,8 @@ I have instructions for building a: - [Fingerprint Reader Support](#fingerprint-reader-support) - [Setup](#setup) - [Turn Off Fingerprint When Laptop Lid Closed](#turn-off-fingerprint-when-laptop-lid-closed) - - [Desktop Environment](#desktop-environment) - - [Gnome](#gnome) - [Hardware Management](#hardware-management) + - [Power Profiles](#power-profiles) - [Color Management](#color-management) - [Washed out colors with power-profiles-daemon](#washed-out-colors-with-power-profiles-daemon) - [Hardware Acceleration](#hardware-acceleration) @@ -50,6 +51,7 @@ I have instructions for building a: - [Troubleshooting](#troubleshooting) - [Flatpak](#flatpak) - [Apps](#apps) + - [Toolbox](#toolbox) - [Firefox](#firefox) - [Gnome Extensions](#gnome-extensions) - [Avahi (Bonjour)](#avahi-bonjour) @@ -89,6 +91,10 @@ Follow most of the instructions here: ### Boot +You'll want two usb drives while following this guide. One will be the Arch boot drive. The +other will be a support drive with critical files and passwords which we will need to access +after we finish the install. + 1. Boot into the live image 2. Check for network connectivity @@ -99,13 +105,20 @@ Follow most of the instructions here: ``` 3. `timedatectl` to update system clock -4. If using a VM, mount the iso with arch conf files +4. Install pwgen for password generation `pacman -S pwgen` +5. If using a VM, mount the iso with arch conf files ```bash mount --mkdir /dev/sr1 /media ``` -5. Create disk partitions. Use gdisk or beware "bootctl install is not on a gpt partition table" +6. If using a physical computer, mount your support drive + + ```bash + mount --mkdir /dev/sdb1 /media + ``` + +7. Create disk partitions. Use gdisk or beware "bootctl install is not on a gpt partition table" ```bash fdisk -l @@ -116,57 +129,50 @@ Follow most of the instructions here: - t EFI SYSTEM for /boot - remaining for / -6. `mkfs.fat -F 32 /dev/vda1` (/mnt/boot partition) -7. This next step involves generating a secure, random password. Make sure to +8. `mkfs.fat -F 32 /dev/vda1` (/mnt/boot partition) +9. This next step involves generating a secure, random password. Make sure to save this somewhere. I recommend having an encrypted partition on your installation drive to which you can write a few bytes of text. - `echo -n $(pwgen 8 5) | sed 's/ /-/g' > root-key.txt` + `echo -n $(pwgen 8 5) | sed 's/ /-/g' > /media/root-key.txt` -8. `cryptsetup luksFormat /dev/vda2 --key-file /path/to/root-key.txt` -9. `cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt` -10. `mkfs.btrfs /dev/mapper/root` (root partition) -11. At this point you can choose how to subvolume your root partition +10. `cryptsetup luksFormat /dev/vda2 --key-file /path/to/root-key.txt` +11. `cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt` +12. `mkfs.btrfs /dev/mapper/root` (root partition) +13. At this point you can choose how to subvolume your root partition ```bash mount --mkdir -o subvolid=5 /btr_pool btrfs sub create root /btr_pool btrfs sub create home /btr_pool - ... ``` -12. Mount the root partition with `mount -o subvol=root /dev/mapper/root /mnt` -13. Mount the home partition with `mount -o subvol=home /dev/mapper/root /mnt/home` -14. Mount the boot partition with `mount --mkdir /dev/vda1 /mnt/boot` -15. If on VM: Mount the conf files with `mount --mkdir /dev/sr1 /mnt/media` -16. `pacstrap -K /mnt base linux linux-firmware` +14. Mount the root partition with `mount -o subvol=root /dev/mapper/root /mnt` +15. Mount the home partition with `mount -o subvol=home /dev/mapper/root /mnt/home` +16. Mount the boot partition with `mount --mkdir /dev/vda1 /mnt/boot` +17. `pacstrap -K /mnt base linux linux-firmware` This command might show an error. This is ok, we'll fix it later. -17. `genfstab -U /mnt >> /mnt/etc/fstab` -18. `arch-chroot /mnt` -19. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime` -20. `hwclock --systohc` -21. `echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen` -22. `echo 'KEYMAP=us' > /etc/vconsole.conf` -23. `echo 'hostname' > /etc/hostname` -24. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth` +20. `genfstab -U /mnt >> /mnt/etc/fstab` +21. If on VM: Mount the conf files with `mount --mkdir /dev/sr1 /mnt/media` +18. If on a physical computer: mount the support parition with `mount --mkdir /dev/sdb1 /mnt/media` +22. `arch-chroot /mnt` +23. `ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime` +24. `hwclock --systohc` +25. `echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen` +26. `echo 'KEYMAP=us' > /etc/vconsole.conf` +27. `echo 'hostname' > /etc/hostname` +28. `pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth` - dhclient/dhcpcd provides dhcp for network - bash-completion provides tab complete - btrfs-progs provides fsck for btrfs - plymouth gives a nice bootloader screen -25. Edit /etc/mkinitcpio.conf and set up systemd/sd-encrypt - - /etc/mkinitcpio.conf - - ```conf - HOOKS=(systemd plymouth autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck) - ``` - -26. `mkinitcpio -P` -27. Install systemd-boot +29. Edit /etc/mkinitcpio.conf and uncomment the line for systemd-boot with an encrypted drive. +30. `mkinitcpio -P` +31. Install systemd-boot @@ -177,51 +183,48 @@ Follow most of the instructions here: If this raises an error like "efi partition not found" you probably forgot to format /mnt/boot as an EFI partition. Edit this by reformatting it with gdisk (ef00 is the hex code). -28. edit your loader.conf with some defaults +32. edit your loader.conf with some defaults /boot/loader/loader.conf ```conf - default main.conf + default arch.conf timeout 4 console-mode max editor no ``` -29. Create a loader (/usr/share/systemd/bootctl/arch.conf for example) +33. Create a loader (/usr/share/systemd/bootctl/arch.conf for example) - /boot/loader/entries/main.conf + /boot/loader/entries/arch.conf ```conf title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img - options quiet splash rd.luks.name=d9828faa-2b8c-4184-9e74-9054ae328c6d=root root=/dev/mapper/root rootflags=subvol=root nvme.noacpi=1 acpi_osi="!Windows 2020" mem_sleep_default="deep" rw + options ... rd.luks.name=d9828faa-2b8c-4184-9e74-9054ae328c6d=root root=/dev/mapper/root rootflags=subvol=root ... ``` You can get the UUID of the disk into arch.conf with some grepping. Use vim to cut the excess and copy it into the correct location. ```bash - blkid | grep /dev/vda2 >> /boot/loader/entries/main.conf + blkid | grep /dev/vda2 >> /boot/loader/entries/arch.conf ``` -30. `useradd ducoterra` -31. `passwd ducoterra` -32. `groupadd sudo` -33. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege -34. `usermod -aG sudo ducoterra` -35. `usermod -aG wheel ducoterra` -36. `mkdir /home/ducoterra` -37. `chown ducoterra:ducoterra /home/ducoterra` -38. `locale-gen` -39. `systemctl enable dhcpcd` -40. If on VM install guest drivers: `pacman -S qemu-guest-agent spice-vdagent` -41. If you need ssh: `pacman -S openssh; systemctl enable sshd` -42. `exit` -43. `reboot` -44. Remove your installation medium and boot into arch -45. Add a pacman hook for systemd-boot updates +34. `useradd ducoterra` +35. `passwd ducoterra` +36. `groupadd sudo` +37. Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege +38. `usermod -aG sudo ducoterra` +39. `usermod -aG wheel ducoterra` +40. `mkdir /home/ducoterra` +41. `chown ducoterra:ducoterra /home/ducoterra` +42. `locale-gen` +43. `systemctl enable dhcpcd` +44. If on VM install guest drivers: `pacman -S qemu-guest-agent spice-vdagent` +45. If you need ssh: `pacman -S openssh; systemctl enable sshd` +46. Add a pacman hook for systemd-boot updates /etc/pacman.d/hooks/95-systemd-boot.hook @@ -237,13 +240,83 @@ Follow most of the instructions here: Exec = /usr/bin/systemctl restart systemd-boot-update.service ``` +47. Install gnome: `pacman -S gdm gnome` + + - choose pipewire-jack + - choose wireplumber + - choose noto-fonts-emoji + +48. `systemctl enable gdm` +49. Install NetworkManager `pacman -S networkmanager` +50. `systemctl enable NetworkManager` +51. Install gnome nice-to-haves `pacman -S gnome-tweaks dconf-editor seahorse` +52. Install tpm2-tss for tpm2 disk decryption `pacman -S tpm2-tss` +53. Setup tpm2 disk decryption + + ```bash + systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs="" --unlock-key-file=/media/root-key.txt + ``` +54. `exit` +55. `reboot` + +### Base Tools + +```bash +# gvfs and gvfs-dnssd are for webdav support +pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget +``` + +### ZSH + +```bash +pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile +chsh -s $(which zsh) + +cat < ~/.zshrc +# Basic settings +autoload bashcompinit && bashcompinit +autoload -U compinit; compinit +zstyle ':completion:*' menu select + +# Prompt settings +autoload -Uz promptinit +promptinit +PROMPT_EOL_MARK= + +# Syntax Highlighting +source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh +source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh + +# Command Not Found Autocomplete +source /usr/share/doc/pkgfile/command-not-found.zsh + +### Custom Commands and Aliases ### +EOF +``` + +### Prompt Themes + +See: + +Use `prompt -l` to list prompts + +Use `prompt -p` to see previews + +In your `.zshrc` set the following: + +```bash +autoload -Uz promptinit +promptinit +prompt grml +``` + ### AUR The AUR lets you install community-created and maintained packages. Here are the basics: ```bash pacman -S --needed git base-devel -mkdir ~/aur +mkdir ~/AUR # When you find a project, the basic installation looks like this: git clone @@ -281,16 +354,7 @@ Security Philosophy establish a connection. Firewalls can also be used to limit an attacker's ability to even discover you on a network with icmp blocking. -4. AppArmor - - AppArmor is a mandatory access control system like SELinux. Even if you - don't configure it beyond its defaults, AppArmor is still a good thing to - have available. Apps which come with an apparmor profile will offer you an - additional layer of security. In the same way that a firewall protects you - from remote attacks, AppArmor protects you from privilege escalation - attacks and malicious binaries by blocking them at the source. - -5. ClamAV +4. ClamAV Much like Windows has Windows Defender, Linux has ClamAV. Running an antivirus scanner certainly isn't the end-all-be-all of security, and it definitely isn't good enough @@ -299,14 +363,14 @@ Security Philosophy being said, finding *any* malware on a system is reason enough to nuke it from orbit and restore from a known good backup. -6. BTRFS Snapshots +5. BTRFS Snapshots This is not a backup, this is a snapshot. It serves an equally important function, however, in that it protects you from accidental deletion and corruption. Let's imagine you perform an update, reboot, and your computer crashes mid-startup. You could easily restore root from a btrfs snapshot on your system and go on with your day like nothing happened. -7. BTRFS Backups +6. BTRFS Backups This is a backup. Unlike snapshots, which live on the same drive your system exists on, backups are physically separate copies of your computer stored (hopefully) in a @@ -341,7 +405,9 @@ Security Philosophy There is a pacman hook which will automatically sign new binaries on update. -#### TPM2 LUKS Decryption +#### TPM2 LUKS Decryption with Secure Boot + +You can optionally allow tpm2 decryption only while secure boot is active. Using `--tpm2-pcrs=7` enforces secure boot and will require password if secure boot is disabled. @@ -456,26 +522,17 @@ Access Modes - OR - -1. `freshclam` +1. `touch /var/log/clamav/freshclam.log` 2. `systemctl enable --now clamav-freshclam.service` 3. `systemctl enable --now clamav-daemon.service` 4. `clamdscan --multiscan --fdpass /home/ducoterra` -##### Config - -```conf -UpdateLogFile /var/log/clamav/freshclam.log -PidFile /run/clamav/freshclam.pid -DatabaseMirror database.clamav.net -NotifyClamd /etc/clamav/clamd.conf -``` - #### btrbk ```bash cd Downloads wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk -clamscan . +clamdscan . chmod +x btrbk sudo mv btrbk /usr/bin/ ``` @@ -492,84 +549,74 @@ mkdir -p /btr_pools/root ```conf # btr_pools -UUID=84153269-f194-43f7-a4fe-e72aaffdb97a /btr_pools/root btrfs rw,relatime,ssd,space_cache=v2,subvolid=256,subvolid=5 0 0 +UUID=84153269-f194-43f7-a4fe-e72aaffdb97a /btr_pools/root btrfs rw,relatime,ssd,space_cache=v2,subvolid=5 0 0 ``` ```bash systemctl daemon-reload mount -a btrfs sub create /btr_pools/root/.snapshots -btrbk -c /etc/btrbk/snapshots.conf dryrun -btrbk -c /etc/btrbk/snapshots.conf run ``` ##### Snapshots -1. Create a snapshot config +`mkdir /etc/btrbk` - /etc/btrbk/snapshots.conf +Create a snapshot config - ```conf - snapshot_preserve_min 24h - snapshot_preserve 14d +/etc/btrbk/snapshots.conf - # root - volume /btr_pools/root - subvolume root - snapshot_dir .snapshots +```conf +snapshot_preserve_min 24h +snapshot_preserve 24h - # home - volume /btr_pools/root - subvolume home - snapshot_dir .snapshots +# root +volume /btr_pools/root + subvolume root + snapshot_dir .snapshots - # libvirt - volume /btr_pools/root - subvolume libvirt - snapshot_dir .snapshots +# home +volume /btr_pools/root + subvolume home + snapshot_dir .snapshots +``` - # nextcloud - volume /btr_pools/root - subvolume nextcloud - snapshot_dir .snapshots - ``` +Then create a snapshot service -2. Then create a snapshot service +/etc/systemd/system/btrbk_snapshots.service - /etc/systemd/system/btrbk_snapshots.service +```conf +[Unit] +Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf - ```conf - [Unit] - Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf +[Service] +ExecStart=/usr/bin/btrbk -c /etc/btrbk/snapshots.conf -v run +``` - [Service] - ExecStart=/usr/bin/btrbk -c /etc/btrbk/snapshots.conf -v run - ``` +Then create a timer for the service -3. Then create a timer for the service +/etc/systemd/system/btrbk_snapshots.timer - /etc/systemd/system/btrbk_snapshots.timer +```conf +[Unit] +Description=Run snapshots every hour - ```conf - [Unit] - Description=Run snapshots every hour +[Timer] +OnCalendar=hourly - [Timer] - OnCalendar=hourly +AccuracySec=10min +Persistent=true +Unit=btrbk_snapshots.service - AccuracySec=10min - Persistent=true - Unit=btrbk_snapshots.service +[Install] +WantedBy=timers.target +``` - [Install] - WantedBy=timers.target - ``` +Then enable the service -4. Then enable the service - - ```bash - systemctl enable --now btrbk_snapshots.timer - ``` +```bash +systemctl enable --now btrbk_snapshots.timer +``` ##### Backups @@ -596,17 +643,17 @@ Third, I'd recommend iterating dot directories you'd need to restore and writing down somewhere: 1. .aws -2. .config -3. .gitconfig -4. .icons -5. .kube -6. .local -7. .minecraft -8. .ssh -9. .steam -10. .vimrc -11. .vscode -12. .vscode-oss +2. .cache +3. .config +4. .gitconfig +5. .icons +6. .kube +7. .local +8. .minecraft +9. .mozilla +10. .ssh +11. .steam +12. .vimrc 13. .wireguard 14. .zshrc @@ -695,7 +742,9 @@ You can create chroot environments to run firejails or just use for testing purp 1. `pacman -S fprintd` 2. `systemctl enable --now fprintd` 3. `fprintd-enroll ducoterra` -4. Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint) +4. ~~Enable fingerprint terminal login but prompt for password first (enter switches to prompt for fingerprint)~~ + + DON'T DO THIS /etc/pam.d/sudo @@ -783,33 +832,44 @@ runs our script on wake. Now the status should be correct even after connecting/disconnecting when the computer is off. -## Desktop Environment - -### Gnome - -1. `pacman -S gdm gnome` - - - choose pipewire-jack - - choose wireplumber - - choose noto-fonts-emoji - -2. `systemctl enable --now gdm` -3. `pacman -S networkmanager` -4. `systemctl enable --now NetworkManager` -5. `pacman -S gnome-tweaks dconf-editor seahorse` - ## Hardware Management +### Power Profiles + + + +```bash +pacman -S power-profiles-daemon +systemctl enable --now power-profiles-daemon +``` + ### Color Management +```bash +cp /home/ducoterra/Downloads/BOE_CQ... /usr/share/color/icc/colord/ +colormgr get-profiles +colormgr get-devices +colormgr device-add-profile xrandr-BOE-0x095f-0x00000000 icc-eca2e6d155d550a5e78c97a34ac3fcae +``` + ### Washed out colors with power-profiles-daemon +```bash +systemctl edit power-profiles-daemon.service --drop-in=disable_panel_powersavings +``` + +```conf +[Service] +ExecStart= +ExecStart=/usr/lib/power-profiles-daemon --block-action=amdgpu_panel_power +``` + ### Hardware Acceleration (This helps enable hardware encoding/decoding for steam streaming) @@ -833,13 +893,8 @@ vainfo This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock will prevent it from waking up. -/etc/systemd/logind.conf - -```conf -... -HandleLidSwitchExternalPower=lock -HandleLidSwitchDocked=ignore -... +```bash +vim /etc/systemd/logind.conf ``` ### Bluetooth @@ -939,6 +994,24 @@ pacman -S flatpak ## Apps +### Toolbox + + + +Toolbox is a containerized workstation service via podman. + +```bash +# select "crun" when prompted +pacman -S toolbox + +toolbox create + +toolbox enter + +sudo pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile +``` + + ### Firefox You'll want firefox and gnome-browser-connector (for gnome extension management). @@ -958,19 +1031,19 @@ Choose noto-fonts ### Avahi (Bonjour) -1. `sudo pacman -S avahi` -2. `sudo vim /etc/nsswitch.conf` +1. `pacman -S avahi` +2. `vim /etc/nsswitch.conf` ```conf hosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns ``` -3. `sudo vim /etc/mdns.allow` +3. `vim /etc/mdns.allow` - ```conf - .local. - .local - ``` +```conf +.local. +.local +``` ### CUPS Printing diff --git a/infrastructure/graduated/arch/gaming.md b/infrastructure/graduated/arch/gaming.md index 818043b..21d89e8 100644 --- a/infrastructure/graduated/arch/gaming.md +++ b/infrastructure/graduated/arch/gaming.md @@ -176,6 +176,26 @@ pacman -U --noconfirm sunshine.pkg.tar.zst +```bash +mv ~/Downloads/Moonlight-*.AppImage ~/Applications/Moonlight.AppImage +chmod +x ~/Applications/*.AppImage +``` + +vim ~/.local/share/applications/moonlight.desktop + +```conf +[Desktop Entry] +Name=Moonlight +Exec=/home/ducoterra/Applications/Moonlight.AppImage %u +Icon=/home/ducoterra/.icons/Moonlight.ico +Type=Application +``` + +```bash +update-desktop-database +``` + + Ctrl + Alt + Shift + Q (Moonlight Stream) Quit the streaming session (leaving the game running on the host PC) diff --git a/infrastructure/graduated/arch/workstation.md b/infrastructure/graduated/arch/workstation.md index 3924a0c..50720ea 100644 --- a/infrastructure/graduated/arch/workstation.md +++ b/infrastructure/graduated/arch/workstation.md @@ -1,15 +1,6 @@ # Workstation - [Workstation](#workstation) - - [Framework AMD Notes](#framework-amd-notes) - - [ATH12K Wifi Drivers](#ath12k-wifi-drivers) - - [Microcode](#microcode) - - [linux-git kernel](#linux-git-kernel) - - [Base Tools](#base-tools) - - [ZSH](#zsh) - - [Prompt Themes](#prompt-themes) - - [Aliases](#aliases) - - [Rollback Pacman Update](#rollback-pacman-update) - [Podman](#podman) - [Docker](#docker) - [QEMU/KVM](#qemukvm) @@ -37,140 +28,12 @@ - [AWS CLI](#aws-cli) - [NSlookup](#nslookup) - [rpi-imager](#rpi-imager) - - [Install rpi-imager](#install-rpi-imager) - - [Upgrade rpi-imager](#upgrade-rpi-imager) - [qFlipper](#qflipper) - [Nextcloud Talk](#nextcloud-talk) - -## Framework AMD Notes - -### ATH12K Wifi Drivers - -Install the wireless-regdb to set the regulatory domain to US - -```bash -pacman -S wireless-regdb -``` - -Edit `/etc/conf.d/wireless-regdom` to set the domain - - - -1. `git clone https://git.codelinaro.org/clo/ath-firmware/ath12k-firmware` -2. `cd ath12k-firmware` -3. Run the following: - - ```bash - wget https://github.com/qca/qca-swiss-army-knife/raw/master/tools/scripts/ath12k/ath12k-fw-repo - chmod 755 ath12k-fw-repo - sudo ./ath12k-fw-repo --install /lib/firmware - ``` - -4. `sudo cp ath12k/board.bin /lib/firmware/ath12k/WCN7850/hw2.0/` -5. `sudo cp ath12k/regdb.bin /lib/firmware/ath12k/WCN7850/hw2.0/` -6. Reboot - -### Microcode - -```bash -pacman -S amd-ucode -``` - -Edit /boot/loader/entries/.conf and add the following: - -```bash -title Arch Linux (Work) -linux /vmlinuz-linux -initrd /amd-ucode.img -initrd /initramfs-linux.img -options ... -``` - -### linux-git kernel - - - -1. `git clone https://aur.archlinux.org/linux-git.git` -2. `cd linux-git` -3. `makepkg` -4. `sudo pacman -U linux-git... linux-git-headers...` - -## Base Tools - -```bash -# gvfs and gvfs-dnssd are for webdav support -pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd -``` - -## ZSH - -```bash -pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile -chsh -s $(which zsh) - -cat < ~/.zshrc -# Basic settings -autoload bashcompinit && bashcompinit -autoload -U compinit; compinit -zstyle ':completion:*' menu select - -# Prompt settings -autoload -Uz promptinit -promptinit -PROMPT_EOL_MARK= - -# Syntax Highlighting -source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh -source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh - -# Command Not Found Autocomplete -source /usr/share/doc/pkgfile/command-not-found.zsh - -### Custom Commands and Aliases ### -EOF -``` - -### Prompt Themes - -See: - -Use `prompt -l` to list prompts - -Use `prompt -p` to see previews - -In your `.zshrc` set the following: - -```bash -autoload -Uz promptinit -promptinit -prompt grml -``` - -### Aliases - -You can put you aliases in `.zshrc` with the following format: - -```bash -alias update='sudo pacman -Syu --noconfirm' -``` - -It's recommended that for complicated/multiline aliases you create a folder called -`~/.local/scripts` where you store each alias. Make sure to back up this folder! - -#### Rollback Pacman Update - -This script will grep for all updates performed today and roll them back one by one. - -rollback_update.sh - -```bash -grep -a upgraded /var/log/pacman.log| grep $(date +"%Y-%m-%d") > /tmp/lastupdates.txt -awk '{print $4}' /tmp/lastupdates.txt > /tmp/lines1;awk '{print $5}' /tmp/lastupdates.txt | sed 's/(/-/g' > /tmp/lines2 -paste /tmp/lines1 /tmp/lines2 > /tmp/lines -tr -d "[:blank:]" < /tmp/lines > /tmp/packages -cd /var/cache/pacman/pkg/ -for i in $(cat /tmp/packages); do sudo pacman --noconfirm -U "$i"*; done -``` + - [FFMpeg](#ffmpeg) + - [Youtube-dlp](#youtube-dlp) + - [Iperf3](#iperf3) + - [Glances](#glances) ## Podman @@ -211,41 +74,14 @@ You can use btrfs as your storage driver by following these instructions: ## QEMU/KVM -1. Install virtualization capabilties +Install virtualization capabilties - ```bash - pacman -S qemu-full libvirt iptables-nft dnsmasq virt-manager qemu-desktop swtpm - usermod -aG libvirt ducoterra - ``` - -2. Edit /etc/libvirt/libvirtd.conf - - ```conf - ... - unix_sock_group = 'libvirt' - ... - unix_sock_rw_perms = '0770' - ... - ``` - -3. Edit /etc/libvirt/qemu.conf - - ```conf - # Some examples of valid values are: - # - # user = "qemu" # A user named "qemu" - # user = "+0" # Super user (uid=0) - # user = "100" # A user named "100" or a user with uid=100 - # - user = "ducoterra" - - # The group for QEMU processes run by the system instance. It can be - # specified in a similar way to user. - group = "ducoterra" - ``` - -4. `sudo systemctl enable --now libvirtd` -5. `sudo virsh net-autostart default` +```bash +# DNSMasq is required - do not start it with systemd, qemu will handle that. +pacman -S qemu-full dnsmasq virt-manager +systemctl enable --now libvirtd +virsh net-autostart default +``` If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem. @@ -560,6 +396,7 @@ Type=Application # Install less if you don't have it already pacman -S less +cd ~/Downloads curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install @@ -574,7 +411,11 @@ complete -C '/usr/local/bin/aws_completer' aws ## NSlookup ```bash -pacman -Syu bind +# Do this in a toolbox +toolbox enter + +# Install +pacman -S bind ``` ## rpi-imager @@ -582,33 +423,9 @@ pacman -Syu bind ```bash -sudo pacman -S cmake qt5-base -``` - -### Install rpi-imager - -```bash -git clone https://github.com/raspberrypi/rpi-imager.git -cd rpi-imager -mkdir -p build -cd build -cmake ../src -make -sudo make install -``` - -### Upgrade rpi-imager - -```bash -```bash -cd rpi-imager -git pull -rm -r build -mkdir -p build -cd build -cmake ../src -make -sudo make install +toolbox create -d ubuntu -r 24.04 +toolbox enter toolbox enter ubuntu-toolbox-24.04 +sudo apt install rpi-imager ``` ## qFlipper @@ -649,3 +466,37 @@ Type=Application ```bash update-desktop-database ``` + +## FFMpeg + +```bash +# Select pipewire-jack when prompted +pacman -S ffmpeg +``` + +## Youtube-dlp + + + +1. Download `yt-dlp_linux` +2. `clamdscan yt-dlp_linux` +3. `cp yt-dlp_linux /usr/local/bin/yt-dlp` +4. Install ffmpeg `pacman -S ffmpeg` + +Download the best quality video: + +```bash +yt-dlp -f "bv+ba/b" https://... +``` + +## Iperf3 + +```bash +pacman -S iperf3 +``` + +## Glances + +```bash +pacman -S glances +``` \ No newline at end of file