# Workstation - [Workstation](#workstation) - [Pacman Packages](#pacman-packages) - [Upgrade/Downgrade](#upgradedowngrade) - [Freeze package](#freeze-package) - [Fingerprint Reader Support](#fingerprint-reader-support) - [Setup](#setup) - [Turn Off Fingerprint When Laptop Lid Closed](#turn-off-fingerprint-when-laptop-lid-closed) - [SSH](#ssh) - [Templates](#templates) - [Ungoogled Chromium](#ungoogled-chromium) - [Ungoogled Chromium AUR](#ungoogled-chromium-aur) - [Ungoogled Chromium Manual Build](#ungoogled-chromium-manual-build) - [Firefox](#firefox) - [Gnome Extensions](#gnome-extensions) - [Avahi (Bonjour)](#avahi-bonjour) - [CUPS Printing](#cups-printing) - [Toolbox](#toolbox) - [Podman](#podman) - [Docker](#docker) - [QEMU/KVM](#qemukvm) - [Arch Guests](#arch-guests) - [Kubernetes](#kubernetes) - [VSCode](#vscode) - [Wireguard](#wireguard) - [Remote Desktop](#remote-desktop) - [Transmission](#transmission) - [VLC](#vlc) - [Bitwarden](#bitwarden) - [Nextcloud](#nextcloud) - [Insomnia](#insomnia) - [QMK](#qmk) - [Initialization](#initialization) - [Development](#development) - [Cura](#cura) - [Creality Print](#creality-print) - [Bambu Studio](#bambu-studio) - [Firewall Rules for LAN Printer](#firewall-rules-for-lan-printer) - [Adding LAN printer via config](#adding-lan-printer-via-config) - [Custom Filament Profiles](#custom-filament-profiles) - [Orca Slicer](#orca-slicer) - [AWS CLI](#aws-cli) - [NSlookup](#nslookup) - [rpi-imager](#rpi-imager) - [qFlipper](#qflipper) - [Nextcloud Talk](#nextcloud-talk) - [FFMpeg](#ffmpeg) - [Youtube-dlp](#youtube-dlp) - [Iperf3](#iperf3) - [Glances](#glances) - [VirtualBox](#virtualbox) - [Email](#email) - [Traffic Usage](#traffic-usage) - [Wine](#wine) - [KDE Connect (GSConnect)](#kde-connect-gsconnect) - [Python](#python) - [Pyenv](#pyenv) - [Poetry](#poetry) - [Note Taking](#note-taking) - [Calculator](#calculator) - [Disk Usqage](#disk-usqage) ## Pacman Packages ### Upgrade/Downgrade The [Arch Linux Archive](https://archive.archlinux.org/packages/) keeps snapshots of all packages from history. Search for your package on the site, copy the link for the `pkg.tar.zst` file, and run the following: ```bash # Replace link with the one you copied pacman -U https://archive.archlinux.org/packages/g/gdm/gdm-46.2-1-x86_64.pkg.tar.zst ``` ### Freeze package You can freeze a package by adding it to the list of ignores in `/etc/pacman.conf`: ```conf ... IgnorePkg = nano vim linux ... ``` ## Fingerprint Reader Support ### Setup 1. `pacman -S fprintd` 2. `systemctl enable --now fprintd` 3. `fprintd-enroll ducoterra` 4. Install to use fingerprint with gnome In order to use fingerprint auth with gnome for privileged system stuff with gdm, edit `/etc/pam.d/system-auth` to include `auth sufficient pam_fprintd_grosshack.so`. ```conf #%PAM-1.0 auth required pam_shells.so # User must have shell in /etc/shells auth requisite pam_nologin.so # Prevents users from loging in if /etc/nologin exists auth required pam_faillock.so preauth # Timeout after certain number of fails # Optionally use requisite above if you do not want to prompt for the password # on locked accounts. auth sufficient pam_fprintd_grosshack.so -auth [success=2 default=ignore] pam_systemd_home.so auth [success=1 default=bad] pam_unix.so try_first_pass nullok auth [default=die] pam_faillock.so authfail auth optional pam_permit.so auth required pam_env.so auth required pam_faillock.so authsucc # If you drop the above call to pam_faillock.so the lock will be done also # on non-consecutive authentication failures. -account [success=1 default=ignore] pam_systemd_home.so account required pam_unix.so account optional pam_permit.so account required pam_time.so -password [success=1 default=ignore] pam_systemd_home.so password required pam_unix.so try_first_pass nullok shadow password optional pam_permit.so -session optional pam_systemd_home.so session required pam_limits.so session required pam_unix.so session optional pam_permit.so ``` ### Turn Off Fingerprint When Laptop Lid Closed **NOTE: This may break fingerprint unlock. Testing in progress.** To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo. Usually we'd just `systemctl mask fprintd` but this breaks gdm (as of 08/06/23). See and . 1. `pacman -S acpid` and then `systemctl enable --now acpid` 2. Create file /etc/acpi/laptop-lid.sh with the following contents: ```bash #!/bin/bash if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then # comment out fprintd sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo else # uncomment fprintd sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo fi ``` 3. Make the file executable with `chmod +x /etc/acpi/laptop-lid.sh` 4. Create file /etc/acpi/events/laptop-lid with the following contents: ```bash event=button/lid.* action=/etc/acpi/laptop-lid.sh ``` 5. Restart the acpid service with: `systemctl restart acpid` Now the fingerprint will be used only when the lid is open. In order to ensure the correct state after suspend we need a service file which runs our script on wake. 1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: ```bash [Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target ``` 2. Reload the systemd config files with `sudo systemctl daemon-reload` 3. Start and enable the service with `sudo systemctl enable --now laptop-lid.service` Now the status should be correct even after connecting/disconnecting when the computer is off. ## SSH See [README](/README.md#ssh-setup) ## Templates You can add files in `~/Templates` to give yourself quick-create options in the gnome file browser context menu. ```bash mkdir ~/Templates touch ~/Templates/text.txt ``` ## Ungoogled Chromium ### Ungoogled Chromium AUR Make sure to `pacman -S gnome-browser-connector` and grab the [Gnome Shell Integration](https://chromewebstore.google.com/detail/gnome-shell-integration/gphhapmejobijbbhgpjhcjognlahblep) Install the [chromium-web-store](https://github.com/NeverDecaf/chromium-web-store) extension to use chrome web store extensions. ### Ungoogled Chromium Manual Build ```bash # Install required dependencies. Make sure your user has access to sudo sudo pacman -S base-devel # Clone this repository git clone https://github.com/ungoogled-software/ungoogled-chromium-archlinux # Navigate into the repository cd ungoogled-chromium-archlinux # Check out the latest tag git checkout $(git describe --abbrev=0 --tags) # Start the build, this will download all necessary dependencies automatically makepkg -s # Install makepkg --install ``` ## Firefox You'll want firefox and gnome-browser-connector (for gnome extension management). ```bash pacman -S firefox gnome-browser-connector ``` Choose noto-fonts ### Gnome Extensions 1. AlphabeticalAppGrid@stuarthayhurst 2. 3. 4. 5. GSConnect ## Avahi (Bonjour) 1. `pacman -S avahi` 2. `vim /etc/nsswitch.conf` ```conf hosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns ``` 3. `vim /etc/mdns.allow` ```conf .local. .local ``` ## CUPS Printing Note: you need [avahi](#avahi-bonjour) for auto-discovery. 1. `pacman -S cups cups-pdf system-config-printer gutenprint foomatic-db-gutenprint-ppds` 2. `cups-genppdupdate` 3. `usermod -aG lp ducoterra` 4. `systemctl enable --now cups` To add a new printer: `lpadmin -p printer-name -E -v "ipp://1.2.3.4/ipp/print" -m everywhere` ## Toolbox Toolbox is a containerized workstation service via podman. ```bash # select "crun" when prompted pacman -S toolbox toolbox create toolbox enter sudo pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile ``` ## Podman Install with the following `pacman -S podman buildah cni-plugins slirp4netns podman-dnsname aardvark-dns` Then you can run rootless containers like so: ```bash podman pull docker.io/library/python:3.11 podman run -it python:3.11 bash podman network create test podman pod create --network test --publish 8000:8000 test1 podman run -it --pod test1 python:3.11 bash ``` You can also deploy pods with kubernetes yamls. ```bash podman network create test podman kube play --network test podman-deploy.yaml --replace ``` ## Docker ```bash pacman -Sy docker docker-compose usermod -aG docker ducoterra ``` logout, log back in to use docker as non-root user. You can use btrfs as your storage driver by following these instructions: ## QEMU/KVM Install virtualization capabilties ```bash # DNSMasq is required - do not start it with systemd, qemu will handle that. pacman -S qemu-full dnsmasq virt-manager systemctl enable --now libvirtd virsh net-autostart default ``` Then edit `/etc/libvirt/network.conf` and add: ```conf firewall_backend="iptables" ``` Make sure to restart libvirtd with `systemctl restart libvirtd`. If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem. ### Arch Guests In order to get drivers for spice you'll need the guest spice drivers: ```bash sudo pacman -S qemu-guest-agent spice-vdagent ``` ## Kubernetes ```bash pacman -S kubectl helm ``` ## VSCode For the open source version of code install `code`: ```bash sudo pacman -S code ``` You'll probably also want to enable default vscode marketplace extensions (like pylance): See Arch wiki here: Code Marketplace: Pylance Support: This version of code does not render with wayland by default. If using fractional scaling this causes blurriness. To fix this you'll need to modify the .desktop file and add the wayland argument: ```bash cp /usr/share/applications/code-oss.desktop ~/.local/share/applications/ vim ~/.local/share/applications/code-oss.desktop ``` Add `--ozone-platform=wayland` to the `Exec` section: ```conf [Desktop Entry] ... Exec=code-oss --ozone-platform=wayland %F ... [Desktop Action new-empty-window] ... Exec=code-oss --ozone-platform=wayland --new-window %F ... ``` For the proprietary version of vscode use the AUR: ```bash cd ~/aur git clone https://aur.archlinux.org/visual-studio-code-bin.git cd visual-studio-code-bin makepkg -si ``` ## Wireguard Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your vpn likely won't activate. ```bash pacman -S wireguard-tools ``` ## Remote Desktop ```bash pacman -S remmina freerdp ``` ## Transmission ```bash pacman -S gtk4 transmission-gtk ``` ## VLC ```bash pacman -S vlc ``` ## Bitwarden ```bash pacman -S bitwarden ``` Enable fractional scaling support: ```bash cp /usr/share/applications/bitwarden.desktop ~/.local/share/applications/ vim ~/.local/share/applications/bitwarden.desktop ``` bitwarden.desktop ```conf [Desktop Entry] ... Exec=bitwarden-desktop --ozone-platform=wayland ... ``` ## Nextcloud ```bash pacman -S nextcloud-client ``` For app icon support, install ## Insomnia ```bash mv ~/Downloads/Insomnia*.AppImage ~/Applications/Insomnia.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Insomnia Exec=/home/ducoterra/Applications/Insomnia.AppImage Icon=/home/ducoterra/.icons/insomnia.png Type=Application ``` ## QMK ### Initialization I have a mirror and a fork of the mirror on my personal Gitea. For this strategy you'll need to checkout the fork and add the mirror. This ensures I'll always have an up-to-date mirror of qmk while also giving me a repo to make changes for my personal keyboards. ```bash git clone git@gitea.reeseapps.com:ducoterra/qmk_firmware.git cd qmk_firmware git remote add mirror git@gitea.reeseapps.com:mirrors/qmk_firmware.git git fetch mirror git rebase mirror/master pacman -S qmk qmk setup sudo cp /home/ducoterra/qmk_firmware/util/udev/50-qmk.rules /etc/udev/rules.d/ qmk config user.keyboard=keychron/q11/ansi_encoder qmk config user.keymap=ducoterra ``` ### Development Every time you start a project you'll want to sync with the mirror. ```bash git fetch mirror git rebase mirror/master ``` Commit to master while you're in the fork. ## Cura ```bash mv ~/Downloads/*Cura*.AppImage ~/Applications/Cura.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Cura Exec=/home/ducoterra/Applications/Cura.AppImage Icon=/home/ducoterra/.icons/cura.png Type=Application ``` ## Creality Print ```bash mv ~/Downloads/Creality_Print*.AppImage ~/Applications/Creality_Print.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Creality Print Exec=/home/ducoterra/Applications/Creality_Print.AppImage Icon=/home/ducoterra/.icons/creality_print.png Type=Application ``` ## Bambu Studio Install with flatpak. ```bash flatpak install com.bambulab.BambuStudio ``` ### Firewall Rules for LAN Printer For local LAN discovery allow 2021/udp ```bash sudo ufw allow 2021/udp sudo ufw reload ``` ### Adding LAN printer via config The config is located at `~/.var/app/com.bambulab.BambuStudio/config/BambuStudio/BambuStudio.conf` At the very top of the config you can add a pin for a printer permanently with: ```json "access_code": { "printer serial number": "access code here" }, ``` ### Custom Filament Profiles Custom profiles are located at `.var/app/com.bambulab.BambuStudio/config/BambuStudio/user/default/filament/base` Sync this with something like Nextcloud. ## Orca Slicer This is an open source fork of Bambu Slicer with more features. ```bash # You might need to install webkit2gtk pacman -S webkit2gtk ``` ```bash mv ~/Downloads/OrcaSlicer*.AppImage ~/Applications/OrcaSlicer.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Orca Slicer Exec=/home/ducoterra/Applications/OrcaSlicer.AppImage Icon=/home/ducoterra/.icons/orca_slicer.png Type=Application ``` ## AWS CLI ```bash # Install less if you don't have it already pacman -S less cd ~/Downloads curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install ``` Add the following to your .zshrc: ```bash complete -C '/usr/local/bin/aws_completer' aws ``` ## NSlookup ```bash # Do this in a toolbox toolbox enter # Install pacman -S bind ``` ## rpi-imager ```bash toolbox create -d ubuntu -r 24.04 toolbox enter toolbox enter ubuntu-toolbox-24.04 sudo apt install rpi-imager ``` ## qFlipper ```bash mv ~/Downloads/*qFlipper*.AppImage ~/Applications/qFlipper.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=qFlipper Exec=/home/ducoterra/Applications/qFlipper.AppImage Icon=/home/ducoterra/.icons/qFlipper.png Type=Application ``` ## Nextcloud Talk ```bash unzip ~/Downloads/Nextcloud.Talk-linux*.zip -d ~/Downloads rm -rf ~/Applications/NextcloudTalk mv ~/Downloads/'Nextcloud Talk-linux-x64' ~/Applications/NextcloudTalk ``` vim ~/.local/share/applications/nextcloud-talk.desktop ```conf [Desktop Entry] Name=Nextcloud Talk Exec="/home/ducoterra/Applications/NextcloudTalk/Nextcloud Talk" --ozone-platform=wayland %U Icon=/home/ducoterra/.icons/NextcloudTalk.png Type=Application ``` ```bash update-desktop-database ``` ## FFMpeg ```bash # Select pipewire-jack when prompted pacman -S ffmpeg ``` ## Youtube-dlp 1. Download `yt-dlp_linux` 2. `clamdscan yt-dlp_linux` 3. `cp yt-dlp_linux /usr/local/bin/yt-dlp` 4. Install ffmpeg `pacman -S ffmpeg` Download the best quality video: ```bash yt-dlp -f "bv+ba/b" https://... ``` Download a playlist: ```bash yt-dlp -f "bv+ba/b" --write-thumbnail https://www.youtube.com/watch?v=l-unefmAo9k&list=PLuYLhuXt4HrQqnfSceITmv6T_drx1hN84 ``` ## Iperf3 ```bash pacman -S iperf3 ``` ## Glances ```bash pacman -S glances ``` ## VirtualBox For the linux kernel, choose virtualbox-host-modules-arch ```bash pacman -S virtualbox # Required reboot to load the kernel modules reboot ``` ## Email - Download Proton Mail Bridge PKGBUILD: ```bash makepkg -si ``` - Open protonmail bridge and login - Install geary email client ```bash pacman -S geary ``` - Open geary - Add the account following protonmail bridge's instructions ## Traffic Usage Nethogs shows per-app network utilization. ```bash pacman -S nethogs # You'll need to run this with sudo if you aren't root nethogs ``` ## Wine ```bash pacman -S wine ``` You can adjust the dpi scaling for wine with `winecfg`. ## KDE Connect (GSConnect) Install the GSConnect extension for Gnome. Open the firewall for connecting devices ```bash sudo ufw allow 1714:1764/udp sudo ufw allow 1714:1764/tcp sudo ufw reload ``` ## Python ### Pyenv ```bash curl https://pyenv.run | bash ``` Add to `~/.zshrc`: ```bash export PYENV_ROOT="$HOME/.pyenv" [[ -d $PYENV_ROOT/bin ]] && export PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init -)" ``` Install and use a Python version: ```bash pyenv install 3.13 pyenv global 3.13 ``` ### Poetry ```bash python -m pip install --user pipx python -m pipx ensurepath pipx install poetry pipx ensurepath # source ~/.zshrc or ~/.bashrc ``` Create a new project in the current directory ```bash poetry new . ``` ## Note Taking ```bash flatpak install org.kde.marknote ``` ## Calculator ```bash flatpak install org.gnome.Calculator ``` ## Disk Usqage ```bash flatpak install org.gnome.baobab ```