# Workstation - [Workstation](#workstation) - [Pacman Packages](#pacman-packages) - [Upgrade/Downgrade](#upgradedowngrade) - [Freeze package](#freeze-package) - [Fingerprint Reader Support](#fingerprint-reader-support) - [Setup](#setup) - [Turn Off Fingerprint When Laptop Lid Closed](#turn-off-fingerprint-when-laptop-lid-closed) - [SSH](#ssh) - [Templates](#templates) - [Firefox](#firefox) - [Gnome Extensions](#gnome-extensions) - [Avahi (Bonjour)](#avahi-bonjour) - [CUPS Printing](#cups-printing) - [Toolbox](#toolbox) - [Podman](#podman) - [Docker](#docker) - [QEMU/KVM](#qemukvm) - [Arch Guests](#arch-guests) - [Kubernetes](#kubernetes) - [VSCode](#vscode) - [Shell](#shell) - [Fonts](#fonts) - [Navigation](#navigation) - [Extensions](#extensions) - [Wireguard](#wireguard) - [Remote Desktop](#remote-desktop) - [Transmission](#transmission) - [VLC](#vlc) - [Bitwarden](#bitwarden) - [Nextcloud](#nextcloud) - [Insomnia](#insomnia) - [QMK](#qmk) - [Initialization](#initialization) - [Development](#development) - [Cura](#cura) - [Creality Print](#creality-print) - [Bambu Studio](#bambu-studio) - [Orca Slicer](#orca-slicer) - [AWS CLI](#aws-cli) - [NSlookup](#nslookup) - [rpi-imager](#rpi-imager) - [qFlipper](#qflipper) - [Nextcloud Talk](#nextcloud-talk) - [FFMpeg](#ffmpeg) - [Youtube-dlp](#youtube-dlp) - [Iperf3](#iperf3) - [Glances](#glances) - [VirtualBox](#virtualbox) - [Email](#email) ## Pacman Packages ### Upgrade/Downgrade The [Arch Linux Archive](https://archive.archlinux.org/packages/) keeps snapshots of all packages from history. Search for your package on the site, copy the link for the `pkg.tar.zst` file, and run the following: ```bash # Replace link with the one you copied pacman -U https://archive.archlinux.org/packages/g/gdm/gdm-46.2-1-x86_64.pkg.tar.zst ``` ### Freeze package You can freeze a package by adding it to the list of ignores in `/etc/pacman.conf`: ```conf ... IgnorePkg = nano vim linux ... ``` ## Fingerprint Reader Support ### Setup 1. `pacman -S fprintd` 2. `systemctl enable --now fprintd` 3. `fprintd-enroll ducoterra` 4. Install to use fingerprint with gnome In order to use fingerprint auth with gnome for privileged system stuff with gdm, edit `/etc/pam.d/system-auth` to include `auth sufficient pam_fprintd_grosshack.so`. ```conf #%PAM-1.0 auth required pam_shells.so # User must have shell in /etc/shells auth requisite pam_nologin.so # Prevents users from loging in if /etc/nologin exists auth required pam_faillock.so preauth # Timeout after certain number of fails # Optionally use requisite above if you do not want to prompt for the password # on locked accounts. auth sufficient pam_fprintd_grosshack.so -auth [success=2 default=ignore] pam_systemd_home.so auth [success=1 default=bad] pam_unix.so try_first_pass nullok auth [default=die] pam_faillock.so authfail auth optional pam_permit.so auth required pam_env.so auth required pam_faillock.so authsucc # If you drop the above call to pam_faillock.so the lock will be done also # on non-consecutive authentication failures. -account [success=1 default=ignore] pam_systemd_home.so account required pam_unix.so account optional pam_permit.so account required pam_time.so -password [success=1 default=ignore] pam_systemd_home.so password required pam_unix.so try_first_pass nullok shadow password optional pam_permit.so -session optional pam_systemd_home.so session required pam_limits.so session required pam_unix.so session optional pam_permit.so ``` ### Turn Off Fingerprint When Laptop Lid Closed **NOTE: This may break fingerprint unlock. Testing in progress.** To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo. Usually we'd just `systemctl mask fprintd` but this breaks gdm (as of 08/06/23). See and . 1. `pacman -S acpid` and then `systemctl enable --now acpid` 2. Create file /etc/acpi/laptop-lid.sh with the following contents: ```bash #!/bin/bash if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then # comment out fprintd sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo else # uncomment fprintd sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo fi ``` 3. Make the file executable with `chmod +x /etc/acpi/laptop-lid.sh` 4. Create file /etc/acpi/events/laptop-lid with the following contents: ```bash event=button/lid.* action=/etc/acpi/laptop-lid.sh ``` 5. Restart the acpid service with: `systemctl restart acpid` Now the fingerprint will be used only when the lid is open. In order to ensure the correct state after suspend we need a service file which runs our script on wake. 1. Create a file named /etc/systemd/system/laptop-lid.service with the following contents: ```bash [Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target ``` 2. Reload the systemd config files with `sudo systemctl daemon-reload` 3. Start and enable the service with `sudo systemctl enable --now laptop-lid.service` Now the status should be correct even after connecting/disconnecting when the computer is off. ## SSH Generate a key with password protection: ```bash # Omit "-N 'password'" to have it prompt you ssh-keygen -f ~/.ssh/test-key -N 'PASSWORD' ``` Change the password for an ssh key: ```bash # Use "-N ''" to remove the password ssh-keygen -p -N 'PASSWORD' -f ~/.ssh/test-key ``` This is an example config entry in `~/.ssh/config`: ```conf Host my-host Hostname my-host.reeselink.com User root ProxyCommand none ForwardAgent no ForwardX11 no Port 22 KeepAlive yes IdentityFile ~/.ssh/id_my-host_rsa ``` You can ssh to that host with `ssh my-host` after adding a config entry. ## Templates You can add files in `~/Templates` to give yourself quick-create options in the gnome file browser context menu. ```bash mkdir ~/Templates touch ~/Templates/text.txt ``` ## Firefox You'll want firefox and gnome-browser-connector (for gnome extension management). ```bash pacman -S firefox gnome-browser-connector ``` Choose noto-fonts ### Gnome Extensions 1. AlphabeticalAppGrid@stuarthayhurst 2. 3. 4. ## Avahi (Bonjour) 1. `pacman -S avahi` 2. `vim /etc/nsswitch.conf` ```conf hosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns ``` 3. `vim /etc/mdns.allow` ```conf .local. .local ``` ## CUPS Printing Note: you need [avahi](#avahi-bonjour) for auto-discovery. 1. `pacman -S cups cups-pdf system-config-printer gutenprint foomatic-db-gutenprint-ppds` 2. `cups-genppdupdate` 3. `usermod -aG lp ducoterra` 4. `systemctl enable --now cups` 5. In gnome settings: 1. Add printer 2. Enter the IP address 3. Wait... 4. Select "JetDirect" 5. Select Generic 6. Select IPP Printer 7. Print ## Toolbox Toolbox is a containerized workstation service via podman. ```bash # select "crun" when prompted pacman -S toolbox toolbox create toolbox enter sudo pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile ``` ## Podman Install with the following `pacman -S podman buildah cni-plugins slirp4netns podman-dnsname aardvark-dns` Then you can run rootless containers like so: ```bash podman pull docker.io/library/python:3.11 podman run -it python:3.11 bash podman network create test podman pod create --network test --publish 8000:8000 test1 podman run -it --pod test1 python:3.11 bash ``` You can also deploy pods with kubernetes yamls. ```bash podman network create test podman kube play --network test podman-deploy.yaml --replace ``` ## Docker ```bash pacman -Sy docker docker-compose usermod -aG docker ducoterra ``` logout, log back in to use docker as non-root user. You can use btrfs as your storage driver by following these instructions: ## QEMU/KVM Install virtualization capabilties ```bash # DNSMasq is required - do not start it with systemd, qemu will handle that. pacman -S qemu-full dnsmasq virt-manager systemctl enable --now libvirtd virsh net-autostart default ``` Then edit `/etc/libvirt/network.conf` and add: ```conf firewall_backend="iptables" ``` Make sure to restart libvirtd with `systemctl restart libvirtd`. If you get a blank screen when launching a VM check that you've used the correct bios - either secboot or not secboot. This is the most common problem. ### Arch Guests In order to get drivers for spice you'll need the guest spice drivers: ```bash sudo pacman -S qemu-guest-agent spice-vdagent ``` ## Kubernetes ```bash pacman -S kubectl helm ``` ## VSCode For the open source version of code install `code`: ```bash sudo pacman -S code ``` For the proprietary version of vscode use the AUR: ```bash cd ~/aur git clone https://aur.archlinux.org/visual-studio-code-bin.git cd visual-studio-code-bin makepkg -si ``` ### Shell Edit settings.json ```json { "terminal.integrated.defaultProfile.linux": "zsh", } ``` ### Fonts Intel One Mono is designed to be easily readable for developers. Download and extract the ttf.zip ```bash mkdir ~/.local/share/fonts rsync -av /path/to/download/*.ttf ~/.local/share/fonts/ ``` Edit settings.json ```json { "editor.fontFamily": "Intel One Mono", "editor.fontLigatures": true, "terminal.integrated.fontFamily": "Intel One Mono", } ``` ### Navigation The best navigation shortcut ever is alt+left and alt+right to move the cursor to it's previous positions. ```json [ { "key": "alt+left", "command": "workbench.action.navigateBack", "when": "" }, { "key": "alt+right", "command": "workbench.action.navigateForward", "when": "" } ] ``` ### Extensions To save a list of installed extensions run: ```bash code --list-extensions >> vscode_extensions.txt ``` To install that list of extensions run: ```bash cat vscode_extensions.txt | xargs -L 1 code --install-extension ``` ## Wireguard Wireguard requires `linux-headers`. If that isn't installed or is misconfigured your vpn likely won't activate. ```bash pacman -S wireguard-tools ``` ## Remote Desktop ```bash pacman -S remmina freerdp ``` ## Transmission ```bash pacman -S gtk4 transmission-gtk ``` ## VLC ```bash pacman -S vlc ``` ## Bitwarden ```bash pacman -S bitwarden ``` ## Nextcloud ```bash pacman- S nextcloud-client ``` For app icon support, install ## Insomnia ```bash mv ~/Downloads/Insomnia*.AppImage ~/Applications/Insomnia.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Insomnia Exec=/home/ducoterra/Applications/Insomnia.AppImage Icon=/home/ducoterra/.icons/insomnia.png Type=Application ``` ## QMK ### Initialization I have a mirror and a fork of the mirror on my personal Gitea. For this strategy you'll need to checkout the fork and add the mirror. This ensures I'll always have an up-to-date mirror of qmk while also giving me a repo to make changes for my personal keyboards. ```bash git clone git@gitea.reeseapps.com:ducoterra/qmk_firmware.git cd qmk_firmware git remote add mirror git@gitea.reeseapps.com:mirrors/qmk_firmware.git git fetch mirror git rebase mirror/master pacman -S qmk qmk setup sudo cp /home/ducoterra/qmk_firmware/util/udev/50-qmk.rules /etc/udev/rules.d/ qmk config user.keyboard=keychron/q11/ansi_encoder qmk config user.keymap=ducoterra ``` ### Development Every time you start a project you'll want to sync with the mirror. ```bash git fetch mirror git rebase mirror/master ``` Commit to master while you're in the fork. ## Cura ```bash mv ~/Downloads/*Cura*.AppImage ~/Applications/Cura.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Cura Exec=/home/ducoterra/Applications/Cura.AppImage Icon=/home/ducoterra/.icons/cura.png Type=Application ``` ## Creality Print ```bash mv ~/Downloads/Creality_Print*.AppImage ~/Applications/Creality_Print.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Creality Print Exec=/home/ducoterra/Applications/Creality_Print.AppImage Icon=/home/ducoterra/.icons/creality_print.png Type=Application ``` ## Bambu Studio Install with flatpak. ```bash flatpak install com.bambulab.BambuStudio ``` ## Orca Slicer This is an open source fork of Bambu Slicer with more features. ```bash # You might need to install webkit2gtk pacman -S webkit2gtk ``` ```bash mv ~/Downloads/OrcaSlicer*.AppImage ~/Applications/OrcaSlicer.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=Orca Slicer Exec=/home/ducoterra/Applications/OrcaSlicer.AppImage Icon=/home/ducoterra/.icons/orca_slicer.png Type=Application ``` ## AWS CLI ```bash # Install less if you don't have it already pacman -S less cd ~/Downloads curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" unzip awscliv2.zip sudo ./aws/install ``` Add the following to your .zshrc: ```bash complete -C '/usr/local/bin/aws_completer' aws ``` ## NSlookup ```bash # Do this in a toolbox toolbox enter # Install pacman -S bind ``` ## rpi-imager ```bash toolbox create -d ubuntu -r 24.04 toolbox enter toolbox enter ubuntu-toolbox-24.04 sudo apt install rpi-imager ``` ## qFlipper ```bash mv ~/Downloads/*qFlipper*.AppImage ~/Applications/qFlipper.AppImage chmod +x ~/Applications/*.AppImage ``` ```conf [Desktop Entry] Name=qFlipper Exec=/home/ducoterra/Applications/qFlipper.AppImage Icon=/home/ducoterra/.icons/qFlipper.png Type=Application ``` ## Nextcloud Talk ```bash unzip ~/Downloads/Nextcloud.Talk-linux*.zip -d ~/Downloads rm -rf ~/Applications/NextcloudTalk mv ~/Downloads/'Nextcloud Talk-linux-x64' ~/Applications/NextcloudTalk ``` vim ~/.local/share/applications/nextcloud-talk.desktop ```conf [Desktop Entry] Name=Nextcloud Talk Exec="/home/ducoterra/Applications/NextcloudTalk/Nextcloud Talk" %u Icon=/home/ducoterra/.icons/NextcloudTalk.png Type=Application ``` ```bash update-desktop-database ``` ## FFMpeg ```bash # Select pipewire-jack when prompted pacman -S ffmpeg ``` ## Youtube-dlp 1. Download `yt-dlp_linux` 2. `clamdscan yt-dlp_linux` 3. `cp yt-dlp_linux /usr/local/bin/yt-dlp` 4. Install ffmpeg `pacman -S ffmpeg` Download the best quality video: ```bash yt-dlp -f "bv+ba/b" https://... ``` Download a playlist: ```bash yt-dlp -f "bv+ba/b" --write-thumbnail https://www.youtube.com/watch?v=l-unefmAo9k&list=PLuYLhuXt4HrQqnfSceITmv6T_drx1hN84 ``` ## Iperf3 ```bash pacman -S iperf3 ``` ## Glances ```bash pacman -S glances ``` ## VirtualBox For the linux kernel, choose virtualbox-host-modules-arch ```bash pacman -S virtualbox # Required reboot to load the kernel modules reboot ``` ## Email - Download Proton Mail Bridge PKGBUILD: ```bash makepkg -si ``` - Open protonmail bridge and login - Install geary email client ```bash pacman -S geary ``` - Open geary - Add the account following protonmail bridge's instructions