Arch Base
This is the base configuration from which you can build a variety of systems. Right now I have instructions for building a:
Table of Contents
- Arch Base
Installation
Preparation
Follow most of the instructions here: https://wiki.archlinux.org/title/Installation_guide
-
Download Arch
-
Verify the image
gpg --auto-key-locate clear,wkd -v --locate-external-key pierre@archlinux.org gpg --keyserver-options auto-key-retrieve --verify archlinux-... -
Create a bootable ISO
-
If you are booting into a VM, create an ISO with installation files so you don't have to copy-paste:
sudo pacman -S cdrtools mkisofs -r -iso-level 4 -l -o /tmp/arch-files.iso ./arch -
If you are booting from a live usb, copy the files in ./arch to the usb drive
-
-
Disable secureboot (reenable later)
Boot
You'll want two usb drives while following this guide. One will be the Arch boot drive. The other will be a support drive with critical files and passwords which we will need to access after we finish the install.
-
Boot into the live image
-
Check for network connectivity
# Check for internet ip a ping archlinux.org -
timedatectlto update system clock -
Install pwgen for password generation
pacman -S pwgen -
If using a VM, mount the iso with arch conf files
mount --mkdir /dev/sr1 /media -
If using a physical computer, mount your support drive
mount --mkdir /dev/sdb1 /media -
Create disk partitions. Use gdisk or beware "bootctl install is not on a gpt partition table"
fdisk -l gdisk /dev/vda- +1G for /boot
- t EFI SYSTEM for /boot
- remaining for /
-
mkfs.fat -F 32 /dev/vda1(/mnt/boot partition) -
This next step involves generating a secure, random password. Make sure to save this somewhere. I recommend having an encrypted partition on your installation drive to which you can write a few bytes of text.
echo -n $(pwgen 8 5) | sed 's/ /-/g' > /media/root-key.txt -
cryptsetup luksFormat /dev/vda2 --key-file /path/to/root-key.txt -
cryptsetup luksOpen /dev/vda2 root --key-file /path/to/root-key.txt -
mkfs.btrfs /dev/mapper/root(root partition) -
At this point you can choose how to subvolume your root partition
mount --mkdir -o subvolid=5 /btr_pool btrfs sub create root /btr_pool btrfs sub create home /btr_pool -
Mount the root partition with
mount -o subvol=root /dev/mapper/root /mnt -
Mount the home partition with
mount -o subvol=home /dev/mapper/root /mnt/home -
Mount the boot partition with
mount --mkdir /dev/vda1 /mnt/boot -
pacstrap -K /mnt base linux linux-firmwareThis command might show an error. This is ok, we'll fix it later.
-
genfstab -U /mnt >> /mnt/etc/fstab -
If on VM: Mount the conf files with
mount --mkdir /dev/sr1 /mnt/media -
If on a physical computer: mount the support parition with
mount --mkdir /dev/sdb1 /mnt/media -
arch-chroot /mnt -
ln -sf /usr/share/zoneinfo/America/New_York /etc/localtime -
hwclock --systohc -
echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen -
echo 'KEYMAP=us' > /etc/vconsole.conf -
echo 'hostname' > /etc/hostname -
pacman -S sudo vim dhclient dhcpcd bash-completion btrfs-progs plymouth- dhclient/dhcpcd provides dhcp for network
- bash-completion provides tab complete
- btrfs-progs provides fsck for btrfs
- plymouth gives a nice bootloader screen
-
Edit /etc/mkinitcpio.conf and uncomment the line for systemd-boot with an encrypted drive.
-
mkinitcpio -P -
Install systemd-boot
https://wiki.archlinux.org/title/systemd-boot
bootctl installIf this raises an error like "efi partition not found" you probably forgot to format /mnt/boot as an EFI partition. Edit this by reformatting it with gdisk (ef00 is the hex code).
-
edit your loader.conf with some defaults
/boot/loader/loader.conf
default arch.conf timeout 4 console-mode max editor no -
Create a loader (/usr/share/systemd/bootctl/arch.conf for example)
/boot/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options ... rd.luks.name=d9828faa-2b8c-4184-9e74-9054ae328c6d=root root=/dev/mapper/root rootflags=subvol=root ...You can get the UUID of the disk into arch.conf with some grepping. Use vim to cut the excess and copy it into the correct location.
blkid | grep /dev/vda2 >> /boot/loader/entries/arch.conf -
useradd ducoterra -
passwd ducoterra -
groupadd sudo -
Edit /etc/sudoers and uncomment the section allowing sudo and wheel group privilege
-
usermod -aG sudo ducoterra -
usermod -aG wheel ducoterra -
mkdir /home/ducoterra -
chown ducoterra:ducoterra /home/ducoterra -
locale-gen -
systemctl enable dhcpcd -
If on VM install guest drivers:
pacman -S qemu-guest-agent spice-vdagent -
If you need ssh:
pacman -S openssh; systemctl enable sshd -
Add a pacman hook for systemd-boot updates
/etc/pacman.d/hooks/95-systemd-boot.hook
[Trigger] Type = Package Operation = Upgrade Target = systemd [Action] Description = Gracefully upgrading systemd-boot... When = PostTransaction Exec = /usr/bin/systemctl restart systemd-boot-update.service -
Install gnome:
pacman -S gdm gnome- choose pipewire-jack
- choose wireplumber
- choose noto-fonts-emoji
-
systemctl enable gdm -
Install NetworkManager
pacman -S networkmanager -
systemctl enable NetworkManager -
Install gnome nice-to-haves
pacman -S gnome-tweaks dconf-editor seahorse -
Install tpm2-tss for tpm2 disk decryption
pacman -S tpm2-tss -
Setup tpm2 disk decryption
systemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs="" --unlock-key-file=/media/root-key.txt -
exit -
reboot
Base Tools
# gvfs and gvfs-dnssd are for webdav support
pacman -S rsync which git iperf3 pwgen dosfstools exfatprogs gvfs gvfs-dnssd wget
ZSH
pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
chsh -s $(which zsh)
cat <<EOF > ~/.zshrc
# Basic settings
autoload bashcompinit && bashcompinit
autoload -U compinit; compinit
zstyle ':completion:*' menu select
# Prompt settings
autoload -Uz promptinit
promptinit
PROMPT_EOL_MARK=
# Syntax Highlighting
source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
# Command Not Found Autocomplete
source /usr/share/doc/pkgfile/command-not-found.zsh
### Custom Commands and Aliases ###
EOF
Prompt Themes
See: https://wiki.archlinux.org/title/Zsh#Prompt_themes
Use prompt -l to list prompts
Use prompt -p to see previews
In your .zshrc set the following:
autoload -Uz promptinit
promptinit
prompt grml
AUR
The AUR lets you install community-created and maintained packages. Here are the basics:
pacman -S --needed git base-devel
mkdir ~/AUR
# When you find a project, the basic installation looks like this:
git clone <git repo from aur>
cd <folder name>
makepkg -si
Security
https://wiki.archlinux.org/title/security
Every machine, regardless of use-case, should perform some basic hardening. You don't need to follow every instruction in the above wiki, but you should at least enable secure boot, tpm2 disk decryption, firewall, apparmor, clamav, btrfs snapshots, and btrfs backups.
Security Philosophy
-
Secure Boot
Protection from pre-boot malware that might hijack your EFI binary.
-
TPM2 Decryption
Since we have secure boot enabled we can safely auto-decrypt our hard drive with a tpm2 device. This is purely a convenience.
-
Firewall
This should be self-explanatory, but I'll explain anyway. Don't allow any arbitrary network traffic into your device. Block those ports. Only open what you need. Firewalls drastically reduce the risk of remote exploits by stopping them before they can even establish a connection. Firewalls can also be used to limit an attacker's ability to even discover you on a network with icmp blocking.
-
ClamAV
Much like Windows has Windows Defender, Linux has ClamAV. Running an antivirus scanner certainly isn't the end-all-be-all of security, and it definitely isn't good enough on its own to keep your system safe, but in combination with apparmor and a firewall you can identify and quarantine malware before it has a chance to compromise your system. That being said, finding any malware on a system is reason enough to nuke it from orbit and restore from a known good backup.
-
BTRFS Snapshots
This is not a backup, this is a snapshot. It serves an equally important function, however, in that it protects you from accidental deletion and corruption. Let's imagine you perform an update, reboot, and your computer crashes mid-startup. You could easily restore root from a btrfs snapshot on your system and go on with your day like nothing happened.
-
BTRFS Backups
This is a backup. Unlike snapshots, which live on the same drive your system exists on, backups are physically separate copies of your computer stored (hopefully) in a physically separate location. In the event your computer is lost or stolen these backups give you a way to perfectly restore your system to its former glory.
Secure Boot
-
Put your machine in setup mode
On framework this is done in the UEFI setup page for Security, sub-page Secure Boot, choose “Erase all Secure Boot Settings.”
On my Gigabyte motherboard this is done in the BIOS under security. Set secure boot to custom.
-
pacman -S efitools sbctl -
cd /root/ -
for var in PK KEK db dbx ; do efi-readvar -v $var -o old_${var}.esl ; done -
sbctl create-keys -
sbctl enroll-keys -m -
sbctl status -
sbctl verify -
sbctl sign -s /boot/vmlinuz-linux -
sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI -
sbctl sign -s /boot/EFI/systemd/systemd-bootx64.efi -
sbctl verify -
reboot -
Enable secure boot
-
sbctl statusto check secure boot -
bootctlto check boot loader status
There is a pacman hook which will automatically sign new binaries on update.
TPM2 LUKS Decryption with Secure Boot
You can optionally allow tpm2 decryption only while secure boot is active.
Using --tpm2-pcrs=7 enforces secure boot and will require password if secure boot is disabled.
pacman -S tpm2-tsssystemd-cryptenroll /dev/vda2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7
Re-enroll
systemd-cryptenroll /dev/nvme0n1p2 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7
systemd-cryptenroll /dev/nvme0n1p3 --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7
FIDO2 LUKS Decryption
pacman -S libfido2
Firewall
pacman -S ufw
systemctl enable --now ufw
AppArmor
Install Apparmor
Apparmor protects your system by limiting the access binaries have to specific files. All binaries which are protected by apparmor profiles have a whitelist of allowed paths they can touch, even if they run as root.
-
pacman -S apparmor -
systemctl enable --now apparmor -
systemctl enable --now auditd -
Add the correct kernel parameters
/boot/loaders/entries/main.conf
title Arch Linux ... options ...lsm=landlock,lockdown,yama,integrity,apparmor,bpf audit=1... -
reboot
Custom Profiles
You will likely need to create custom profiles for your apps. There are a few ways to do this but the least painful ways are as follows:
-
A profile already exists in
/usr/share/apparmor/extra-profiles/Check here first. More than likely there's a good starting point. This will probably need to be tuned but you can (and should) copy it to /etc/apparmor.d
-
No profile exists in
/usr/share/apparmor/extra-profiles/You can use
aa-genprof <binary>to generate a profile for that binary and begin listening to log events. Then, launch the application and use it as intended. When you've done what you consider to be the typical use-case you should.- Press
suntil it begins recommending additions to your profile - Use (A) or (D) to add or deny paths
- Use (G) to glob a path
- Use (N) to write a custom path
- If prompted for an executable choose (I) to inherit the execution privileges from the parent process or (P) to use this application's profile. Sanitize if you chooose this app's profile
- When done, (F) to finish and (S) to save.
- Use
apparmor_parser -r /etc/apparmor.d/<profile>to reload the profile - Run
aa-enforce /etc/apparmor.d/<profile>to set to enforce mode - Try to launch the app. It will probably crash
- Run
aa-logprof, add rules,apparmor_parser -r /etc/apparmor.d/<profile>, launch app, repeat until it works - You can
tail /var/log/audit/audit.logand grab a string likemsg=audit(1692576444.967:102858)to use as a starting point rather than parsing the whole log. Like:aa-logprof -m 'msg=audit(1692576444.967:102858)'.
- Press
From https://manpages.ubuntu.com/manpages/xenial/man5/apparmor.d.5.html
Access Modes
File permission access modes consists of combinations of the following modes:
r - read
w - write -- conflicts with append
a - append -- conflicts with write
ux - unconfined execute
Ux - unconfined execute -- scrub the environment
px - discrete profile execute
Px - discrete profile execute -- scrub the environment
cx - transition to subprofile on execute
Cx - transition to subprofile on execute -- scrub the environment
ix - inherit execute
pix - discrete profile execute with inherit fallback
Pix - discrete profile execute with inherit fallback -- scrub the environment
cix - transition to subprofile on execute with inherit fallback
Cix - transition to subprofile on execute with inherit fallback -- scrub the
environment
pux - discrete profile execute with fallback to unconfined
PUx - discrete profile execute with fallback to unconfined -- scrub the environment
cux - transition to subprofile on execute with fallback to unconfined
CUx - transition to subprofile on execute with fallback to unconfined -- scrub the
environment
deny x - disallow execute (in rules with the deny qualifier)
m - allow PROT_EXEC with mmap(2) calls
l - link
k - lock
ClamAV
pacman -S clamavclamscan --recursive --infected /path/to/dir
- OR -
touch /var/log/clamav/freshclam.logsystemctl enable --now clamav-freshclam.servicesystemctl enable --now clamav-daemon.serviceclamdscan --multiscan --fdpass /home/ducoterra
btrbk
cd Downloads
wget https://raw.githubusercontent.com/digint/btrbk/master/btrbk
clamdscan .
chmod +x btrbk
sudo mv btrbk /usr/bin/
fstab
You'll need to mount your btrfs volumes in a location which exposes their subvolumes.
mkdir -p /btr_pools/root
/etc/fstab
# btr_pools
UUID=84153269-f194-43f7-a4fe-e72aaffdb97a /btr_pools/root btrfs rw,relatime,ssd,space_cache=v2,subvolid=5 0 0
systemctl daemon-reload
mount -a
btrfs sub create /btr_pools/root/.snapshots
Snapshots
mkdir /etc/btrbk
Create a snapshot config
/etc/btrbk/snapshots.conf
snapshot_preserve_min 24h
snapshot_preserve 24h
# root
volume /btr_pools/root
subvolume root
snapshot_dir .snapshots
# home
volume /btr_pools/root
subvolume home
snapshot_dir .snapshots
Then create a snapshot service
/etc/systemd/system/btrbk_snapshots.service
[Unit]
Description=Runs btrbk with config file at /etc/btrbk/snapshots.conf
[Service]
ExecStart=/usr/bin/btrbk -c /etc/btrbk/snapshots.conf -v run
Then create a timer for the service
/etc/systemd/system/btrbk_snapshots.timer
[Unit]
Description=Run snapshots every hour
[Timer]
OnCalendar=hourly
AccuracySec=10min
Persistent=true
Unit=btrbk_snapshots.service
[Install]
WantedBy=timers.target
Then enable the service
systemctl enable --now btrbk_snapshots.timer
Backups
Before you begin, go through the usual process of setting up an encrypted drive. If you're using Gnome I recommend using the GUI since it handles encrypted USB drives really nicely.
First, I'd recommend manually creating the mountpoint and setting it as a read-only. This prevents backups from being written to the root device when the backup disk isn't mounted.
btrfs sub create /btr_pools/backup
btrfs property set /btr_pools/backup ro true
Second, I'd recommend creating subvolumes within your existing volumes for things you don't want backed up. These include:
- /var/lib/libvirt
- Nextcloud
Third, I'd recommend iterating dot directories you'd need to restore and writing them down somewhere:
- .aws
- .cache
- .config
- .gitconfig
- .icons
- .kube
- .local
- .minecraft
- .mozilla
- .ssh
- .steam
- .vimrc
- .wireguard
- .zshrc
Now set up the backup:
-
Create a backup config
/etc/btrbk/backups.conf
snapshot_create no target_preserve_min no target_preserve 24h # root volume /btr_pools/root target /btr_pools/backup subvolume root snapshot_dir .snapshots # home volume /btr_pools/root target /btr_pools/backup subvolume home snapshot_dir .snapshots -
Create a backup service
/etc/systemd/system/btrbk_backups.service
[Unit] Description=Runs btrbk with config file at /etc/btrbk/backups.conf [Service] ExecStart=/usr/bin/btrbk -c /etc/btrbk/backups.conf -v run -
Create a timer to activate the service
/etc/systemd/system/btrbk_backups.timer
[Unit] Description=Run btrbk backups every hour [Timer] OnCalendar=hourly AccuracySec=10min Persistent=true Unit=btrbk_backups.service [Install] WantedBy=timers.target -
Enable the timer
systemctl enable --now btrbk_backup.conf
Backing up a snapshot
pacman -S pv
btrfs send /mnt/btr_backup/root.20230727T1000 | pv | btrfs receive /mnt/btr_iscsi
Chroots
You can create chroot environments to run firejails or just use for testing purposes.
btrfs sub create /chrootsmkdir /testingpacman -S arch-install-scriptspacstrap -K /chroots/testing/ base base-develarch-chroot /chroots/testing
Fingerprint Reader Support
Setup
pacman -S fprintdsystemctl enable --now fprintdfprintd-enroll ducoterra- Install https://aur.archlinux.org/pam-fprint-grosshack.git to use fingerprint with gnome
In order to use fingerprint auth with gnome for privileged system stuff with gdm,
edit /etc/pam.d/system-auth and add the following to the top of the file:
auth sufficient pam_fprintd_grosshack.so
auth sufficient pam_unix.so try_first_pass nullok
Turn Off Fingerprint When Laptop Lid Closed
NOTE: This may break fingerprint unlock. Testing in progress.
To disable fingerprint authentication when the laptop lid is closed, and re-enable when it is reopened, we will use acpid to bind to the button/lid.* event to a custom script that will comment out fprintd auth in /etc/pam.d/sudo.
Usually we'd just systemctl mask fprintd but this breaks gdm (as of 08/06/23). See
https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/2267 and
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/6585.
-
pacman -S acpidand thensystemctl enable --now acpid -
Create file /etc/acpi/laptop-lid.sh with the following contents:
#!/bin/bash if grep -Fq closed /proc/acpi/button/lid/LID0/state # && # This is used to detect if a display is connected. # For USB C displayport use: # grep -Fxq connected /sys/class/drm/card1-DP-2/status # For hdmi use: # grep -Fxq connected /sys/class/drm/card0-HDMI-A-1/status then # comment out fprintd sed -i -E 's/^([^#].*pam_fprintd.so)/#\1/g' /etc/pam.d/sudo else # uncomment fprintd sed -i -E 's/#(.*pam_fprintd.so)/\1/g' /etc/pam.d/sudo fi -
Make the file executable with
chmod +x /etc/acpi/laptop-lid.sh -
Create file /etc/acpi/events/laptop-lid with the following contents:
event=button/lid.* action=/etc/acpi/laptop-lid.sh -
Restart the acpid service with:
systemctl restart acpid
Now the fingerprint will be used only when the lid is open.
In order to ensure the correct state after suspend we need a service file which runs our script on wake.
-
Create a file named /etc/systemd/system/laptop-lid.service with the following contents:
[Unit] Description=Laptop Lid After=suspend.target [Service] ExecStart=/etc/acpi/laptop-lid.sh [Install] WantedBy=multi-user.target WantedBy=suspend.target -
Reload the systemd config files with
sudo systemctl daemon-reload -
Start and enable the service with
sudo systemctl enable --now laptop-lid.service
Now the status should be correct even after connecting/disconnecting when the computer is off.
Hardware Management
Power Profiles
https://wiki.archlinux.org/title/CPU_frequency_scaling#power-profiles-daemon
pacman -S power-profiles-daemon
systemctl enable --now power-profiles-daemon
Color Management
https://wiki.archlinux.org/title/Framework_Laptop_13#Display
https://wiki.archlinux.org/title/ICC_profiles#Wayland
cp /home/ducoterra/Downloads/BOE_CQ... /usr/share/color/icc/colord/
colormgr get-profiles
colormgr get-devices
colormgr device-add-profile xrandr-BOE-0x095f-0x00000000 icc-eca2e6d155d550a5e78c97a34ac3fcae
Washed out colors with power-profiles-daemon
systemctl edit power-profiles-daemon.service --drop-in=disable_panel_powersavings
[Service]
ExecStart=
ExecStart=/usr/lib/power-profiles-daemon --block-action=amdgpu_panel_power
Hardware Acceleration
(This helps enable hardware encoding/decoding for steam streaming)
Intel
pacman -S libva-utils intel-media-driver
vainfo
AMD
pacman -S vulkan-radeon libva-utils libva-mesa-driver xf86-video-amdgpu
vainfo
Don't sleep while plugged in
This is needed for the Framework 13 (11th gen) since sleeping while plugged in to a dock will prevent it from waking up.
vim /etc/systemd/logind.conf
Bluetooth
pacman -S bluez bluez-utilssystemctl enable --now bluetooth
Audio
Without pipewire-pulse the audio level/device will reset every reboot.
pacman -S pipewire-pulse(remove conflicting packages)
ISCSI
pacman -S open-iscsi
systemctl enable --now iscsid
-
Add auth login
/etc/iscsi/iscsid.conf
node.session.auth.chap_algs = SHA3-256,SHA256,SHA1,MD5 node.session.auth.username = username node.session.auth.password = password -
Initiate and login to the portal
# Add a new target to your list of nodes iscsiadm \ -m discovery \ -t st \ -p driveripper.reeselink.com # Login to the target iscsiadm \ -m node \ --targetname iqn.2023-01.driveripper.reeselink.com:backup-reese-pc \ -p driveripper.reeselink.com:3260 \ --login # or login to all targets iscsiadm -m node --loginall all # View current session iscsiadm -m session # Log out of all sessions iscsiadm -m node -u # Log out of a single session iscsiadm -m node -T iqn.2023-01.driveripper.reeselink.com:2024-01-framework --logout # Remove session iscsiadm -m node -o delete -T iqn.2023-01.driveripper.reeselink.com:2023-01-framework
Software Stores
AppImage Support
Also chmod +x before running.
-
cp ~/Downloads/xxxxxxx.appimage ~/Applications -
Find an icon online and save it to ~/.icons
-
Write a .desktop entry at ~/.local/share/applications/
[Desktop Entry] Name= Exec=/home/ducoterra/Applications/ Icon=/home/ducoterra/.icons/ Type=Application -
desktop-file-validate ~/.local/share/applications/*.desktop -
update-desktop-database
Troubleshooting
fuse may be required to run an appimage.
sudo pacman -S fuse
Flatpak
pacman -S flatpak
Apps
Toolbox
https://wiki.archlinux.org/title/Toolbox
Toolbox is a containerized workstation service via podman.
# select "crun" when prompted
pacman -S toolbox
toolbox create
toolbox enter
sudo pacman -S zsh grml-zsh-config zsh-syntax-highlighting zsh-autosuggestions pkgfile
Firefox
You'll want firefox and gnome-browser-connector (for gnome extension management).
pacman -S firefox gnome-browser-connector
Choose noto-fonts
Gnome Extensions
- AlphabeticalAppGrid@stuarthayhurst
- Vitals@CoreCoding.com
- dash-to-dock@micxgx.gmail.com
- tactile@lundal.io
Avahi (Bonjour)
-
pacman -S avahi -
vim /etc/nsswitch.confhosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns -
vim /etc/mdns.allow
.local.
.local
CUPS Printing
Note: you probably need avahi (see above)
-
sudo pacman -S cups cups-pdf system-config-printer -
sudo vim /etc/nsswitch.confhosts: mymachines mdns [NOTFOUND=return] resolve [!UNAVAIL=return] files myhostname dns -
sudo systemctl start cups -
sudo systemctl start avahi-daemon
Yubikey
You'll need the yubikey manager appimage in addition to the pacman package
sudo pacman -S yubikey-manager
Reboot and things should work. You might also have to start pcscd:
sudo systemctl enable --now pcscd
Bashrc
Colorized Prompt
You can change the prompt color by setting PROMPT_COLOR at the top of your .bashrc
Examples:
Yellow: PROMPT_COLOR=33;
Orange: PROMPT_COLOR=38;5;208;
Red: PROMPT_COLOR=38;5;160;
Standard Bashrc
Don't do this if you installed zsh
~/.bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific binaries
if ! [[ "$PATH" =~ "$HOME/.local/bin:$HOME/bin:" ]]
then
PATH="$HOME/.local/bin:$HOME/bin:$PATH"
fi
export PATH
# User specific aliases and functions (source .bashrc.d/)
if [ -d ~/.bashrc.d ]; then
for rc in ~/.bashrc.d/*; do
if [ -f "$rc" ]; then
. "$rc"
fi
done
fi
# clear var used in for loop
unset rc
~/.bashrc.d/aliases.sh
# (Mostly) Taken from https://www.cyberciti.biz/tips/bash-aliases-mac-centos-linux-unix.html
# Author: Vivek Gite
## Colorize the ls output ##
alias ls="ls --color=auto"
## Colorize the grep command output for ease of use (good for log files)##
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
## Make mount human readable ##
alias mount='mount |column -t'
## show open ports ##
alias ports='ss -tulanp'
# do not delete / or prompt if deleting more than 3 files at a time #
alias rm='rm -I --preserve-root'
# confirmation #
alias mv='mv -i'
alias cp='cp -i'
alias ln='ln -i'
# Parenting changing perms on / #
alias chown='chown --preserve-root'
alias chmod='chmod --preserve-root'
alias chgrp='chgrp --preserve-root'
## pass options to free ##
alias meminfo='free -m -l -t'
## get top process eating memory
alias psmem='ps auxf | sort -nr -k 4'
alias psmem10='ps auxf | sort -nr -k 4 | head -10'
## get top process eating cpu ##
alias pscpu='ps auxf | sort -nr -k 3'
alias pscpu10='ps auxf | sort -nr -k 3 | head -10'
## this one saved by butt so many times ##
alias wget='wget -c'
## set some other defaults ##
alias df='df -H'
alias du='du -ch'
## ls but with file sizes, showing largest at the bottom ##
alias lst='ls --human-readable --size -1 -S --classify -r'
## ls show only directories
alias lsd='ls -d */'
## Count the number of files in a directory
alias lsc='find . -type f | wc -l'
## ls sort by last modified ##
alias lmt='ls -t -1'