Archlinux install notes

arch.sh

# Get ISO and verify signature
# - https://wiki.archlinux.org/index.php/Installation_guide#Verify_signature
# ============================

# https://www.archlinux.org/download/
gpg --keyserver-options auto-key-retrieve --verify archlinux-version-x86_64.iso.sig

# Preparing bootable USB
# - https://wiki.archlinux.org/index.php/USB_flash_installation_medium#Using_basic_command_line_utilities
# ======================

wipefs --all /dev/sdx
dd bs=4M if=path/to/archlinux.iso of=/dev/sdx status=progress oflag=sync

# Verify boot mode is UEFI
# - https://wiki.archlinux.org/index.php/Installation_guide#Verify_the_boot_mode
# ========================

# should end with 0 if is booted as UEFI
ls /sys/firmware/efi/efivars && echo $?

# Connect to the internet
# - https://wiki.archlinux.org/index.php/Installation_guide#Connect_to_the_internet
# - https://wiki.archlinux.org/index.php/Iwd#Connect_to_a_network
# =======================

# > [iwd]# device list
# > [iwd]# station wlan0 scan
# > [iwd]# station wlan0 get-networks
# iwctl --passphrase <passphrase> station <device> connect <SSID> 
iwctl --passphrase mywifipassword station wlan0 connect mywifiname
ping archlinux.org

# Update the system clock
# - https://wiki.archlinux.org/index.php/Installation_guide#Update_the_system_clock
# =======================

timedatectl set-ntp true
timedatectl status

# Partition the disks
# - ~https://wiki.archlinux.org/index.php/Installation_guide#Partition_the_disks~
# - https://wiki.archlinux.org/index.php/Partitioning#Partitioning_tools
# - https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
# ===================

# - https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Preparing_the_disk_2
#   - Create a partition to be mounted at /boot with a size of 200 MiB or more. 
#   - Create a partition which will later contain the encrypted container. 
cfdisk /dev/sda
# $ lsblk -f || fdisk -l
#Number  Start (sector)    End (sector)  Size       Code  Name
#   1            2048         1050623   512.0 MiB   EF00  EFI System
#   2         5244928       976773133   463.3 GiB   8E00  Linux LVM

#| in case of seeing "dev/sda2 is apparently in use by the system; will not make a filesystem here!"
#| https://superuser.com/questions/668347/installing-arch-linux-unable-to-format-filesystem#comment844950_668347
#| dmsetup ls
#| dmsetup remove VolumeGroup-swap
#| dmsetup remove VolumeGroup-root
#| dmsetup remove VolumeGroup-home
#| or also:
#| cgdisk /dev/nvme0n1

#| $ lsblk
#| NAME          MAJ:MIN RM  SIZE RO TYPE  MOUNTPOINT
#| sda             8:0    0  1.8T  0 disk
#| └─sda1          252:0  0  1.8T  0 crypt
#| hardisk erasure
#| cryptsetup open --type plain -d /dev/urandom /dev/sda sda1
#| dd if=/dev/zero of=/dev/mapper/sda1 status=progress
#| cryptsetup close sda1

#   - Create a partition which will later contain the encrypted container.
#   - Create the LUKS encrypted container at the "system" partition. Enter the chosen password twice.
cryptsetup luksFormat --type luks2 -c aes-xts-plain64 -s 512 /dev/sda2
#   - Open the container
cryptsetup open /dev/sda2 cryptlvm
#   - Preparing the locical volumes
# create physical volume
pvcreate /dev/mapper/cryptlvm
#   - Create the volume group
vgcreate t460pVolGroup /dev/mapper/cryptlvm
#   - Create logical volumes on the volume group
lvcreate -L 35G t460pVolGroup -n swap
lvcreate -L 60G t460pVolGropu -n root
lvcreate -l 100%FREE t460pVolGroup -n home
#   - Format your filesystems on each logical volume
mkfs.ext4 /dev/t460pVolGroup/root  #| mkfs.ext4 /dev/mapper/t460pVolGroup-root
mkfs.ext4 /dev/t460pVolGroup/home  #| mkfs.ext4 /dev/mapper/t460pVolGroup-home
mkswap /dev/t460pVolGroup/swap     #| mkswap /dev/mapper/t460pVolGroup-swap
#   - Mount your filesystems
mount /dev/t460pVolGroup/root /mnt      #| mount /dev/mapper/t460pVolGroup-root /mnt
mkdir /mnt/home
mount /dev/t460pVolGroup/home /mnt/home #| mount /dev/mapper/t460pVolGroup-home /mnt
# activate swap
swapon /dev/t460pVolGroup/swap          #| swapon /dev/mapper/t460pVolGroup-swap 

# - https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Preparing_the_boot_partition_2
mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot/

# Install esential packages
# - https://wiki.archlinux.org/index.php/Installation_guide#Install_essential_packages
# =========================

pacstrap /mnt base base-devel linux linux-firmware lvm2 efibootmgr grub-efi-x86_64 mkinitcpio grub nvim networkmanager

# Generate an fstab file
# - https://wiki.archlinux.org/index.php/Installation_guide#Fstab
# ======================

genfstab -pU /mnt >> /mnt/etc/fstab

# Change root into the new system
# - https://wiki.archlinux.org/index.php/Installation_guide#Chroot
# ===============================

arch-chroot /mnt

# Time zone
# - https://wiki.archlinux.org/index.php/Installation_guide#Time_zone
# =========

ln -sf /usr/share/zoneinfo/UTC /etc/localtime
hwclock --systohc

# Localization
# - https://wiki.archlinux.org/index.php/Installation_guide#Localization
# ============

echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
locale-gen
echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf
echo "KEYMAP=us" > /etc/vconsole.conf

# Network configuration
# - https://wiki.archlinux.org/index.php/Installation_guide#Network_configuration
# =====================

echo "t460p" > /etc/hostname
# update /etc/hosts:

# 127.0.0.1	localhost
# ::1	      localhost
# 127.0.1.1	t460p.localdomain	t460p
# # - https://github.com/StevenBlack/hosts

# Initramfs
# - https://wiki.archlinux.org/index.php/Installation_guide#Initramfs
# - https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio_2
# =========

vi /etc/mkinitcpio.conf
# update /etc/mkinitcpio.conf hooks:
# HOOKS=(base udev systemd autodetect keyboard sd-vconsole consolefont modconf block sd-encrypt sd-lvm2 resume filesystems fsck shutdown)
mkinitcpio -p linux

# Root password
# - https://wiki.archlinux.org/index.php/Installation_guide#Root_password
# =============

passwd

# Boot loader
# - https://wiki.archlinux.org/index.php/Installation_guide#Boot_loader
# - https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_the_boot_loader_2
# ===========

# update /etc/default/grub kernel parameter for bootloader:
# lsblk -f | grep 'sda2' >> /etc/default/grub
# GRUB_CMDLINE_LINUX="... rd.luks.name=UUID=<device-UUID>=cryptlvm root=/dev/t460pVolGroup/root resume=/dev/t460pVolGroup/swap" ... #| GRUB_CMDLINE_LINUX="... rd.luks.name=UUID=<device-UUID>=cryptlvm root=/dev/mapper/t460pVolGroup-root resume=/dev/mapper/t460pVolGroup-swap" ...
# GRUB_ENABLE_CRYPTODISK=y
grub-install --target=x86_64-efi --efi-directory=/boot
grub-mkconfig -o /boot/grub/grub.cfg

# Reboot
# - https://wiki.archlinux.org/index.php/Installation_guide#Reboot
# ======

exit
umount -R /mnt
swapoff -a
reboot

# Post-installation
# - https://wiki.archlinux.org/index.php/Installation_guide#Post-installation
# =================

useradd -m -g users -G wheel rblanco
passwd rblanco
# edit /etc/sudoers:
# rblanco ALL=(ALL) ALL
systemctl enable NetworkManager
systemctl start NetworkManager
#| nmtui
#| ip link set dev enp0s31f6 up
#| dhcpcd enp0s31f6

# https://github.com/romanblanco/dotfiles

git clone https://aur.archlinux.org/brightnessctl.git
INSTALL_UDEV_RULES=1 makepkg -irs
# ls /usr/lib/udev/rules.d/
sudo udevadm control --reload-rules
sudo chmod u+s /usr/bin/brightnessctl

Light:

https://github.com/haikarainen/light#arch-linux
https://github.com/haikarainen/light/blob/master/90-backlight.rules in /usr/lib/udev/rules.d/

https://wiki.archlinux.org/index.php/NetworkManager#/etc/resolv.conf

To stop NetworkManager from touching /etc/resolv.conf, set main.dns=none with a configuration file in /etc/NetworkManager/conf.d/:

/etc/NetworkManager/conf.d/dns.conf

[main]
dns=none

• restricting NetworkManager access to /etc/resolv.conf can cause problems with VPN DNS:

/etc/resolvconf.conf:

 # Configuration for resolvconf(8)
 resolv_conf=/etc/resolv.conf
 name_servers="192.168.0.24 1.1.1.1 1.0.0.1"

https://linux.die.net/man/8/sysctl

sysctl -a

# sysctl -w net.ipv6.conf.all.disable_ipv6=1
# sysctl -w net.ipv6.conf.default.disable_ipv6=1

enable to
systemctl start wg-quick@wg0

or (?)

/etc/sysctl.d/40-ipv6.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1

curl -6 icanhazip.com
curl -4 icanhazip.com

https://wiki.archlinux.org/index.php/OpenVPN#Update_resolv-conf_script

If you prefer a package, there is openvpn-update-resolv-conf-git that does above for you. You still need to do the following.

Once the script is installed add lines like the following into the OpenVPN client configuration file:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre # https://github.com/alfredopalhares/openvpn-update-resolv-conf

broadcast message for openvpn login: https://superuser.com/q/1363618 (mesg -n didn't work) (wall - messages between users)

  # https://wiki.archlinux.org/index.php/CUPS

  # scan devices and model
  # sudo lpinfo -v # devices
  # sudo lpinfo -m # model

  # create queue and set as default
  # sudo lpadmin -p Canon_MP190_20_Series -E -v "usb://Canon/MP190%20series?serial=30A41D&interface=1" -m drv:///sample.drv/generic.ppd
  # sudo lpoptions -d Canon_MP190_20_Series

  # see the status
  # lpstat -s
  # lpstat -p Canon_MP190_20_Series

  # enable queue and let accept
  # sudo cupsenable Canon_MP190_20_Series
  # sudo cupsaccept Canon_MP190_20_Series

  # print a file
  # lpr file.pdf

  # clear the whole queue
  # sudo lprm -

  # remove printer queue
  # sudo lpadmin -x Canon_MP190_20_Series

---

getting Epson XP-435 to work

• https://wiki.archlinux.org/index.php/CUPS/Printer-specific_problems#Epson
• https://aur.archlinux.org/packages/epson-inkjet-printer-escpr/

sudo pacman -S cups cups-pdf avahi
cd bin
git clone https://aur.archlinux.org/epson-inkjet-printer-escpr.git
cd epson-inkjet-printer-escpr/
makepkg -isr

sudo systemctl start cups-browsed.service
sudo systemctl start org.cups.cupsd.service
sudo systemctl start avahi-daemon.service

• (optional) edit /etc/cups/cupsd.conf
• go to http://localhost:631/admin
• add printer (? - ipp - http://172.20.10.4:631/ipp/print)

sudo systemctl restart cups-browsed.service

---

getting scanner to work

• https://wiki.archlinux.org/index.php/SANE/Scanner-specific_problems#Epson
• http://download.ebz.epson.net/man/linux/imagescanv3_e.html#sec6-1

sudo pacman -S iscan xsane imagescan # if using imagescan run command `utsushi` to scan
cd ~/bin
git clone https://aur.archlinux.org/imagescan-plugin-networkscan.git
cd imagescan-plugin-networkscan/
makepkg -isr

• /etc/utsushi/utsushi.conf:

dev2.udi = esci:networkscan://192.168.0.100:1865
dev2.vendor = Epson
dev2.model = XP-435

• /etc/cups/lpoptions:

Default EPSON_XP-432_435_Series

credit card :
8.700
5.500

---

scaning blog in xsane:

Scan Area: Manual
Bottom Right X [cm]: 13.500
Botton Right Y [cm]: 17.500

rotate 270

set target as Save, type: PDF

scan resolution: http://www.fifi.org/doc/xsane/html/sane-xsane-save-doc.html
372

PDF compression

pdf2ps large.pdf very_large.ps
ps2pdf very_large.ps small.pdf

---

for converting pages to blue in case of low black ink:

• comment out policy just before </policymap> in /etc/ImageMagick-7/policy.xml if convert: attempt to perform an operation not allowed by the security policy gs' @ error/delegate.c/ExternalDelegateCommand/378.` shows up (https://stackoverflow.com/a/53180170)
• magick -density 300 "input.pdf" -fuzz 50% -fill blue -opaque black "output.pdf" (https://superuser.com/a/1548631)

https://github.com/romanblanco/ansible-archlinux

clean cache and old logs:

journalctl --vacuum-time=1d
pacman -Sc

Hi, thanks for this install notes, but I am afraid, that this cannot work as GRUB doesn't support luks2. Can you please confirm, that its working for you? Thanks a lot. Mipam

and maybe another point is, that you do not need to have boot logical partition, its fine just with efi

https://bugs.archlinux.org/task/63782

Hi, thanks for this install notes, but I am afraid, that this cannot work as GRUB doesn't support luks2. Can you please confirm, that its working for you? Thanks a lot. Mipam

@mipam007, it's very possible that the notes are incorrect.

I've recently found ansible-archlinux automated script. Maybe it will help you find an inspiration.

fingerprint

https://glsk.net/2018/05/t460s-fingerprint-reader-in-linux/
https://github.com/3v1n0/libfprint/blob/vfs0090/README.md

https://bugs.freedesktop.org/show_bug.cgi?id=94536#c19
https://gitlab.freedesktop.org/libfprint/libfprint/issues/54

QT_SCALE_FACTOR=1.1 keepassxc
QT_QPA_PLATFORM=wayland telegram-desktop

• ~/ telegram-desktop

(process:11903): Telegram-WARNING **: 07:26:28.673: Unfortunately, GTK integration conflicts with qgtk2 platformtheme and style. Therefore, QT_QPA_PLATFORMTHEME and QT_STYLE_OVERRIDE will be unset.
Telegram-Message: 07:26:28.675: This can be ignored by setting TDESKTOP_I_KNOW_ABOUT_GTK_INCOMPATIBILITY environment variable to any value, however, if qgtk2 theme or style is used, this will lead to a crash.
Telegram-Message: 07:26:28.675: GTK integration can be disabled by setting TDESKTOP_DISABLE_GTK_INTEGRATION to any value. Keep in mind that this will lead to clipboard issues and tdesktop will be unable to get settings from GTK (such as decoration layout, dark mode & more).

(process:11903): Telegram-WARNING **: 07:26:28.675: Application was built without embedded fonts, this may lead to font issues.
Telegram-Message: 07:26:28.765: You can disable tray icon counter with TDESKTOP_DISABLE_TRAY_COUNTER and make it look better if it is monochrome.
error: : cannot open
error: : cannot open
error: : cannot open
The X11 connection broke (error 2). Did the X11 server die?
Segmentation fault (core dumped)
• ~/ QT_QPA_PLATFORM=wayland telegram-desktop

nmcli device wifi connect <uuid> password <password>

stored in /etc/NetworkManager/system-connections/

https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Remote_unlocking_of_the_root_(or_other)_partition

xorg utils:

xev - print contents of X events
xprop - property displayer for X

@mipam007 https://phoronix.com/scan.php?page=news_item&px=GRUB-Boots-LUKS2-Disk-Encrypt

checksum of folder:

find ./fotky/ -type f | sort | xargs -d'\n' md5sum | awk '{ print $1; }' | md5sum

In case I ever end up working in Gnome again: gsettings set org.gnome.desktop.input-sources xkb-options "['ctrl:nocaps']"

adblock plus:
reddit.com#?#div.promotedlink
reddit.com#?#.size-compact.Post:-abp-has([class*=promoted])

https://austingwalters.com/increasing-battery-life-on-an-arch-linux-laptop-thinkpad-t14s/

Con Kolivas kernel

https://wiki.archlinux.org/index.php/Unofficial_user_repositories/Repo-ck

/etc/pacman.conf
------------------------
[repo-ck]
Server = http://repo-ck.com/$arch

pacman-key -r 5EE46C4C && pacman-key --lsign-key 5EE46C4C
pacman -Syu linux-ck linux-ck-headers
sudo systemctl enable cpupower.service

sudo cpupower frequency-set -g powersave
# sudo cpupower frequency-set -g performance
sudo cpupower frequency-info

--> https://www.archlinux.org/packages/extra/x86_64/wireguard-dkms/

https://www.nvidia.com/Download/driverResults.aspx/157462/en-us
https://wiki.archlinux.org/index.php/Bumblebee
https://drewdevault.com/2017/10/26/Fuck-you-nvidia.html

When recording GIF on Wayland, it does not deal with monitor being turned 270 degrees and the video is rotated:

ffmpeg -i input.mp4 -vf "transpose=clock" output.mp4

https://ostechnix.com/how-to-rotate-videos-using-ffmpeg-from-commandline/

Copying block in tmux with no mouse:

CTRL-b [
CTRL-v  // navigate to start
Space
// select area
Enter

[...]
:: File /var/cache/pacman/pkg/libpsl-0.16.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

solve by

sudo pacman -S archlinux-keyring

https://ostechnix.com/fix-invalid-corrupted-package-pgp-signature-error-arch-linux/

==> WARNING: Hook 'sd-lvm2' is deprecated. Replace it with 'lvm2' in your config