Contents
Mon, Dec 20, 2021
ARCH INSTALLATION / ENCRYPTED SETUP / systemd-boot
This is LVM on LUKS setup based on Arch’s wiki documentation.
Keyboard
$ loadkeys usPartition
$ lsblk # List block devices
$ gdisk /dev/nvme0n1 # To partition /dev/nvme0n1
$ o # Either new or start over
$ y # Accept
$ n # Create new partition
$ Enter # Accept default partition number
$ Enter # Accept default first sector
$ +512M # Allocated 512MB for boot partition
$ EF00 # Set type of partition or L to list
$ n # Create new partition
$ Enter # Accept default partition number
$ Enter # Accept default first sector
$ Enter # Accept default last sector
$ 8300 # Set partition type to LVM
$ w # Write change
$ y # Accept
$ cryptsetup luksFormat --type luks2 /dev/nvme0n1p2 # Create encrypted container
$ cryptsetup open /dev/nvme0n1p2 cryptolvm # Open container
$ pvcreate /dev/mapper/cryptolvm # Create physical volume
$ vgcreate MyVol /dev/mapper/cryptolvm # Create MyVol volume group
$ lvcreate -L 2G MyVol -n swap # Allocated 2GB for swap
$ lvcreate -l 100%FREE MyVol -n root # Allocated remaining for root
$ mkswap /dev/mapper/MyVol-swap # Format swap
$ mkfs.ext4 /dev/mapper/MyVol-root # Format root
$ swapon /dev/mapper/MyVol-swap # Mount swap
$ mount /dev/mapper/MyVol-root /mnt # Mount root
$ mkfs.vfat -F32 /dev/nvme0n1p1 # Format boot
$ mkdir /mnt/boot # Create boot directory
$ mount /dev/nvme0n1p1 /mnt/boot # Mount bootWireless
$ wifi-menuInstall Base System
$ pacstrap /mnt base base-develConfigure System
$ genfstab -pU /mnt >> /mnt/etc/fstab # Generate fstabEdit /mnt/etc/fstab and change relatime to noatime for non-boot partitions.
$ arch-chroot /mnt # chrootAdd hostname to /etc/hostname and /etc/hosts
/etc/hosts
127.0.0.1 localhost
127.0.0.1 hostname.subdomain.domain hostnameSet time zone:
$ ln -s /usr/share/zoneinfo/Pacific/Auckland /etc/localtimeUncomment the locale in /etc/locale.gen
$ locale-gen # Generate locale Set locale preference by adding LANG=”en_NZ.UTF-8” to /etc/locale.conf
Configure mkinitcpio
Add ext4 to MODULES
Add encrypt lvm2 resume hooks to /etc/mkinitcpio.conf before filesystems and after udev
HOOKS=(base udev autodetect modconf block encrypt lvm2 resume filesystems keyboard fsck)mkinitcpio and set root password:
$ mkinitcpio -p linux
$ passwdInstall Boot Loader
$ bootctl --path=/boot installEdit /boot/loader/loader.conf
default lts.conf
timeout 5
editor 0Use blkid to find the UUID for /dev/nvme0n1p2 and replace the <UUID> below without the bracket.
Edit /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID>:MyVol root=/dev/mapper/MyVol-root resume=/dev/mapper/MyVol-swap rwEdit /boot/loader/entries/lts.conf
title LTS
linux /vmlinuz-linux-lts
initrd /initramfs-linux-lts.img
options cryptdevice=UUID=<UUID>:MyVol root=/dev/mapper/MyVol-root resume=/dev/mapper/MyVol-swap rwWireless
$ pacman -S dialog wpa_supplicantUmount and Reboot
$ exit # Exit from chroot environment
$ umount -R /mnt
$ rebootCreate New User
$ useradd -m -G wheel -s /bin/bash daniel
$ passwd daniel
$ usermod -a -G audio,network,power,scanner,storage,systemd-journal,video danielThe above creates a new user with home directory, change password and add user to additional groups.
Wireless
$ wifi-menu
$ ls /etc/netctl/ # Find the wifi profile
$ netctl enable profile-name # profile-name as obtained aboveAlternatively, a better approach is as follows rather than enabling profile:
$ sudo pacman -S ifplugd # Wired
$ sudo systemctl enable netctl-ifplugd@interface.service # substitute interface with the value obtained from ip a
$ sudo systemctl enable netctl-auto@interface.service # substitute interface with the value obtained from ip aReferences:
netctl: Enabling a profile
netctl: Special systemd units: wired / wireless
Sudo
$ pacman -S sudoRun visudo, edit it to restrict sudo to specific group or user.
Additional Install
Install yay from AUR.
Audio
$ sudo pacman -S alsa-utils
$ amixer sset Master unmute # ALSA comes muted by default.Create /etc/modprobe.d/disablePower.conf
options snd_hda_intel power_save=0Mesa
Edit /etc/enviroment
MESA_LOADER_DRIVER_OVERRIDE=i965Restore
Restore home from GFS backup.
SYS backup is available for configuration reference if needed but do not restore straight from it since that will wipe newer configurations for fresh build.
$ sudo pacman -S - < pkglist.txt # Install all packages from backup listDo the same for AUR with yay.
Extra Configuration
Bluetooth
Edit /etc/bluetooth/main.conf and add the following line.
AutoEnable=true$ sudo systemctl enable bluetooth.serviceEnable bluetooth service then pair devices.
PulseAudio (Deprecated, replaced by PipeWire)
Left here for reference.
Edit /etc/pulse/system.pa and add the following lines.
load-module module-bluetooth-policy
load-module module-bluetooth-discoverEdit /etc/pulse/default.pa and add the following line.
load-module module-switch-on-connectIf cookie not found then cp ~/.pulse-cookie ~/.config/pulse/cookie
CUPS
Install, enable and start CUPS
$ sudo pacman -S cups
$ sudo systemctl enable org.cups.cupsd.service
$ sudo systemctl start org.cups.cupsd.serviceRun sudo usermod -a -G lp daniel to add to lp group.
Run sudo usermod -a -G cups daniel to add to cups group.
Append wheel to SystemGroup sys root in /etc/cups/cups-files.conf
At this point, re-logon for the permission to be effective.
$ yay -S brother-mfc-l2713dw
$ yay -S brscan4Install printer and scanner drivers.
Browse to http://localhost:631, go to Administration -> Add Printer
Select LPD/LPR Host or Printer
Enter lpd://(Your printer’s IP address)/binary_p1
Select Brother
Select the printer driver, which should already be automatically selected. It’s
the CUPS version.
Name the printer.
Then go to Printers, select the printer, drop down Administration and select Set Default Options, set A4, Plain Paper, 600dpi, Tray1, DuplexNoTumble, Toner Save to Off. And again drop down Administration and select Set As Server Default.
For scanning:
$ brsaneconfig4 -a name=(name your device) model=(model name) ip=xx.xx.xx.xxUse gscan2pdf:
Untick OCR scanned pages
Select All pages
Leave Mode as default
Change Geometry from Manual to A4
gscan2pdf will need yay -S pdftk-bin
Even though org.cups.cupsd.service has been enabled, it won’t auto start on
boot.
Just do a test print, that will activate the auto start on boot.
NTP
$ sudo systemctl enable ntpd.serviceOptional
iOS
$ usbmuxd -f -v
$ idevice_id -l
$ ideviceinfo
$ ideviceinstaller -l
$ ifuse ~/iPhone
$ umount ~/iPhonePower Management
Desktop
$ pacman -S thermald
$ sudo systemctl enable thermald.serviceLaptop
$ yay -S powertop thermald cpupower mbpfan-git tlp
$ powertop --calibrate
$ sudo systemctl enable powertop.service
$ sudo systemctl enable thermald.service
$ sudo systemctl enable cpupower.service
$ sudo systemctl enable mbpfan.service
$ sudo systemctl enable tlp.service
$ sudo systemctl enable tlp-sleep.service2021-12-20 [4]
2022-05-31 [1]
2022-06-16 [1] [2]
For BCM4360 wireless network adapter, install broadcom-wl-dkms and linux-headers. Then reboot before trying wifi-menu.
Suspend works out of the box.
References:
Broadcom wireless
WiFi
Suspend
Mid 2013
Notes
2021-12-20
[1] Partition
For dual boot, in my case, tested working with Macbook Air.
sda1 EFI /boot # This is Mac's EFI, sharing it with Linux)
sad2 MAC
sda3 EFI # Left blank
sda4 LUKS
|-MyVol
|- MyVol-swap [SWAP]
|- MyVol-root /[2] Wireless
netctl is no longer included by default. Use ethernet or install netctl package.
$ pacman -S netctl[3] Install Base System
Edit /etc/pacman.d/mirrorlist so that the preferred mirror is on top of the list.
$ pacstrap /mnt base base-devel linux linux-firmware mkinitcpio lvm2 netctl \
dhcpcdlinux, linux-firmware, mkinitcpio lvm2 and netctl are no longer included by default so have to install them explicitly.
[4] Laptop
$ yay -S powertop laptop-mode-tools cpupower thermald mbpfan-git
$ sudo pacman -S acpi acpid
$ powertop --calibrateEdit /etc/systemd/system/powertop.service
[Unit]
Description=Powertop tunings
[Service]
Type=oneshot
ExecStart=/usr/bin/powertop --auto-tune
[Install]
WantedBy=multi-user.target$ sudo systemctl enable powertop.serviceEdit /etc/laptop-mode/laptop-mode.conf
ENABLE_LAPTOP_MODE_ON_AC=1
ENABLE_LAPTOP_MODE_WHEN_LID_CLOSED=1Edit /etc/laptop-mode/conf.d/cpufreq.conf
CONTROL_CPU_FREQUENCY=0Edit /etc/laptop-mode/conf.d/intel_pstate.conf
CONTROL_INTEL_PSTATE=0$ sudo systemctl enable laptop-mode.service
$ sudo systemctl enable acpid.serviceEdit /etc/default/cpupower
governor='powersave'
max_freq="1.3GHz"$ sudo systemctl enable cpupower.service
$ sudo systemctl enable thermald.serviceEdit /usr/lib/systemd/system/mbpfan.service
ExecStart=/usr/sbin/mbpfan -f$ sudo systemctl enable mbpfan.service
$ sudo pacman -S broadcom-wl-dkms linux-headers # linux-headers package is not required but installed it anyway
$ sudo rmmod b43 ssb bcma wl # Either this or reboot
$ sudo modprobe wl2022-05-31
[1] Desktop / Laptop
power-profile-daemon simplifies power management.
$ pacman -S thermald power-profiles-daemon upower
$ sudo systemctl enable thermald.service
$ sudo systemctl enable power-profiles-daemon.service
$ sudo systemctl enable upower.service2022-06-16
[1] Nvidia
$ pacman -S nvidia nvidia-lts nvidia-utils nvidia-settings nvidia-prime \
mesa-utils virtualglUse nvidia-smi to check offloading and wattage.
Use prime-run if need to explicitly use nvidia.
Some programs will do that automatically such as mpv.
Otherwise, they default to the integrated GPU.
For Intel, that’s i915.
[2] Slock
Create /etc/systemd/system/slock@.service
[Unit]
Description=Lock X session using slock for user %i
Before=sleep.target
[Service]
User=%i
Environment=DISPLAY=:0
ExecStartPre=/usr/bin/xset dpms force suspend
ExecStart=/usr/local/bin/slock
[Install]
WantedBy=sleep.target$ sudo systemctl enable slock@user.service Substitute user with value from echo $USER