Skip to content

Instantly share code, notes, and snippets.

@varqox

varqox/system-installation-guide.md

Last active August 30, 2023 11:42
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save varqox/6152373bcafb29186d0bd9337779f51b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save varqox/6152373bcafb29186d0bd9337779f51b to your computer and use it in GitHub Desktop.
Download ZIP
Guide for what to do just after installing a bare Arch Linux to get *my* full-fledged XFCE desktop Arch Linux and some other random Linux stuff
Raw
system-installation-guide.md

Before rebooting after making fresh Arch installation

  • make sure to install grub using grub-install and configure it properly using grub-mkconfig -o /boot/grub/grub.cfg (for uefi it is not so easy), but before running grub-mkconfig install intel-ucode or amd-ucode
  • install networkmanager vim htop net-tools wireless_tools # net-tools for ifconfig, wireless_tools for iwconfig
  • remember to configure pacman mirrors properly see /etc/pacman.d/mirrorlist
  • reboot

On a fresh Arch installation

  • systemctl enable --now NetworkManager
  • use nmtui to connect to internet
  • install git man-pages procps-ng # procps-ng for pkill

Sudo

  • install sudo
  • execute echo "%wheel ALL=(ALL) ALL" > /etc/sudoers.d/wheel

SSD -- periodic (weekly) TRIM

  • install 'util-linux'
  • systemctl enable --now fstrim.timer
  • to change the period you need to edit the fstrim.timer systemd's file (it looks like .service file)

Your user

  • useradd -m -G wheel quasar # my username is quasar` you can replace it here and below with yours
  • passwd quasar
  • su quasar

pacman

  • edit /etc/pacman.conf and uncomment Color and TotalDownload

paru

sudo pacman -S --needed base-devel
git clone https://aur.archlinux.org/paru.git
cd paru
makepkg -si
  • edit /etc/makepkg.conf and change MAKEFLAGS to -j=8 (here I have 8 logical cores, hence that value -- you can use yours prefered value) and enable ccache by changing !ccache to ccache

zsh

locales

  • edit /etc/locale.gen and uncomment you locales e.g. en_US.UTF-8 UTF-8
  • run locale-gen
  • restart all your terminals (if you want the change to work immediately)

NTP (Network Time Protocol)

  • run: sudo timedatectl set-ntp true

NetworkManager: custom DNS servers

If you do not use systemd-resolved, you can do:

  • save file /etc/NetworkManager/conf.d/dns-servers.conf:
[global-dns-domain-*]
servers=1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001,9.9.9.9,8.8.8.8
  • restart NetworkManager: sudo systemctl restart NetworkManager

NetworkManager: enable DNSSEC (needs the above step that sets custom DNS servers)

If you do not use systemd-resolved, you can do:

  • save file /etc/NetworkManager/dnsmasq.d/dnssec.conf:
conf-file=/usr/share/dnsmasq/trust-anchors.conf
dnssec
  • restart NetworkManager: sudo systemctl restart NetworkManager
  • validate DNSSEC is verified:
drill -D sigfail.verteiltesysteme.net | grep -q SERVFAIL && echo 'DNSSEC is verified' || echo 'no verification!'

DNS, DNSSEC and DNS Over TLS

  • enable systemd-resolved: sudo systemctl enable --now systemd-resolved
  • change /etc/resolv.conf to point to systemd-resolved: ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
  • save configuration file /etc/systemd/resolved.conf.d/dns_servers.conf:
[Resolve]
# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
# Cloudflare: 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
# Google:     8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844
# Quad9:      9.9.9.9 2620:fe::fe
DNS=1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001
Domains=~.
DNSSEC=true
DNSOverTLS=yes
  • enable systemd-resolved: sudo systemctl restart systemd-resolved
  • you can verify that everything works by using: resolvctl status and resolvctl query cloudflare.com

ssh

  • install openssh
  • to share connection between multiple sessions (no need to enter password when opening a new session), create file ~/.ssh/config:
ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r
SendEnv LC_* # Keep locales sane after connecting to a remote

Host *
	# Try very hard to keep connection alive as long as possible
	ServerAliveInterval 10
	ServerAliveCountMax 2

Disable beep sound

  • run echo "blacklist pcspkr" | sudo tee /etc/modprobe.d/nobeep.conf

Change PAM wrong password delay to 0.2 second

  • run (first line adds argument nodelay to pam_faillock.so and pam_unix.so, second adds 0.2 delay + disables locking your account upon 3 consecutive failed password attempts):
sudo perl -pe 's/^(auth\s.*\spam_(faillock|unix)\.so.*)$(?<! nodelay)/\1 nodelay/' -i /etc/pam.d/system-auth
sudo sed 's/^\(auth\s.*\s\)pam_faillock\.so\s\(\s*\)authfail/\1pam_faildelay.so\2delay=200000\n# The below line is disabled so that you can type invalid password more than 2 times and then\n# authenticate with valid password (pam_faillock would lock you out for 15 minutes)\n# \0/' -i /etc/pam.d/system-auth

Core dumps

Core dumps as done by systemd-coredump are very slow and take at least 200ms even with core dump size limit == 0. Thus I find useful the below settings.

First, make coredumps appear in files created by kernel, not piped through superslow systemd-coredump:

  • echo 'kernel.core_pattern=/tmp/core of %E tm=%t PID=%p sig=%s' | sudo tee /etc/sysctl.d/50-coredump.conf
  • To apply the setting immediately, use: sudo sysctl -p /etc/sysctl.d/50-coredump.conf

Secondly, add ulimit -c 0 to your ~/.zshrc file so that coredumps are not created by default for every command you run. You can enable them explicitly by executing ulimit -c unlimited before executing the command you want to create core dump:

  • grep -qP '^ulimit -c 0' ~/.zshrc || echo 'ulimit -c 0 # disable core dumps, but allow enabling them on demand with ulimit -c unlimited' >> ~/.zshrc

cron

  • install cronie
  • sudo systemctl enable --now cronie.service

intel graphics

  • install mesa vulkan-intel (see Arch Intel graphics for more updated information)
  • you may also want to install xf86-video-intel intel-media-driver intel-hybrid-codec-driver libva-intel-driver-hybrid

changing brightness via CLI

  • install light
  • add file /etc/udev/rules.d/backlight.rules:
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="/bin/chgrp video /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="/bin/chmod g+w /sys/class/backlight/%k/brightness"
  • run sudo usermod -aG video $(whoami)
  • reboot
  • now you can use light -S x to set screen brightness to x percent

sound

  • install pulseaudio pulseaudio-alsa pavucontrol

bluetooth

  • install pulseaudio-bluetooth
  • systemctl enable --now bluetooth
  • Run sudo usermod -aG wheel $(whoami) to allow e.g. blueman to enable / disable bluetooth adapter
  • To make pulseaudio switch sound output to headphones automatically on connect and fix pop sound after a period of inactivity add file: ~/.config/pulse/default.pa
.include /etc/pulse/default.pa

### Automatically switch to newly connected devices
.ifexists module-switch-on-connect.so
load-module module-switch-on-connect
.endif

### Fix pop sound after a period of inactivity
unload-module module-suspend-on-idle
  • restart pulseaudio: pulseaudio -k; pulseaudio --start

bluetooth autoconnect to trusted and paired devices

  • install bluetooth-autoconnect
  • sudo systemctl enable --now bluetooth-autoconnect.service
  • systemctl --user enable --now pulseaudio-bluetooth-autoconnect

fixing bluetooth and wifi on 2.4Ghz (warning: limits throughput (also on 5Ghz band))

  • add /etc/modprobe.d/iwlwifi.conf:
options iwlwifi bt_coex_active=1 11n_disable=1

Xorg

  • install xorg-server

keyboard: setting alternative layout -- below example sets Polish Dvorak Programmer with some options

  • localectl --no-convert set-x11-keymap pl pc105 dvp caps:escape

keyboard: setting linux console layout based on xkb layout -- below example sets Polish Dvorak Programmer with some options

  • paru -S ckbcomp
  • ckbcomp -layout pl -variant dvp -option caps:escape | gzip -f | sudo tee /etc/pl-dvp.map.gz
  • echo "KEYMAP=/etc/pl-dvp.map.gz" | sudo tee /etc/vconsole.conf"

touchpad: change speed and acceleration

  • add file /etc/X11/xorg.conf.d/50-mouse-acceleration.conf:
# To be placed in file: /etc/X11/xorg.conf.d/50-mouse-acceleration.conf
Section "InputClass"
	Identifier "touchpad configuration"
	MatchDriver "libinput"
	MatchIsTouchpad "on"
	Option "TransformationMatrix" "1 0 0 0 1 0 0 0 0.25"
	Option "AccelSpeed" "-0.4"
	Option "DisableWhileTyping" "false"
EndSection

Mouse: increase scroll speed

  • install libinput-multiplier
  • add to autostart sh -c 'echo 3 > /tmp/libinput_discrete_deltay_multiplier' where 3 is the coefficient by which you want to multiply your scroll speed

XFCE

  • install lightdm-gtk-greeter xfce4-meta gvfs xfce4-whiskermenu-plugin xfce4-pulseaudio-plugin xfce4-terminal xfce4-appfinder xfce4-whiskermenu-plugin xfce4-power-manager xfce4-pulseaudio-plugin xfce4-battery-plugin xfce4-notifyd network-manager-applet xfce4-screenshooter thunar-archive-plugin thunar-media-tags-plugin
  • systemctl enable --now lightdm
  • TODO

picom

  • install picom
  • add picom config file ~/.config/picom.conf:
backend = "glx";
shadow = false;
fading = false;
vsync = true;
unredir-if-possible = false;
  • disable display compositing in Window Manager Tweaks -> Compositor
  • add picom to autostart
  • start picom: picom& disown

Fonts

  • install ttf-ubuntu-font-family ttf-hack ttf-liberation ttf-dejavu noto-fonts-emoji

redshift

  • install redshift
  • add file ~/.config/redshift/redshift.conf:
[redshift]
location-provider=manual
temp-day=5000
temp-night=2500
location-provider=manual
adjustment-method=randr
fade=0

[manual]
lat=52.23
lon=21.01
  • add redshift-gtk to autostart
  • run redshift: redshift& disown

Basic apps

  • install tilda strawberry evince brave-bin ksysguard kate vlc filelight file-roller audacity eog
  • install anki mpv

C++ devkit

  • install gcc clang perf gdb

Advanced power management and power saving (mostly on battery)

  • install tlp powertop s-tui
  • Create file /etc/tlp.d/10-my.conf with the following contents:
CPU_SCALING_GOVERNOR_ON_AC=performance
CPU_SCALING_GOVERNOR_ON_BAT=powersave

CPU_ENERGY_PERF_POLICY_ON_AC=performance
CPU_ENERGY_PERF_POLICY_ON_BAT=balance_power

CPU_MIN_PERF_ON_AC=0
CPU_MAX_PERF_ON_AC=100
CPU_MIN_PERF_ON_BAT=0
CPU_MAX_PERF_ON_BAT=75

CPU_BOOST_ON_AC=1
CPU_BOOST_ON_BAT=1

CPU_HWP_DYN_BOOST_ON_AC=1
CPU_HWP_DYN_BOOST_ON_BAT=0

USB_EXCLUDE_PHONE=1
  • systemctl enable --now tlp
  • Add #UPDATE_MARKER to the end of file /etc/tlp.conf so that you will get pacman warnings when /etc/tlp.conf changes.

Undervolting (intel) and custom TDP

  • install throttled intel-undervolt # intel undervolt is usefull for monitoring
  • edit /etc/lenovo_fix.conf: adjust TDP, and optionally undervolting parameters
  • systemctl enable --now lenovo_fix

earlyoom

  • install earlyoom
  • configure earlyoom by editing /etc/default/earlyoom -- e.g. I set EARLYOOM_ARGS to "-r 30 -p -m 3 -s 100" to run check every 30s and kill processes when free RAM < 3% (swap is ignored -- I recommend turning it of via removing record from /etc/fstab; -p increases priority of earlyoom service
  • systemctl enable --now earlyoom
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment