Difference between revisions of "User:AdamT/Installation Notes"

From ArchWiki
Jump to: navigation, search
(Working to clean up the introduction following a new installation better following The Arch Way. Removed note regarding Linux-ck, changed Gnome into Xfce.)
m (Removed Linux-ck from the Related template.)
Line 4: Line 4:
{{Related|USB Flash Installation Media}}
{{Related|USB Flash Installation Media}}
{{Related articles end}}This document consists of notes drawn from various sources with significant help drawn from the [[Installation Guide]] and the [[Beginners' Guide]]. The workflow below will follow the official guides when feasible, however, whereas the official guides are intended for general application, this document outlines a specific installation and, as such, has a narrower focus.
{{Related articles end}}This document consists of notes drawn from various sources with significant help drawn from the [[Installation Guide]] and the [[Beginners' Guide]]. The workflow below will follow the official guides when feasible, however, whereas the official guides are intended for general application, this document outlines a specific installation and, as such, has a narrower focus.

Revision as of 05:10, 4 January 2014

This document consists of notes drawn from various sources with significant help drawn from the Installation Guide and the Beginners' Guide. The workflow below will follow the official guides when feasible, however, whereas the official guides are intended for general application, this document outlines a specific installation and, as such, has a narrower focus.

The focus of this document is on a fresh, single-boot installation of Arch Linux that uses btrfs throughout. At present, this document also focuses on BIOS-emulated booting in lieu of UEFI. Throughout this document Xfce, a specific Desktop Environment, and other specific applications will be used. Adaptation or alternative solutions may be necessary to best fit your own needs.

This document is not intended to replace existing articles or guides. As often as possible, specific articles will be linked and supplemental tips or notes will be provided. This document was specifically created as a store-house for installation notes and as a test-bed for learning Arch Wiki's best practices.

Tip: If at any point you do not understand what a command does, reference the relevant Man Page!





Keyboard layout

Tip: Consider setting your console font as suggested in the "Beginners' Guide" link above.
Warning: If working on a VPS or, in general over a VNC connection, verify whether your preferred keyboard layout is already working. If so do not load a different keyboard layout on the remote machine or it will transpose characters as the VNC server may be assuming a QWERTY layout on the client!

Partition disks

Note: This document focuses on installing Btrfs directly to one or more drives. As such, and in keeping with The Arch Way, no partitioning is needed! See Btrfs#Partitioning for potential caveats.

Format the partitions

Tip: Helpful commands for finding your drives:
  • lsblk
  • blkid
  • ls /dev/
  • For a general overview see the Installation Guide#Format the partitions section.
  • Tip:
    • Consider configuring a leaf size of 16384. See here.
    • Check your work with btrfs filesystem show.
    • If changes are needed, re-run mkfs.btrfs using the -f flag.

    Setup Btrfs

    • Skinny extents
      • btrfstune -x /dev/sdX
    • Subvolume preparation
      • mkdir /mnt/btrfs-root
      • mount -t btrfs -o <OPTIONS> /dev/sdX /mnt/btrfs-root
      • Enable quotas prior to creating subvolumes btrfs quota enable /mnt/btrfs-root
    • Create subvolumes
      • cd /mnt/btrfs-root
      • btrfs subvolume create root_subvolume
      • cd root_subvolume
      • btrfs subvolume create home
      • btrfs subvolume create var
      • btrfs subvolume create usr
    Tip: Check your work with btrfs subvolume list -p ..

    See also

    Mount the partitions


    # mkdir /mnt/btrfs-system
    # mount -o subvol=root_subvolume,<OPTIONS> /dev/sdX /mnt/btrfs-system
    Note: If mounting a Btrfs RAID array, only the first drive needs to be referenced in the mount command.

    Connect to the internet

    Tip: The available network interface cards (NICs) can be found in /sys/class/net/. In the sub-directories you can find information pertaining to any available NIC by using cat or nano.

    Install the base system

    • Install: reflector
    • reflector -a 2 -l 100 -f 10 --sort score --save /etc/pacman.d/mirrorlist
    • Check your work with cat /etc/pacman.d/mirrorlist | less.


    # pacstrap /mnt/btrfs-system base base-devel grub ntp reflector

    Configure the system

    Note: This "Installation Guide" link covers the following subsections that are individually sectioned in the "Beginners' Guide".

    Generate an fstab

    • Suggested example: genfstab -Up /mnt/btrfs-system >> /mnt/btrfs-system/etc/fstab
    • Check your work: cat /mnt/btrfs-system/etc/fstab
    • Send a UUID to fstab: ls -l /dev/disk/by-uuid | grep sdX | gawk -F' ' '{ print $9 }' >> /etc/fstab

    Chroot and configure the base system


    # arch-chroot /mnt/btrfs-system


    Time zone

    Hardware clock

    • Consider enabling ntp here with systemctl enable ntpd
    • If you dual boot and Windows ever messes up your hwclock see here to reset your hwclock to UTC and here to configure Windows to work with a UTC hwclock.

    Console font and keymap

    Suggested configuration:
    # /etc/vconsole.conf

    Create an initial ramdisk environment

    # /etc/mkinitcpio.conf
    HOOKS="systemd autodetect modconf block filesystems keymap consolefont keyboard"

    Set the root password

    Install Linux-ck

    • Consider manually compiling the kernel for added customization and optimization.
    • If you delete or overwrite your pacman.conf file you can replace it from the archive file in /var/cache/packman/pkg. See this thread for more information.
    Note: If you are using RamNode or another VPS you may need to request CPU/Host pass-through before you can use the best optimizations for the VPS. The VPS will need to be restarted from the control panel before the effects take place.

    See also

    Install and configure a bootloader


    # modprobe dm-mod
    # grub-install --target=i386-pc --boot-directory=/boot --recheck --debug /dev/sda
    Note: These steps may no longer be necessary. Verification is needed.
    # mkdir -p /boot/grub/locale
    # cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
    # /etc/default/grub
    GRUB_CMDLINE_LINUX_DEFAULT="verbose add_efi_memmap elevator=bfq"
    Note: 40_custom allows the creation of custom GRUB entries and the loading of modules. This allows persistent customization in GRUB's scripted generation of grub.conf.
    # /etc/grub.d/40_custom
    insmod btrfs
    Tip: For quick boot times, but an element of insurance see GRUB#Hide GRUB unless the Shift key is held down.

    Check your grub file with cat /boot/grub/grub.cfg | less.

    See also

    Unmount and reboot

    First exit your arch-chroot session. Now, make sure your file system has synced everything from primary storage (DDR SDRAM) to secondary storage (your installation drive(s)).

    # btrfs filesystem sync /mnt/btrfs-root
    # umount /mnt/btrfs-system
    Tip: If you have made more than one mount point (for tmpfs, ramfs, or anything else) you can unmount them simultaneously so long as you do root by itself and last. umount /mnt/btrfs-system/{tmp,var/spool,var/log,home} Cross your fingers and toes, and reboot!


    Bring up internet


    # dhcpcd
    # dhcpcd eth0
    $ ping ramnode.com
    Tip: The available network interface cards (NICs) can be found in /sys/class/net/ within you will likely see eth0 or wlan0 or both or neither. In those directories you can find information pertaining to any given NIC by using cat or nano.

    Persistent server

    Check hostname.

    # echo >> /etc/resolv.conf && echo >> /etc/resolv.conf

    for OpenDNS DNS resolving over local ISP or VPS provided DNS.

    Tip: I recommend setting up your own caching, local DNS server at some point that uses OpenDNS (or another alternative) as its forwarders.
    # cp /etc/netctl/examples/ethernet-dhcp /etc/netctl/ethernet0

    Edit ethernet0 and uncomment IP6=stateless or IP6=dhcp for IPv6 networking.

    # netctl enable ethernet0

    Reboot to test.

    Persistent desktop

    You can use the same as the server section or NetworkManager depending on your preference. For NetworkManager install networkmanager network-manager-applet dhclient. See additional NetworkManager packages with pacman -Ss networkmanager.

    # systemctl enable NetworkManager
    # systemctl start NetworkManager

    User management

    # useradd -m -g users -G wheel USER
    # chfn USER


    Install sudo and bash-completion.

    # VISUAL="/usr/bin/nano" visudo
    # sudoers file.
    ## This file MUST be edited with the 'visudo' command as root.
    ## Failure to use 'visudo' may result in syntax or file permission errors
    ## that prevent sudo from running.
    ## See the sudoers man page for the details on how to write a sudoers file.
    ## User privilege specification
    root ALL=(ALL) ALL
    ## Uncomment to allow members of group wheel to execute any command
    %wheel ALL=(ALL) ALL
    ## Same thing without a password
    # %wheel ALL=(ALL) NOPASSWD: ALL
    ## Read drop-in files from /etc/sudoers.d
    ## (the '#' here does not indicate a comment)
    #includedir /etc/sudoers.d
    • Find Uncomment to allow members of group wheel to execute any command
      • Uncomment it in.

    Check your work with su -l USER then attempt to run something like pacman -Sy and pacman -Su with and without sudo to test and verify. I recommend rebooting logging in as your new user, testing that you can do everything you need to do with sudo before proceeding.

    Tip: You can use sudo !! to repeat the previous command but with sudo in front of it.

    Lockout root logins

    Warning: This is not recommended, but I like to do it anyway for security.
    # passwd -l root

    Arch Users Repository

    Install yaourtAUR using AUR or their unofficial repository. Install desired optional dependencies.

    Install namcap for automated AUR and other package checking via Yaourt.

    Yaourt provides all in one support for Official Repositories, AUR, and ABS.

    See also


    Congratulations, you have progressed beyond the official installation guides and onto much deeper waters. Your system should be up and running, the basic post-installation tasks should be completed and you are now ready to move on to more system specific system configurations.



    Install: pulseaudio paprefs pavucontrol pulseaudio-alsa.

    If using multi-lib: lib32-libpulse lib32-alsa-plugins.

    Note: If you have problems with sound consistently playing back, and recieve an error about invalid argument when attempting to playback in pianobar, you may need to edit your /etc/libao.conf file and remove the dev section and leave the driver as pulse. This may fail at first, but keep trying and check pauvcontrol.
    See also

    Desktop environment

    Note: You may wish to consider AUR options prior to installing the full group (with its dependencies).

    Install: xfce4

    Additional packages to consider: xfce4-weather-plugin xfce4-taskmanager xfce4-screenshooter xfce4-notifyd xfce4-artwork thunar-media-tags-plugin thunar-archive-plugin mousepad

    Alternative file manager suggestion: SpaceFM

    AUR Suggestions: xfce4-whiskermenu-pluginAUR

    AUR Consideration: xfce4-session-lightAUR

    Multiple monitors

    See, NVIDIA#Multiple_monitors and my sample here: Xorg#Sample_configurations (NVIDIA, nvidia-ck, et cetera).

    Suggest not using twinview or Xinerama. May need to disable composting though. I configured through NVIDIA and then checked my work by editing the file. Save to home then # cp to /etc/X11/xorg.conf.d/10-monitor.conf.


    # /etc/pacman.conf
    Server = http://ibn.net63.net/infinality-bundle/$arch
    #[infinality-bundle-multilib] # Uncomment for multilib usage.
    #Server = http://ibn.net63.net/infinality-bundle-multilib/$arch # Uncomment for multilib usage.
    # pacman-key -r 962DDE58
    # pacman-key --lsign-key 962DDE58

    Refresh your repositories.

    Install: infinality-bundle

    Web browser

    Install: firefox


    Disable Firefox's blocking of web-forgeries and attack sites. This feature slows down Firefox's start-up and shut-down and takes up space for the database it maintains. This feature also relies on Google services.

    • delete urlclassifier*.sqlite files in your profile
      • ~/.mozilla/firefox/<PROFILE>/urlclassifier*.sqlite
    • While in your profile, in the terminal:
    echo "" > urlclassifier*.sqlite
    chmod 400 urlclassifier*.sqlite

    Especially for SSDs it may prolong your drive's life to disable Firefox's disk cache.

    • about:config
      • Set browser.cache.disk.enable to false
      • Verify browse.cache.memory.enable is true
      • Set browser.cache.memory.max_entry_size to -1 for automatic memory usage
        • There is another similar memory flag that may also be set to -1 for automatic usage.

    Optional: Profile Sync to Ram

    • Download from AUR
    • tar -xzf <make_package>
    • cd <package folder>
    • make -s
    • pacman -U <package>
    • systemctl enable psd psd-resync
    • (close firefox!) systemctl start psd psd-resync
    See also


    Install: xbmc

    Suggested skin: Bello.


    See: Pianobar


    Install: aria2

    Usenet tools

    Install desired Usenet tools from AUR.

    Tip: Make sure your /etc/make.conf file is configured to your preferences. You may be able to edit this file to increase the optimizations that are applied to any packages you build from source (such as AUR and ABS packages).

    Install: sabnzbdAUR

    aria2c https://aur.archlinux.org/packages/sa/sabnzbd/sabnzbd.tar.gz

    tar -xvzf sabnzbd.tar.gz}}

    To enable SABnzbd+ to create folders, your chosen Downloads directory will need to be chmod'd to 777 (chmod 777 -R <DIRECTORY>).

    Note: Similar permissions will likely need to be set for Sick Beard's completed folder and such. An alternative method can be found below (struck out).

    I recommend changing the services and configuration file and changing the user name to your username (for easy writing to home dir).

    • edit /usr/lib/systemd/system/<program>.service to <USER>:<program> instead of default
    • chown /opt/<program> to <USER>:<program> instead of root:<program> or <program>:<program>

    An alternative may be to create a dedicated folder for SABnzbd to use in your home directory and chown that to its user/group.


    Optional: ticker style syndicated news reader. Really neat. tickrAUR


    Allows running Windows browser plugins in Wine to be used in native GNU/Linux browsers.


    See also


    For dependencies install: ib32-glibc lib32-libic lib32-libx11 lib32-libsm lib32-gcc-libs lib32-libxext lib32-libpng lib32-freetype2 lib32-libpng12 lib32-lcms lib32-libxrandr lib32-nvidia-libgl lib32-nvidia-utils libtxc_dxtn lib32-libtxc_dxtn lib32-flashplugin flashplugin

    See also



    Secure Shell


    Install openssh.

    # nano /etc/ssh/sshd_config

    Generate a random port number between 49152-65535 at Random.org's Integer service and replace the default SSH port with that number and uncomment it in.

    Uncomment PermitRootLogin and change to no.

    Under the same # Authentication section add AllowUsers USER1 USER2

    # nano /lib/systemd/system/sshd.socket

    Change this to the new port number as generated and set above.

    # cp /lib/systemd/system/sshd.socket /etc/systemd/system/sshd.socket
    # systemctl enable sshd.socket
    # systemctl start sshd.socket

    Test locally with the information below and then connecting from a remote system if feasible.

    $ ssh -v localhost -p PORT -l USERNAME

    Harden server

    TTD: http://wiki.centos.org/HowTos/OS_Protection go back through this link and update this guide. Cross reference with the Hardening Guides.

    General Guidelines
    • Keep installed packages to a minimum.
    • Update regularly.
    Physical security

    For a VPS, disable VNC once you have SSH setup. Configure it to boot from the hard drive by default. With a VPS you are essentially surrendering your ability to control the physical protection of your server. Make sure to choose a good provider!

    Filesystem permissions
    # chmod 700 /boot /root /etc/iptables
    Prevent root login at console
    Temporary lockout after failed login attempts
    # nano /etc/pam.d/system-login
    Limiting su to wheel group
    # nano /etc/pam.d/su

    Uncomment in the line following Uncomment the following line to require a user to be in the "wheel" group.

    Harden TCP/IP stack
    # /etc/sysctl.conf
    # Configuration file for runtime kernel parameters.
    # See sysctl.conf(5) for more information.
    # Have the CD-ROM close when you use it, and open when you are done.
    #dev.cdrom.autoclose = 1
    #dev.cdrom.autoeject = 1
    # Protection from the SYN flood attack. Matches Arch Wiki
    net.ipv4.tcp_syncookies = 1
    # See evil packets in your logs. Enabled as per Arch Wiki
    net.ipv4.conf.all.log_martians = 1
    # Never accept redirects or source routes (these are only useful for routers). Uncommented in as per Arch Wiki
    net.ipv4.conf.all.accept_redirects = 0
    net.ipv4.conf.all.accept_source_route = 0
    #net.ipv6.conf.all.accept_redirects = 0
    #net.ipv6.conf.all.accept_source_route = 0
    # Disable packet forwarding. Matches Arch Wiki
    net.ipv4.ip_forward = 0
    net.ipv6.conf.all.forwarding = 0
    # Tweak the port range used for outgoing connections.
    #net.ipv4.ip_local_port_range = 32768 61000
    # Tweak those values to alter disk syncing and swap behavior.
    #vm.vfs_cache_pressure = 100
    #vm.laptop_mode = 0
    #vm.swappiness = 60
    # Tweak how the flow of kernel messages is throttled.
    #kernel.printk_ratelimit_burst = 10
    #kernel.printk_ratelimit = 5
    # Reboot 600 seconds after kernel panic or oops.
    #kernel.panic_on_oops = 1
    #kernel.panic = 600
    # Arch Wiki
    net.ipv4.tpc_rfc1337 = 1
    net.ipv4.tcp_timestamps = 0 #Enable timestamps at gigabitspeeds
    net.ipv4.conf.all.rp_filter = 1 #
    net.ipv4.ip_forward = 0
    net.ipv6.conf.all.forwarding = 0
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    net.ipv4.icmp_ignore_bogus_error_responses = 1
    net.ipv4.conf.all.send_redirects = 0
    net.ipv4.conf.all.secure_redirects = 1 #CentOS Wiki says 0 here.
    #CentOS Wiki
    net.ipv4.tcp_max_syn_backlog = 1280

    See also


    Install: ufw.

    # ufw default deny
    description=Secure Shell Server
    ports=XXXX/tcp #Generate a random integer from Random.com or elsewhere (/dev/(u)random)
    # ufw allow SSH-Custom
    Warning: Be super sure here if you are working on a remote system or have critical remote connections coming in!
    # ufw enable
    # systemctl enable ufw.service
    Note: Existing connections will likely be lost here, but if properly configured they should be able to be re-established shortly thereafter.
    # ufw status
    # ufw limit SSH-Custom
    Note: I enable limiting SSH later on just to make sure that it does not get in the way of attempting to connect to SSH after enabling ufw. This is probably silly, but to be safe.
    Tip: Both the man page and the Arch Wiki article are very well written for this program. Be sure to make use of them both.
    See also

    Hiawatha webserver

    1. polarsslAUR
    2. hiawathaAUR
    3. php-fpm

    See also

    • Developer's how-to: [6]

    Team Fortress 2 Dedicated Server

    Multilib Repository

    Edit /etc/pacman.conf and uncomment in the multilib repository (include its heading!). See also Multilib.


    Install lib32-gcc-libs


    SteamCMD is a command line version of the Steam client. To download, this link should be persistent, if not see here.

    Extract and copy the contents to the directory you want to store it it. For ease of use I just used a hidden folder in my home directory for now.

    Execute: ./steamcmd.sh or sh steamcmd.sh.

    Login: login anonymous

    Download Team Fortress 2 Dedicated Server

    In SteamCMD, after logging in install the Team Fortress 2 dedicated server:

    S* force_install_dir /home/<USER>/.tf2
    S* app_update 232250 validate

    I ran into some errors first off here which were resolved by changing the permissions on my home directory (recursively) to 755 {{ic}chmod 755 -R /home/<USER>}}

    You may need to repeat the update command above until you get it completed.

    Once you get a Success! App '232250' fully installed consider running the command again just to verify the installation once more.

    Configure TF2
    hostname "Your_Servers_Name"
    rcon_password "Your_Rcon_Password"
    sv_contact "admin@yourdomain.com"
    mp_timelimit "30"

    Run under screen? See here

    Launch Server

    From .tf2,

    srcds_run -game tf +sv_pure 2 +maxplayers 24
    Tip: Before moving on to modifications consider having a very solid server.cfg file and understanding SteamCMD's output when you launch your server!

    SourceMod is our focus here. AMXmodx is another consideration, but sourcemod seems to be the more popular one and the better maintained one. SourceMod is technically a plugin for Metamod:Source. As such, this also needs to be installed.

    Get the latest release's download URL from here (use the wget one).

    Change into .tf2/tf and then download:

    $ aria2c http://mirror.capturetheprize.com/mmsource-X.XX.X-linux.tar.gz


    $ tar -xvzf mmsource-X.XX.X-linux.tar.gz

    You should now have addons/ folders.

    Launch your server and see if meta list provides an output (or just meta).

    For Sourcemod you essentially need to rinse and repeat. Get the download from here. Extract Sourcemod in the same folder as you did for Metamod. The archive will have the folder paths set relative to that same folder.

    Begin to configure ~/.tf2/tf/cfg/sourcemod/sourcemod.cfg is a good place to start. See links below for more information.

    To extract .gz (no tar) use {{ic|gunzip -c ARCHIVE > EXTRACTEDFILENAME

    SoureMod plugins will often (if not always) have their own configuration file that should be used over the server.cfg.

    Tip: Consider adding commented out (//) notes about all your plugins in your server.cfg so you have a quick and easy reference and reminder!
    1. Configure automatic updates for steamcmd, tf2 server, and plugins.
      • Verify all mods are up-to-date.
      • May require scheduled reboots of server (probably good idea anyway).
    2. Add mod for more robust score keeping and replace default scores with it.
      • Setup shell or something so tf2 server can be ran without needing separate ssh session.
    See also
    1. http://www.sourcemod.net/about.php
    2. http://www.amxmodx.org/
    3. http://www.sourcemm.net/

    See here. 27015 default TF2 port. May change this. More info


    See [7] and [8].

    See also

    Murmur Server


    1. Mumble#Server.
    2. User:AdamT/Installation_Notes#ufw (for firewall).
    3. Wikipedia:Mumble_(software).


    When starting off it is important to first set the super user password on the server.

    # murmurd -ini /etc/murmur.ini -supw "PASSWORD"

    After that, the service can be enabled and started.

    To be safe, be sure to connect to your server as the "SuperUser" user first with your assigned password.

    If you have problems with the database murmur's folders may need to be chrowned as discussed here.

    Handy commands

    • who
      • see who is currently logged in (handy for a VPS).
    • whereis
      • Find something on your system.
    • pacman -Rs
      • Removes unwanted packages along with their unused dependencies.

    RamNode KVM VPS peculiar configurations

    See also

    • Open a ticket to request CPU/Host pass-through: [25]
    • Performance Tweakes: [26]
    • Available Operating Systems: [27]

    Windows USB Installation Media

    Install winusbAUR.

    # winusb --format PATHTOISO PATHTODEVICE