User:Wizetek
Medium creation
Different methods:
cp
$ cp archlinux.iso /dev/sdX
cat
$ cat archlinux.iso > /dev/sdX
dd
$ dd if=archlinux.iso of=/dev/sdX bs=4M conv=fsync oflag=direct status=progress
rw
$ rw -p 5 -h -i archlinux.iso -o /dev/sdX -s
mbuffer
$ mbuffer -i archlinux.iso -o /dev/sdX
pv
$ pv -brt archlinux.iso > /dev/sdX
tee
$ tee < archlinux.iso > /dev/sdX
tail
$ tail -c +1 archlinux.iso > /dev/sdX
>
sudo
to avoid Permission denied error$ cat archlinux.iso | sudo tee /dev/sdX > /dev/null
progress
or pv
$ progress -m
$ pv -d $(pidof cp)
Installation
(as of 2020.03)
$ timedatectl set-ntp true $ fdisk /dev/sda $ mkfs.ext4 /dev/sda1 $ mkswap /dev/sda2 $ swapon /dev/sda2 $ mount /dev/sda1 /mnt $ vim /etc/pacman.d/mirrorlist $ pacstrap /mnt base linux linux-firmware $ genfstab -U /mnt >> /mnt/etc/fstab $ arch-chroot /mnt $ pacman -S grub vim man networkmanager $ ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime $ hwclock --systohc $ vim /etc/locale.gen ... #en_BW ISO-8859-1 en_CA.UTF-8 UTF-8 #en_CA ISO-8859-1 en_GB.UTF-8 UTF-8 ... $ locale-gen $ vim /etc/locale.conf LANG="en_CA.UTF-8" LC_TIME="en_GB.UTF-8" $ hostnamectl set-hostname myhostname $ vim /etc/hosts 127.0.0.1 localhost ::1 localhost 127.0.1.1 myhostname.localdomain myhostname $ mkinitcpio --allpresets $ grub-install --target=i386-pc /dev/sda $ grub-mkconfig -o /boot/grub/grub.cfg $ passwd $ exit $ umount /mnt
Eject installation medium. Reboot. Log in.
Configuration
Enable network
option A: using NetworkManager
$ systemctl --now enable NetworkManager.service
option B: using systemd-networkd
$ networkctl list
- DHCP – full (commented out) or IPv4 only
/etc/systemd/network/20-wired.network
[Match] Name=ens3 [Network] #DHCP=yes DHCP=ipv4
- static IP
/etc/systemd/network/20-wired.network
[Match] Name=enp1s0 [Network] Address=192.168.1.2/24 Gateway=192.168.1.1 DNS=192.168.1.1
Enable and activate
$ systemctl --now enable systemd-networkd.service $ systemctl --now enable systemd-resolved.service $ networkctl status
NTP via systemd-timesyncd
$ timedatectl set-ntp true
or
$ systemctl --now enable systemd-timesyncd.service
Proton VPN via WireGuard
Install
$ pacman -S wireguard-tools systemd-resolvconf
Log in to Proton VPN > Downloads > WireGuard configuration > download configuration files
Save the configuration file
$ /etc/wireguard/protonvpn.conf
Network setup
$ /etc/systemd/resolved.conf.d/dns.conf
[Resolve] DNS=192.168.1.1 # Might cause problems with web browsers #Domains=~. # Resolve non-FQDN (local) host names ResolveUnicastSingleLabel=yes
Connect
$ wg-quick up protonvpn
Check status
$ wg
Disconnect
$ wg-quick down protonvpn
Tune ext4
$ tune2fs -L arch_root /dev/sda2 $ tune2fs -L arch_home /dev/sda3 $ tune2fs -c 0 -i 0 /dev/disk/by-label/arch_root $ tune2fs -c 0 -i 0 -r 0 /dev/disk/by-label/arch_home
-L volume label
-c max mount count
-i interval between checks
-r reserved blocks count
Swap file
$ dd of=/swapfile if=/dev/zero bs=1G count=4 or $ fallocate -l 4G /swapfile
$ chmod 600 /swapfile
$ mkswap /swapfile or (also set label) $ mkswap -L linux_swap /swapfile or (unset UUID too) $ mkswap -U clear -L linux_swap /swapfile
/etc/fstab
/swapfile none swap defaults 0 0
$ swapon /swapfile or (activate all in /fstab) $ swapon -a
Check:
$ swapon
zram swap
Install:
$ pacman -S zram-generator
Configure:
/etc/systemd/zram-generator.conf
[zram0] zram-size = ram / 2 #zram-size = ram / 1.5 #zram-size = ram / 4096 #zram-size = min(ram / 2, 4096) compression-algorithm = zstd swap-priority = 100 fs-type = swap
Activate:
$ systemctl daemon-reload $ systemctl start systemd-zram-setup@zram0.service
Check:
$ swapon
SSD optimizations: TRIM and swappiness
$ systemctl --now enable fstrim.timer
file_prio (default=200) minus vm.swappiness equals anon_prio
i.e. 200 - 100 = 100 [link]
Set immediately:
$ sysctl -w vm.swappiness=100
Set on boot:
/etc/sysctl.d/99-swappiness.conf
vm.swappiness=100
SMART daemon:
$ systemctl enable --now smartd.service
CPU microcode updates
$ pacman -S intel-ucode or $ pacman -S amd-ucode
$ grub-mkconfig -o /boot/grub/grub.cfg $ reboot
CFS ZEN tweaks
Set scheduler (CFS) to use settings like the linux-zen kernel rather than the defaults which are tweaked for high throughput.
$ paru -S cfs-zen-tweaks $ systemctl daemon-reload $ systemctl enable --now set-cfs-tweaks.service
tty display power saving
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=600"
$ grub-mkconfig -o /boot/grub/grub.cfg $ reboot
Hardware monitoring
$ pacman -S lm_sensors $ sensors-detect $ sensors
Vim configuration
~/.vimrc
" Comments begin like this, not with # source $VIMRUNTIME/defaults.vim runtime! archlinux.vim set nocompatible " Use Vim features, break Vi legacy set noswapfile set nobackup set nowritebackup "set clipboard=unnamedplus set mouse= " Disable mouse support set hidden " Switch buffers without saving set wildmenu set incsearch set hlsearch set ignorecase set smartcase syntax on filetype on set encoding=utf-8 set background=dark "colorscheme elflord set showcmd set showmode set showmatch set laststatus=2 set ruler "set showtabline=2 "set title set number set relativenumber highlight LineNR ctermbg=none ctermfg=darkred set cursorline highlight CursorLineNR cterm=bold ctermfg=lightgreen highlight CursorLine cterm=none ctermbg=darkgrey "highlight CursorLine cterm=none ctermbg=darkgrey ctermfg=white "set cursorcolumn "highlight CursorColumn cterm=none ctermbg=darkgrey ctermfg=white set autoindent set copyindent "set smartindent autocmd FileType * set formatoptions-=cro " No auto comment set nowrap "set linebreak "set tabstop=4 "set softtabstop=4 "set shiftwidth=4 "set noerrorbells "set visualbell "set spell " Disable invoking Help by Ctrl+F1 map <C-F1> <Nop> " Toggle line numbers nmap <F1> :set number! relativenumber!<CR> nmap <leader>n :set number! relativenumber!<CR> " Toggle line wrapping nmap <F2> :set nowrap!<CR> nmap <leader>w :set nowrap!<CR> " Toggle paste to avoid staircase effect set pastetoggle=<F3> nmap <leader>p :set paste!<CR> " Remove highlight after search nmap <F5> :noh<CR> nmap <leader>\ :noh<CR> " Recenter after scrolling nnoremap <C-u> <C-u>zz nnoremap <C-d> <C-d>zz
GNU Screen configuration
$ cp /etc/screenrc ~/.screenrc
~/.screenrc
# Mouse scroll up/down termcapinfo xterm* ti@:te@ # Fix for residual editor text altscreen on
GNU Readline
~/.inputrc
$include /etc/inputrc # for PuTTY (letter O, not zero) "\eOC": forward-word "\eOD": backward-word "\e[A":history-search-backward "\e[B":history-search-forward # Shift+up/down/right/left "\e[1;2A":upcase-word "\e[1;2B":downcase-word "\e[1;2C":copy-forward-word "\e[1;2D":copy-backward-word set show-all-if-ambiguous on set echo-control-characters off # Color files by types # Note that this may cause completion text blink in some terminals (e.g. xterm). set colored-stats on # Append char to indicate type set visible-stats on # Mark symlinked directories set mark-symlinked-directories on # Color the common prefix set colored-completion-prefix on # Color the common prefix in menu-complete set menu-complete-display-prefix on
Add Ctrl+left and Ctrl+right to console keymap
/usr/local/share/kbd/keymaps/personal.map
control keycode 105 = Meta_b control keycode 106 = Meta_f
Load for the current session:
$ loadkeys personal.map
Load on startup:
/etc/vconsole.conf
KEYMAP=/usr/local/share/kbd/keymaps/personal.map
Disable power button
/etc/systemd/logind.conf
HandlePowerKey=ignore
Disable laptop display on boot
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="video=LVDS-1:d"
$ grub-mkconfig -o /boot/grub/grub.cfg
Disable Ctrl-Alt-Delete in console
$ systemctl mask ctrl-alt-del.target
Don't clear console on boot
$ mkdir /etc/systemd/system/getty@.service.d
/etc/systemd/system/getty@.service.d/dontclear.conf
[Service] TTYVTDisallocate=no
Enable reboot and more (REISUB) via Magic SysRq Key
/etc/sysctl.d/99-sysrq.conf
kernel.sysrq=1
Disable account lockout on authentication failure
/etc/security/faillock.conf
deny = 0
Reduce systemd stop job timeout
/etc/systemd/system.conf
/etc/systemd/user.conf
DefaultTimeoutStopSec=10s
sudo
$ sudo visudo
Defaults editor=/usr/bin/vim Defaults passwd_timeout=0 Defaults timestamp_timeout=10 Defaults timestamp_type=global Defaults env_keep += "LANG DISPLAY XAUTHORITY" root ALL=(ALL:ALL) ALL %wheel ALL=(ALL:ALL) ALL @includedir /etc/sudoers.d
$ gpasswd -a myusername wheel
Keep aliases after switching user:
~/.bashrc
alias sudo='sudo '
pkexec auth for X applications
~/.bashrc
alias pkexec="pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $@"
Polkit only allow local admin shutdown/reboot/sleep
If the polkit
package is not installed, only admin can power cycle the system. Once polkit.service
is active, the systemd
owned org.freedesktop.login1.policy
allows users to control power from tty (but not ssh).
$ grep 'action id' /usr/share/polkit-1/actions/org.freedesktop.login1.policy
Override (DO NOT put #comments in this JavaScript file):
/etc/polkit-1/rules.d/10-only-admin-shutdown.rules
polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.login1.power-off" || action.id == "org.freedesktop.login1.power-off-multiple-sessions" || action.id == "org.freedesktop.login1.power-off-ignore-inhibit" || action.id == "org.freedesktop.login1.reboot" || action.id == "org.freedesktop.login1.reboot-multiple-sessions" || action.id == "org.freedesktop.login1.reboot-ignore-inhibit" || action.id == "org.freedesktop.login1.suspend" || action.id == "org.freedesktop.login1.suspend-multiple-sessions" || action.id == "org.freedesktop.login1.suspend-ignore-inhibit" || action.id == "org.freedesktop.login1.hibernate" || action.id == "org.freedesktop.login1.hibernate-multiple-sessions" || action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" || action.id == "org.freedesktop.login1.set-reboot-parameter" || action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" || action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" || action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry" ) { return polkit.Result.AUTH_ADMIN_KEEP; } });
$ systemctl restart polkit.service
Edit/remove/replace to remove some restrictions:
// Allow suspending despite inhibitors if (action.id == "org.freedesktop.login1.suspend" || action.id == "org.freedesktop.login1.suspend-multiple-sessions" || action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ) { return polkit.Result.YES; }
Udev device permissions
$ ls -l /dev/tty1 crw--w---- 1 root tty 4, 2 May 23 22:45 /dev/tty1
Check the default rules:
$ grep -m1 'tty\[' /usr/lib/udev/rules.d/50-udev-default.rules SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620"
Create custom rules. Must be processed after the default 50-... so set the file name to 51-... or 55-... or 99-...
(Insecure) example that allows starting X remotely (eg. over SSH) rather than being limited to local console:
/etc/udev/rules.d/51-udev-custom.rules
SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0660"
$ udevadm control --reload $ udevadm trigger $ ls -l /dev/tty1 crw-rw---- 1 root tty 4, 2 May 23 22:50 /dev/tty1
$ gpasswd add myusername tty
NOTE: Ownership and permissions will change once login occurs on that tty.
Mount NTFS, SMB/CIFS, SSHFS, systemd automount
/etc/fstab
# NTFS /dev/sda2 /mnt/windows ntfs-3g uid=myuser,gid=mygroup,dmask=022,fmask=133 0 0 # SMB/CIFS (nofail = continue booting if mount fails) //192.168.1.1/music /mnt/openwrt cifs nofail,_netdev,guest,vers=1.0,uid=myuser,gid=mygroup,dir_mode=0555,file_mode=0444,nounix,iocharset=utf8 0 0 # SSHFS (noauto = do not mount on boot) pi@raspberrypi:/ /mnt/pi fuse.sshfs noauto,_netdev,reconnect,allow_other,default_permissions,ServerAliveInterval=15,ServerAliveCountMax=3 0 0 # SSHFS systemd automount (conflicts with 'noauto' option) root@192.168.1.2:/mnt/sda1 /mnt/openwrt fuse.sshfs x-systemd.automount,x-systemd.mount-timeout=10,_netdev,reconnect,allow_other,default_permissions,cache=yes,kernel_cache,Compression=no,ServerAliveInterval=15,ServerAliveCountMax=3,IdentityFile=/root/.ssh/id_rsa 0 0 # ext4 removable systemd automount /dev/disk/by-label/USB-HDD-1TB /mnt/usbhdd auto noatime,commit=60,x-systemd.automount,x-systemd.mount-timeout=10s,x-systemd.idle-timeout=120s 0 0
$ systemctl daemon-reload $ systemctl restart local-fs.target $ systemctl restart remote-fs.target
NOTE: If there are errors 'no such device', then mount once manually and accept keys, etc.
$ sshfs myusername@myremotebox:/mnt/share /mnt/remote
udisksctl mount/unmount (removable) device partition
$ udisksctl status
Mount to /run/media/myusername/mydevicelabel:
$ udisksctl mount -b /dev/sdb1 or $ udisksctl mount -b /dev/disk/by-label/mydevicelabel
Umount:
$ udisksctl unmount -b /dev/sdb1 or $ udisksctl unmount -b /dev/disk/by-label/mydevicelabel
Eject:
$ udisksctl power-off -b /dev/sdb
locate DB and update via a cron job
$ pacman -S mlocate or $ pacman -S plocate
$ updatedb $ locate -S
$ pacman -S cronie
/etc/cron.daily/update_locate_db
/usr/bin/updatedb
$ chmod +x /etc/cron.daily/update_locate_db $ systemctl enable --now cronie.service
$ pacman -S samba $ wget -O /etc/samba/smb.conf 'https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default'
/etc/samba/smb.conf
log file = /var/log/samba/%m.log workgroup = MYWORKGROUP [homes] comment = Home Directories browseable = no writable = yes
$ smbpasswd -a myuser $ systemctl --now enable smb.service $ systemctl --now enable nmb.service
X re-enable zap
For startx/xinit:
~/.xinitrc
setxkbmap -option terminate:ctrl_alt_bksp &
For X login managers and others:
/etc/X11/xorg.conf.d/10-zap.conf
Section "ServerFlags" Option "DontZap" "false" EndSection Section "InputClass" Identifier "Keyboard Defaults" MatchIsKeyboard "yes" Option "XkbOptions" "terminate:ctrl_alt_bksp" EndSection
XKB
~/.xinitrc
setxkbmap -model pc105 -layout pl,us -variant , & setxkbmap -option grp:alt_altgr_toggle & xmodmap ~/.Xmodmap &
~/.Xmodmap
! The WindowsLogo key by default does Super and Hyper ! Remove Hyper (while keeping Super) remove Mod4 = Hyper_L ! Alternatively, clear all and define explicitly !clear Mod4 !add Mod4 = Super_L Super_R ! Set Hyper as a separate Mod3 modifier apart from Super/Mod4 clear Mod3 add Mod3 = Hyper_L ! Use the Caps Lock key as Hyper clear Lock keycode 66 = Hyper_L
Before:
$ xmodmap -pm xmodmap: up to 5 keys per modifier, (keycodes in parentheses): shift Shift_L (0x32), Shift_R (0x3e) lock Caps_Lock (0x42) control Control_L (0x25), Control_R (0x69) mod1 Alt_L (0x40), Alt_L (0xcc), Meta_L (0xcd) mod2 Num_Lock (0x4d) mod3 ISO_Level5_Shift (0xcb) mod4 Hyper_L (0x42), Super_L (0x85), Super_R (0x86), Super_L (0xce), Hyper_L (0xcf) mod5 ISO_Level3_Shift (0x5c)
After:
$ xmodmap -pm xmodmap: up to 3 keys per modifier, (keycodes in parentheses): shift Shift_L (0x32), Shift_R (0x3e) lock control Control_L (0x25), Control_R (0x69) mod1 Alt_L (0x40), Alt_L (0xcc), Meta_L (0xcd) mod2 Num_Lock (0x4d) mod3 Hyper_L (0x42), Hyper_L (0xcf) mod4 Super_L (0x85), Super_R (0x86), Super_L (0xce) mod5 ISO_Level3_Shift (0x5c)
X and Xfce desktop
$ pacman -S xorg-server $ pacman -S xf86-video-amdgpu xf86-video-ati xf86-video-intel xf86-video-nouveau xf86-video-vesa $ pacman -S xfce4 xfce4-goodies $ pacman -S pulseaudio pulseaudio-alsa pavucontrol $ pacman -S gvfs-smb ntfs-3g $ pacman -S nm-applet $ pacman -S xdg-user-dirs $ xdg-user-dirs-update $ pacman -S lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings $ pacman -S accountsservice $ cp /path/to/myavatar_96x96.png ~/.face $ systemctl --now enable lightdm.service
Xfce: hide Suspend and Hibernate from the logout dialog
$ xfconf-query -c xfce4-session -np '/shutdown/ShowSuspend' -t bool -s false $ xfconf-query -c xfce4-session -np '/shutdown/ShowHibernate' -t bool -s false
Xfce: disable CSD (Client-Side Decorations)
$ xfconf-query -c xsettings -p /Gtk/DialogsUseHeader -s false
Ly - lightweight TUI display manager for console
$ pacman -S ly
/etc/ly/config.ini
# Doom fire animate = true # Focus on the session input field default_input = 0 # Disable F1 shutdown & F2 reboot restart_cmd = /usr/bin/ly-dm shutdown_cmd = /usr/bin/ly-dm # Switch to tty1 tty = 1
$ systemctl edit ly.service [Service] TTYPath=/dev/tty1
$ systemctl disable getty@tty1.service $ systemctl enable ly.service
Qt apps theme appearance
$ pacman -S qt5ct
~/.xinitrc
export QT_QPA_PLATFORMTHEME=qt5ct
Fonts
DejaVu is modified Bitstream Vera with more Unicode stuff.
$ pacman -S gnu-free-fonts $ pacman -S ttf-dejavu $ pacman -S ttf-liberation $ pacman -S ttf-ubuntu-font-family
Fixed-width/monospaced font for code:
$ pacman -S ttf-input
Chinese, Japanese, Korean:
$ pacman -S noto-fonts-cjk
$ fc-conflist $ cd /etc/fonts/conf.d $ ln -s /usr/share/fontconfig/conf.default/10-hinting-slight.conf $ ln -s /usr/share/fontconfig/conf.default/10-sub-pixel-rgb.conf $ ln -s /usr/share/fontconfig/conf.default/10-yes-antialias.conf $ ln -s /usr/share/fontconfig/conf.default/11-lcdfilter-default.conf $ ln -s /usr/share/fontconfig/conf.default/51-local.conf $ ln -s /usr/share/fontconfig/conf.avail/70-no-bitmaps.conf
...or experiment for best appearance:
$ ln -s /usr/share/fontconfig/conf.avail/10-hinting-full.conf $ ln -s /usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf
BCI (Byte-Code Interpreter) hinting:
/etc/profile.d/freetype2.sh
#truetype:interpreter-version=35 (classic mode, emulates Windows 98; 2.6 default) #truetype:interpreter-version=36 (classic Windows ClearType style) #truetype:interpreter-version=38 ("Infinality" subpixel mode) truetype:interpreter-version=40 (minimal subpixel mode; 2.7 default)
Font families fallback aliases for consistency across all apps:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE fontconfig SYSTEM "fonts.dtd"> <fontconfig> <alias> <family>serif</family> <prefer> <family>DejaVu Serif</family> <family>Liberation Serif</family> <family>FreeSerif</family> </prefer> </alias> <alias> <family>sans-serif</family> <prefer> <family>DejaVu Sans</family> <family>Liberation Sans</family> <family>FreeSans</family> </prefer> </alias> <alias> <family>monospace</family> <prefer> <family>DejaVu Sans Mono</family> <family>Liberation Mono</family> <family>FreeMono</family> </prefer> </alias> <alias> <family>Arial</family> <prefer> <family>DejaVu Sans</family> </prefer> </alias> <alias> <family>Courier</family> <prefer> <family>DejaVu Sans Mono</family> </prefer> </alias> <alias> <family>Courier New</family> <prefer> <family>DejaVu Sans Mono</family> </prefer> </alias> <alias> <family>Garamond</family> <prefer> <family>DejaVu Serif</family> </prefer> </alias> <alias> <family>Georgia</family> <prefer> <family>DejaVu Serif</family> </prefer> </alias> <alias> <family>Helvetica</family> <prefer> <family>DejaVu Sans</family> </prefer> </alias> <alias> <family>Lucida Console</family> <prefer> <family>DejaVu Sans Mono</family> </prefer> </alias> <alias> <family>Tahoma</family> <prefer> <family>DejaVu Sans</family> </prefer> </alias> <alias> <family>Times</family> <prefer> <family>DejaVu Serif</family> </prefer> </alias> <alias> <family>Times New Roman</family> <prefer> <family>DejaVu Serif</family> </prefer> </alias> <alias> <family>Trebuchet MS</family> <prefer> <family>DejaVu Sans</family> </prefer> </alias> <!-- Default font (no fc-match pattern) --> <match> <edit mode="append" name="family"> <string>DejaVu Sans</string> </edit> </match> </fontconfig>
Check:
$ fc-match $ fc-match sans $ fc-match serif $ fc-match mono $ fc-match "Times New Roman" $ fc-match -a
Screensaver and lock
Power off display after 600 seconds (10 min).
$ xset dpms 0 0 600
Disable/enable DPMS.
$ xset -dpms $ xset +dpms
Screensaver after 5 minutes, release grab after suspend, lock after 1200 seconds (20 min), display off after 600 seconds (10 min), different saver every 60 seconds, password timeout 5 seconds
$ pacman -S xlockmore xautolock
$ xautolock -time 5 -detectsleep -locker "xlock -lockdelay 1200 -dpmsoff 600 -mode random -duration 60 -erasedelay 0 -echokeys -echokey . -timeout 5"
Disable/enable autolock without terminating process.
$ xautolock -disable $ xautolock -enable
Screensaver without lock
$ xautolock -time 5 -detectsleep -locker "xlock -nolock -mode random -duration 60 -erasedelay 0"
Picture slideshow without lock
$ pacman -S feh $ xautolock -time 5 -detectsleep -locker "feh -z -D 5 -F --zoom=fill -Y -r /usr/share/backgrounds"
Xfce custom command to lock on sleep (read by xflock4
)
$ pacman -S i3lock $ xfconf-query --create -c xfce4-session -p /general/LockCommand -t string -s "i3lock -f -c 202020"
Check Xfce lock command.
$ xfconf-query -c xfce4-session -p /general/LockCommand
Reset Xfce lock command.
$ xfconf-query --reset -c xfce4-session -p /general/LockCommand
systemd unit to lock screen upon system sleep:
/etc/systemd/system/lock-on-sleep@.service
[Unit] Description=Lock screen on sleep/suspend Before=sleep.target [Service] Type=simple User=%i Environment="DISPLAY=:0" ExecStart=/usr/local/bin/lock-on-sleep # Wait for lock to prevent briefly showing desktop after resume ExecStartPost=sleep 1 [Install] WantedBy=sleep.target #WantedBy=suspend.target
/usr/local/bin/lock-on-sleep
#!/bin/bash xset dpms 0 0 120 # Release grab from 'xlock -nolock' xautolock -unlocknow #xlock -mode random -duration 60 -erasedelay 0 -echokeys -echokey . -timeout 5 i3lock -n -f -c 202020 -i $(shuf -n 1 -e /usr/local/backgrounds/*.png) xset dpms 0 0 600
$ systemctl enable lock-on-sleep@myusername
Reload systemd after any changes to the unit.
$ systemctl daemon-reload
DPI
Calculate proper DPI for specific hardware at https://www.pxcalc.com/
Example: 27" 2560x1440 display
- DPI: 108.79
- Dot Pitch: 0.2335 mm
- Size: 23.53" × 13.24" (59.77 cm × 33.62 cm)
$ pacman -S xorg-xrandr $ xrandr --dpi 109 $ xdpyinfo | grep dots
Login/Desktop Managers in general:
/etc/xprofile
or ~/.xprofile
xrandr --dpi 109
LightDM:
/etc/lightdm/lightdm-gtk-greeter.conf
xft-dpi = 109
X Server:
/etc/X11/xinit/xserverrc
or ~/.xserverrc
exec /usr/bin/X -dpi 109 -nolisten tcp "$@"
X Resources (if not set by Desktop Environment):
~/.Xresources
Xft.dpi: 109 Xft.autohint: 0 Xft.lcdfilter: lcddefault Xft.hintstyle: hintslight Xft.hinting: 1 Xft.antialias: 1 Xft.rgba: rgb
Firefox:
- Default DPI is 96. Change it in
about:config
by setting:
layout.css.devPixelsPerPx = x
...where x = DPI / 96
Example: 27" 2560x1440 display, x = 108.79 / 96 = 1.133229167
- Default DPI is 96. System DPI is only used if system DPI > 96. Force using lower system DPI by setting in
about:config
layout.css.dpi = 0
- Default font scale in
about:config
isfont.size.systemFontScale = 100
- Do not increase
Default zoom
inPreferences
x11vnc
$ pacman -S x11vnc $ x11vnc -storepasswd $ x11vnc -usepw -shared -forever
Ignore options in rc file: -norc
~/.x11vncrc
desktop My Desktop rfbport 5900 display :0 usepw shared forever reopen nolookup
Run X apps without real X
$ pacman -S xorg-server-xvfb
Virtual framebuffer X -screen num WxHxD (color depth)
$ Xvfb :1 -screen 0 1x1x8 $ DISPLAY=:1 myxapp
Intel hardware video acceleration
$ pacman -S intel-media-driver libva-intel-driver libvdpau-va-gl $ pacman -S libva-utils vdpauinfo
Pro audio
CPU frequency governor
$ pacman -S cpupower
$ cpupower frequency-set -g performance $ cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
$ cpupower frequency-info ... hardware limits: 800 MHz - 3.00 GHz ...(max 2.4 with turbo boost to 3.0) $ cpupower frequency-set -d 2.4GHz $ cpupower frequency-set -u 3.0GHz
$ $EDITOR /etc/default/cpupower
Set preferred options, and then:
$ systemctl enable cpupower.service
Low-latency kernel
Check:
$ uname -v #1 SMP PREEMPT Wed, 18 May 2022 17:30:11 +0000 x86_64 GNU/Linux
Threaded IRQs non-realtime kernel (optional)
Check:
$ zgrep "CONFIG_IRQ_FORCED_THREADING" /proc/config.gz CONFIG_IRQ_FORCED_THREADING=y
Enable:
/etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="... ... threadirqs"
Realtime priority
$ pacman -S realtime-privileges
/etc/security/limits.d/99-realtime-privileges.conf
@realtime - rtprio 98 @realtime - memlock unlimited @realtime - nice -11
(nice uses SCHED_OTHER so it is not applicable to low-latency real-time audio using SCHED_FIFO / SCHED_RR)
$ gpasswd -a myusername realtime
If not using a login manager, configure PAM too:
/etc/pam.d/su
session required pam_limits.so
Log out, log back in.
Check:
$ ulimit -r $ ulimit -a $ chrt -m
Test:
(should not return: Operation not permitted)
$ chrt -v 90 true
MIDI & JACK
$ pacman -S jack2 python-dbus qjackctl a2jmidid alsa-utils
QjackCtl
- Driver: alsa
- Realtime: ✓ (if using linux-rt)
- MIDI Driver: seq
- Output Device: myoutputdevice
- Enable D-Bus interface: ✓
- Enable JACK D-Bus interface: ✓
(Soon to be replaced by PipeWire)
PipeWire
$ pacman -S pipewire $ pacman -S pipewire-alsa pipewire-pulse pipewire-jack
$ export PIPEWIRE_LATENCY="512/48000"
DAW, plugin hosts & softsynths
~/.bashrc
# VST3 in ~/.vst3 # VST/VST2 export VST_PATH=/usr/lib/vst:/usr/local/lib/vst:~/.vst # uncommon, only used by Ardour and Qtractor export LXVST_PATH=/usr/lib/lxvst:/usr/local/lib/lxvst:~/.lxvst # current Linux-only native container export LV2_PATH=/usr/lib/lv2:/usr/local/lib/lv2:~/.lv2 # old precursor to LV2 export LADSPA_PATH=/usr/lib/ladspa:/usr/local/lib/ladspa:~/.ladspa # old LADSPA successor export DSSI_PATH=/usr/lib/dssi:/usr/local/lib/dssi:~/.dssi
$ pacman -Sgq vst-plugins | pacman -Si - $ pacman -Si $(pacman -Sgq lv2-plugins)
DAW (Digital Audio Workstation)
renoise<br> reaper<br> bitwig<br> tracktion-waveform<br> qtractor (sequencer with DAW features)<br> ardour<br> sunvox
Host
carla
VST / VST2 / VST3 / lxvst (.so)
surge<br> helm-synth<br> vital<br> dexed<br> odin2<br> zynaddsubfx<br> obxd [[https://github.com/DISTRHO/DISTRHO-Ports/releases/download/2018-04-16/obxd-linux64.tar.xz old]] [[https://github.com/reales/OB-Xd/releases/ new]]<br> xhip<br> tunefish4<br> amsynth<br> digitsvst-git<br> tal-plugins<br> uhe-podolski-vst<br> uhe-triplecheese-vst<br> uhe-tyrellN6
LV2 (.so)
yoshimi<br> bristol (+ pybristol GUI)<br> calf (various stuff) [[https://calf-studio-gear.org/ 1]]<br> synthv1<br> padthv1<br> samplv1<br> drumkv1
Windows© VST (.dll) plugin bridge
$ pacman -S wine-staging winetricks $ pacman -S yabridge yabridgectl
$ wine vst1_installer.exe $ wine vst2_installer.exe ...
$ yabridgectl sync $ yabridgectl status
$ yabridgectl add /custom/path/to/windows/vst $ yabridgectl list $ yabridgectl sync $ yabridgectl status
http://www.linuxsynths.com/index.html
https://distrho.sourceforge.io/ports.php
pacman
package Groups vs Meta packages
- group name alone is not installed; group members are individual packages being installed explicitly
- meta package is installed explicitly; meta depends are individual packages being installed as dependencies
Sync package database from remote repos and install package(s) along with dependencies:
$ pacman -S ttf-dejavu
Refresh the syncdb and update all packages (-w
only download, don't install):
$ pacman -Syu
Best practice: Run within a terminal multiplexer to avoid interruptions due to X/Wayland/desktop/WM/terminal crashes or other issues
alias Syu="screen -DRq Syu bash -c 'sudo pacman -Syu; bash'"
Ignore updates for specified packages:
(This time only)
$ pacman -Syu --ignore linux
(Every time)
/etc/pacman.conf
IgnorePkg = linux linux-headers systemd xorg-server
Update the previously ignored packages:
$ pacman -S linux linux-headers
Update and skip dependency checks (e.g. due to conflicts caused by AUR packages):
$ paru -Sd package1-that-couldnt-be-updated $ pacman -S package2
Don't touch/upgrade certain files during update:
/etc/pacman.conf
NoUpgrade = etc/passwd etc/group etc/shadow
Search for a string in the package syncdb (-q
quiet):
$ pacman -Ss ttf font
Show info about a package:
$ pacman -Si kodi
List groups:
$ pacman -Sg
List members of group:
$ pacman -Sg kodi-addons
List all dependencies of a package (formatted):
$ pacman -Sp --print-format %n-%v plasma-meta
List packages in a given repository:
$ pacman -Sl core $ pacman -Sl extra $ pacman -Sl community $ pacman -Sl multilib
Install (update) a package from a local file:
$ pacman -U redshifter-20200404-1-any.pkg.tar.xz
Refresh the files syncdb:
$ pacman -Fy
Find files inside packages in syncdb:
$ pacman -F lsusb
Find files inside packages by regex:
$ pacman -Fx "panel.*png"
List all files owned by a package (installed or not, search syncdb):
$ pacman -Fl usbutils
Query installed packages by a string in localdb (empty string = list all):
$ pacman -Qs ttf $ pacman -Qs
List upgradeable (outdated/held) packages:
$ pacman -Qu
List explicitly installed packages:
$ pacman -Qe
List packages installed as dependencies:
$ pacman -Qd
List installed packages not directly required and not optionally required:
$ pacman -Qt
List installed packages optionally required but not directly required:
$ pacman -Qtt
List installed packages that are unrequired dependencies (orphans):
$ pacman -Qtd
List installed native packages:
$ pacman -Qn
List installed foreign packages (e.g. from AUR):
$ pacman -Qm
Show info about an installed package:
$ pacman -Qi usbutils
List files owned by an installed package:
$ pacman -Ql usbutils
Query localdb which installed package owns a file:
$ pacman -Qo /usr/bin/pactl
Work with a local package file (-p
) instead of localdb:
(-i
display info, -l
list files)
$ pacman -Qp redshifter-20200404-1-any.pkg.tar.xz $ pacman -Qip redshifter-20200404-1-any.pkg.tar.xz $ pacman -Qlp redshifter-20200404-1-any.pkg.tar.xz
Remove package only:
$ pacman -R usbutils
Recursively remove a package, its dependencies (if not needed by other packages), and saved files:
$ pacman -Rsn usbutils
(-ss
force remove ALL dependencies)
$ pacman -Rssn usbutils
Cascade remove package and all packages that depend on it:
$ pacman -Rc exo
Maintenance
Install pacdiff
:
$ pacman -S pacman-contrib
Scan for .pacorig
, .pacnew
, .pacsave
files:
$ pacdiff -o
or
$ pacdiff -o -l # use locate $ pacdiff -o -f # use find
Merge or delete .pacorig
, .pacnew
, .pacsave
files:
$ pacdiff
or
$ pacdiff -l $ pacdiff -f $ pacdiff -s # use sudo
Install pacutils
:
$ pacman -S pacutils
Find files not owned by any package:
$ pacreport --unowned-files > /root/pacreport.log
Find wrong permissions by checking package files against MTREE data:
$ paccheck --file-properties --quiet > /root/paccheck.log
Remove orphans (unused packages):
$ pacman -Rsn $(pacman -Qtdq)
Clean uninstalled packages cache and syncdb (-cc
also installed packages cache):
$ pacman -Sc $ pacman -Scc
Check integrity of installed packages (all / specific / filter by missing files):
$ pacman -Qk $ pacman -Qk fontconfig $ pacman -Qk | grep -v '0 missing'
Display modified files:
$ pacman -Qii | awk '/^MODIFIED/ {print $2}'
IF EVER NEEDED, reinstall all native packages:
$ pacman -S $(pacman -Qnq)
Generate mirror list:
$ pacman -S reflector $ reflector --country CA,US --protocol http,https --latest 200 --fastest 5 --sort score --save /etc/pacman.d/mirrorlist
Flatpak
Installation
$ pacman -S flatpak
Repo add
$ flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo $ flatpak update
Search packages
$ flatpak search librewolf
Install packages
$ flatpak install librewolf
Run package
$ flatpak run librewolf
Update package
$ flatpak update librewolf
...or all packages
$ flatpak update
Prevent app/runtime update
$ flatpak mask librewolf
List installed packages
$ flatpak list
Manage Flatpak permissions via Flatseal GUI app
$ flatpak install com.github.tchx84.Flatseal
Nix
Nix cross-platform package manager
Installation
$ pacman -S nix $ systemctl enable --now nix-daemon.service $ gpasswd -a myusername nix-users $ exit #log out $ systemctl restart nix-daemon.service $ nix-channel --add https://nixos.org/channels/nixpkgs-unstable $ nix-channel --update
Configuration modification to enable searching
/etc/nix/nix.conf experimental-features = nix-command flakes
Search packages: https://search.nixos.org/packages
$ nix search nixpkgs librewolf
Install packages
$ nix-env -iA nixpkgs.librewolf
Run package (if PATH not set)
$ ~/.nix-profile/bin/librewolf
Install a tool to locate packages providing specific file
$ nix-env -iA nixpkgs.nix-index $ nix-index $ nix-locate pattern
Install BASH completions
$ nix-env -iA nixpkgs.nix-bash-completions
Make sure env vars include .nix-profile
~/.profile PATH="$HOME/.nix-profile/bin:$PATH" XDG_DATA_DIRS="$HOME/.nix-profile/share:$XDG_DATA_DIRS"
Add NixGL wrapper to launch GL or Vulkan applications
$ nix-channel --add https://github.com/nix-community/nixGL/archive/main.tar.gz nixgl $ nix-channel --update nixgl $ nix-env -iA nixgl.auto.nixGLDefault
...then run the GL application
$ ~/.nix-profile/bin/nixGL ~/.nix-profile/bin/kodi
Prevent package upgrade
$ nix-env --set-flag keep true librewolf
Show installed packages
$ nix-env -q
Show available packages
$ nix-env -qa
Find out the attribute paths of available packages
$ nix-env -qaP
List all generations
$ nix-env --list-generations
Switch to previous generation of active profile
$ nix-env --rollback
Roll back to specific generation
$ nix-env --switch-generation 43
Delete generations
$ nix-env --delete-generations old #all $ nix-env --delete-generations 3 4 8 #specific $ nix-env --delete-generations +5 #keep last 5
...then run the garbage collector
$ nix-store --gc
or via another utility to delete all old generations of all profiles
$ nix-collect-garbage -d
AUR helpers / wrappers
aurget: written in Bash (no longer maintained)
$ wget -O PKGBUILD https://aur.archlinux.org/cgit/aur.git/plain/PKGBUILD?h=aurget $ makepkg -si
aurget configuration:
$ cp /usr/share/doc/aurget/samples/aurgetrc ~/.config/aurgetrc
~/.config/aurgetrc
build_directory="$HOME/Builds" edit_pkgbuilds='never'
paru: written in Rust (pre-made bin package)
$ git clone https://aur.archlinux.org/paru-bin.git $ cd paru-bin $ makepkg -si
paru configuration:
$ cp /etc/paru.conf ~/.config/paru/paru.conf
~/.config/paru/paru.conf
[options] AurOnly BatchInstall #SkipReview SortBy=popularity
Others:
yay: written in Go
aura: written in Haskell
pikaur: written in Python
https://wiki.archlinux.org/title/AUR_helpers
AUR make a package
Set packager name:
/etc/makepkg.conf
PACKAGER="Your Name <your@email.dom>"
makepkg common options:
$ makepkg -si # build and install
$ makepkg -fs # force rebuild
$ makepkg -fsi # force rebuild and install
Optional validation tool:
$ pacman -S namcap
Build steps:
$ wget -O PKGBUILD https://gitlab.archlinux.org/pacman/pacman/raw/master/proto/PKGBUILD.proto $ $EDITOR PKGBUILD $ makepkg -g >> PKGBUILD $ namcap PKGBUILD # for information messages in addition to warnings: namcap -i PKGBUILD $ makepkg -s $ namcap yourpackagename-1.0-1-x86_64.pkg.tar.xz
AUR upload package
# Generate keypair $ ssh-keygen -f ~/.ssh/aur # Change/remove passphrase if needed $ ssh-keygen -p -f ~/.ssh/aur # Change/remove comment if needed $ ssh-keygen -c -f ~/.ssh/aur # Specify private key for AUR remote $ $EDITOR ~/.ssh/config Host aur.archlinux.org IdentityFile ~/.ssh/aur User aur
Copy public key ~/.ssh/aur.pub to AURweb under My Account
# Configure git $ git config --global user.name "Your Name" $ git config --global user.email "your@email.dom"
# Method 1: clone empty git repo to create it $ cd ~/Builds $ git clone ssh://aur@aur.archlinux.org/redshifter.git $ cd redshifter $ $EDITOR PKGBUILD $ makepkg --printsrcinfo > .SRCINFO $ git add PKGBUILD .SRCINFO $ git commit -m "your comment" $ git push
# Method 2: add empty remote repo to create it $ cd ~/Builds/xhip $ $EDITOR PKGBUILD $ makepkg --printsrcinfo > .SRCINFO $ git init $ git add PKGBUILD .SRCINFO $ git commit -m "your comment" $ git remote add origin ssh://aur@aur.archlinux.org/xhip.git $ git push -u origin master
# Method 3a: pull from existing repo $ cd ~/Builds/freepats-ydp-grand-piano $ git init $ git remote add origin ssh://aur@aur.archlinux.org/freepats-ydp-grand-piano.git $ git pull origin master $ $EDITOR PKGBUILD $ makepkg --printsrcinfo > .SRCINFO $ git add PKGBUILD .SRCINFO $ git commit -m "your comment" $ git push
# Method 3b: fetch and branch from existing repo $ cd ~/Builds/freepats-ydp-grand-piano $ git init $ git remote add origin ssh://aur@aur.archlinux.org/freepats-ydp-grand-piano.git $ git fetch # git fetch origin master $ git checkout -tb master # git checkout -tb master origin/master $ $EDITOR PKGBUILD $ makepkg --printsrcinfo > .SRCINFO $ git add PKGBUILD .SRCINFO $ git commit -m "your comment" $ git push
# More git commands $ git remote -v # See remotes $ git branch -a # See all branches (local and remote) $ git branch -vv # See hash and subject $ git status $ git log # See commits log $ git log -p # See commits diffs (--patch) $ git diff master origin/master $ git diff master...origin/master $ git commit -am "your comment" # Commit all (-a) changed files $ git reset # Reset uncommitted changes $ git revert HEAD # Undo commits
Favorite essential packages
terminator bash-completion screen vim mc nmap htop iftop locate wget rsync x11vnc xbindkeys redshift xrandr pamixer playerctl networkmanager-applet networkmanager-openconnect