User:Wizetek

From ArchWiki

https://www.wizetek.com

Medium creation

Different methods:

cp

$ cp archlinux.iso /dev/sdX

cat

$ cat archlinux.iso > /dev/sdX

dd

$ dd if=archlinux.iso of=/dev/sdX bs=4M conv=fsync oflag=direct status=progress

rw

$ rw -p 5 -h -i archlinux.iso -o /dev/sdX -s

mbuffer

$ mbuffer -i archlinux.iso -o /dev/sdX

pv

$ pv -brt archlinux.iso > /dev/sdX

tee

Warning: Include < or the input file gets zeroed out!
$ tee < archlinux.iso > /dev/sdX

tail

$ tail -c +1 archlinux.iso > /dev/sdX

>

Tip: Redirection with sudo to avoid Permission denied error
$ cat archlinux.iso | sudo tee /dev/sdX > /dev/null
Tip: Monitor with progress or pv
$ progress -m
$ pv -d $(pidof cp)

Installation

(as of 2020.03)

$ timedatectl set-ntp true
$ fdisk /dev/sda
$ mkfs.ext4 /dev/sda1
$ mkswap /dev/sda2
$ swapon /dev/sda2
$ mount /dev/sda1 /mnt
$ vim /etc/pacman.d/mirrorlist
$ pacstrap /mnt base linux linux-firmware
$ genfstab -U /mnt >> /mnt/etc/fstab
$ arch-chroot /mnt

$ pacman -S grub vim man networkmanager
$ ln -sf /usr/share/zoneinfo/America/Toronto /etc/localtime
$ hwclock --systohc
$ vim /etc/locale.gen
	...
	#en_BW ISO-8859-1
	en_CA.UTF-8 UTF-8
	#en_CA ISO-8859-1
	en_GB.UTF-8 UTF-8
	...

$ locale-gen
$ vim /etc/locale.conf
	LANG="en_CA.UTF-8"
	LC_TIME="en_GB.UTF-8"

$ hostnamectl set-hostname myhostname
$ vim /etc/hosts
	127.0.0.1	localhost
	::1		localhost
	127.0.1.1	myhostname.localdomain	myhostname

$ mkinitcpio --allpresets
$ grub-install --target=i386-pc /dev/sda
$ grub-mkconfig -o /boot/grub/grub.cfg
$ passwd
$ exit
$ umount /mnt

Eject installation medium. Reboot. Log in.

Configuration

Enable network

option A: using NetworkManager

$ systemctl --now enable NetworkManager.service


option B: using systemd-networkd

$ networkctl list


  • DHCP – full (commented out) or IPv4 only

/etc/systemd/network/20-wired.network

[Match]
Name=ens3

[Network]
#DHCP=yes
DHCP=ipv4


  • static IP

/etc/systemd/network/20-wired.network

[Match]
Name=enp1s0

[Network]
Address=192.168.1.2/24
Gateway=192.168.1.1
DNS=192.168.1.1

Enable and activate

$ systemctl --now enable systemd-networkd.service
$ systemctl --now enable systemd-resolved.service
$ networkctl status

NTP via systemd-timesyncd

$ timedatectl set-ntp true

or

$ systemctl --now enable systemd-timesyncd.service

Proton VPN via WireGuard

Install

$ pacman -S wireguard-tools systemd-resolvconf


Log in to Proton VPN > Downloads > WireGuard configuration > download configuration files

Save the configuration file

$ /etc/wireguard/protonvpn.conf


Network setup

$ /etc/systemd/resolved.conf.d/dns.conf
[Resolve]
DNS=192.168.1.1

# Might cause problems with web browsers
#Domains=~.

# Resolve non-FQDN (local) host names
ResolveUnicastSingleLabel=yes


Connect

$ wg-quick up protonvpn


Check status

$ wg


Disconnect

$ wg-quick down protonvpn

Tune ext4

$ tune2fs -L arch_root /dev/sda2
$ tune2fs -L arch_home /dev/sda3
$ tune2fs -c 0 -i 0 /dev/disk/by-label/arch_root
$ tune2fs -c 0 -i 0 -r 0 /dev/disk/by-label/arch_home

-L volume label

-c max mount count
-i interval between checks
-r reserved blocks count

Swap file

$ dd of=/swapfile if=/dev/zero bs=1G count=4
or
$ fallocate -l 4G /swapfile
$ chmod 600 /swapfile
$ mkswap /swapfile
or (also set label)
$ mkswap -L linux_swap /swapfile
or (unset UUID too)
$ mkswap -U clear -L linux_swap /swapfile

/etc/fstab

/swapfile none swap defaults 0 0
$ swapon /swapfile
or (activate all in /fstab)
$ swapon -a

Check:

$ swapon

zram swap

Install:

$ pacman -S zram-generator

Configure:

/etc/systemd/zram-generator.conf

[zram0]
zram-size = ram / 2
#zram-size = ram / 1.5
#zram-size = ram / 4096
#zram-size = min(ram / 2, 4096)
compression-algorithm = zstd
swap-priority = 100
fs-type = swap

Activate:

$ systemctl daemon-reload
$ systemctl start systemd-zram-setup@zram0.service

Check:

$ swapon

SSD optimizations: TRIM and swappiness

$ systemctl --now enable fstrim.timer

file_prio (default=200) minus vm.swappiness equals anon_prio
i.e. 200 - 100 = 100 [link]

Set immediately:

$ sysctl -w vm.swappiness=100

Set on boot:

/etc/sysctl.d/99-swappiness.conf

vm.swappiness=100

SMART daemon:

$ systemctl enable --now smartd.service

CPU microcode updates

$ pacman -S intel-ucode
or
$ pacman -S amd-ucode
$ grub-mkconfig -o /boot/grub/grub.cfg
$ reboot

CFS ZEN tweaks

Set scheduler (CFS) to use settings like the linux-zen kernel rather than the defaults which are tweaked for high throughput.

$ paru -S cfs-zen-tweaks
$ systemctl daemon-reload
$ systemctl enable --now set-cfs-tweaks.service

tty display power saving

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=600"
$ grub-mkconfig -o /boot/grub/grub.cfg
$ reboot

Hardware monitoring

$ pacman -S lm_sensors
$ sensors-detect
$ sensors

Vim configuration

~/.vimrc

" Comments begin like this, not with #

source $VIMRUNTIME/defaults.vim
runtime! archlinux.vim

set nocompatible	" Use Vim features, break Vi legacy
set noswapfile
set nobackup
set nowritebackup
"set clipboard=unnamedplus
set mouse=	" Disable mouse support
set hidden	" Switch buffers without saving
set wildmenu

set incsearch
set hlsearch
set ignorecase
set smartcase

syntax on
filetype on
set encoding=utf-8

set background=dark
"colorscheme elflord

set showcmd
set showmode
set showmatch

set laststatus=2
set ruler
"set showtabline=2
"set title

set number
set relativenumber
highlight LineNR ctermbg=none ctermfg=darkred

set cursorline
highlight CursorLineNR cterm=bold ctermfg=lightgreen
highlight CursorLine cterm=none ctermbg=darkgrey
"highlight CursorLine cterm=none ctermbg=darkgrey ctermfg=white

"set cursorcolumn
"highlight CursorColumn cterm=none ctermbg=darkgrey ctermfg=white

set autoindent
set copyindent
"set smartindent

autocmd FileType * set formatoptions-=cro	" No auto comment
set nowrap
"set linebreak
"set tabstop=4
"set softtabstop=4
"set shiftwidth=4                                                                
"set noerrorbells
"set visualbell
"set spell

" Disable invoking Help by Ctrl+F1
map <C-F1> <Nop>

" Toggle line numbers
nmap <F1> :set number! relativenumber!<CR>
nmap <leader>n :set number! relativenumber!<CR>

" Toggle line wrapping
nmap <F2> :set nowrap!<CR>
nmap <leader>w :set nowrap!<CR>

" Toggle paste to avoid staircase effect
set pastetoggle=<F3>
nmap <leader>p :set paste!<CR>

" Remove highlight after search
nmap <F5> :noh<CR>
nmap <leader>\ :noh<CR>

" Recenter after scrolling
nnoremap <C-u> <C-u>zz
nnoremap <C-d> <C-d>zz

GNU Screen configuration

$ cp /etc/screenrc ~/.screenrc

~/.screenrc

# Mouse scroll up/down
termcapinfo xterm* ti@:te@

# Fix for residual editor text
altscreen on

GNU Readline

~/.inputrc

$include /etc/inputrc

# for PuTTY (letter O, not zero)
"\eOC": forward-word
"\eOD": backward-word

"\e[A":history-search-backward
"\e[B":history-search-forward

# Shift+up/down/right/left
"\e[1;2A":upcase-word
"\e[1;2B":downcase-word
"\e[1;2C":copy-forward-word
"\e[1;2D":copy-backward-word

set show-all-if-ambiguous on
set echo-control-characters off

# Color files by types
# Note that this may cause completion text blink in some terminals (e.g. xterm).
set colored-stats on
# Append char to indicate type
set visible-stats on
# Mark symlinked directories
set mark-symlinked-directories on
# Color the common prefix
set colored-completion-prefix on
# Color the common prefix in menu-complete
set menu-complete-display-prefix on

Add Ctrl+left and Ctrl+right to console keymap

/usr/local/share/kbd/keymaps/personal.map

control keycode 105 = Meta_b
control keycode 106 = Meta_f

Load for the current session:

$ loadkeys personal.map

Load on startup:

/etc/vconsole.conf

KEYMAP=/usr/local/share/kbd/keymaps/personal.map

Disable power button

/etc/systemd/logind.conf

HandlePowerKey=ignore

Disable laptop display on boot

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="video=LVDS-1:d"
$ grub-mkconfig -o /boot/grub/grub.cfg

Disable Ctrl-Alt-Delete in console

$ systemctl mask ctrl-alt-del.target

Don't clear console on boot

$ mkdir /etc/systemd/system/getty@.service.d

/etc/systemd/system/getty@.service.d/dontclear.conf

[Service]
TTYVTDisallocate=no

Enable reboot and more (REISUB) via Magic SysRq Key

/etc/sysctl.d/99-sysrq.conf

kernel.sysrq=1

Disable account lockout on authentication failure

/etc/security/faillock.conf

deny = 0

Reduce systemd stop job timeout

/etc/systemd/system.conf

/etc/systemd/user.conf

DefaultTimeoutStopSec=10s

sudo

$ sudo visudo
Defaults editor=/usr/bin/vim
Defaults passwd_timeout=0
Defaults timestamp_timeout=10
Defaults timestamp_type=global
Defaults env_keep += "LANG DISPLAY XAUTHORITY"

root ALL=(ALL:ALL) ALL
%wheel ALL=(ALL:ALL) ALL

@includedir /etc/sudoers.d
$ gpasswd -a myusername wheel

Keep aliases after switching user:

~/.bashrc

alias sudo='sudo '

pkexec auth for X applications

~/.bashrc

alias pkexec="pkexec env DISPLAY=$DISPLAY XAUTHORITY=$XAUTHORITY $@"

Polkit only allow local admin shutdown/reboot/sleep

If the polkit package is not installed, only admin can power cycle the system. Once polkit.service is active, the systemd owned org.freedesktop.login1.policy allows users to control power from tty (but not ssh).

$ grep 'action id' /usr/share/polkit-1/actions/org.freedesktop.login1.policy

Override (DO NOT put #comments in this JavaScript file):

/etc/polkit-1/rules.d/10-only-admin-shutdown.rules

polkit.addRule(function(action, subject) {
   if (action.id == "org.freedesktop.login1.power-off" ||
       action.id == "org.freedesktop.login1.power-off-multiple-sessions" ||
       action.id == "org.freedesktop.login1.power-off-ignore-inhibit" ||
       action.id == "org.freedesktop.login1.reboot" ||
       action.id == "org.freedesktop.login1.reboot-multiple-sessions" ||
       action.id == "org.freedesktop.login1.reboot-ignore-inhibit" ||
       action.id == "org.freedesktop.login1.suspend" ||
       action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
       action.id == "org.freedesktop.login1.suspend-ignore-inhibit" ||
       action.id == "org.freedesktop.login1.hibernate" ||
       action.id == "org.freedesktop.login1.hibernate-multiple-sessions" ||
       action.id == "org.freedesktop.login1.hibernate-ignore-inhibit" ||
       action.id == "org.freedesktop.login1.set-reboot-parameter" ||
       action.id == "org.freedesktop.login1.set-reboot-to-firmware-setup" ||
       action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-menu" ||
       action.id == "org.freedesktop.login1.set-reboot-to-boot-loader-entry"
   ) {
       return polkit.Result.AUTH_ADMIN_KEEP;
   }
});
$ systemctl restart polkit.service

Edit/remove/replace to remove some restrictions:

// Allow suspending despite inhibitors
   if (action.id == "org.freedesktop.login1.suspend" ||
       action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
       action.id == "org.freedesktop.login1.suspend-ignore-inhibit"
   ) {
       return polkit.Result.YES;
   }

Udev device permissions

$ ls -l /dev/tty1
crw--w---- 1 root tty 4, 2 May 23 22:45 /dev/tty1

Check the default rules:

$ grep -m1 'tty\[' /usr/lib/udev/rules.d/50-udev-default.rules
SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0620"

Create custom rules. Must be processed after the default 50-... so set the file name to 51-... or 55-... or 99-...

(Insecure) example that allows starting X remotely (eg. over SSH) rather than being limited to local console:


/etc/udev/rules.d/51-udev-custom.rules

SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", GROUP="tty", MODE="0660"
$ udevadm control --reload
$ udevadm trigger

$ ls -l /dev/tty1
crw-rw---- 1 root tty 4, 2 May 23 22:50 /dev/tty1
$ gpasswd add myusername tty

NOTE: Ownership and permissions will change once login occurs on that tty.

Mount NTFS, SMB/CIFS, SSHFS, systemd automount

/etc/fstab

# NTFS
/dev/sda2		/mnt/windows	ntfs-3g		uid=myuser,gid=mygroup,dmask=022,fmask=133	0 0

# SMB/CIFS (nofail = continue booting if mount fails)
//192.168.1.1/music	/mnt/openwrt	cifs		nofail,_netdev,guest,vers=1.0,uid=myuser,gid=mygroup,dir_mode=0555,file_mode=0444,nounix,iocharset=utf8	0 0

# SSHFS (noauto = do not mount on boot)
pi@raspberrypi:/	/mnt/pi		fuse.sshfs	noauto,_netdev,reconnect,allow_other,default_permissions,ServerAliveInterval=15,ServerAliveCountMax=3	0 0

# SSHFS systemd automount (conflicts with 'noauto' option)
root@192.168.1.2:/mnt/sda1	/mnt/openwrt	fuse.sshfs	x-systemd.automount,x-systemd.mount-timeout=10,_netdev,reconnect,allow_other,default_permissions,cache=yes,kernel_cache,Compression=no,ServerAliveInterval=15,ServerAliveCountMax=3,IdentityFile=/root/.ssh/id_rsa	0 0

# ext4 removable systemd automount
/dev/disk/by-label/USB-HDD-1TB		/mnt/usbhdd	auto	noatime,commit=60,x-systemd.automount,x-systemd.mount-timeout=10s,x-systemd.idle-timeout=120s 0 0
$ systemctl daemon-reload
$ systemctl restart local-fs.target
$ systemctl restart remote-fs.target

NOTE: If there are errors 'no such device', then mount once manually and accept keys, etc.

$ sshfs myusername@myremotebox:/mnt/share /mnt/remote

udisksctl mount/unmount (removable) device partition

$ udisksctl status

Mount to /run/media/myusername/mydevicelabel:

$ udisksctl mount -b /dev/sdb1
or
$ udisksctl mount -b /dev/disk/by-label/mydevicelabel

Umount:

$ udisksctl unmount -b /dev/sdb1
or
$ udisksctl unmount -b /dev/disk/by-label/mydevicelabel

Eject:

$ udisksctl power-off -b /dev/sdb

locate DB and update via a cron job

$ pacman -S mlocate
or
$ pacman -S plocate
$ updatedb
$ locate -S


$ pacman -S cronie


/etc/cron.daily/update_locate_db

/usr/bin/updatedb
$ chmod +x /etc/cron.daily/update_locate_db
$ systemctl enable --now cronie.service

Share files via SMB

$ pacman -S samba
$ wget -O /etc/samba/smb.conf 'https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default'


/etc/samba/smb.conf

log file = /var/log/samba/%m.log
workgroup = MYWORKGROUP

[homes]
comment = Home Directories
browseable = no
writable = yes
$ smbpasswd -a myuser
$ systemctl --now enable smb.service
$ systemctl --now enable nmb.service

X re-enable zap

For startx/xinit:

~/.xinitrc

setxkbmap -option terminate:ctrl_alt_bksp &


For X login managers and others:

/etc/X11/xorg.conf.d/10-zap.conf

Section "ServerFlags"
	Option			"DontZap" "false"
EndSection

Section "InputClass"
	Identifier		"Keyboard Defaults"
	MatchIsKeyboard	"yes"
	Option			"XkbOptions" "terminate:ctrl_alt_bksp"
EndSection

XKB

~/.xinitrc

setxkbmap -model pc105 -layout pl,us -variant , &                                                   
setxkbmap -option grp:alt_altgr_toggle &
xmodmap ~/.Xmodmap &

~/.Xmodmap

! The WindowsLogo key by default does Super and Hyper
! Remove Hyper (while keeping Super)
remove Mod4 = Hyper_L

! Alternatively, clear all and define explicitly
!clear Mod4
!add Mod4 = Super_L Super_R

! Set Hyper as a separate Mod3 modifier apart from Super/Mod4
clear Mod3
add Mod3 = Hyper_L

! Use the Caps Lock key as Hyper
clear Lock
keycode 66 = Hyper_L

Before:

$ xmodmap -pm

xmodmap:  up to 5 keys per modifier, (keycodes in parentheses):
 
shift       Shift_L (0x32),  Shift_R (0x3e)
lock        Caps_Lock (0x42)
control     Control_L (0x25),  Control_R (0x69)
mod1        Alt_L (0x40),  Alt_L (0xcc),  Meta_L (0xcd)
mod2        Num_Lock (0x4d)
mod3        ISO_Level5_Shift (0xcb)
mod4        Hyper_L (0x42),  Super_L (0x85),  Super_R (0x86),  Super_L (0xce),  Hyper_L (0xcf)
mod5        ISO_Level3_Shift (0x5c)

After:

$ xmodmap -pm

xmodmap:  up to 3 keys per modifier, (keycodes in parentheses):

shift       Shift_L (0x32),  Shift_R (0x3e)
lock      
control     Control_L (0x25),  Control_R (0x69)
mod1        Alt_L (0x40),  Alt_L (0xcc),  Meta_L (0xcd)
mod2        Num_Lock (0x4d)
mod3        Hyper_L (0x42),  Hyper_L (0xcf)
mod4        Super_L (0x85),  Super_R (0x86),  Super_L (0xce)
mod5        ISO_Level3_Shift (0x5c)

X and Xfce desktop

$ pacman -S xorg-server
$ pacman -S xf86-video-amdgpu xf86-video-ati xf86-video-intel xf86-video-nouveau xf86-video-vesa

$ pacman -S xfce4 xfce4-goodies
$ pacman -S pulseaudio pulseaudio-alsa pavucontrol
$ pacman -S gvfs-smb ntfs-3g
$ pacman -S nm-applet

$ pacman -S xdg-user-dirs
$ xdg-user-dirs-update

$ pacman -S lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings
$ pacman -S accountsservice
$ cp /path/to/myavatar_96x96.png ~/.face
$ systemctl --now enable lightdm.service

Xfce: hide Suspend and Hibernate from the logout dialog

$ xfconf-query -c xfce4-session -np '/shutdown/ShowSuspend' -t bool -s false
$ xfconf-query -c xfce4-session -np '/shutdown/ShowHibernate' -t bool -s false

Xfce: disable CSD (Client-Side Decorations)

$ xfconf-query -c xsettings -p /Gtk/DialogsUseHeader -s false

Ly - lightweight TUI display manager for console

$ pacman -S ly


/etc/ly/config.ini

# Doom fire
animate = true
# Focus on the session input field
default_input = 0
# Disable F1 shutdown & F2 reboot
restart_cmd = /usr/bin/ly-dm
shutdown_cmd = /usr/bin/ly-dm
# Switch to tty1
tty = 1
$ systemctl edit ly.service

[Service]
TTYPath=/dev/tty1
$ systemctl disable getty@tty1.service
$ systemctl enable ly.service

Qt apps theme appearance

$ pacman -S qt5ct


~/.xinitrc

export QT_QPA_PLATFORMTHEME=qt5ct

Fonts

DejaVu is modified Bitstream Vera with more Unicode stuff.

$ pacman -S gnu-free-fonts
$ pacman -S ttf-dejavu
$ pacman -S ttf-liberation
$ pacman -S ttf-ubuntu-font-family

Fixed-width/monospaced font for code:

$ pacman -S ttf-input

Chinese, Japanese, Korean:

$ pacman -S noto-fonts-cjk
$ fc-conflist
$ cd /etc/fonts/conf.d
$ ln -s /usr/share/fontconfig/conf.default/10-hinting-slight.conf
$ ln -s /usr/share/fontconfig/conf.default/10-sub-pixel-rgb.conf
$ ln -s /usr/share/fontconfig/conf.default/10-yes-antialias.conf
$ ln -s /usr/share/fontconfig/conf.default/11-lcdfilter-default.conf
$ ln -s /usr/share/fontconfig/conf.default/51-local.conf
$ ln -s /usr/share/fontconfig/conf.avail/70-no-bitmaps.conf

...or experiment for best appearance:

$ ln -s /usr/share/fontconfig/conf.avail/10-hinting-full.conf
$ ln -s /usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf

BCI (Byte-Code Interpreter) hinting:


/etc/profile.d/freetype2.sh

#truetype:interpreter-version=35 (classic mode, emulates Windows 98; 2.6 default)
#truetype:interpreter-version=36 (classic Windows ClearType style)
#truetype:interpreter-version=38 ("Infinality" subpixel mode)
truetype:interpreter-version=40 (minimal subpixel mode; 2.7 default)

Font families fallback aliases for consistency across all apps:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
  <alias>
    <family>serif</family>
    <prefer>
      <family>DejaVu Serif</family>
      <family>Liberation Serif</family>
      <family>FreeSerif</family>
    </prefer>
  </alias>
  <alias>
    <family>sans-serif</family>
    <prefer>
      <family>DejaVu Sans</family>
      <family>Liberation Sans</family>
      <family>FreeSans</family>
    </prefer>
  </alias>
  <alias>
    <family>monospace</family>
    <prefer>
      <family>DejaVu Sans Mono</family>
      <family>Liberation Mono</family>
      <family>FreeMono</family>
    </prefer>
  </alias>
  <alias>
    <family>Arial</family>
    <prefer>
      <family>DejaVu Sans</family>
    </prefer>
  </alias>
  <alias>
    <family>Courier</family>
    <prefer>
      <family>DejaVu Sans Mono</family>
    </prefer>
  </alias>
  <alias>
    <family>Courier New</family>
    <prefer>
      <family>DejaVu Sans Mono</family>
    </prefer>
  </alias>
  <alias>
    <family>Garamond</family>
    <prefer>
      <family>DejaVu Serif</family>
    </prefer>
  </alias>
  <alias>
    <family>Georgia</family>
    <prefer>
      <family>DejaVu Serif</family>
    </prefer>
  </alias>
  <alias>
    <family>Helvetica</family>
    <prefer>
      <family>DejaVu Sans</family>
    </prefer>
  </alias>
  <alias>
    <family>Lucida Console</family>
    <prefer>
      <family>DejaVu Sans Mono</family>
    </prefer>
  </alias>
  <alias>
    <family>Tahoma</family>
    <prefer>
      <family>DejaVu Sans</family>
    </prefer>
  </alias>
  <alias>
    <family>Times</family>
    <prefer>
      <family>DejaVu Serif</family>
    </prefer>
  </alias>
  <alias>
    <family>Times New Roman</family>
    <prefer>
      <family>DejaVu Serif</family>
    </prefer>
  </alias>
  <alias>
    <family>Trebuchet MS</family>
    <prefer>
      <family>DejaVu Sans</family>
    </prefer>
  </alias>
  <!-- Default font (no fc-match pattern) -->
  <match>
    <edit mode="append" name="family">
      <string>DejaVu Sans</string>
    </edit>
  </match>
</fontconfig>

Check:

$ fc-match
$ fc-match sans
$ fc-match serif
$ fc-match mono
$ fc-match "Times New Roman"
$ fc-match -a

Screensaver and lock

Power off display after 600 seconds (10 min).

$ xset dpms 0 0 600

Disable/enable DPMS.

$ xset -dpms
$ xset +dpms

Screensaver after 5 minutes, release grab after suspend, lock after 1200 seconds (20 min), display off after 600 seconds (10 min), different saver every 60 seconds, password timeout 5 seconds

$ pacman -S xlockmore xautolock
$ xautolock -time 5 -detectsleep -locker "xlock -lockdelay 1200 -dpmsoff 600 -mode random -duration 60 -erasedelay 0 -echokeys -echokey . -timeout 5"

Disable/enable autolock without terminating process.

$ xautolock -disable
$ xautolock -enable

Screensaver without lock

$ xautolock -time 5 -detectsleep -locker "xlock -nolock -mode random -duration 60 -erasedelay 0"

Picture slideshow without lock

$ pacman -S feh
$ xautolock -time 5 -detectsleep -locker "feh -z -D 5 -F --zoom=fill -Y -r /usr/share/backgrounds"

Xfce custom command to lock on sleep (read by xflock4)

$ pacman -S i3lock
$ xfconf-query --create -c xfce4-session -p /general/LockCommand -t string -s "i3lock -f -c 202020"

Check Xfce lock command.

$ xfconf-query -c xfce4-session -p /general/LockCommand

Reset Xfce lock command.

$ xfconf-query --reset -c xfce4-session -p /general/LockCommand

systemd unit to lock screen upon system sleep:

/etc/systemd/system/lock-on-sleep@.service

[Unit]
Description=Lock screen on sleep/suspend
Before=sleep.target

[Service]
Type=simple
User=%i
Environment="DISPLAY=:0"
ExecStart=/usr/local/bin/lock-on-sleep

# Wait for lock to prevent briefly showing desktop after resume
ExecStartPost=sleep 1

[Install]
WantedBy=sleep.target
#WantedBy=suspend.target

/usr/local/bin/lock-on-sleep

#!/bin/bash

xset dpms 0 0 120

# Release grab from 'xlock -nolock'
xautolock -unlocknow

#xlock -mode random -duration 60 -erasedelay 0 -echokeys -echokey . -timeout 5
i3lock -n -f -c 202020 -i $(shuf -n 1 -e /usr/local/backgrounds/*.png)

xset dpms 0 0 600
$ systemctl enable lock-on-sleep@myusername

Reload systemd after any changes to the unit.

$ systemctl daemon-reload 

DPI

Note: 96 DPI is not standard

Calculate proper DPI for specific hardware at https://www.pxcalc.com/

Example: 27" 2560x1440 display

  • DPI: 108.79
  • Dot Pitch: 0.2335 mm
  • Size: 23.53" × 13.24" (59.77 cm × 33.62 cm)
$ pacman -S xorg-xrandr
$ xrandr --dpi 109
$ xdpyinfo | grep dots

Login/Desktop Managers in general:

/etc/xprofile or ~/.xprofile

xrandr --dpi 109

LightDM:

/etc/lightdm/lightdm-gtk-greeter.conf

xft-dpi = 109

X Server:

/etc/X11/xinit/xserverrc or ~/.xserverrc

exec /usr/bin/X -dpi 109 -nolisten tcp "$@"

X Resources (if not set by Desktop Environment):

~/.Xresources

Xft.dpi: 109
Xft.autohint: 0
Xft.lcdfilter: lcddefault
Xft.hintstyle: hintslight
Xft.hinting: 1
Xft.antialias: 1
Xft.rgba: rgb

Firefox:

Note: Web pages appearance
  • Default DPI is 96. Change it in about:config by setting:
layout.css.devPixelsPerPx = x

...where x = DPI / 96

Example: 27" 2560x1440 display, x = 108.79 / 96 = 1.133229167

Note: Application window and menus appearance
  • Default DPI is 96. System DPI is only used if system DPI > 96. Force using lower system DPI by setting in about:config layout.css.dpi = 0
  • Default font scale in about:config is font.size.systemFontScale = 100
  • Do not increase Default zoom in Preferences

x11vnc

$ pacman -S x11vnc
$ x11vnc -storepasswd
$ x11vnc -usepw -shared -forever

Ignore options in rc file: -norc


~/.x11vncrc

desktop My Desktop
rfbport 5900
display :0
usepw
shared
forever
reopen
nolookup

Run X apps without real X

$ pacman -S xorg-server-xvfb

Virtual framebuffer X -screen num WxHxD (color depth)

$ Xvfb :1 -screen 0 1x1x8
$ DISPLAY=:1 myxapp

Intel hardware video acceleration

$ pacman -S intel-media-driver libva-intel-driver libvdpau-va-gl
$ pacman -S libva-utils vdpauinfo

Pro audio

CPU frequency governor
$ pacman -S cpupower
$ cpupower frequency-set -g performance
$ cat /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
$ cpupower frequency-info
...
hardware limits: 800 MHz - 3.00 GHz
...(max 2.4 with turbo boost to 3.0)

$ cpupower frequency-set -d 2.4GHz
$ cpupower frequency-set -u 3.0GHz
$ $EDITOR /etc/default/cpupower

Set preferred options, and then:

$ systemctl enable cpupower.service
Low-latency kernel
Warning: !!! realtime preemption (PREEMPT) ≠ realtime scheduling (PREEMPT_RT) !!!

Check:

$ uname -v
#1 SMP PREEMPT Wed, 18 May 2022 17:30:11 +0000 x86_64 GNU/Linux

Threaded IRQs non-realtime kernel (optional)

Check:

$ zgrep "CONFIG_IRQ_FORCED_THREADING" /proc/config.gz
CONFIG_IRQ_FORCED_THREADING=y

Enable:

/etc/default/grub

GRUB_CMDLINE_LINUX_DEFAULT="... ... threadirqs"
Realtime priority
$ pacman -S realtime-privileges


/etc/security/limits.d/99-realtime-privileges.conf

@realtime - rtprio 98
@realtime - memlock unlimited
@realtime - nice -11

(nice uses SCHED_OTHER so it is not applicable to low-latency real-time audio using SCHED_FIFO / SCHED_RR)

$ gpasswd -a myusername realtime

If not using a login manager, configure PAM too:


/etc/pam.d/su

session required pam_limits.so

Log out, log back in.

Check:

$ ulimit -r
$ ulimit -a
$ chrt -m

Test:

(should not return: Operation not permitted)

$ chrt -v 90 true
MIDI & JACK
$ pacman -S jack2 python-dbus qjackctl a2jmidid alsa-utils

QjackCtl

- Driver: alsa
- Realtime: ✓ (if using linux-rt)
- MIDI Driver: seq
- Output Device: myoutputdevice
- Enable D-Bus interface: ✓
- Enable JACK D-Bus interface: ✓

(Soon to be replaced by PipeWire)

PipeWire
$ pacman -S pipewire
$ pacman -S pipewire-alsa pipewire-pulse pipewire-jack
$ export PIPEWIRE_LATENCY="512/48000"
DAW, plugin hosts & softsynths

~/.bashrc

# VST3 in ~/.vst3

# VST/VST2
export VST_PATH=/usr/lib/vst:/usr/local/lib/vst:~/.vst

# uncommon, only used by Ardour and Qtractor
export LXVST_PATH=/usr/lib/lxvst:/usr/local/lib/lxvst:~/.lxvst

# current Linux-only native container
export LV2_PATH=/usr/lib/lv2:/usr/local/lib/lv2:~/.lv2

# old precursor to LV2
export LADSPA_PATH=/usr/lib/ladspa:/usr/local/lib/ladspa:~/.ladspa

# old LADSPA successor
export DSSI_PATH=/usr/lib/dssi:/usr/local/lib/dssi:~/.dssi
$ pacman -Sgq vst-plugins | pacman -Si -
$ pacman -Si $(pacman -Sgq lv2-plugins)

DAW (Digital Audio Workstation)

renoise<br>
reaper<br>
bitwig<br>
tracktion-waveform<br>
qtractor (sequencer with DAW features)<br>
ardour<br>
sunvox

Host

carla

VST / VST2 / VST3 / lxvst (.so)

surge<br>
helm-synth<br>
vital<br>
dexed<br>
odin2<br>
zynaddsubfx<br>
obxd [[https://github.com/DISTRHO/DISTRHO-Ports/releases/download/2018-04-16/obxd-linux64.tar.xz old]] [[https://github.com/reales/OB-Xd/releases/ new]]<br>
xhip<br>
tunefish4<br>
amsynth<br>
digitsvst-git<br>
tal-plugins<br>
uhe-podolski-vst<br>
uhe-triplecheese-vst<br>
uhe-tyrellN6

LV2 (.so)

yoshimi<br>
bristol (+ pybristol GUI)<br>
calf (various stuff) [[https://calf-studio-gear.org/ 1]]<br>
synthv1<br>
padthv1<br>
samplv1<br>
drumkv1
Windows© VST (.dll) plugin bridge
$ pacman -S wine-staging winetricks
$ pacman -S yabridge yabridgectl
$ wine vst1_installer.exe
$ wine vst2_installer.exe
...
$ yabridgectl sync
$ yabridgectl status
$ yabridgectl add /custom/path/to/windows/vst
$ yabridgectl list
$ yabridgectl sync
$ yabridgectl status


http://www.linuxsynths.com/index.html
https://distrho.sourceforge.io/ports.php


pacman

package Groups vs Meta packages

- group name alone is not installed; group members are individual packages being installed explicitly
- meta package is installed explicitly; meta depends are individual packages being installed as dependencies


Sync package database from remote repos and install package(s) along with dependencies:

$ pacman -S ttf-dejavu

Refresh the syncdb and update all packages (-w only download, don't install):

$ pacman -Syu

Best practice: Run within a terminal multiplexer to avoid interruptions due to X/Wayland/desktop/WM/terminal crashes or other issues

alias Syu="screen -DRq Syu bash -c 'sudo pacman -Syu; bash'"

Ignore updates for specified packages:

(This time only)

$ pacman -Syu --ignore linux

(Every time)

/etc/pacman.conf

IgnorePkg = linux linux-headers systemd xorg-server

Update the previously ignored packages:

$ pacman -S linux linux-headers

Update and skip dependency checks (e.g. due to conflicts caused by AUR packages):

$ paru -Sd package1-that-couldnt-be-updated
$ pacman -S package2

Don't touch/upgrade certain files during update:

/etc/pacman.conf

NoUpgrade = etc/passwd etc/group etc/shadow

Search for a string in the package syncdb (-q quiet):

$ pacman -Ss ttf font

Show info about a package:

$ pacman -Si kodi

List groups:

$ pacman -Sg

List members of group:

$ pacman -Sg kodi-addons

List all dependencies of a package (formatted):

$ pacman -Sp --print-format %n-%v plasma-meta

List packages in a given repository:

$ pacman -Sl core
$ pacman -Sl extra
$ pacman -Sl community
$ pacman -Sl multilib

Install (update) a package from a local file:

$ pacman -U redshifter-20200404-1-any.pkg.tar.xz

Refresh the files syncdb:

$ pacman -Fy

Find files inside packages in syncdb:

$ pacman -F lsusb

Find files inside packages by regex:

$ pacman -Fx "panel.*png"

List all files owned by a package (installed or not, search syncdb):

$ pacman -Fl usbutils

Query installed packages by a string in localdb (empty string = list all):

$ pacman -Qs ttf
$ pacman -Qs

List upgradeable (outdated/held) packages:

$ pacman -Qu

List explicitly installed packages:

$ pacman -Qe

List packages installed as dependencies:

$ pacman -Qd

List installed packages not directly required and not optionally required:

$ pacman -Qt

List installed packages optionally required but not directly required:

$ pacman -Qtt

List installed packages that are unrequired dependencies (orphans):

$ pacman -Qtd

List installed native packages:

$ pacman -Qn

List installed foreign packages (e.g. from AUR):

$ pacman -Qm

Show info about an installed package:

$ pacman -Qi usbutils

List files owned by an installed package:

$ pacman -Ql usbutils

Query localdb which installed package owns a file:

$ pacman -Qo /usr/bin/pactl

Work with a local package file (-p) instead of localdb:

(-i display info, -l list files)

$ pacman -Qp redshifter-20200404-1-any.pkg.tar.xz
$ pacman -Qip redshifter-20200404-1-any.pkg.tar.xz
$ pacman -Qlp redshifter-20200404-1-any.pkg.tar.xz

Remove package only:

$ pacman -R usbutils

Recursively remove a package, its dependencies (if not needed by other packages), and saved files:

$ pacman -Rsn usbutils

(-ss force remove ALL dependencies)

Warning: !!! DANGEROUS !!! Will break other packages
$ pacman -Rssn usbutils

Cascade remove package and all packages that depend on it:

Warning: !!! CAUTION !!! Will remove other needed packages
$ pacman -Rc exo
Maintenance

Install pacdiff:

$ pacman -S pacman-contrib

Scan for .pacorig, .pacnew, .pacsave files:

$ pacdiff -o

or

$ pacdiff -o -l    # use locate
$ pacdiff -o -f    # use find

Merge or delete .pacorig, .pacnew, .pacsave files:

$ pacdiff

or

$ pacdiff -l
$ pacdiff -f
$ pacdiff -s    # use sudo

Install pacutils:

$ pacman -S pacutils

Find files not owned by any package:

$ pacreport --unowned-files > /root/pacreport.log

Find wrong permissions by checking package files against MTREE data:

$ paccheck --file-properties --quiet > /root/paccheck.log

Remove orphans (unused packages):

$ pacman -Rsn $(pacman -Qtdq)

Clean uninstalled packages cache and syncdb (-cc also installed packages cache):

$ pacman -Sc
$ pacman -Scc

Check integrity of installed packages (all / specific / filter by missing files):

$ pacman -Qk
$ pacman -Qk fontconfig
$ pacman -Qk | grep -v '0 missing'

Display modified files:

$ pacman -Qii | awk '/^MODIFIED/ {print $2}'

IF EVER NEEDED, reinstall all native packages:

$ pacman -S $(pacman -Qnq)

Generate mirror list:

$ pacman -S reflector
$ reflector --country CA,US --protocol http,https --latest 200 --fastest 5 --sort score --save /etc/pacman.d/mirrorlist

Flatpak

Installation

$ pacman -S flatpak

Repo add

$ flatpak remote-add --user --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
$ flatpak update

Search packages

$ flatpak search librewolf

Install packages

$ flatpak install librewolf

Run package

$ flatpak run librewolf

Update package

$ flatpak update librewolf

...or all packages

$ flatpak update

Prevent app/runtime update

$ flatpak mask librewolf

List installed packages

$ flatpak list

Manage Flatpak permissions via Flatseal GUI app

$ flatpak install com.github.tchx84.Flatseal

Nix

Nix cross-platform package manager

Installation

$ pacman -S nix
$ systemctl enable --now nix-daemon.service
$ gpasswd -a myusername nix-users
$ exit  #log out
$ systemctl restart nix-daemon.service
$ nix-channel --add https://nixos.org/channels/nixpkgs-unstable
$ nix-channel --update

Configuration modification to enable searching

/etc/nix/nix.conf

  experimental-features = nix-command flakes

Search packages: https://search.nixos.org/packages

$ nix search nixpkgs librewolf

Install packages

$ nix-env -iA nixpkgs.librewolf

Run package (if PATH not set)

$ ~/.nix-profile/bin/librewolf

Install a tool to locate packages providing specific file

$ nix-env -iA nixpkgs.nix-index
$ nix-index
$ nix-locate pattern

Install BASH completions

$ nix-env -iA nixpkgs.nix-bash-completions

Make sure env vars include .nix-profile

~/.profile

  PATH="$HOME/.nix-profile/bin:$PATH"
  XDG_DATA_DIRS="$HOME/.nix-profile/share:$XDG_DATA_DIRS"

Add NixGL wrapper to launch GL or Vulkan applications

$ nix-channel --add https://github.com/nix-community/nixGL/archive/main.tar.gz nixgl
$ nix-channel --update nixgl
$ nix-env -iA nixgl.auto.nixGLDefault

...then run the GL application

$ ~/.nix-profile/bin/nixGL ~/.nix-profile/bin/kodi

Prevent package upgrade

$ nix-env --set-flag keep true librewolf

Show installed packages

$ nix-env -q

Show available packages

$ nix-env -qa

Find out the attribute paths of available packages

$ nix-env -qaP

List all generations

$ nix-env --list-generations

Switch to previous generation of active profile

$ nix-env --rollback

Roll back to specific generation

$ nix-env --switch-generation 43

Delete generations

$ nix-env --delete-generations old  #all
$ nix-env --delete-generations 3 4 8  #specific
$ nix-env --delete-generations +5  #keep last 5

...then run the garbage collector

$ nix-store --gc

or via another utility to delete all old generations of all profiles

$ nix-collect-garbage -d

AUR helpers / wrappers

aurget: written in Bash (no longer maintained)

$ wget -O PKGBUILD https://aur.archlinux.org/cgit/aur.git/plain/PKGBUILD?h=aurget
$ makepkg -si

aurget configuration:

$ cp /usr/share/doc/aurget/samples/aurgetrc ~/.config/aurgetrc

~/.config/aurgetrc

build_directory="$HOME/Builds"
edit_pkgbuilds='never'

paru: written in Rust (pre-made bin package)

$ git clone https://aur.archlinux.org/paru-bin.git
$ cd paru-bin
$ makepkg -si

paru configuration:

$ cp /etc/paru.conf ~/.config/paru/paru.conf

~/.config/paru/paru.conf

[options]
AurOnly
BatchInstall
#SkipReview
SortBy=popularity

Others:

yay: written in Go
aura: written in Haskell
pikaur: written in Python

https://wiki.archlinux.org/title/AUR_helpers

AUR make a package

Set packager name:

/etc/makepkg.conf

PACKAGER="Your Name <your@email.dom>"

makepkg common options:

$ makepkg -si    # build and install
$ makepkg -fs    # force rebuild
$ makepkg -fsi    # force rebuild and install

Optional validation tool:

$ pacman -S namcap

Build steps:

$ wget -O PKGBUILD https://gitlab.archlinux.org/pacman/pacman/raw/master/proto/PKGBUILD.proto
$ $EDITOR PKGBUILD
$ makepkg -g >> PKGBUILD
$ namcap PKGBUILD    # for information messages in addition to warnings: namcap -i PKGBUILD
$ makepkg -s
$ namcap yourpackagename-1.0-1-x86_64.pkg.tar.xz

AUR upload package

#    Generate keypair
$ ssh-keygen -f ~/.ssh/aur

#    Change/remove passphrase if needed
$ ssh-keygen -p -f ~/.ssh/aur

#    Change/remove comment if needed
$ ssh-keygen -c -f ~/.ssh/aur

#    Specify private key for AUR remote
$ $EDITOR ~/.ssh/config

Host aur.archlinux.org
  IdentityFile ~/.ssh/aur
  User aur

Copy public key ~/.ssh/aur.pub to AURweb under My Account

#    Configure git

$ git config --global user.name "Your Name"
$ git config --global user.email "your@email.dom"
#    Method 1: clone empty git repo to create it

$ cd ~/Builds
$ git clone ssh://aur@aur.archlinux.org/redshifter.git
$ cd redshifter

$ $EDITOR PKGBUILD
$ makepkg --printsrcinfo > .SRCINFO

$ git add PKGBUILD .SRCINFO
$ git commit -m "your comment"
$ git push
#    Method 2: add empty remote repo to create it

$ cd ~/Builds/xhip
$ $EDITOR PKGBUILD
$ makepkg --printsrcinfo > .SRCINFO

$ git init
$ git add PKGBUILD .SRCINFO
$ git commit -m "your comment"

$ git remote add origin ssh://aur@aur.archlinux.org/xhip.git
$ git push -u origin master
#    Method 3a: pull from existing repo

$ cd ~/Builds/freepats-ydp-grand-piano
$ git init
$ git remote add origin ssh://aur@aur.archlinux.org/freepats-ydp-grand-piano.git
$ git pull origin master

$ $EDITOR PKGBUILD
$ makepkg --printsrcinfo > .SRCINFO

$ git add PKGBUILD .SRCINFO
$ git commit -m "your comment"
$ git push
#    Method 3b: fetch and branch from existing repo

$ cd ~/Builds/freepats-ydp-grand-piano
$ git init
$ git remote add origin ssh://aur@aur.archlinux.org/freepats-ydp-grand-piano.git
$ git fetch    # git fetch origin master
$ git checkout -tb master    # git checkout -tb master origin/master

$ $EDITOR PKGBUILD
$ makepkg --printsrcinfo > .SRCINFO

$ git add PKGBUILD .SRCINFO
$ git commit -m "your comment"
$ git push
#    More git commands

$ git remote -v    # See remotes
$ git branch -a    # See all branches (local and remote)
$ git branch -vv    # See hash and subject

$ git status
$ git log    # See commits log
$ git log -p    # See commits diffs (--patch)
$ git diff master origin/master
$ git diff master...origin/master

$ git commit -am "your comment"    # Commit all (-a) changed files

$ git reset    # Reset uncommitted changes
$ git revert HEAD    # Undo commits

Favorite essential packages

terminator
bash-completion
screen
vim
mc
nmap
htop
iftop
locate
wget
rsync
x11vnc
xbindkeys
redshift
xrandr
pamixer
playerctl
networkmanager-applet networkmanager-openconnect

More info