From 88d55a54c419021a440e16891757ab2df8e18707 Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sat, 23 Mar 2019 23:09:02 -0700 Subject: [PATCH 1/7] first draft of tldr arch linux installation guide --- 2-Operating-Systems/1-arch.md | 271 ++++++++++++++++++++++++++++++++++ 1 file changed, 271 insertions(+) create mode 100644 2-Operating-Systems/1-arch.md diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md new file mode 100644 index 0000000..276d0d5 --- /dev/null +++ b/2-Operating-Systems/1-arch.md @@ -0,0 +1,271 @@ +# How to install Arch Linux: The TL;DR + +## Overview + +This guide is meant to be an opinionated and to the point guide on installing +Arch Linux. Power users with different opinions should refer to the official +[Arch Linux installation guide][1]. + +[1]:https://wiki.archlinux.org/index.php/Installation_guide + +## Requirements + * A Linux computer to run early steps + * Can use an [Ubuntu live CD][1] if a Linux computer is not available + * A blank flash drive, 1GB+ + * Target computer + * Known to be compatible with Linux + * Supports UEFI boot + * Has wireless card + * Does not require proprietary "out of tree" drivers + +[1]: https://www.ubuntu.com/download/desktop + +## Goals + * Full disk encryption + * Passwordless: Use GPG Smartcard for login, sudo, ssh + * Simple partitioning scheme + +## Steps + +1. Download latest Arch Linux ISO image file + 1. Install torrent client such as aria2 + 2. Get latest .iso.torrent URL from [Arch Linux releases][1] + 3. Download ISO with aria2. + + Example: + ``` + aria2c --on-download-complete=exit https://YOUR_TORRENT_URL_HERE + ``` + +[1]: https://mirrors.kernel.org/archlinux/iso/latest/ + +2. Write latest ISO to flash drive + 1. List current storage devices with ```lsblk``` + 2. Insert flash drive + 3. List current storage devices with ```lsblk``` again + 4. Take note of new drive. Example: /dev/sdX + 5. Use ```dd``` to write ISO image to drive + + ``` + sudo dd \ + bs=4M \ + if=archlinux-DATE-x86_64.iso \ + of=/dev/sdX \ + status=progress \ + oflag=sync + ``` + 6. Remove flash drive + +3. Boot flash drive of target laptop + 1. Insert flash drive + 2. Boot laptop to BIOS screen + * e.g. F1, F2, F10, Delete, Escape while computer starts booting + 3. Check that 'secure boot' is Disabled + 4. Ensure USB drives will boot by default + 5. Boot on installation medium + +4. Adjust rotation, fonts, keyboard layout + 1. Change rotation if needed + + ``` + echo 1 > /sys/class/graphics/fbcon/rotate_all + ``` + Note: May need to use 2 or 3 depending on starting state + + 2. Increase font size if needed + + ``` + setfont /usr/share/kbd/consolefonts/latarcyrheb-sun32.psfu.gz + ``` + Note: This is the current largest font + + 3. Set desired keyboard layout (if not US standard) + + Example: German + ``` + loadkeys de-latin1 + ``` + +5. Connect to the internet + 1. Select and join a wireless network with ```wifi-menu``` + 2. Verify connection with ```ping 1.1.1.1``` + +6. Update system clock + + ``` + timedatectl set-ntp true + ``` + +7. Set up encrypted disk + 1. Determine target root device with ```lsblk```. Example: /dev/mmcblk0 + 2. Create all partitions + + TL:DR; + ``` + sgdisk -Zo -n 1:2048:+512M -t 1:EF00 -c 1:boot -N 2 -t 2:8300 -c 2:root /dev/mmcblk0 + ``` + + Explanation: + ``` + sgdisk \ + -Zo `# zero out any existing partitions` \ + -n 1:2048:+512M `# create new 512M partition for boot` \ + -t 1:EF00 `# set type to EFI` \ + -c 1:boot `# set comment/label to "boot"` \ + -N 2 `# create second new partition filling rest of disk` \ + -t 2:8300 `# set type Linux` \ + -c 2:root `# set comment/label to "root"` \ + /dev/mmcblk0 # writing to your target drive + ``` + 3. Format the EFI boot partition as FAT32 + + ``` + mkfs.vfat -F32 /dev/mmcblk0p1 + ``` + + 4. Encrypt and format the root partition + + ``` + # encrypt root partition with passphrase + cryptsetup -y -v luksFormat --type luks2 /dev/mmcblk0p2 + + # decrypt drive and expose as /dev/mapper/cryptroot + cryptsetup open /dev/mmcblk0p2 cryptroot + + # make journaled ext4 partition in decrypted root device + mkfs.ext4 -j /dev/mapper/cryptroot + ``` + +8. Mount the file systems + + ``` + mount /dev/mapper/cryptroot /mnt + mkdir /mnt/boot + mount /dev/mmcblk0p1 /mnt/boot + ``` + +9. Select the Mirrors + + ``` + pacman -Sy pacman-contrib + curl https://www.archlinux.org/mirrorlist/all/https/ \ + | sed 's/^#Server/Server/g' \ + | rankmirrors -n 0 - \ + > /etc/pacman.d/mirrorlist + ``` + Note: This avoids manual mirror sorting. Native script does not yet exist. + +10. Install the base packages + + ``` + pacstrap /mnt base + ``` + +11. Configure the System + 1. Fstab: Generate 'File System TABle' of contents + + ``` + genfstab -U /mnt >> /mnt/etc/fstab + ``` + + 2. Chroot: login to new arch installation by changing root + + ``` + arch-chroot /mnt + ``` + + 3. Set time zone + + ``` + ln -sf /usr/share/zoneinfo/Region/City /etc/localtime + hwclock --systohc + ``` + + 4. Localization: setting your preferred language + + ``` + # Uncomment preferred language in /etc/locale.gen + sed -i 's/^#en_US/en_US/g' /etc/locale.gen + + # Create /etc/locale.conf and set default language + echo "LANG=en_US.UTF-8" > /etc/locale.conf + + # Non-US keyboard users can set their default layout + echo "KEYMAP=de-latin1" > /etc/vconsole.conf + ``` + + 5. Name your computer! + + ``` + # Create the hostname file + echo "computername" > /etc/hostname + + # Specify new hostname for the network + echo "127.0.0.1 computername.localdomain computername localhost" > /etc/hosts + echo "::1 computername.localdomain computername localhost" >> /etc/hosts + ``` + + 6. Initramfs: install system initialization bundle + + ``` + # Enable encryption support in initramfs + sed -i 's/ filesystems/ encrypt filesystems/g' /etc/mkinitcpio.conf + + # Generate new initramfs + mkinitcpio -p linux + ``` + + 7. Create a user with super user rights + + ``` + pacman -S sudo + echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers + useradd -m -G wheel -s /bin/bash janedoe + passwd janedoe + ``` + + 8. Configure and install bootloader + + ``` + bootctl --path=/boot install + echo "default arch" > /boot/loader/loader.conf + echo "title Arch Linux" >> /boot/loader/entries/arch.conf + echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf + echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf + echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 | head -n1):cryptroot root=/dev/mapper/cryptroot rw" >> /boot/loader/entries/arch.conf + ``` + + 9. Install critical packages + + ``` + pacman -S dialog wpa_supplicant iw + ``` + + 10. Boot into Arch + 1. Shutdown with + + ``` + exit + shutdown -h now + ``` + + 2. Remove flash drive + + 3. Boot computer + +## Recovery + +If you need to resume from a broken or partial install, perform steps 3-5 then: + + ``` + cryptsetup open /dev/mmcblk0p2 cryptroot + mount /dev/mapper/cryptroot /mnt + mount /dev/mmcblk0p1 /mnt/boot + arch-chroot /mnt + ``` + +## References + * [Encrypting entire system with LUKS][1] + +[1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition + From 94e08cbbc6d0450652dbc3693ffcba29345f2d3c Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sun, 24 Mar 2019 16:33:09 -0700 Subject: [PATCH 2/7] update with feedback from @daurnimator --- 2-Operating-Systems/1-arch.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md index 276d0d5..e5cc233 100644 --- a/2-Operating-Systems/1-arch.md +++ b/2-Operating-Systems/1-arch.md @@ -9,8 +9,9 @@ Arch Linux. Power users with different opinions should refer to the official [1]:https://wiki.archlinux.org/index.php/Installation_guide ## Requirements - * A Linux computer to run early steps - * Can use an [Ubuntu live CD][1] if a Linux computer is not available + * These steps are best done on a Linux or OSX computer to run early steps. + * Windows users may use WSL (Windows Subsystem for Linux) + * Or can use an [Ubuntu live CD][1] * A blank flash drive, 1GB+ * Target computer * Known to be compatible with Linux @@ -40,11 +41,11 @@ Arch Linux. Power users with different opinions should refer to the official [1]: https://mirrors.kernel.org/archlinux/iso/latest/ 2. Write latest ISO to flash drive - 1. List current storage devices with ```lsblk``` + 1. List current storage devices with `lsblk` 2. Insert flash drive - 3. List current storage devices with ```lsblk``` again + 3. List current storage devices with `lsblk` again 4. Take note of new drive. Example: /dev/sdX - 5. Use ```dd``` to write ISO image to drive + 5. Use `dd` to write ISO image to drive ``` sudo dd \ @@ -87,8 +88,8 @@ Arch Linux. Power users with different opinions should refer to the official ``` 5. Connect to the internet - 1. Select and join a wireless network with ```wifi-menu``` - 2. Verify connection with ```ping 1.1.1.1``` + 1. Select and join a wireless network with `wifi-menu` + 2. Verify connection with `ping 1.1.1.1` 6. Update system clock @@ -97,7 +98,7 @@ Arch Linux. Power users with different opinions should refer to the official ``` 7. Set up encrypted disk - 1. Determine target root device with ```lsblk```. Example: /dev/mmcblk0 + 1. Determine target root device with `lsblk`. Example: /dev/mmcblk0 2. Create all partitions TL:DR; @@ -117,6 +118,9 @@ Arch Linux. Power users with different opinions should refer to the official -c 2:root `# set comment/label to "root"` \ /dev/mmcblk0 # writing to your target drive ``` + + Note: As an alternative, you can graphically partition using `cgdisk` + 3. Format the EFI boot partition as FAT32 ``` @@ -177,7 +181,7 @@ Arch Linux. Power users with different opinions should refer to the official 3. Set time zone ``` - ln -sf /usr/share/zoneinfo/Region/City /etc/localtime + timedatectl set-timezone Region/City hwclock --systohc ``` @@ -198,7 +202,7 @@ Arch Linux. Power users with different opinions should refer to the official ``` # Create the hostname file - echo "computername" > /etc/hostname + hostnamectl set-hostname computername # Specify new hostname for the network echo "127.0.0.1 computername.localdomain computername localhost" > /etc/hosts From 95b75ec97611f763574c4a65564c5d98995a47a0 Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sat, 6 Apr 2019 20:03:22 -0700 Subject: [PATCH 3/7] included complete set of packages and various cleanup --- 2-Operating-Systems/1-arch.md | 55 ++++++++++++++++++++++++++--------- 1 file changed, 41 insertions(+), 14 deletions(-) diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md index e5cc233..1f56d86 100644 --- a/2-Operating-Systems/1-arch.md +++ b/2-Operating-Systems/1-arch.md @@ -151,12 +151,10 @@ Arch Linux. Power users with different opinions should refer to the official 9. Select the Mirrors ``` - pacman -Sy pacman-contrib - curl https://www.archlinux.org/mirrorlist/all/https/ \ - | sed 's/^#Server/Server/g' \ - | rankmirrors -n 0 - \ - > /etc/pacman.d/mirrorlist + pacman -Sy reflector + reflector --age 12 --protocol https --sort rate --save /etc/pacman.d/mirrorlist ``` + Note: This avoids manual mirror sorting. Native script does not yet exist. 10. Install the base packages @@ -219,7 +217,39 @@ Arch Linux. Power users with different opinions should refer to the official mkinitcpio -p linux ``` - 7. Create a user with super user rights + 7. Install packages + + TL;DR: + ``` + pacman -S sudo dialog wpa_supplicant iw vim git pcscd libu2f-host pcsclite \ + chromium arandr compton i3 rofi kitty nitrogen xorg xf86-video-intel + ``` + + Explanation: + ``` + pacman -S \ + sudo `# "super user do": allows user to run commands as root` \ + dialog `# terminal menu system, needed for "wifi-menu"` \ + wpa_supplicant `# tools for managing encrypted wireless networks` \ + iw `# wireless management CLI utility` \ + vim `# alternative text editor to "nano"` \ + git `# used to download and track source code` \ + pcsclite `# daemon for managing smartcard access` \ + libu2f-host `# allow U2F/2FA smartcard for some applications` \ + chromium `# open source edition of Chrome` \ + arandr `# graphical screen/resolution management` \ + compton `# hardware accelerated desktop layer` \ + i3 `# tiling window manager` \ + rofi `# graphical command runner menu` \ + kitty `# graphical terminal emulator` \ + nitrogen `# wallpaper manager` \ + xorg `# graphical user interface infrastructure` \ + xf86-video-intel `# graphics driver for Intel chipsets` + ``` + + Note: Non-Intel graphics users, see: [Arch Driver Installation][2] + + 8. Create a user with super user rights ``` pacman -S sudo @@ -228,7 +258,7 @@ Arch Linux. Power users with different opinions should refer to the official passwd janedoe ``` - 8. Configure and install bootloader + 9. Configure and install bootloader ``` bootctl --path=/boot install @@ -236,13 +266,9 @@ Arch Linux. Power users with different opinions should refer to the official echo "title Arch Linux" >> /boot/loader/entries/arch.conf echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf - echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 | head -n1):cryptroot root=/dev/mapper/cryptroot rw" >> /boot/loader/entries/arch.conf - ``` - - 9. Install critical packages - - ``` - pacman -S dialog wpa_supplicant iw + echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 \ + | head -n1):cryptroot root=/dev/mapper/cryptroot rw" >> \ + /boot/loader/entries/arch.conf ``` 10. Boot into Arch @@ -273,3 +299,4 @@ If you need to resume from a broken or partial install, perform steps 3-5 then: [1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition +[2]: https://wiki.archlinux.org/index.php/xorg#Driver_installation From 7405cef5f0425968d320779bff5420c7a26c8b47 Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sun, 7 Apr 2019 20:17:40 -0700 Subject: [PATCH 4/7] detail on set up graphical environment and login --- 2-Operating-Systems/1-arch.md | 182 ++++++++++++++++++++++++---------- 1 file changed, 128 insertions(+), 54 deletions(-) diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md index 1f56d86..4ee10d1 100644 --- a/2-Operating-Systems/1-arch.md +++ b/2-Operating-Systems/1-arch.md @@ -157,11 +157,45 @@ Arch Linux. Power users with different opinions should refer to the official Note: This avoids manual mirror sorting. Native script does not yet exist. -10. Install the base packages +10. Install packages + 1. Base packages + + ``` + pacstrap /mnt base + ``` + 2. Secondary, but useful and necessary packages + + TL;DR: + ``` + pacman -S sudo dialog wpa_supplicant iw vim git pcscd libu2f-host pcsclite \ + chromium arandr compton i3 dmenu kitty nitrogen slock xorg xf86-video-intel + ``` + + Explanation: + ``` + pacman -S \ + sudo `# "super user do": allows user to run commands as root` \ + dialog `# terminal menu system, needed for "wifi-menu"` \ + wpa_supplicant `# tools for managing encrypted wireless networks` \ + iw `# wireless management CLI utility` \ + vim `# alternative text editor to "nano"` \ + git `# used to download and track source code` \ + pcsclite `# daemon for managing smartcard access` \ + libu2f-host `# allow U2F/2FA smartcard for some applications` \ + chromium `# open source edition of Chrome` \ + arandr `# graphical screen/resolution management` \ + compton `# hardware accelerated desktop layer` \ + i3-wm `# tiling window manager` \ + dmenu `# graphical command runner menu` \ + kitty `# graphical terminal emulator` \ + nitrogen `# wallpaper manager` \ + slock `# simple lock screen` \ + xorg `# graphical user interface infrastructure` \ + xf86-video-intel `# graphics driver for Intel chipsets` + ``` + + Note: Non-Intel graphics users, see: [Arch Driver Installation][2] - ``` - pacstrap /mnt base - ``` 11. Configure the System 1. Fstab: Generate 'File System TABle' of contents @@ -175,15 +209,38 @@ Arch Linux. Power users with different opinions should refer to the official ``` arch-chroot /mnt ``` + 3. Initramfs: install system initialization bundle - 3. Set time zone + ``` + # Enable encryption support in initramfs + sed -i 's/ filesystems/ encrypt filesystems/g' /etc/mkinitcpio.conf + # Generate new initramfs + mkinitcpio -p linux ``` + + 4. Configure and install bootloader + + ``` + bootctl --path=/boot install + echo "default arch" > /boot/loader/loader.conf + echo "title Arch Linux" >> /boot/loader/entries/arch.conf + echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf + echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf + echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 \ + | head -n1):cryptroot root=/dev/mapper/cryptroot rw" >> \ + /boot/loader/entries/arch.conf + ``` + + 5. Configure system time keeping + + ``` + timedatectl set-ntp true timedatectl set-timezone Region/City hwclock --systohc ``` - 4. Localization: setting your preferred language + 6. Localization: setting your preferred language ``` # Uncomment preferred language in /etc/locale.gen @@ -194,9 +251,26 @@ Arch Linux. Power users with different opinions should refer to the official # Non-US keyboard users can set their default layout echo "KEYMAP=de-latin1" > /etc/vconsole.conf + + # Re-generate locales + locale-gen ``` - 5. Name your computer! + 7. Persist rotation and font as desired + + 1. Rotation + + ``` + sed -i '$s/$/ fbcon=rotate:1/' /boot/loader/entries/arch.conf + ``` + + 2. Font + + ``` + echo "FONT=latarcyrheb-sun32" >> /etc/vconsole.conf + ``` + + 8. Name your computer! ``` # Create the hostname file @@ -207,71 +281,71 @@ Arch Linux. Power users with different opinions should refer to the official echo "::1 computername.localdomain computername localhost" >> /etc/hosts ``` - 6. Initramfs: install system initialization bundle + 9. Create a user with super user rights ``` - # Enable encryption support in initramfs - sed -i 's/ filesystems/ encrypt filesystems/g' /etc/mkinitcpio.conf - - # Generate new initramfs - mkinitcpio -p linux + echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers + useradd -m -G wheel -s /bin/bash janedoe + passwd janedoe ``` - 7. Install packages + 10. Configure graphical environment TL;DR: ``` - pacman -S sudo dialog wpa_supplicant iw vim git pcscd libu2f-host pcsclite \ - chromium arandr compton i3 rofi kitty nitrogen xorg xf86-video-intel + echo "gpg-connect-agent updatestartuptty /bye \n i3" > .xinitrc + sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config + mkdir -p /etc/systemd/system/getty@tty1.service.d + echo -e "[Service]\nExecStart=\nExecStart=-/usr/bin/agetty -a janedoe -J %I $TERM" \ + > /etc/systemd/system/getty@tty1.service.d/override.conf + echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ + > /home/janedoe/.bash_profile + chown janedoe:janedoe /home/janedoe/.bash_profile ``` Explanation: ``` - pacman -S \ - sudo `# "super user do": allows user to run commands as root` \ - dialog `# terminal menu system, needed for "wifi-menu"` \ - wpa_supplicant `# tools for managing encrypted wireless networks` \ - iw `# wireless management CLI utility` \ - vim `# alternative text editor to "nano"` \ - git `# used to download and track source code` \ - pcsclite `# daemon for managing smartcard access` \ - libu2f-host `# allow U2F/2FA smartcard for some applications` \ - chromium `# open source edition of Chrome` \ - arandr `# graphical screen/resolution management` \ - compton `# hardware accelerated desktop layer` \ - i3 `# tiling window manager` \ - rofi `# graphical command runner menu` \ - kitty `# graphical terminal emulator` \ - nitrogen `# wallpaper manager` \ - xorg `# graphical user interface infrastructure` \ - xf86-video-intel `# graphics driver for Intel chipsets` - ``` + cat <<-EOF > .xinitrc + #!/bin/bash - Note: Non-Intel graphics users, see: [Arch Driver Installation][2] + # Let GPG know about our current terminal + gpg-connect-agent updatestartuptty /bye - 8. Create a user with super user rights + # Optional: Start compositor for faster rendering for terminals etc + # compton & - ``` - pacman -S sudo - echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers - useradd -m -G wheel -s /bin/bash janedoe - passwd janedoe - ``` + # Optional: Set wallpaper + # nitrogen --set-scaled ~/.wallpaper/yourcoolwallpaper.jpg - 9. Configure and install bootloader + # Optional: Start terminal + # kitty & - ``` - bootctl --path=/boot install - echo "default arch" > /boot/loader/loader.conf - echo "title Arch Linux" >> /boot/loader/entries/arch.conf - echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf - echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf - echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 \ - | head -n1):cryptroot root=/dev/mapper/cryptroot rw" >> \ - /boot/loader/entries/arch.conf + # Optional: Set resolution and rotation + # xrandr --output HDMI1 --off --output DP1 --off --output eDP1 --mode 1200x1920 --pos 0x0 --rotate right --output VIRTUAL1 --off + # xinput set-prop 15 --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1 + + # Start Window manager + i3 + EOF + + # Set default terminal + sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config + + # Automatically login janedoe user on boot + mkdir -p /etc/systemd/system/getty@tty1.service.d + cat <<-EOF > /etc/systemd/system/getty@tty1.service.d/override.conf + [Service] + ExecStart= + ExecStart=-/usr/bin/agetty --autologin janedoe --noclear %I $TERM + EOF + + # Automatically start graphical environment if not already running + echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ + > /home/janedoe/.bash_profile + chown janedoe:janedoe /home/janedoe/.bash_profile ``` - 10. Boot into Arch + 11. Boot into Arch 1. Shutdown with ``` From 6ac4a76a1c6270c3c2b1792158002310884c41ec Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sun, 14 Apr 2019 20:17:13 -0700 Subject: [PATCH 5/7] finish adding essential configuration for booting arch --- 2-Operating-Systems/1-arch.md | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md index 4ee10d1..8267497 100644 --- a/2-Operating-Systems/1-arch.md +++ b/2-Operating-Systems/1-arch.md @@ -168,7 +168,8 @@ Arch Linux. Power users with different opinions should refer to the official TL;DR: ``` pacman -S sudo dialog wpa_supplicant iw vim git pcscd libu2f-host pcsclite \ - chromium arandr compton i3 dmenu kitty nitrogen slock xorg xf86-video-intel + chromium arandr compton i3 dmenu kitty nitrogen slock xorg \ + xf86-video-intel ccid opensc openssh ``` Explanation: @@ -192,6 +193,9 @@ Arch Linux. Power users with different opinions should refer to the official slock `# simple lock screen` \ xorg `# graphical user interface infrastructure` \ xf86-video-intel `# graphics driver for Intel chipsets` + ccid `# CCID driver for some smartcards, i.e. Yubikey` + opensc `# OpenSC driver for some smartcards, i.e. Yubikey` + openssh `# Secure shell into other computers` ``` Note: Non-Intel graphics users, see: [Arch Driver Installation][2] @@ -328,9 +332,20 @@ Arch Linux. Power users with different opinions should refer to the official i3 EOF + # Set Window Manager font size + sed -i "s/monospace .*/Terminus 15/g" .config/i3/config + # Set default terminal sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config + # Configure terminal and font + # mkdir -p .config/kitty + # echo "font_family Terminus" >> .config/kitty/kitty.conf + # echo "font_size 15.0" >> .config/kitty/kitty.conf + + # Scale browser for high resolution displays + # echo "--force-device-scale-factor=1.5" >> .config/chromium-flags.conf + # Automatically login janedoe user on boot mkdir -p /etc/systemd/system/getty@tty1.service.d cat <<-EOF > /etc/systemd/system/getty@tty1.service.d/override.conf @@ -343,9 +358,19 @@ Arch Linux. Power users with different opinions should refer to the official echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ > /home/janedoe/.bash_profile chown janedoe:janedoe /home/janedoe/.bash_profile + + # Start wifi on boot + # Get name of wireless device + ip addr # look for something that starts with wl such as "wlp1s0" + systemctl enable netctl-auto@wlp1s05 ``` + 11. Configure Smartcard for GnuPG, SSH, etc - 11. Boot into Arch + ``` + systemctl enable pcscd + echo "export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh" >> ~/.bashrc + ``` + 12. Boot into Arch 1. Shutdown with ``` From 678fc17e909c6401ae5533196f74460710c6ab50 Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sun, 21 Apr 2019 15:25:10 -0700 Subject: [PATCH 6/7] media keys, audio support, reformatting file --- 2-Operating-Systems/1-arch.md | 612 ++++++++++++++++++---------------- 1 file changed, 325 insertions(+), 287 deletions(-) diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md index 8267497..abfe099 100644 --- a/2-Operating-Systems/1-arch.md +++ b/2-Operating-Systems/1-arch.md @@ -1,4 +1,4 @@ -# How to install Arch Linux: The TL;DR +# Install Arch Linux: The TL;DR ## Overview @@ -9,392 +9,430 @@ Arch Linux. Power users with different opinions should refer to the official [1]:https://wiki.archlinux.org/index.php/Installation_guide ## Requirements - * These steps are best done on a Linux or OSX computer to run early steps. - * Windows users may use WSL (Windows Subsystem for Linux) - * Or can use an [Ubuntu live CD][1] - * A blank flash drive, 1GB+ - * Target computer - * Known to be compatible with Linux - * Supports UEFI boot - * Has wireless card - * Does not require proprietary "out of tree" drivers + +* These steps are best done on a Linux or OSX computer to run early steps. + * Windows users may use WSL (Windows Subsystem for Linux) + * Or can use an [Ubuntu live CD][1] +* A blank flash drive, 1GB+ +* Target computer + * Known to be compatible with Linux + * Supports UEFI boot + * Has wireless card + * Does not require proprietary "out of tree" drivers [1]: https://www.ubuntu.com/download/desktop +## Device Support + +Devices this guide is known to work with: + * Dell XPS 13 or 15 series + * Lenovo Yoga series + * GPD Pocket series + ## Goals - * Full disk encryption - * Passwordless: Use GPG Smartcard for login, sudo, ssh - * Simple partitioning scheme + +* Simple partitioning scheme +* Full disk encyption +* Passwordless: Use GPG Smartcard for login, sudo, ssh ## Steps 1. Download latest Arch Linux ISO image file - 1. Install torrent client such as aria2 - 2. Get latest .iso.torrent URL from [Arch Linux releases][1] - 3. Download ISO with aria2. - - Example: - ``` - aria2c --on-download-complete=exit https://YOUR_TORRENT_URL_HERE - ``` + 1. Install torrent client such as aria2 + 2. Get latest .iso.torrent URL from [Arch Linux releases][1] + 3. Download ISO with aria2. + + Example: + + ``` + aria2c --on-download-complete=exit https://YOUR_TORRENT_URL_HERE + ``` [1]: https://mirrors.kernel.org/archlinux/iso/latest/ 2. Write latest ISO to flash drive - 1. List current storage devices with `lsblk` - 2. Insert flash drive - 3. List current storage devices with `lsblk` again - 4. Take note of new drive. Example: /dev/sdX - 5. Use `dd` to write ISO image to drive - - ``` - sudo dd \ + + 1. List current storage devices with `lsblk` + 2. Insert flash drive + 3. List current storage devices with `lsblk` again + 4. Take note of new drive. Example: /dev/sdX + 5. Use `dd` to write ISO image to drive + + ``` + sudo dd \ bs=4M \ if=archlinux-DATE-x86_64.iso \ of=/dev/sdX \ status=progress \ oflag=sync - ``` - 6. Remove flash drive + ``` + 6. Remove flash drive 3. Boot flash drive of target laptop - 1. Insert flash drive - 2. Boot laptop to BIOS screen - * e.g. F1, F2, F10, Delete, Escape while computer starts booting - 3. Check that 'secure boot' is Disabled - 4. Ensure USB drives will boot by default - 5. Boot on installation medium - -4. Adjust rotation, fonts, keyboard layout - 1. Change rotation if needed + + 1. Insert flash drive + 2. Boot laptop to BIOS screen + * e.g. F1, F2, F10, Delete, Escape while computer starts booting + 3. Check that 'secure boot' is Disabled + 4. Ensure USB drives will boot by default + 5. Reboot into Arch Linux installation environment + +4. If needed: Set desired keyboard layout (if not US standard) + + Example: German + + ``` + loadkeys de-latin1 + ``` - ``` - echo 1 > /sys/class/graphics/fbcon/rotate_all - ``` +5. If needed: Change rotation + + ``` + echo 1 > /sys/class/graphics/fbcon/rotate_all + ``` + Note: May need to use 2 or 3 depending on starting state - 2. Increase font size if needed - - ``` - setfont /usr/share/kbd/consolefonts/latarcyrheb-sun32.psfu.gz - ``` - Note: This is the current largest font - - 3. Set desired keyboard layout (if not US standard) - - Example: German - ``` - loadkeys de-latin1 - ``` - -5. Connect to the internet - 1. Select and join a wireless network with `wifi-menu` - 2. Verify connection with `ping 1.1.1.1` +6. If needed: Increase font size + + ``` + setfont /usr/share/kbd/consolefonts/latarcyrheb-sun32.psfu.gz + ``` + + Note: This is the current largest font -6. Update system clock +7. Connect to the internet + + 1. Select and join a wireless network with `wifi-menu` + 2. Verify connection with `ping 1.1.1.1` +8. Update system clock + ``` timedatectl set-ntp true ``` -7. Set up encrypted disk - 1. Determine target root device with `lsblk`. Example: /dev/mmcblk0 - 2. Create all partitions - - TL:DR; - ``` - sgdisk -Zo -n 1:2048:+512M -t 1:EF00 -c 1:boot -N 2 -t 2:8300 -c 2:root /dev/mmcblk0 - ``` - - Explanation: - ``` - sgdisk \ +9. Set up encrypted disk + + 1. Determine target root device with `lsblk`. Example: /dev/mmcblk0 + + 2. Create all partitions + + TL:DR; + + ``` + sgdisk -Zo -n 1:2048:+512M -t 1:EF00 -c 1:boot -N 2 -t 2:8300 -c 2:root /dev/mmcblk0 + ``` + + Explanation: + + ``` + sgdisk \ -Zo `# zero out any existing partitions` \ -n 1:2048:+512M `# create new 512M partition for boot` \ -t 1:EF00 `# set type to EFI` \ -c 1:boot `# set comment/label to "boot"` \ - -N 2 `# create second new partition filling rest of disk` \ + -N 2 `# create second partition filling disk` \ -t 2:8300 `# set type Linux` \ -c 2:root `# set comment/label to "root"` \ /dev/mmcblk0 # writing to your target drive - ``` - - Note: As an alternative, you can graphically partition using `cgdisk` - - 3. Format the EFI boot partition as FAT32 - - ``` - mkfs.vfat -F32 /dev/mmcblk0p1 - ``` - - 4. Encrypt and format the root partition - - ``` - # encrypt root partition with passphrase - cryptsetup -y -v luksFormat --type luks2 /dev/mmcblk0p2 - - # decrypt drive and expose as /dev/mapper/cryptroot - cryptsetup open /dev/mmcblk0p2 cryptroot - - # make journaled ext4 partition in decrypted root device - mkfs.ext4 -j /dev/mapper/cryptroot - ``` - -8. Mount the file systems - - ``` - mount /dev/mapper/cryptroot /mnt - mkdir /mnt/boot - mount /dev/mmcblk0p1 /mnt/boot - ``` - -9. Select the Mirrors - - ``` - pacman -Sy reflector - reflector --age 12 --protocol https --sort rate --save /etc/pacman.d/mirrorlist - ``` - - Note: This avoids manual mirror sorting. Native script does not yet exist. - -10. Install packages - 1. Base packages + ``` + + Note: As an alternative, you can graphically partition using `cgdisk` + + 3. Format the EFI boot partition as FAT32 + + ``` + mkfs.vfat -F32 /dev/mmcblk0p1 + ``` + + 4. Encrypt and format the root partition + + ``` + # encrypt root partition with passphrase + cryptsetup -y -v luksFormat --type luks2 /dev/mmcblk0p2 + + # decrypt drive and expose as /dev/mapper/cryptroot + cryptsetup open /dev/mmcblk0p2 cryptroot + + # make journaled ext4 partition in decrypted root device + mkfs.ext4 -j /dev/mapper/cryptroot + ``` +10. Mount the file systems + ``` - pacstrap /mnt base + mount /dev/mapper/cryptroot /mnt + mkdir /mnt/boot + mount /dev/mmcblk0p1 /mnt/boot ``` - 2. Secondary, but useful and necessary packages - TL;DR: +11. Select the Mirrors + ``` - pacman -S sudo dialog wpa_supplicant iw vim git pcscd libu2f-host pcsclite \ - chromium arandr compton i3 dmenu kitty nitrogen slock xorg \ - xf86-video-intel ccid opensc openssh + pacman -Sy reflector + reflector --age 12 --protocol https --sort rate --save /etc/pacman.d/mirrorlist ``` + + Note: This avoids manual mirror sorting. +12. Install packages + + 1. Install packages + + ``` + pacstrap /mnt base sudo dialog wpa_supplicant iw vim git \ + pcsclite libu2f-host chromium arandr compton i3-wm dmenu \ + kitty nitrogen slock xorg xf86-video-intel ccid opensc \ + openssh haveged pulseaudio pulseaudio-alsa pulsemixer + ``` + Explanation: + ``` pacman -S \ - sudo `# "super user do": allows user to run commands as root` \ - dialog `# terminal menu system, needed for "wifi-menu"` \ - wpa_supplicant `# tools for managing encrypted wireless networks` \ - iw `# wireless management CLI utility` \ - vim `# alternative text editor to "nano"` \ - git `# used to download and track source code` \ - pcsclite `# daemon for managing smartcard access` \ - libu2f-host `# allow U2F/2FA smartcard for some applications` \ - chromium `# open source edition of Chrome` \ - arandr `# graphical screen/resolution management` \ - compton `# hardware accelerated desktop layer` \ - i3-wm `# tiling window manager` \ - dmenu `# graphical command runner menu` \ - kitty `# graphical terminal emulator` \ - nitrogen `# wallpaper manager` \ - slock `# simple lock screen` \ - xorg `# graphical user interface infrastructure` \ - xf86-video-intel `# graphics driver for Intel chipsets` - ccid `# CCID driver for some smartcards, i.e. Yubikey` - opensc `# OpenSC driver for some smartcards, i.e. Yubikey` - openssh `# Secure shell into other computers` + sudo `# "super user do": run commands as root` \ + dialog `# terminal menu system, for "wifi-menu"` \ + wpa_supplicant `# tools for encrypted wireless networks` \ + iw `# wireless management CLI utility` \ + vim `# alternative text editor to "nano"` \ + git `# used to download and track source code` \ + pcsclite `# daemon for managing smartcard access` \ + libu2f-host `# U2F/2FA support for some applications` \ + chromium `# open source edition of Chrome` \ + arandr `# graphical screen/resolution management` \ + compton `# hardware accelerated desktop layer` \ + i3-wm `# tiling window manager` \ + dmenu `# graphical command runner menu` \ + kitty `# graphical terminal emulator` \ + nitrogen `# wallpaper manager` \ + slock `# simple lock screen` \ + xorg `# graphical user interface infrastructure` \ + xf86-video-intel `# graphics driver for Intel chipsets` \ + ccid `# CCID driver for some smartcards` \ + opensc `# OpenSC driver for some smartcards` \ + openssh `# Secure shell into other computers` \ + haveged `# More secure random numbers` \ + pulseaudio `# Audio support` \ + pulseaudio-alsa `# ALSA audio driver support` \ + pulsemixer `# Console audio manager` ``` - + Note: Non-Intel graphics users, see: [Arch Driver Installation][2] +13. Fstab: Generate 'File System TABle' of contents + + ``` + genfstab -U /mnt >> /mnt/etc/fstab + ``` -11. Configure the System - 1. Fstab: Generate 'File System TABle' of contents - - ``` - genfstab -U /mnt >> /mnt/etc/fstab - ``` +14. Chroot: login to new arch installation by changing root + + ``` + arch-chroot /mnt + ``` - 2. Chroot: login to new arch installation by changing root +15. Initramfs: install system initialization bundle + + ``` + # Enable encryption support in initramfs + sed -i 's/ filesystems/ encrypt filesystems/g' /etc/mkinitcpio.conf + + # Generate new initramfs + mkinitcpio -p linux + ``` - ``` - arch-chroot /mnt - ``` - 3. Initramfs: install system initialization bundle - - ``` - # Enable encryption support in initramfs - sed -i 's/ filesystems/ encrypt filesystems/g' /etc/mkinitcpio.conf - - # Generate new initramfs - mkinitcpio -p linux - ``` - - 4. Configure and install bootloader - - ``` - bootctl --path=/boot install - echo "default arch" > /boot/loader/loader.conf - echo "title Arch Linux" >> /boot/loader/entries/arch.conf - echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf - echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf - echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 \ +16. Configure and install bootloader + + ``` + bootctl --path=/boot install + echo "default arch" > /boot/loader/loader.conf + echo "title Arch Linux" >> /boot/loader/entries/arch.conf + echo "linux /vmlinuz-linux" >> /boot/loader/entries/arch.conf + echo "initrd /initramfs-linux.img" >> /boot/loader/entries/arch.conf + echo "options cryptdevice=UUID=$(blkid -o value /dev/mmcblk0p2 \ | head -n1):cryptroot root=/dev/mapper/cryptroot rw" >> \ /boot/loader/entries/arch.conf - ``` - - 5. Configure system time keeping - - ``` - timedatectl set-ntp true - timedatectl set-timezone Region/City - hwclock --systohc - ``` - - 6. Localization: setting your preferred language - - ``` - # Uncomment preferred language in /etc/locale.gen - sed -i 's/^#en_US/en_US/g' /etc/locale.gen - - # Create /etc/locale.conf and set default language - echo "LANG=en_US.UTF-8" > /etc/locale.conf - - # Non-US keyboard users can set their default layout - echo "KEYMAP=de-latin1" > /etc/vconsole.conf - - # Re-generate locales - locale-gen - ``` + ``` - 7. Persist rotation and font as desired +17. Configure system time keeping + + ``` + timedatectl set-ntp true + timedatectl set-timezone Region/City + hwclock --systohc + ``` - 1. Rotation +18. Localization: setting your preferred language + + ``` + # Uncomment preferred language in /etc/locale.gen + sed -i 's/^#en_US/en_US/g' /etc/locale.gen + + # Create /etc/locale.conf and set default language + echo "LANG=en_US.UTF-8" > /etc/locale.conf + + # Non-US keyboard users can set their default layout + echo "KEYMAP=de-latin1" > /etc/vconsole.conf + + # Re-generate locales + locale-gen + ``` +19. If needed: Set rotation + ``` sed -i '$s/$/ fbcon=rotate:1/' /boot/loader/entries/arch.conf ``` - 2. Font - +20. If needed: Set font + ``` echo "FONT=latarcyrheb-sun32" >> /etc/vconsole.conf ``` - 8. Name your computer! - - ``` - # Create the hostname file - hostnamectl set-hostname computername - - # Specify new hostname for the network - echo "127.0.0.1 computername.localdomain computername localhost" > /etc/hosts - echo "::1 computername.localdomain computername localhost" >> /etc/hosts - ``` - - 9. Create a user with super user rights - - ``` - echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers - useradd -m -G wheel -s /bin/bash janedoe - passwd janedoe - ``` +21. Create a user with super user rights + + ``` + echo "%wheel ALL=(ALL) ALL" >> /etc/sudoers + useradd -m -G wheel -s /bin/bash janedoe + passwd janedoe + ``` - 10. Configure graphical environment +22. Name your computer! + + ``` + # Create the hostname file + hostnamectl set-hostname computername + + # Specify new hostname for the network + echo "127.0.0.1 computername.localdomain computername localhost" > /etc/hosts + echo "::1 computername.localdomain computername localhost" >> /etc/hosts + ``` - TL;DR: - ``` - echo "gpg-connect-agent updatestartuptty /bye \n i3" > .xinitrc - sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config - mkdir -p /etc/systemd/system/getty@tty1.service.d - echo -e "[Service]\nExecStart=\nExecStart=-/usr/bin/agetty -a janedoe -J %I $TERM" \ +23. Configure graphical environment + + TL;DR: + + ``` + echo "gpg-connect-agent updatestartuptty /bye \n i3" > .xinitrc + sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config + mkdir -p /etc/systemd/system/getty@tty1.service.d + echo -e "[Service]\nExecStart=\nExecStart=-/usr/bin/agetty -a janedoe -J %I $TERM" \ > /etc/systemd/system/getty@tty1.service.d/override.conf - echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ + echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ > /home/janedoe/.bash_profile - chown janedoe:janedoe /home/janedoe/.bash_profile - ``` - - Explanation: - ``` - cat <<-EOF > .xinitrc + chown janedoe:janedoe /home/janedoe/.bash_profile + ``` + + Explanation: + + ``` + cat <<-EOF > .xinitrc #!/bin/bash - + # Let GPG know about our current terminal gpg-connect-agent updatestartuptty /bye - + # Optional: Start compositor for faster rendering for terminals etc # compton & - + # Optional: Set wallpaper # nitrogen --set-scaled ~/.wallpaper/yourcoolwallpaper.jpg - + # Optional: Start terminal # kitty & - + # Optional: Set resolution and rotation # xrandr --output HDMI1 --off --output DP1 --off --output eDP1 --mode 1200x1920 --pos 0x0 --rotate right --output VIRTUAL1 --off # xinput set-prop 15 --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1 - + # Start Window manager i3 - EOF - - # Set Window Manager font size - sed -i "s/monospace .*/Terminus 15/g" .config/i3/config - - # Set default terminal - sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config - - # Configure terminal and font - # mkdir -p .config/kitty - # echo "font_family Terminus" >> .config/kitty/kitty.conf - # echo "font_size 15.0" >> .config/kitty/kitty.conf - - # Scale browser for high resolution displays - # echo "--force-device-scale-factor=1.5" >> .config/chromium-flags.conf - - # Automatically login janedoe user on boot - mkdir -p /etc/systemd/system/getty@tty1.service.d - cat <<-EOF > /etc/systemd/system/getty@tty1.service.d/override.conf + EOF + + # Optional: Set Window Manager font size + # sed -i "s/monospace .*/Terminus 15/g" .config/i3/config + + # Set default terminal + sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config + + # Configure media keys + cat <<-EOF > .config/i3/config + bindsym XF86MonBrightnessUp exec xbacklight -inc 10 + bindsym XF86MonBrightnessDown exec xbacklight -dec 10 + bindsym XF86AudioRaiseVolume exec --no-startup-id pactl -- \ + set-sink-volume 0 +5% + bindsym XF86AudioLowerVolume exec --no-startup-id pactl -- \ + set-sink-volume 0 -5% + bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute \ + 0 toggle + EOF + + # Optional: Configure terminal and font + # mkdir -p .config/kitty + # echo "font_family Terminus" >> .config/kitty/kitty.conf + # echo "font_size 15.0" >> .config/kitty/kitty.conf + + # Optional: Scale browser for high resolution displays + # echo "--force-device-scale-factor=1.5" >> .config/chromium-flags.conf + + # Automatically login janedoe user on boot + mkdir -p /etc/systemd/system/getty@tty1.service.d + cat <<-EOF > /etc/systemd/system/getty@tty1.service.d/override.conf [Service] ExecStart= ExecStart=-/usr/bin/agetty --autologin janedoe --noclear %I $TERM - EOF - - # Automatically start graphical environment if not already running - echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ + EOF + + # Automatically start GUI environment if not already running + echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ > /home/janedoe/.bash_profile - chown janedoe:janedoe /home/janedoe/.bash_profile - - # Start wifi on boot - # Get name of wireless device - ip addr # look for something that starts with wl such as "wlp1s0" - systemctl enable netctl-auto@wlp1s05 - ``` - 11. Configure Smartcard for GnuPG, SSH, etc - - ``` - systemctl enable pcscd - echo "export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh" >> ~/.bashrc - ``` - 12. Boot into Arch - 1. Shutdown with + chown janedoe:janedoe /home/janedoe/.bash_profile + ``` - ``` - exit - shutdown -h now - ``` +24. Start wifi on boot + + ``` + # Get name of wireless device + ip addr # Usually starts with wl such as "wlp1s0" + systemctl enable netctl-auto@wlp1s05 + ``` - 2. Remove flash drive +25. Configure Smartcard for GnuPG, SSH, etc + + ``` + systemctl enable pcscd + echo "export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh" >> ~/.bashrc + ``` +26. Boot into Arch + + 1. Shutdown + + ``` + exit + shutdown -h now + ``` + + 2. Remove flash drive + 3. Boot computer ## Recovery -If you need to resume from a broken or partial install, perform steps 3-5 then: +To resume from a broken or partial install, perform steps 3-8 then: - ``` +``` cryptsetup open /dev/mmcblk0p2 cryptroot mount /dev/mapper/cryptroot /mnt mount /dev/mmcblk0p1 /mnt/boot arch-chroot /mnt - ``` +``` ## References - * [Encrypting entire system with LUKS][1] + +* [Encrypting entire system with LUKS][1] [1]: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition From aee2512c5a628598060ff9e1b078cac630b4495d Mon Sep 17 00:00:00 2001 From: Christine Vick Date: Sun, 28 Apr 2019 15:29:56 -0700 Subject: [PATCH 7/7] test run through and made edits --- 2-Operating-Systems/1-arch.md | 104 ++++++++++++++++++++-------------- 1 file changed, 62 insertions(+), 42 deletions(-) diff --git a/2-Operating-Systems/1-arch.md b/2-Operating-Systems/1-arch.md index abfe099..8af2870 100644 --- a/2-Operating-Systems/1-arch.md +++ b/2-Operating-Systems/1-arch.md @@ -19,6 +19,7 @@ Arch Linux. Power users with different opinions should refer to the official * Supports UEFI boot * Has wireless card * Does not require proprietary "out of tree" drivers +* Time: 1-3 hours, depending on optional steps [1]: https://www.ubuntu.com/download/desktop @@ -39,7 +40,7 @@ Devices this guide is known to work with: 1. Download latest Arch Linux ISO image file 1. Install torrent client such as aria2 - 2. Get latest .iso.torrent URL from [Arch Linux releases][1] + 2. Copy latest .iso.torrent URL address from [Arch Linux releases][1] 3. Download ISO with aria2. Example: @@ -182,9 +183,7 @@ Devices this guide is known to work with: ``` pacstrap /mnt base sudo dialog wpa_supplicant iw vim git \ - pcsclite libu2f-host chromium arandr compton i3-wm dmenu \ - kitty nitrogen slock xorg xf86-video-intel ccid opensc \ - openssh haveged pulseaudio pulseaudio-alsa pulsemixer + pcsclite libu2f-host chromium arandr compton i3-wm i3status \   dmenu kitty nitrogen slock xorg xorg-xinit xf86-video-intel \   ccid opensc openssh haveged pulseaudio pulseaudio-alsa \   pulsemixer ``` Explanation: @@ -203,11 +202,13 @@ Devices this guide is known to work with: arandr `# graphical screen/resolution management` \ compton `# hardware accelerated desktop layer` \ i3-wm `# tiling window manager` \ + i3status `# status bar for i3` \ dmenu `# graphical command runner menu` \ kitty `# graphical terminal emulator` \ nitrogen `# wallpaper manager` \ slock `# simple lock screen` \ xorg `# graphical user interface infrastructure` \ + xorg-xinit `# allow starting X from command line` \ xf86-video-intel `# graphics driver for Intel chipsets` \ ccid `# CCID driver for some smartcards` \ opensc `# OpenSC driver for some smartcards` \ @@ -315,42 +316,61 @@ Devices this guide is known to work with: TL;DR: ``` - echo "gpg-connect-agent updatestartuptty /bye \n i3" > .xinitrc - sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config mkdir -p /etc/systemd/system/getty@tty1.service.d echo -e "[Service]\nExecStart=\nExecStart=-/usr/bin/agetty -a janedoe -J %I $TERM" \ > /etc/systemd/system/getty@tty1.service.d/override.conf + su - janedoe + echo -e "gpg-connect-agent updatestartuptty /bye\ni3" > .xinitrc + mkdir -p .config/i3 + cp /etc/i3/config .config/i3/config + sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ - > /home/janedoe/.bash_profile - chown janedoe:janedoe /home/janedoe/.bash_profile + > .bash_profile + exit ``` Explanation: ``` + # Automatically login janedoe user on boot + mkdir -p /etc/systemd/system/getty@tty1.service.d + cat <<-EOF >     /etc/systemd/system/getty@tty1.service.d/override.conf +     [Service] +     ExecStart= +     ExecStart=-/usr/bin/agetty --autologin janedoe --noclear %I     $TERM + EOF + + # Become your janedoe user + su - janedoe + cat <<-EOF > .xinitrc - #!/bin/bash - # Let GPG know about our current terminal - gpg-connect-agent updatestartuptty /bye +     #!/bin/bash + +     # Let GPG know about our current terminal +     gpg-connect-agent updatestartuptty /bye - # Optional: Start compositor for faster rendering for terminals etc - # compton & +     # Optional: Compositor for faster terminal rendering    +     # compton & - # Optional: Set wallpaper - # nitrogen --set-scaled ~/.wallpaper/yourcoolwallpaper.jpg +     # Optional: Set wallpaper +     # nitrogen --set-scaled ~/.wallpaper/yourcoolwallpaper.jpg - # Optional: Start terminal - # kitty & +     # Optional: Start terminal +     # kitty & - # Optional: Set resolution and rotation - # xrandr --output HDMI1 --off --output DP1 --off --output eDP1 --mode 1200x1920 --pos 0x0 --rotate right --output VIRTUAL1 --off - # xinput set-prop 15 --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1 +     # Optional: Set resolution and rotation +     # xrandr --output HDMI1 --off --output DP1 --off --output eDP1 --mode 1200x1920 --pos 0x0 --rotate right --output VIRTUAL1 --off +     # xinput set-prop 15 --type=float "Coordinate Transformation Matrix" 0 1 0 -1 0 1 0 0 1 - # Start Window manager - i3 +     # Start Window manager +     i3 EOF + # Install default i3 config file + mkdir -p .config/i3 + cp /etc/i3/config .config/i3/config + # Optional: Set Window Manager font size # sed -i "s/monospace .*/Terminus 15/g" .config/i3/config @@ -358,17 +378,18 @@ Devices this guide is known to work with: sed -i "s/i3-sensible-terminal/kitty/g" .config/i3/config # Configure media keys - cat <<-EOF > .config/i3/config - bindsym XF86MonBrightnessUp exec xbacklight -inc 10 - bindsym XF86MonBrightnessDown exec xbacklight -dec 10 - bindsym XF86AudioRaiseVolume exec --no-startup-id pactl -- \ - set-sink-volume 0 +5% - bindsym XF86AudioLowerVolume exec --no-startup-id pactl -- \ - set-sink-volume 0 -5% - bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute \ - 0 toggle + cat <<-EOF >> .config/i3/config +     bindsym XF86MonBrightnessUp exec xbacklight -inc 10 +     bindsym XF86MonBrightnessDown exec xbacklight -dec 10 +     bindsym XF86AudioRaiseVolume exec --no-startup-id pactl -- set-sink-volume 0 +5% +     bindsym XF86AudioLowerVolume exec --no-startup-id pactl -- set-sink-volume 0 -5% +     bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute 0 toggle EOF + # Optional: Change default $mod key + # Mod4 = Windows/Mac/Meta key + # sed -i 's/Mod1/Mod4/g' .config/i3/config + # Optional: Configure terminal and font # mkdir -p .config/kitty # echo "font_family Terminus" >> .config/kitty/kitty.conf @@ -377,18 +398,11 @@ Devices this guide is known to work with: # Optional: Scale browser for high resolution displays # echo "--force-device-scale-factor=1.5" >> .config/chromium-flags.conf - # Automatically login janedoe user on boot - mkdir -p /etc/systemd/system/getty@tty1.service.d - cat <<-EOF > /etc/systemd/system/getty@tty1.service.d/override.conf - [Service] - ExecStart= - ExecStart=-/usr/bin/agetty --autologin janedoe --noclear %I $TERM - EOF - # Automatically start GUI environment if not already running echo '[[ -z $DISPLAY && ! -e /tmp/.X11-unix/X0 ]] && (( EUID )) && exec startx' \ - > /home/janedoe/.bash_profile - chown janedoe:janedoe /home/janedoe/.bash_profile + > .bash_profile + + exit ``` 24. Start wifi on boot @@ -406,7 +420,13 @@ Devices this guide is known to work with: echo "export SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh" >> ~/.bashrc ``` -26. Boot into Arch +26. Disable Root Login + + ``` + passwd -l root + ``` + +27. Boot into Arch 1. Shutdown