Archlinux configuration

From gr0x0rd
Jump to navigation Jump to search

Installation

genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
ln -sf /usr/share/zoneinfo/Canada/Pacific /etc/localtime
hwclock --systohc
nano /etc/locale.gen

Uncomment: en_US.UTF-8 UTF-8 

locale-gen
nano /etc/locale.conf

add: LANG=en_US.UTF-8 

nano /etc/hostname

add: teletran4 

nano /etc/hosts

add: teletran4 relevant stuff 

ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
mkinitcpio -p linux
passwd

Bootloader

pacman -S grub
grub-install --target=i386-pc /dev/sda
pacman -S intel-ucode
grub-mkconfig -o /boot/grub/grub.cfg

Start network at boot

systemctl enable dhcpcd

Enable RAID

pacman -S mdadm
modprobe raid5
mdadm --detail --scan >> /etc/mdadm.conf
nano /etc/mdadm.conf

change md127 to md0 

nano /etc/fstab

add: /dev/md0 /home ext3 defaults,noatime 0 0

Reboot the system

exit
umount /mnt
reboot

Basic system configuration

log in as root

Create a user

useradd -m -G wheel,audio -s /bin/bash gr0x0rd
passwd gr0x0rd

Set up sudo

pacman -S sudo
nano /etc/sudoers

comment out wheel group 

exit

ssh daemon

log in as gr0x0rd 

sudo pacman -S polkit
sudo pacman -S openssh
sudo nano /etc/ssh/sshd_config

change port 22 to 2112 

sudo systemctl edit sshd.socket

create section [Socket] and set ListenStream=2112 

sudo systemctl start sshd.socket
sudo systemctl enable sshd.socket

smtp server

sudo pacman -S ssmtp

When done, edit /etc/ssmtp/ssmtp.conf to your liking.

Arch User Repository

sudo pacman -S --needed base-devel
sudo mkdir -p /usr/local/aur
sudo pacman -S git
sudo chmod -R 777 /usr/local/aur

Desktop environment

Graphic driver

sudo pacman -S nvidia
sudo mkinitcpio 
sudo reboot

confirm the system is using the nvidia driver via lspci -v

Window Manager

sudo pacman -S xorg
sudo pacman -S xfce4
sudo nano /etc/X11/xinit/xinitrc

add: exec startxfce4 

sudo pacman -S lightdm lightdm-gtk-greeter
sudo nano /etc/lightdm/lightdm.conf

add to [Seat:*] section: greeter-session=lightdm-yourgreeter-greeter 

sudo systemctl enable lightdm

reboot or start the desktop environment via startxfce4 

sudo pacman -S ttf-dejavu

resolves messed up terminal fonts in xfce

Sound

pacman -S alsa-utils
alsamixer

unmute the master, set the volume to a decent level

Basic desktop software

sudo pacman -S firefox gedit libreoffice-fresh epdfview

Image viewer

sudo pacman -S eog

Screen saver

sudo pacman -S xscreensaver xfce4-power-manager

Multimedia

sudo pacman -S pulseaudio xfce4-pulseaudio-plugin pavucontrol pulseaudio-alsa gst-plugins-good
sudo pacman -S mplayer vlc ffmpeg kodi mencoder devede

Torrent client

sudo pacman -S transmission-gtk transmission-cli

Password Manager

cd /usr/local/aur/
git clone https://aur.archlinux.org/password-gorilla.git
cd /usr/local/aur/password-gorilla
makepkg -si

Server settings

System monitor

sudo pacman -S conky

restored .conkyrc from backup

Hard disk temperature monitoring

sudo pacman -S hddtemp netcat

todo: configure hddtemp to run as a daemon with the correct drives

UPS

sudo pacman -S apcupsd

restore /etc/apcupsd/apcupsd.conf from backup 

sudo systemctl enable apcupsd.service
sudo systemctl start apcupsd.service

NFS Server

sudo pacman -S nfs-utils

/etc/exports was copied from backup 

sudo systemctl enable nfs-server.service
sudo systemctl start nfs-server.service

Database server

sudo pacman -S mariadb
sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
sudo mysql_secure_installation
sudo systemctl enable mariadb.service
sudo systemctl start mariadb.service

Restore database from backup

gunzip < mysql_backup.sql.gz | mysql -u root -p

passwords for users did not work after restore. accounts had to be deleted and re-created. permisisons persisted after restoring.


Web Server

sudo pacman -S apache
sudo systemctl enable httpd.service
sudo systemctl start httpd.service

php

sudo pacman -S php php-apache
sudo nano /etc/php/php.ini

enable: date.timezone = America/Vancouver enable: short_open_tag = On enable: display_errors = On enable: open_basedir = /srv/http/ 

sudo nano /etc/httpd/conf/httpd.conf

comment the line: LoadModule mpm_event_module modules/mod_mpm_event.so

uncomment the line: LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

add the following to the LoadModule list:

LoadModule php7_module modules/libphp7.so

AddHandler php7-script .php

add the following to the Include list:

Include conf/extra/php7_module.conf

Include conf/vhosts/*.conf 

sudo mkdir /etc/httpd/conf/vhosts

copy the backups from the previous vhosts to the above folder and edit accordingly 

sudo systemctl restart httpd


LetsEncypt certificate management

sudo pacman -S certbot certbot-apache
sudo nano /etc/httpd/conf/extra/httpd-acme.conf

paste the contents from https://wiki.archlinux.org/index.php/Certbot#Apache 

sudo nano /etc/httpd/conf/httpd.conf

add: Include conf/extra/httpd-acme.conf 

sudo systemctl restart httpd
sudo certbot certonly --email gr0x0rd@gmail.com --webroot -w /var/lib/letsencrypt/ -d gr0x0rd.com,blog.gr0x0rd.com,1291.gr0x0rd.com,pool.gr0x0rd.com,wiki.gr0x0rd.com,www.gr0x0rd.com

certs are now available at /etc/letsencrypt/live/gr0x0rd.com

private key: privkey.pem

cert: cert.pem

chain: chain.pem (for nginx)

fullchain: fullchain.pem 

sudo nano /etc/httpd/conf/httpd.conf

uncomment: LoadModule ssl_module modules/mod_ssl.so

uncomment: LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

uncomment: Include conf/extra/httpd-ssl.conf

uncomment: LoadModule rewrite_module modules/mod_rewrite.so 

sudo nano /etc/httpd/conf/extra/httpd-ssl.conf

add: SSLCertificateFile "/etc/letsencrypt/live/gr0x0rd.com/cert.pem"

add: SSLCertificateKeyFile "/etc/letsencrypt/live/gr0x0rd.com/privkey.pem"

add: SSLCertificateChainFile "/etc/letsencrypt/live/gr0x0rd.com/fullchain.pem"

add the same directives to the secure directive area in the applicable vhost file 

sudo systemctl restart httpd

todo: https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal

Mediawiki

sudo pacman -S mediawiki imagemagick php-gd php-intl
sudo nano /etc/php/php.ini

add: /var/lib/mediawiki/:/usr/share/webapps/:/tmp/:/usr/bin/ to the open_basedir directive

uncomment: extension=gd

uncomment: extension=intl

uncomment: extension=iconv

uncomment: extension=mysqli

uncomment: session.save_path = "/tmp" 

sudo mkdir -p /srv/http/mediawiki
sudo cp -r /usr/share/webapps/mediawiki/* /srv/http/mediawiki/

create the necessary file in /etc/httpd/conf/vhosts/ 

sudo systemctl restart httpd

Wordpress

sudo pacman -S wordpress
sudo mkdir -p /srv/http/wordpress
sudo cp -r /usr/share/webapps/wordpress/* /srv/http/wordpress/

If you have any backed up content or an existing site, copy the relevant files (such as wp-content) to the new instance.

There are a number of php extensions that need to be enabled for wordpress to work properly. If you've already completed the steps above, these should all be ready to go.

When satisfied, create the applicable vhosts file in apache and... 

sudo systemctl restart httpd

Universal Media Server

sudo pacman -S jdk8-openjdk
sudo pacman -S dcraw lib32-gcc-libs 
sudo nano /etc/pacman.conf

uncomment [multilib] and Include = /etc/pacman.d/mirrorlist 

sudo pacman -Syu
sudo pacman -S lib32-freetype2
cd /usr/local/aur/
git clone https://aur.archlinux.org/lib32-libmng.git
/usr/local/aur/lib32-libmng
gpg --recv-keys F54984BFA16C640F
makepkg -si
cd /usr/local/aur/
git clone https://aur.archlinux.org/lib32-qt4.git
cd /usr/local/aur/lib32-qt4
makepkg -si
git clone https://aur.archlinux.org/tsmuxer-ng-bin.git
cd /usr/local/aur/tsmuxer-ng-bin
makepkg -si
git clone https://aur.archlinux.org/ums.git
cd /usr/local/aur/ums
makepkg -si

copy the .config/UMS from backup to the desired location.

create the file /usr/lib/systemd/system/ums.service

copy the contents from http://www.universalmediaserver.com/forum/viewtopic.php?f=3&t=1240&start=10#p7392 to the file and save it

change the user "UMS" to running user 

sudo systemctl enable ums.service
sudo systemctl start ums.service

Plex Media Server

cd /usr/local/aur/
git clone https://aur.archlinux.org/plex-media-server-plexpass.git
cd /usr/local/aur/plex-media-server-plexpass
makepkg -si

Arch does not apply any group or user permissions to home directories when users are created. For PMS to read media in my home folder, I had to add 

chmod +rx /home/gr0x0rd

Enable and start the service 

sudo systemctl enable plexmediaserver.service
sudo systemctl start plexmediaserver.service

todo - how to import backup of libraries

Virtualbox

sudo pacman -S virtualbox
sudo pacman -S linux-headers
cd /usr/local/aur/
git clone https://aur.archlinux.org/virtualbox-ext-oracle.git 
makepkg -si
sudo modprobe vboxdrv
sudo modprobe vboxnetadp
sudo modprobe vboxnetflt
sudo modprobe vboxpci
sudo gpasswd -a gr0x0rd vboxusers
Retrieved from "http:///index.php?title=Archlinux_configuration&oldid=892"