Archlinux configuration

From gr0x0rd
Revision as of 19:15, 30 November 2018 by Gr0x0rd (talk | contribs) (→‎Bootloader)
Jump to navigation Jump to search

Installation

Start the ssh daemon

Once up and running, you should check to see that you have a network connection. Once you do, enable connections via root to ssh: 

nano /etc/sshd/ssh_config

Add the directive PermitRootLogin yes to the file. Once done, start the ssh daemon. 

systemctl start sshd.service

You should now be able to connect via another machine with, say, access to this wiki. This will allow you to copy and paste commands instead of typing.

Prepare the disks

This guide assumes a RAID1 installation on a UEFI motherboard. 

fdisk -l

The disks should be recognized as /dev/sda and /dev/sdb. Your boot USB should be recognized as /dev/sdc. 

fdisk /dev/sda

If there are any existing partitions on the disk, delete them by pressing d. This will, of course, delete all data on the disk. Press p to see existing partitions. When there are none, let's create the EFI system partition. 

n
<press enter>
<press enter>
+512M

Set the partition type to "EFI System". 

t
1

Create a swap partition. This should be half the size of the RAM in your system. We will have a non-RAID swap partition on each disk. This provides the benefit of striping while still remaining redundant. 

n
<press enter>
<press enter>
+16G

Set the partition type to swap. 

t
<press enter>
19

Finally, create the root partition. 

n
<press enter>
<press enter>
<press enter>

Set the type of filesystem to RAID. 

t
<press enter>
29

Now that you have your pretty disk partitioned, save what you've done. 

w

Finally, copy the partition table you've created to the second disk. 

sfdisk -d /dev/sda | sfdisk /dev/sdb

Prepare filesystems

The EFI system partitions need to be formatted as FAT. Do this for both disks. 

mkfs.fat -F32 /dev/sda1
mkfs.fat -F32 /dev/sdb1

Create the swap space on both drives. 

mkswap /dev/sda2
swapon /dev/sda2
mkswap /dev/sdb2
swapon /dev/sdb2

Before we can create the filesystem for the root partition, we need to set up and enable the RAID. 

mdadm --create --verbose --level=1 --metadata=1.2 --raid-devices=2 /dev/md/root1 /dev/sda3 /dev/sdb3

It's probably wise to let the RAID complete before formatting the filesystem. You can watch it sync up via 

watch cat /proc/mdstat

Once it's done, create the filesystem. 

mkfs.ext4 /dev/md/root1

Mount the file systems

First let's mount the newly created RAID root partition. 

mount /dev/md/root1 /mnt

We now need to mount the ESP partition from the first disk as /efi. 

mkdir /mnt/efi
mount /dev/sda1 /mnt/efi

Install the base packages

This will create a base archlinux system on your newly created RAID root volume. 

pacstrap /mnt base

Configure the system

genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt

Preserve your RAID configuration in the new installation. 

mdadm --detail --scan >> /etc/mdadm.conf

It might also be helpful to add your email address to the file, and enable monitoring. 

nano /etc/mdadm.conf

Adjust the MAILADDR and PROGRAM lines accordingly. The mdadm package will be required to assemble the array, so let's install it. 

pacman -S mdadm

Configure the mdadm service to start at boot so monitoring alerts can be sent.

Next, set the time zone. 

ln -sf /usr/share/zoneinfo/Canada/Pacific /etc/localtime
hwclock --systohc
nano /etc/locale.gen

Uncomment: en_US.UTF-8 UTF-8 

locale-gen
nano /etc/locale.conf

add: LANG=en_US.UTF-8 

nano /etc/hostname

add: system_name 

nano /etc/hosts

add any relevant references for your local network. 

ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules

Since our system is RAID, we need to add support for mdadm into the initramfs image. 

nano /etc/mkinitcpio.conf

Find the HOOKS section and be sure to add mdadm_udev before filesystems. Then, generate the image 

mkinitcpio -p linux
passwd

Bootloader

pacman -S grub efibootmgr intel-ucode

Edit the grub configuration file so it loads the appropriate RAID modules. 

nano /etc/default/grub

Add the following to the GRUB_PRELOAD_MODULES section: 

mdraid09 mdraid1x

Next we install the bootloader. 

grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB

But, we also want to install the bootloader to the other drive in case of failure- so let's do that. 

umount /efi
mount /dev/sdb1 /efi
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB

Generate the configuration file. 

grub-mkconfig -o /boot/grub/grub.cfg

We also need to instruct grub what RAID volume root is on. 

nano /etc/default/grub

Append the following line: 

set root=(md/root1)

Start network at boot

systemctl enable dhcpcd

Enable RAID

pacman -S mdadm
modprobe raid5
mdadm --detail --scan >> /etc/mdadm.conf
nano /etc/mdadm.conf

change md127 to md0 

nano /etc/fstab

add: /dev/md0 /home ext3 defaults,noatime 0 0

Reboot the system

exit
umount /mnt
reboot

Basic system configuration

log in as root

Create a user

useradd -m -G wheel,audio -s /bin/bash gr0x0rd
passwd gr0x0rd

Set up sudo

pacman -S sudo
nano /etc/sudoers

comment out wheel group 

exit

ssh daemon

log in as gr0x0rd 

sudo pacman -S polkit
sudo pacman -S openssh
sudo nano /etc/ssh/sshd_config

change port 22 to 2112 

sudo systemctl edit sshd.socket

create section [Socket] and set ListenStream=2112 

sudo systemctl start sshd.socket
sudo systemctl enable sshd.socket

smtp server

sudo pacman -S ssmtp

When done, edit /etc/ssmtp/ssmtp.conf to your liking.

antivirus

sudo pacman -S clamav
sudo freshclam
sudo systemctl enable clamav-daemon.service
sudo systemctl start clamav-daemon.service

Arch User Repository

sudo pacman -S --needed base-devel
sudo mkdir -p /usr/local/aur
sudo pacman -S git
sudo chmod -R 777 /usr/local/aur

Enable multilib

sudo nano /etc/pacman.conf

uncomment [multilib] and Include = /etc/pacman.d/mirrorlist

Tools

sudo pacman -S dnsutils

Desktop environment

Graphic driver

sudo pacman -S nvidia
sudo mkinitcpio 
sudo reboot

confirm the system is using the nvidia driver via lspci -v

Window Manager

sudo pacman -S xorg
sudo pacman -S xfce4 xfce4-goodies gvfs gvfs-afc udisks2 gamin file-roller ark xarchiver thunar-volman
sudo nano /etc/X11/xinit/xinitrc

add: exec startxfce4 

sudo pacman -S lightdm lightdm-gtk-greeter
sudo nano /etc/lightdm/lightdm.conf

add to [Seat:*] section: greeter-session=lightdm-yourgreeter-greeter 

sudo systemctl enable lightdm

reboot or start the desktop environment via startxfce4 

sudo pacman -S ttf-dejavu

resolves messed up terminal fonts in xfce

compiz

cd /usr/local/aur
git clone https://aur.archlinux.org/compiz.git
cd compiz
makepkg -si
cd /usr/local/aur
git clone https://aur.archlinux.org/emerald.git
cd emerald
makepkg -si
cd /usr/local/aur 
git clone https://aur.archlinux.org/emerald-themes.git 
cd emerald-themes
makepkg -si
cd /usr/local/aur 
git clone https://aur.archlinux.org/fusion-icon.git
cd fusion-icon
makepkg -si

In xfce it's possible to change the default window manager to compiz via the command 

xfconf-query -c xfce4-session -p /sessions/Failsafe/Client0_Command -t string -sa compiz

Also, it's possible to set the global WM in xfce via editing the following xml files: 

/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml

(I'm not sure if the above actually worked... I had to roll both changes back during troubleshooting). Once compiz is running, xfce seems to "remember" it, even after logon/off.

If compiz runs on your primary screen only try this to get it running on the other: 

compiz --replace --display :0.1

Sound

pacman -S alsa-utils lib32-libpulse lib32-alsa-plugins alsa-oss
alsamixer

unmute the master, set the volume to a decent level

Basic desktop software

sudo pacman -S firefox gedit libreoffice-fresh epdfview gftp xfce4-screenshooter

Image viewer

sudo pacman -S eog

Screen saver

sudo pacman -S xscreensaver xfce4-power-manager

Disable screensaver when playing video in browser

cd /usr/local/aur
git clone https://aur.archlinux.org/python-pulse-control.git
cd python-pulse-control
makepkg -si
cd /usr/local/aur
git clone https://aur.archlinux.org/firefox-dpms-git.git
cd firefox-dpms-git
makepkg -si

(no idea if the above actually works...)

Multimedia

sudo pacman -S pulseaudio xfce4-pulseaudio-plugin pavucontrol pulseaudio-alsa gst-plugins-good
sudo pacman -S mplayer vlc ffmpeg kodi mencoder devede

Torrent client

sudo pacman -S transmission-gtk transmission-cli

Password Manager

cd /usr/local/aur/
git clone https://aur.archlinux.org/password-gorilla.git
cd /usr/local/aur/password-gorilla
makepkg -si

Synergy

Allows you to control another computer using the keyboard/mouse from the server. Needs to be installed on the server and client. 

cd /usr/local/aur/
git clone https://aur.archlinux.org/qsynergy.git
cd qsynergy
makepkg -si

Mobile devices

Android

To mount android phones under xfce using Thunar, you'll need... 

sudo pacman -S gvfs gvfs-mtp

A GUI based too that I haven't figured out how to use is 

sudo pacman -S android-file-transfer

Bluetooth headset

Install the bluetooth stack. 

sudo pacman -S bluez bluez-utils bluez-libs

Load the bluetooth kernel module 

sudo modprobe btusb

Enable and start the service 

sudo systemctl enable bluetooth.service
sudo systemctl start bluetooth.service

Install the components for a bluetooth headset. 

sudo pacman -S pulseaudio-bluetooth pulseaudio-alsa

After this, the headset was available as an output device in volume control through the pulseaudio stack.

Server settings

System monitor

sudo pacman -S conky

restored .conkyrc from backup

Hard disk temperature monitoring

sudo pacman -S hddtemp netcat

In order to monitor more than the first drive found in the system, a systemctl override is required. 

sudo systemctl edit hddtemp.service

Add the following: 

[Service]
ExecStart=
ExecStart=/usr/bin/hddtemp -dF /dev/sda /dev/sdb /dev/sdc ... /dev/sdx

Save the file and reload the systemctl daemon 

sudo systemctl daemon-reload
sudo systemctl enable hddtemp
sudo systemctl hddtemp start

You can now use the netcat command to display hard disk temperature in conky: 

nc localhost 7634

UPS

sudo pacman -S apcupsd

restore /etc/apcupsd/apcupsd.conf from backup 

sudo systemctl enable apcupsd.service
sudo systemctl start apcupsd.service

NFS Server

sudo pacman -S nfs-utils

/etc/exports was copied from backup 

sudo systemctl enable nfs-server.service
sudo systemctl start nfs-server.service

Database server

sudo pacman -S mariadb
sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
sudo mysql_secure_installation
sudo systemctl enable mariadb.service
sudo systemctl start mariadb.service

Restore database from backup

gunzip < mysql_backup.sql.gz | mysql -u root -p

passwords for users did not work after restore. accounts had to be deleted and re-created. permisisons persisted after restoring.


Web Server

sudo pacman -S apache
sudo systemctl enable httpd.service
sudo systemctl start httpd.service

php

sudo pacman -S php php-apache
sudo nano /etc/php/php.ini

enable: date.timezone = America/Vancouver enable: short_open_tag = On enable: display_errors = On enable: open_basedir = /srv/http/ 

sudo nano /etc/httpd/conf/httpd.conf

comment the line: LoadModule mpm_event_module modules/mod_mpm_event.so

uncomment the line: LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

add the following to the LoadModule list:

LoadModule php7_module modules/libphp7.so

AddHandler php7-script .php

add the following to the Include list:

Include conf/extra/php7_module.conf

Include conf/vhosts/*.conf 

sudo mkdir /etc/httpd/conf/vhosts

copy the backups from the previous vhosts to the above folder and edit accordingly 

sudo systemctl restart httpd


LetsEncypt certificate management

sudo pacman -S certbot certbot-apache
sudo nano /etc/httpd/conf/extra/httpd-acme.conf

paste the contents from https://wiki.archlinux.org/index.php/Certbot#Apache 

sudo nano /etc/httpd/conf/httpd.conf

add: Include conf/extra/httpd-acme.conf 

sudo systemctl restart httpd
sudo certbot certonly --email gr0x0rd@gmail.com --webroot -w /var/lib/letsencrypt/ -d gr0x0rd.com,blog.gr0x0rd.com,1291.gr0x0rd.com,pool.gr0x0rd.com,wiki.gr0x0rd.com,www.gr0x0rd.com

certs are now available at /etc/letsencrypt/live/gr0x0rd.com

private key: privkey.pem

cert: cert.pem

chain: chain.pem (for nginx)

fullchain: fullchain.pem 

sudo nano /etc/httpd/conf/httpd.conf

uncomment: LoadModule ssl_module modules/mod_ssl.so

uncomment: LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

uncomment: Include conf/extra/httpd-ssl.conf

uncomment: LoadModule rewrite_module modules/mod_rewrite.so 

sudo nano /etc/httpd/conf/extra/httpd-ssl.conf

add: SSLCertificateFile "/etc/letsencrypt/live/gr0x0rd.com/cert.pem"

add: SSLCertificateKeyFile "/etc/letsencrypt/live/gr0x0rd.com/privkey.pem"

add: SSLCertificateChainFile "/etc/letsencrypt/live/gr0x0rd.com/fullchain.pem"

add the same directives to the secure directive area in the applicable vhost file 

sudo systemctl restart httpd

todo: https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal

Mediawiki

sudo pacman -S mediawiki imagemagick php-gd php-intl
sudo nano /etc/php/php.ini

add: /var/lib/mediawiki/:/usr/share/webapps/:/tmp/:/usr/bin/ to the open_basedir directive

uncomment: extension=gd

uncomment: extension=intl

uncomment: extension=iconv

uncomment: extension=mysqli

uncomment: session.save_path = "/tmp" 

sudo mkdir -p /srv/http/mediawiki
sudo cp -r /usr/share/webapps/mediawiki/* /srv/http/mediawiki/

create the necessary file in /etc/httpd/conf/vhosts/ 

sudo systemctl restart httpd

Wordpress

sudo pacman -S wordpress
sudo mkdir -p /srv/http/wordpress
sudo cp -r /usr/share/webapps/wordpress/* /srv/http/wordpress/

If you have any backed up content or an existing site, copy the relevant files (such as wp-content) to the new instance.

There are a number of php extensions that need to be enabled for wordpress to work properly. If you've already completed the steps above, these should all be ready to go.

When satisfied, create the applicable vhosts file in apache and... 

sudo systemctl restart httpd

Universal Media Server

sudo pacman -S jdk8-openjdk
sudo pacman -S dcraw lib32-gcc-libs 
sudo nano /etc/pacman.conf

uncomment [multilib] and Include = /etc/pacman.d/mirrorlist 

sudo pacman -Syu
sudo pacman -S lib32-freetype2
cd /usr/local/aur/
git clone https://aur.archlinux.org/lib32-libmng.git
/usr/local/aur/lib32-libmng
gpg --recv-keys F54984BFA16C640F
makepkg -si
cd /usr/local/aur/
git clone https://aur.archlinux.org/lib32-qt4.git
cd /usr/local/aur/lib32-qt4
makepkg -si
git clone https://aur.archlinux.org/tsmuxer-ng-bin.git
cd /usr/local/aur/tsmuxer-ng-bin
makepkg -si
git clone https://aur.archlinux.org/ums.git
cd /usr/local/aur/ums
makepkg -si

copy the .config/UMS from backup to the desired location.

create the file /usr/lib/systemd/system/ums.service

copy the contents from http://www.universalmediaserver.com/forum/viewtopic.php?f=3&t=1240&start=10#p7392 to the file and save it

change the user "UMS" to running user 

sudo systemctl enable ums.service
sudo systemctl start ums.service

Plex Media Server

cd /usr/local/aur/
git clone https://aur.archlinux.org/plex-media-server-plexpass.git
cd /usr/local/aur/plex-media-server-plexpass
makepkg -si

Arch does not apply any group or user permissions to home directories when users are created. For PMS to read media in my home folder, I had to add 

chmod +rx /home/gr0x0rd

Enable and start the service 

sudo systemctl enable plexmediaserver.service
sudo systemctl start plexmediaserver.service

To restore previous library configuration, overwrite the contents of the "Plex Media Server" folder with your backup.

OTA TV

For this setup I used a Hauppage WinTV DualHD USB TV tuner, model 01595. After insertion, dmesg indicated the kernel picked up the device, but a few things were necessary to get things up and running: 

cd /usr/local/aur
git clone https://aur.archlinux.org/linuxtv-dvb-apps.git
cd linuxtv-dvb-apps
makepkg -si
cd /usr/local/aur
git clone https://aur.archlinux.org/w_scan.git
cd w_scan
makepkg -si

After this w_scan reported inability to load the driver, so... 

sudo modprobe dvb_usb_rtl28xxu
sudo modprobe rtl2830
sudo modprobe rtl2832

w_scan was able to find channels after this.

Virtualbox

sudo pacman -S virtualbox
sudo pacman -S linux-headers
cd /usr/local/aur/
git clone https://aur.archlinux.org/virtualbox-ext-oracle.git 
makepkg -si
sudo modprobe vboxdrv
sudo modprobe vboxnetadp
sudo modprobe vboxnetflt
sudo modprobe vboxpci
sudo gpasswd -a gr0x0rd vboxusers

splunk

cd /usr/local/aur/
git clone https://aur.archlinux.org/splunk.git 
cd splunk
makepkg -si
sudo systemctl enable splunk
sudo systemctl start splunk

Gaming

The following nvidia packages were required before anything worked, really. 

sudo pacman -S nvidia-libgl
sudo pacman -S lib32-nvidia-libgl

playonlinux

sudo pacman -S playonlinux

Tips & Tricks

Installing older versions of packages

Find the package via https://archive.archlinux.org/packages/ . Once you've found it, copy the link. Install via 

sudo pacman -U <url>

Xfce panel not responding

If the panel stops responding to mouse or keyboard commands, restart it via 

xfce4-panel -r
Retrieved from "http:///index.php?title=Archlinux_configuration&oldid=938"