Archlinux configuration
Installation
Start the ssh daemon
Once up and running, you should check to see that you have a network connection. Once you do, enable connections via root to ssh:
nano /etc/sshd/ssh_config
Add the directive PermitRootLogin yes to the file. Once done, start the ssh daemon.
systemctl start sshd.service
You should now be able to connect via another machine with, say, access to this wiki. This will allow you to copy and paste commands instead of typing.
Prepare the disks
This guide assumes a RAID1 installation on a UEFI motherboard.
fdisk -l
The disks should be recognized as /dev/sda and /dev/sdb. Your boot USB should be recognized as /dev/sdc.
fdisk /dev/sda
If there are any existing partitions on the disk, delete them by pressing d. This will, of course, delete all data on the disk. Press p to see existing partitions. When there are none, let's create the EFI system partition.
n <press enter> <press enter> +512M
Set the partition type to "EFI System".
t 1
Create a swap partition. This should be half the size of the RAM in your system. We will have a non-RAID swap partition on each disk. This provides the benefit of striping while still remaining redundant.
n <press enter> <press enter> +16G
Set the partition type to swap.
t <press enter> 19
Finally, create the root partition.
n <press enter> <press enter> <press enter>
Set the type of filesystem to RAID.
t <press enter> 29
Now that you have your pretty disk partitioned, save what you've done.
w
Finally, copy the partition table you've created to the second disk.
sfdisk -d /dev/sda | sfdisk /dev/sdb
Prepare filesystems
The EFI system partitions need to be formatted as FAT.
mkfs.fat -F32 /dev/sda1 mkfs.fat -F32 /dev/sdb1
Create the swap space on both drives.
mkswap /dev/sda2 swapon /dev/sda2 mkswap /dev/sdb2 swapon /dev/sdb2
Before we can create the filesystem for the root partition, we need to set up and enable the RAID.
mdadm --create --verbose --level=1 --metadata=1.2 --raid-devices=2 --name=root1 /dev/md0 /dev/sda3 /dev/sdb3
It's probably wise to let the RAID complete before formatting the filesystem. You can watch it sync up via
watch cat /proc/mdstat
Once it's done, create the filesystem.
mkfs.ext4 /dev/md0
Mount the file systems
Set the system clock.
timedatectl set-ntp true
First let's mount the newly created RAID root partition.
mount /dev/md0 /mnt
We now need to mount the ESP partition from the first disk as /efi.
mkdir /mnt/efi mount /dev/sda1 /mnt/efi
Install the base packages
This will create a base archlinux system on your newly created RAID root volume.
pacstrap /mnt base
Configure the system
genfstab -U /mnt >> /mnt/etc/fstab arch-chroot /mnt
Make a copy of the fstab in case of disk failure in the future:
cp /etc/fstab /etc/fstab.sda
Preserve your RAID configuration in the new installation.
mdadm --detail --scan >> /etc/mdadm.conf
It might also be helpful to add your email address to the file, and enable monitoring.
nano /etc/mdadm.conf
Adjust the MAILADDR and PROGRAM lines accordingly. The mdadm package will be required to assemble the array, so let's install it.
pacman -S mdadm
Configure the mdadm service to start at boot so monitoring alerts can be sent.
Next, set the time zone.
ln -sf /usr/share/zoneinfo/Canada/Pacific /etc/localtime hwclock --systohc nano /etc/locale.gen
Uncomment: en_US.UTF-8 UTF-8
locale-gen nano /etc/locale.conf
add: LANG=en_US.UTF-8
nano /etc/hostname
add: system_name
nano /etc/hosts
add any relevant references for your local network.
ln -s /dev/null /etc/udev/rules.d/80-net-setup-link.rules
Since our system is RAID, we need to add support for mdadm into the initramfs image.
nano /etc/mkinitcpio.conf
Find the HOOKS section and be sure to add mdadm before filesystems. Then, generate the image
mkinitcpio -p linux passwd
Bootloader
pacman -S grub efibootmgr intel-ucode
Edit the grub configuration file so it loads the appropriate RAID modules.
nano /etc/default/grub
Add the following to the GRUB_CMDLINE_LINUX_DEFAULT= section:
root=/dev/md0
Add the following to the GRUB_PRELOAD_MODULES section:
mdraid09 mdraid1x
Next we install the bootloader.
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB
For the sake of redundancy, we also need to install it on the other drive as well.
umount /efi mount /dev/sdb1 /efi grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB
Make a backup of the fstab configuration with this drive's efi UUID.
genfstab >> /etc/fstab.sdb
Revert to the previous configuration.
umount /efi mount /dev/sda1 /efi
Generate the configuration file.
grub-mkconfig -o /boot/grub/grub.cfg
Start network at boot
systemctl enable dhcpcd
Reboot the system
exit umount /mnt/efi umount /mnt reboot
Optional: RAID testing
During testing it was found that if mdadm_udev was used in the place of mdadm in the initramfs HOOKS configuration, the system would not boot.
Have a look at the /etc/fstab.sda and /etc/fstab.sdb files. In each, ensure that the correct efi entry is listed, and remove the swap dependency for the other drive.
Be sure to preserve a copy of the master fstab.
cp /etc/fstab /etc/fstab.raid
Failure of /dev/sda
Power off the system and remove the cable from /dev/sda. Start the system. It should fail on the missing efi and swap partitions.
Enter the root password to enter maintenance mode. Make the sdb fstab the primary and reboot.
cp /etc/fstab.sdb /etc/fstab reboot
Your system should be up and running with the single drive. Once you have a replacement for the failed drive, you will need to boot with an iso image and copy the partition table to the new disk. If you're testing and you've reconnected the cable for the missing drive, mdadm might now automatically rebuilt it. To do so,
mdadm --manage /dev/md0 --add /dev/sda3
Watch as the rebuild completes.
watch cat /proc/mdstat
Failure of /dev/sdb
This did not yield, the expected result, the system ended at a GRUB screen (something wrong with efi installation on /dev/sdb or the initramfs image).
After booting with the iso image, it was necessary to remove and restart the RAID with the correct enumeration.
mdadm --stop /dev/md127 mdadm --assemble --force /dev/md0 /dev/sda3
Mount the volumes and chroot.
mount /dev/md0 /mnt mount /dev/sda1 /mnt/efi arch-chroot /mnt
Re-generate the initramfs image.
mkinitcpio -p linux
Reinstall grub.
grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=GRUB
Reboot.
exit umount /mnt/efi umount /mnt reboot
Upon reboot, you will run into a similar scenario as with when sda was missing (timeout on the missing swap). After the 90 second timeout, log in as root and copy the backup fstab.
cp /etc/fstab.sda /etc/fstab reboot
The system should come up clean. Restore the raid fstab file:
cp /etc/fstab.raid /etc/fstab shutdown -h now
Reconnect /dev/sdb and power on. As before, the RAID won't resume on its own, which is stupid. So kick that off.
mdadm --manage /dev/md0 --add /dev/sdb3
At this point we have demonstrated we can boot from either drive with some minor tinkering.
Optional: configure the /home
This section assumes you have a 4-disk RAID5 configuration for /home, and assumes you have connected the drives. First ensure raid5 support is enabled:
modprobe raid5
Check the status of the array. Chances are it's already running, but under the wrong md value.
cat /proc/mdstat
Stop the array and start it up again under the correct name.
mdadm --stop /dev/md127 mdadm --assemble /dev/md1 /dev/sd[cdef]3
Preserve the configuration.
mdadm --detail --scan >> /etc/mdadm.conf nano /etc/mdadm.conf
Remove any redundant entries, and ensure the correct md names are set. Next, mount the volume.
mount /dev/md1 /home
Generate a new version of fstab.
pacman -S arch-install-scripts genfstab -U / >> /etc/fstab.home
Examine the new file and copy the entry for md1 into the other versions of the file. If you don't want the file system check running with every boot, be sure to end the entry with "0 0".
Basic system configuration
log in as root
Create a user
useradd -m -G wheel,audio -s /bin/bash gr0x0rd passwd gr0x0rd
Set up sudo
pacman -S sudo nano /etc/sudoers
comment out wheel group
exit
ssh daemon
log in as gr0x0rd
sudo pacman -S polkit sudo pacman -S openssh sudo nano /etc/ssh/sshd_config
change port 22 to 2112
sudo systemctl edit sshd.socket
create section [Socket] and set ListenStream=2112
sudo systemctl start sshd.socket sudo systemctl enable sshd.socket
smtp server
sudo pacman -S msmtp msmtp-mta
TODO: complete this section...
antivirus
sudo pacman -S clamav sudo freshclam sudo systemctl enable clamav-daemon.service sudo systemctl start clamav-daemon.service
Arch User Repository
sudo pacman -S --needed base-devel sudo mkdir -p /usr/local/aur sudo pacman -S git sudo chmod -R 777 /usr/local/aur
Enable multilib
sudo nano /etc/pacman.conf
uncomment [multilib] and Include = /etc/pacman.d/mirrorlist
Tools
sudo pacman -S dnsutils
Desktop environment
Graphic driver
sudo pacman -S nvidia sudo mkinitcpio sudo reboot
confirm the system is using the nvidia driver via lspci -v
Window Manager
sudo pacman -S xorg xterm sudo pacman -S xfce4 xfce4-goodies gvfs gvfs-afc udisks2 gamin file-roller ark xarchiver thunar-volman sudo nano /etc/X11/xinit/xinitrc
add: exec startxfce4
sudo pacman -S lightdm lightdm-gtk-greeter sudo nano /etc/lightdm/lightdm.conf
add to [Seat:*] section: greeter-session=lightdm-yourgreeter-greeter
sudo systemctl enable lightdm
reboot or start the desktop environment via startxfce4
sudo pacman -S ttf-dejavu
resolves messed up terminal fonts in xfce
compiz
cd /usr/local/aur git clone https://aur.archlinux.org/compiz.git cd compiz makepkg -si cd /usr/local/aur git clone https://aur.archlinux.org/emerald.git cd emerald makepkg -si cd /usr/local/aur git clone https://aur.archlinux.org/emerald-themes.git cd emerald-themes makepkg -si cd /usr/local/aur git clone https://aur.archlinux.org/fusion-icon.git cd fusion-icon makepkg -si
In xfce it's possible to change the default window manager to compiz via the command
xfconf-query -c xfce4-session -p /sessions/Failsafe/Client0_Command -t string -sa compiz
Also, it's possible to set the global WM in xfce via editing the following xml files:
/etc/xdg/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
(I'm not sure if the above actually worked... I had to roll both changes back during troubleshooting). Once compiz is running, xfce seems to "remember" it, even after logon/off.
If compiz runs on your primary screen only try this to get it running on the other:
compiz --replace --display :0.1
There is a bug in the xfce panel where it squishes the multiple desktop viewport. For that, a patched version of the panel is needed.
cd /usr/local/aur git clone https://aur.archlinux.org/xfce4-panel-compiz.git cd xfce4-panel-compiz makepkg -si
Sound
sudo pacman -S alsa-utils lib32-libpulse lib32-alsa-plugins alsa-oss alsamixer
unmute the master, set the volume to a decent level
Basic desktop software
sudo pacman -S firefox gedit libreoffice-fresh epdfview gftp xfce4-screenshooter
Brave browser
cd /usr/local/aur/ git clone https://aur.archlinux.org/brave.git cd brave makepkg -si
Google chrome browser
cd /usr/local/aur/ git clone https://aur.archlinux.org/google-chrome.git cd google-chrome makepkg -si
Image viewer
sudo pacman -S eog
Screen saver
sudo pacman -S xscreensaver xfce4-power-manager
Disable screensaver when playing video in browser
This is best accomplished using caffeine-ng.
cd /usr/local/aur git clone https://aur.archlinux.org/python-ewmh.git cd python-ewmh makepkg -si cd /usr/local/aur git https://aur.archlinux.org/caffeine-ng.git cd caffeine-ng makepkg -si
Multimedia
sudo pacman -S pulseaudio xfce4-pulseaudio-plugin pavucontrol pulseaudio-alsa gst-plugins-good sudo pacman -S mplayer vlc ffmpeg kodi mencoder devede
Torrent client
sudo pacman -S transmission-gtk transmission-cli
Password Manager
cd /usr/local/aur/ git clone https://aur.archlinux.org/password-gorilla.git cd /usr/local/aur/password-gorilla makepkg -si
Synergy
Allows you to control another computer using the keyboard/mouse from the server. Needs to be installed on the server and client.
cd /usr/local/aur/ git clone https://aur.archlinux.org/qsynergy.git cd qsynergy makepkg -si
Mobile devices
Android
To mount android phones under xfce using Thunar, you'll need...
sudo pacman -S gvfs gvfs-mtp
A GUI based too that I haven't figured out how to use is
sudo pacman -S android-file-transfer
Bluetooth headset
Install the bluetooth stack.
sudo pacman -S bluez bluez-utils bluez-libs
Load the bluetooth kernel module
sudo modprobe btusb
Enable and start the service
sudo systemctl enable bluetooth.service sudo systemctl start bluetooth.service
Install the components for a bluetooth headset.
sudo pacman -S pulseaudio-bluetooth pulseaudio-alsa
After this, the headset was available as an output device in volume control through the pulseaudio stack.
Server settings
System monitor
sudo pacman -S conky
restored .conkyrc from backup
Hard disk temperature monitoring
sudo pacman -S hddtemp netcat
In order to monitor more than the first drive found in the system, a systemctl override is required.
sudo systemctl edit hddtemp.service
Add the following:
[Service] ExecStart= ExecStart=/usr/bin/hddtemp -dF /dev/sda /dev/sdb /dev/sdc ... /dev/sdx
Save the file and reload the systemctl daemon
sudo systemctl daemon-reload sudo systemctl enable hddtemp sudo systemctl start hddtemp
You can now use the netcat command to display hard disk temperature in conky:
nc localhost 7634
UPS
sudo pacman -S apcupsd
restore /etc/apcupsd/apcupsd.conf from backup
sudo systemctl enable apcupsd.service sudo systemctl start apcupsd.service
NFS Server
sudo pacman -S nfs-utils
/etc/exports was copied from backup
sudo systemctl enable nfs-server.service sudo systemctl start nfs-server.service
Database server
sudo pacman -S mariadb sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql sudo systemctl enable mariadb.service sudo systemctl start mariadb.service sudo mysql_secure_installation
Restore database from backup
gunzip < mysql_backup.sql.gz | mysql -u root -p
passwords for users did not work after restore. accounts had to be deleted and re-created. permisisons persisted after restoring.
Web Server
sudo pacman -S apache sudo systemctl enable httpd.service sudo systemctl start httpd.service
php
sudo pacman -S php php-apache sudo nano /etc/php/php.ini
enable: date.timezone = America/Vancouver enable: short_open_tag = On enable: display_errors = On enable: open_basedir = /srv/http/
sudo nano /etc/httpd/conf/httpd.conf
comment the line: LoadModule mpm_event_module modules/mod_mpm_event.so
uncomment the line: LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
add the following to the LoadModule list:
LoadModule php7_module modules/libphp7.so
AddHandler php7-script .php
add the following to the Include list:
Include conf/extra/php7_module.conf
Include conf/vhosts/*.conf
sudo mkdir /etc/httpd/conf/vhosts
copy the backups from the previous vhosts to the above folder and edit accordingly
sudo systemctl restart httpd
LetsEncypt certificate management
sudo pacman -S certbot certbot-apache sudo nano /etc/httpd/conf/extra/httpd-acme.conf
paste the contents from https://wiki.archlinux.org/index.php/Certbot#Apache
sudo nano /etc/httpd/conf/httpd.conf
add: Include conf/extra/httpd-acme.conf
sudo systemctl restart httpd sudo certbot certonly --email gr0x0rd@gmail.com --webroot -w /var/lib/letsencrypt/ -d gr0x0rd.com,blog.gr0x0rd.com,1291.gr0x0rd.com,pool.gr0x0rd.com,wiki.gr0x0rd.com,www.gr0x0rd.com
certs are now available at /etc/letsencrypt/live/gr0x0rd.com
private key: privkey.pem
cert: cert.pem
chain: chain.pem (for nginx)
fullchain: fullchain.pem
sudo nano /etc/httpd/conf/httpd.conf
uncomment: LoadModule ssl_module modules/mod_ssl.so
uncomment: LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
uncomment: Include conf/extra/httpd-ssl.conf
uncomment: LoadModule rewrite_module modules/mod_rewrite.so
sudo nano /etc/httpd/conf/extra/httpd-ssl.conf
add: SSLCertificateFile "/etc/letsencrypt/live/gr0x0rd.com/cert.pem"
add: SSLCertificateKeyFile "/etc/letsencrypt/live/gr0x0rd.com/privkey.pem"
add: SSLCertificateChainFile "/etc/letsencrypt/live/gr0x0rd.com/fullchain.pem"
add the same directives to the secure directive area in the applicable vhost file
sudo systemctl restart httpd
todo: https://wiki.archlinux.org/index.php/Certbot#Automatic_renewal
Mediawiki
sudo pacman -S mediawiki imagemagick php-gd php-intl sudo nano /etc/php/php.ini
add: /var/lib/mediawiki/:/usr/share/webapps/:/tmp/:/usr/bin/ to the open_basedir directive
uncomment: extension=gd
uncomment: extension=intl
uncomment: extension=iconv
uncomment: extension=mysqli
uncomment: session.save_path = "/tmp"
sudo mkdir -p /srv/http/mediawiki sudo cp -r /usr/share/webapps/mediawiki/* /srv/http/mediawiki/
create the necessary file in /etc/httpd/conf/vhosts/
sudo systemctl restart httpd
Wordpress
sudo pacman -S wordpress sudo mkdir -p /srv/http/wordpress sudo cp -r /usr/share/webapps/wordpress/* /srv/http/wordpress/
If you have any backed up content or an existing site, copy the relevant files (such as wp-content) to the new instance.
There are a number of php extensions that need to be enabled for wordpress to work properly. If you've already completed the steps above, these should all be ready to go.
When satisfied, create the applicable vhosts file in apache and...
sudo systemctl restart httpd
Universal Media Server
sudo pacman -S jdk8-openjdk sudo pacman -S dcraw lib32-gcc-libs sudo nano /etc/pacman.conf
uncomment [multilib] and Include = /etc/pacman.d/mirrorlist
sudo pacman -Syu sudo pacman -S lib32-freetype2 cd /usr/local/aur/ git clone https://aur.archlinux.org/lib32-libmng.git /usr/local/aur/lib32-libmng gpg --recv-keys F54984BFA16C640F makepkg -si cd /usr/local/aur/ git clone https://aur.archlinux.org/lib32-qt4.git cd /usr/local/aur/lib32-qt4 makepkg -si git clone https://aur.archlinux.org/tsmuxer-ng-bin.git cd /usr/local/aur/tsmuxer-ng-bin makepkg -si git clone https://aur.archlinux.org/ums.git cd /usr/local/aur/ums makepkg -si
copy the .config/UMS from backup to the desired location.
create the file /usr/lib/systemd/system/ums.service
copy the contents from http://www.universalmediaserver.com/forum/viewtopic.php?f=3&t=1240&start=10#p7392 to the file and save it
change the user "UMS" to running user
sudo systemctl enable ums.service sudo systemctl start ums.service
Plex Media Server
cd /usr/local/aur/ git clone https://aur.archlinux.org/plex-media-server-plexpass.git cd /usr/local/aur/plex-media-server-plexpass makepkg -si
Arch does not apply any group or user permissions to home directories when users are created. For PMS to read media in my home folder, I had to add
chmod +rx /home/gr0x0rd
Enable and start the service
sudo systemctl enable plexmediaserver.service sudo systemctl start plexmediaserver.service
To restore previous library configuration, overwrite the contents of the "Plex Media Server" folder with your backup.
OTA TV
For this setup I used a Hauppage WinTV DualHD USB TV tuner, model 01595. After insertion, dmesg indicated the kernel picked up the device, but a few things were necessary to get things up and running:
cd /usr/local/aur git clone https://aur.archlinux.org/linuxtv-dvb-apps.git cd linuxtv-dvb-apps makepkg -si cd /usr/local/aur git clone https://aur.archlinux.org/w_scan.git cd w_scan makepkg -si
After this w_scan reported inability to load the driver, so...
sudo modprobe dvb_usb_rtl28xxu sudo modprobe rtl2830 sudo modprobe rtl2832
w_scan was able to find channels after this. Another fantastic troubleshooting application is kaffeine.
sudo pacman -S kaffeine
In order for plex to pick up the TV tuner and add it to the DVR configuration, the plex user needs to be part of the video group.
sudo gpasswd -a plex video
Restart the plex service to pick up these changes.
Virtualbox
sudo pacman -S virtualbox sudo pacman -S linux-headers cd /usr/local/aur/ git clone https://aur.archlinux.org/virtualbox-ext-oracle.git makepkg -si sudo modprobe vboxdrv sudo modprobe vboxnetadp sudo modprobe vboxnetflt sudo modprobe vboxpci sudo gpasswd -a gr0x0rd vboxusers
splunk
cd /usr/local/aur/ git clone https://aur.archlinux.org/splunk.git cd splunk makepkg -si sudo systemctl enable splunk sudo systemctl start splunk
Gaming
The following nvidia packages were required before anything worked, really.
sudo pacman -S nvidia-libgl sudo pacman -S lib32-nvidia-libgl
playonlinux
sudo pacman -S playonlinux
Tips & Tricks
Installing older versions of packages
Find the package via https://archive.archlinux.org/packages/ . Once you've found it, copy the link. Install via
sudo pacman -U <url>
Xfce panel not responding
If the panel stops responding to mouse or keyboard commands, restart it via
xfce4-panel -r