Box

From Things and Stuff Wiki
Jump to navigation Jump to search


General

A box, yer computer, physical (or abstract) box. [1]

These are the steps that I follow (and create) when I set-up Arch Linux. They are incomplete and I update them each time I go through the process.

See also Stack, *nix#Configuration 2, Server, Distros, Distros#Live Distro


  • RFC 1178 - Choosing a name for your computer - In order to easily distinguish between multiple computers, we give them names. Experience has taught us that it is as easy to choose bad names as it is to choose good ones. This essay presents guidelines for deciding what makes a name good or bad.

Arch Linux stock install



Todo:

Setup in the Arch install environment

Download the Arch iso, install it to USB/etc and boot from it, or use a netboot option.

# set keyboard for UK qwerty, gives access to pipe character, etc.
loadkeys /usr/share/kbd/keymaps/i386/qwerty/uk.map.gz

# check for potentially failed services (i.e. network DHCP if you have already plugged in an Ethernet cable)
systemctl --failed

Network

# If you don't have an Ethernet cable and gateway to plug into but do have WiFi available;

# for wifi-menu / wpa_cli to work
vim /etc/wpa_supplicant/base.conf
# new file

  ctrl_interface=/run/wpa_supplicant
  update_config=1

# get wifi interface name
ip a


wifi-menu

(or)

# start wpa_supplicant
wpa_supplicant -B -i interfacename -c /etc/wpa_supplicant/base.conf

# establish wifi data link
wpa_cli

  scan
  scan_results

  add_network
  set_network 0 ssid "MYSSID"
  set_network 0 psk "passphrase"
  enable_network 0

  # or for open wifi
  set_network 0 key_mgmt NONE
  enable_network 0

  save_config
  q


### for wifi and ethernet???
# establish ip linkcli
dhcpcd [interface]

Setup target storage

Either basic or LVM (or btrfs (to come))

Basic

# https://wiki.archlinux.org/index.php/Partitioning
# there can be only 4 'primary' partitions in an MBR partition table.
# or GPT can be used

# if not using LVM, make the fourth 'extended' so it can contain further 'logical' partitions
# filesystem partition size ideas:
# /boot - 512M
  # contains boot kernel images (linux, linux-lts, linux-ck, etc.) - Type: linux (83 / 20)
# [swap]
  # swap size to match RAM size - Type: Linux swap (82 / 19)
# /
  # one large partition for the rest - Type: Linux (83 / 20) OR Linux LVM (8e / 31)


# all-in-one partitioning, boot flag and swap partition setup
echo -e "n\n\n\n\n+512M\n n\n\n\n\n+1G\n n\n\n\n\n\n a\n1\n t\n2\n82\nw\n"|
fdisk /dev/vda


# check drive partitions
lsblk

# formatting
# boot as ext2 (no journal for less fuckups?)
mkfs.ext2 /dev/sda1
e2label /dev/sda1 /boot

mkfs.ext4 /dev/[partition]


# create swap partition
mkswap /dev/[swappartition]
swapon /dev/[swappartition]


# mount partitions - root first
mount /dev/mapper/<lv-root> /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot


# give device label, for file managers - https://wiki.archlinux.org/index.php/Persistent_block_device_naming#by-label
e2label /dev/XXX <label>

LVM (optional)

# managing storage devices with LVM allows for easier partition resizing, etc. later
# see https://wiki.archlinux.org/index.php/LVM

# you cannot have an LVM /boot, unless you are booting from a linux based bootloader such as coreboot, libreboot
# an LVM swap is only worth it if the LVM setup is to be mirrored (for speed)

# scan for available devices
lvmdiskscan

# create physical volume
pvcreate /dev/DEVICE

# confirm the above with either:
pvdisplay
pvscan
pvs


# create and add to internal drive volume group
vgcreate <volume_group> /dev/DEVICE

# or
vgcreate <volume_group> /dev/sda2 /dev/sdb1 /dev/sdc

# or
vgextend <volume_group> <physical_volume>

# confirm the above with:
vgdisplay


# logical volume / partition ideas:

# root (/) logical volume, will contain /usr (includes installed programs)
   # minimum 100G
# [swap]
   # match size of RAM if you use suspend-to-disk - Type
   # only worth it if the swap will be mirrored
# var (/var) logical volume - contains misc. including spools, logs, packages downloaded for installation. separate to avoid running out of space
   # minimum 100G
# home (/home) logical volume - contains user home folders


# create partition group. -C = contiguous.
lvcreate -C y -L 100G <volume_group> -n <lv_name>

etc.


# confirm the above
lvs



# confirm drive partitions
lsblk

# format drive partitions
# boot as ext2
mkfs.ext2 /dev/sda1
e2label /dev/sda1 /boot


mkfs.ext4 /dev/mapper/[partition]
# repeat for each partition, excluding swap partition

# create swap partition
mkswap /dev/[swappartition]
swapon /dev/[swappartition]

# mount partitions - root first
mount /dev/mapper/<lv-root> /mnt

mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

mkdir /mnt/var
mount /dev/mapper/<lv-var> /mnt/var

mkdir /mnt/home
mount /dev/mapper/<lv-home> /mnt/home


# if mirroring with raid1;
lvconvert --type raid1 -m 1 /dev/milk-hdd-internal/logicalvolume /dev/sdd1


# give device label, for file managers - https://wiki.archlinux.org/index.php/Persistent_block_device_naming#by-label
e2label /dev/XXX <label>


Bootstrap target system

# use geographically close arch package mirror
vim /etc/pacman.d/mirrorlist
# move local mirror at top of the list. this config is also copied across in the next step.

pacman -S archlinux-keyring

# bootstrap including the installation of pacman and a few extras
pacstrap /mnt base base-devel linux linux-headers linux-lts linux-lts-headers vim syslinux gptfdisk pacman-contrib  zsh polkit git netctl openssh p7zip reflector iotop mlocate ripgrep fzf tmux htop atop dmidecode ncdu dfc tree pkgfile wget bind-tools dhcping exfat-utils sshfs dateutils trash-cli wpa_supplicant dialog mediainfo python-pip python2-pip fasd go mpv nodejs npm rxvt-unicode-terminfo


# generate file system configuration info
genfstab -p /mnt >> /mnt/etc/fstab

# chroot into new system
arch-chroot /mnt

Accounts, names, time and language

# set root user password
passwd

# add your own user account and set a password
useradd -m [USERNAME]
passwd [USERNAME]

# let wheel group use sudo for root permission
visudo
# uncomment %wheel      ALL=(ALL) ALL

## USERNAME HOST_NAME= NOPASSWD: /usr/bin/halt,/usr/bin/poweroff,/usr/bin/reboot,/usr/bin/pacman -Syu

# add user to wheel group for sudo/etc, access
gpasswd -a [USERNAME] wheel


# set a computer name
echo computer_name > /etc/hostname


# set the timezone
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime

# uncomment en_GB.UTF-8 or appropriate locale
vim /etc/locale.gen
/#en_GB
xZZ


# generate locale
locale-gen

# set locale conf
echo LANG=en_GB.UTF-8 > /etc/locale.conf

# set persistant console keymap and font preferences in /etc/vconsole.conf
vim /etc/vconsole.conf
i
KEYMAP=uk
[esc]ZZ

Kernel images

# edit mkinitcpio.conf
vim /etc/mkinitcpio.conf
  # add lvm2 to hooks

  HOOKS=" ... block lvm2 filesystems ... "
 
  # uncomment "xz" compression

# build boot arch and lts boot images
mkinitcpio -p linux linux-lts


x86 bootloader

syslinux

# install bootloader: syslinux (installed above)
syslinux-install_update -i -a -m

# the above does this:

# fdisk for boot flag
# dd bs=440 count=1 if=/usr/lib/syslinux/bios/mbr.bin of=/dev/sda

#CAUTION - edit /boot/syslinux/syslinux.cfg to use correct device/mapper addresses

GRUB

# OR
# install bootloader: GRUB
# syslinux is easier to manage than GRUB
#pacman -S grub
#grub-install --recheck --target=i386-pc /dev/sdx

# allow for saving the last booted kernel, edit /etc/default/grub, set
#GRUB_DEFAULT=saved
# and add
#GRUB_SAVEDEFAULT=true

# generate/regenerate config file
#grub-mkconfig -o /boot/grub/grub.cfg

AUR and Git

su [non-root-username]

# bootstrap AUR access with pacman wrapper AUR helper yay
# (in terms of yay > trizen > pacaur w/ pacget > yaourt > *

mkdir -p ~/pkgs && cd ~/pkgs && git clone https://aur.archlinux.org/yay-git.git && cd yay-git && makepkg -si


# Install various handy apps
yay -S --answeredit n --answerdiff n pkgcacheclean longoverdue inxi fd-rs localepurge dtrx downgrade topgrade

# pkgcacheclean - Easy purging of older package cache files
# longoverdue - System service update management made easy
# inxi - Display various system hardware and software infos
# fd-rs - fd command, improved find using gipgrep
# localepurge - Script to remove disk space wasted for unneeded localizations.
# dtrx - Do The Right X, an intelligent archive extraction tool
# downgrade - Bash script for downgrading one or more packages to a version in your cache or the A.L.A.
# topgrade - Invoke the upgrade proceadure of multiple package managers


# If there is ever a missing gpg key;
#gpg --recv-key [keyfromerror]

Network

# set better network interface device names in relation to their MAC (media access control) address.
#vim /etc/udev/rules.d/10-network.rules

# if only one active interface:
echo SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="$(cat /sys/class/net/$(ls /sys/class/net/ | grep -v lo | grep -v wlan)/address)", NAME="eth0" > /etc/udev/rules.d/10.network.rules

# if there is wifi (to fix):
#echo SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="$(cat /sys/class/net/**wifiinterfacename**/address)", NAME="wlan0" >> /etc/udev/rules.d/10.network.rules


# enable DHCP
# multiple network management methods are available
# https://wiki.archlinux.org/index.php/Network_configuration#Dynamic_IP_address

# dhcpcd for all interfaces
systemctl enable dhcpcd
systemctl start dhcpcd


# netctl (arch dev grown systemd interface)
cp /etc/netctl/examples/ethernet-dhcp /etc/netctl
cp /etc/netctl/examples/wireless-wpa /etc/netctl
vim /etc/netctl/wireless-wpa
# change essid and key

# test netctl ethernet profile
netctl start ethernet-dhcp
ip a
ping bbc.co.uk
netctl stop ethernet-dhcp

# test netctl wireless-wpa profile
netctl start ethernet-dhcp
ip a
ping bbc.co.uk
netctl stop wireless-wpa

# make ethernet profile persistant
netctl enable ethernet-dhcp


#optional network extras
pacman -S dnsmasq dnscrypt-proxy

systemctl enable dnsmasq

# either use straight DNS
# set dns resolver (router)
# see https://wiki.archlinux.org/index.php/Resolv.conf#Alternative_DNS_servers for a pair of public DNS server address to set
#vim /etc/resolv.conf

# or use encrypted DNS
# install dnscrypt

# setup dnsmasq config to listen to port 40 instead of 53
vim /etc/dnsmasq.conf

  no-resolv
  server=127.0.0.1#40
  listen-address=127.0.0.1
  proxy-dnssec

# make a network socket for dnscrypt to use port 40
systemctl edit dnscrypt-proxy.socket

  [Socket]
  ListenStream=
  ListenDatagram=
  ListenStream=127.0.0.1:40
  ListenDatagram=127.0.0.1:40

# create a unit file for dnscrypt with your chosen resolver
cp /usr/lib/systemd/system/dnscrypt-proxy.service /etc/systemd/system
vim /etc/systemd/system/dnscrypt-proxy.service

   # following [https://github.com/jedisct1/dnscrypt-proxy/blob/master/dnscrypt-resolvers.csv resolver] works
   dnscrypt.eu-dk

# make sure dnsmasq doesn't fall over due from dnscrypt not responding while it starts up
cp /usr/lib/systemd/system/dnsmasq.service /etc/systemd/system/multi-user.target.wants
vim /etc/systemd/system/multi-user.target.wants

   # edit to load After=dnscrypt-proxy.service
 
systemctl daemon-reload

# um.. could be above? edit file after auto copy rather than before?
systemctl enable dnscrypt-proxy.service

 vim /etc/resolv.conf

   nameserver 127.0.0.1


# setup ssh access
systemctl enable sshd
systemctl start sshd
# reboot
# ctrl-alt-del is quickest


# https://wiki.archlinux.org/index.php/fail2ban
pacman -S fail2ban


SSH and dotfiles

# Make .ssh directory
mkdir ~/.ssh

# Generate an [[SSH]] key using EdDSA (SHA-512/256 and Curve25519)
ssh-keygen -t ed25519 -b 4096 -C "your_email@example.com" -f $HOME/.ssh/id_KEYNAME

# Ensure ssh-agent is enabled for this shell instance
eval "$(ssh-agent -s)"

# Add your SSH key to the ssh-agent
ssh-add ~/.ssh/id_[whatever]


# copy public SSH key to services


# dotfile configuration management using GNU Stow
pacman -S stow
git clone https://github.com/mxmilkb/dotfiles ~/dotfiles && cd ~/dotfiles
stow base
stow zsh
stow vim
stow systemd
stow yay
stow bin
#etcetc

Video drivers

# find out graphics chipset
lspci | grep -e VGA -e 3D

# find gfx chipset drivers to install
pacman -Ss xf86-video | grep ##something##

# install gfx drivers
pacman -S xf86-video-ati # or whatever package

# hardware video acceleration, framebuffer support
pacman -S libva-mesa-driver xf86-video-fbdev

GUI


### fonts
# yay -S --answeredit n --noedit gohfont
 
 
### GUI apps
# yay -S  --answeredit n --noedit mediainfo-gui rxvt-unicode-fontspacing-noinc-vteclear-secondarywheel urxvtcd emoji-keyboard-git





Do you want X11 or wayland?


X11

# if you want a graphical login, install a display manager # https://wiki.archlinux.org/index.php/display_manager
#yay -S --answeredit n lightdm lightdm-gtk-greeter
#systemctl enable lightdm.service
 
localectl set-x11-keymap gb
 
# install basic X11 related
yay -S --answeredit n --noedit xorg-server xorg-xinit xorg-xsetroot xorg-xrdb xorg-xset xorg-xev \
 py3status checkupdates-aur xorg-xinput arandr xorg-xprop xorg-xhost
 
 
# set X11 keyboard layout
sudoedit /etc/X11/xorg.conf.d/20-keyboard.conf

 Section "InputClass"
    Identifier "keyboard"
    MatchIsKeyboard "yes"
    Option "XkbLayout" "gb"
    Option "XkbVariant" "nodeadkeys"
 EndSection


# install X11 window manager
# bspwm-git sxhkd-git - using i3 now.

yay -S --answeredit n i3-gaps


# install other X11 related
yay -S --answeredit n autocutsel xscreensaver compton dunst hsetroot feh dmenu pnmixer-git redshift unclutter \
 radiotray lxappearance workrave xorg-xdpyinfo xdotool glxinfo systemd-numlockontty gohufont



# enable numlock for ttys and X
systemctl enable numLockOnTty
# doesn't work?


# set the default browser
gio mime x-scheme-handler/http google-chrome.desktop
gio mime x-scheme-handler/https google-chrome.desktop

Wayland

yay -S sway swaylock swayidle 

Miscellaneous

# install software
yay -S --answeredit n --answerdiff n links-g-directfb smartmontools gsmartcontrol youtube-dl-git dnscrypt-proxy-gui meld xcwd-git google-chrome caffeine-ng dolphin dolphin-plugins qt5ct fortune-mod ttf-symbola


# update pkgfile search cache
sudo pkgfile --update

systemctl enable pkgfile-update.timer



# set Git config
# if not using vcsh managed git config
#git config --global user.name USERNAME
#git config --global user.email MAILADDRESS


Sync

to check


yay -S --answeredit n syncthing syncthing-gtk syncthing-inotify

systemctl --user enable syncthing.service

syncthing-gtk
# to get api key

mkdir /etc/systemd/user/syncthing-inotify.service.d/

sudoedit /etc/systemd/user/syncthing-inotify.service.d/start.conf

  [Unit]
  ExecStart=
  ExecStart=/usr/bin/syncthing-inotify -logflags=0 -api="0M6ubcgtcy7KBLucu0jeXrgqB8U7YKp9"
  RuntimeDirectory=syncthing-inotify

  edit api

systemctl --user enable syncthing-inotify.service


#sudo ln -s /home/milk/.zshrc /root/.zshrc
#sudo ln -s /home/milk/.zsh /root/.zsh
#sudo ln -s /home/milk/.vimrc /root/.vimrc
#sudo ln -s /home/milk/.vim /root/.vim

Backup

to actually sort

See also Backup

yay -S --answeredit n pakbak-git

sudo mkdir -p /var/backup/pakbak

sudoedit /etc/pakbak.conf

 # edit backup folder to /var/backup/pakbak

systemctl enable pakbak

* tar -cjf pacman_database.tar.bz2 /var/lib/pacman/local


### Borg


# list intentionally installed packages
#pacman -Qqe



# Backup paths;
#
# /home/*
# /etc
# /var
# /boot
# /opt?
# etc..?

# Exclude
#/var/tmp

Virtual machine

yay -S --answeredit n linux-headers virtualbox virtualbox-host-dkms

sudoedit /etc/mkinitcpio.conf

  vboxdrv
    # add to end of modules (not hooks!)

sudo mkinitcpio -p linux

sudo modprobe vboxdrv

virtualbox

Audio

# install some apps
yay -S --answeredit n jack2 pulseaudio-jack cadence-git carla-git lv2-plugins sequencer64 audacity audacity-extras

Extra notes

Laptop

# Set up ACPI
yay -S --answeredit n apci acpid vattery wicd wicd-gtk tlp hdparm mons

systemctl enable acpid.service
# https://wiki.archlinux.org/index.php/Acpid

sudoedit /etc/udev/rules.d/99-lowbat.rules

  # Suspend the system when battery level drops to 5% or lower
  SUBSYSTEM=="power_supply", ATTR{status}=="Discharging", ATTR{capacity}=="[0-5]", RUN+="/usr/bin/systemctl hibernate"

# add vattery and wicd-gkt --tray to .xinitrc

# Set up touchpad

yay -S --answeredit n xf86-input-libinput


# intel video chipset?
sv /etc/X11/xorg.conf

Section "Device"
    Identifier  "Card0"
    Driver      "intel"
    Option      "Backlight"  "intel_backlight"
EndSection


sv /etc/X11/xorg.conf.d/30-touchpad.conf

Section "InputClass"
        Identifier "MyTouchpad"
        MatchIsTouchpad "on"
        Driver "libinput"
        Option "Tapping" "on"
EndSection

Mobile

yay -S kdeconnect indicator-kdeconnect

   exec --no-startup-id /usr/bin/indicator-kdeconnect
   # in .xinitrc

ODROID-N2

pacman -S sudo git tmux

su USERNAME

pacman -S --needed base base base-devel sudo vim git tmux archlinux-keyring pacman-contrib zsh polkit netctl openssh p7zip iotop mlocate ripgrep fzf htop atop dmidecode fasd ncdu dfc tree pkgfile wget bind-tools dhcping exfat-utils sshfs dateutils trash-cli python2-pip lvm2 wpa_supplicant dialog


#not on arm
syslinux reflector mediainfo-cli pip

mkdir -p ~/pkgs && cd ~/pkgs && git clone https://aur.archlinux.org/yay-git.git || true && cd yay-git && makepkg -si

yay -S --answeredit n --answerdiff n pkgcacheclean longoverdue downgrade inxi fd-rs localepurge neobundle-git dtrx


pkgfile --update

# put this in .bashrc
eval "$(fasd --init auto)"




passwd
# change root password
useradd -m USERNAME
passwd USERNAME
# change your password

visudo
# uncomment first wheel directive
gpasswd -a USERNAME wheel

echo NEWHOSTNAME > /etc/hostname
rm /etc/localtime
ln -s /usr/share/zoneinfo/Europe/London /etc/localtime

aconfmgr

scp milk@rose:~/state/aconfmgr ~/state/aconfmgr
   ??

Environment

old?

## usb drive partition - 8Gb
/boot

## lvm raid 1
# root filesystem
/
/usr
/usr/src
/etc
/opt
/dev
/media     # external media mount point
/proc      # process info virtual filesystem
/sys       # system and kernel info virtual filesystem
/run       # running system shit virtual filesystem

/home
  /milk

  /lmedia  # large block size

/var
/var/cache
/var/tmp
/var/log

# ramdisk 
/tmp

# swap 
[SWAP]

Fonts:

noto-fonts-cjk
droid sans mono 10
gohufont

Old Ubuntu setup

ooold

hostname new.host.name

sudo apt-get update
sudo apt-get install tmux git
git clone git@github.com:milkmiruku/dottmux.git ~/.tmux
ln -s ~/.tmux/.tmux.conf ~/.tmux.conf
tmux

sudo apt-get install curl zsh ncdu htop tree mercurial build-essential gcc libc6-dev ncurses-dev

sudo git clone git@github.com:milkmiruku/zsh.git ~/.zsh && cd ~/.zsh && sudo git submodule init && sudo git submodule update
  # edit zshrc location config 
useradd -m -s /usr/bin/zsh milk
passwd milk
adduser milk sudo

sudo apt-get remove vim vim-runtime gvim
  # (disable distro vim. not possible with apt on ubuntu [2])
mkdir ~/src && mkdir ~/src/vim
hg clone https://vim.googlecode.com/hg/ ~/src/vim && cd ~/src/vim && ./configure --enable-pythoninterp=yes && make && sudo make install
cd

git clone git@github.com:milkmiruku/dotvim.git ~/.vim
ln -s ~/.vim/vimrc ~/.vimrc
mkdir ~/.vim/bundle
git clone git://github.com/Shougo/neobundle.vim ~/.vim/bundle/neobundle.vim
echo ':NeoBundleInstall' > ~/viminit.txt
echo ':q' >> ~/viminit.vim
vim -s ~/viminit.vim
rm ~/viminit.vim
git clone    vimproc ......

wget -O src/atop.tar.gz http://www.atoptool.nl/download/atop-2.0.2.tar.gz && cd ~/src && tar zxvf atop.tar.gz && cd ~/src/atop && ./configure && make && make install
cd

vim /etc/ssh/sshd_config
  # disable root, change port, etc.
ssh-keygen -t rsa
  # (for user and root?)


To sort: multiuser config. permissions? Or /usr/share/config/ ...

apt-get install php mariadb
apt-get install ruby rubygems
apt-get install python pip

backup

Live USB

See Distros#Live Distro