# I Arch linux install for bspwm Updata in 2025/03/10 - Acknowledgments - jorjor - chris - Hardware Information - CPU: i7 10700 - RAM: 32G - SSD(nvme0n1): 1T - HDD1(sda): 1T - HDD2(sda): 1T - GPU: UHD630 ## 1 Disk Configure 1. 分配切割 - Disk info ``` lsblk ``` - nvme or ssd ``` cfdisk /dev/nvme0n1 ``` | Divece | Size | Type | | | -------- | -------- | -------- | ---- | | /dev/nvme0n1p1 | 1000G | root(x86-64) | Root | - hdd ``` cfdisk /dev/sda ``` | Divece | Size | Type | | | --------- | ----- | ---------- | ---- | | /dev/sda1 | 1G | EFI System | UEFI | | /dev/sda2 | 30.5G | Linux Swap | Swap | | /dev/sda3 | 900G | Linux | Home | 2. Format - Swap ``` mkswap /dev/sda2 ``` - /boot ``` mkfs.vfat /dev/sda1 ``` - /root and /home ``` mkfs.ext4 /dev/nvme0n1p1 mkfs.ext4 /dev/sda3 ``` 3. Mount - Swap ``` swapon /dev/sda2 ``` - /root and /home ``` mount /dev/nvme0n1p1 /mnt mkdir /mnt/boot mkdir /mnt/home mount /dev/sda1 /mnt/boot mount /dev/sda3 /mnt/home ``` 4. Check ``` df -h free ``` --- ## 2 Network Set (Option) - Network Information - Network card: - Name: enp3s0 - MAC: A0:A1:A2:A3:A4:A5 - Internet Protocol - IP: 89.64.89.64/25 - Gateway: 89.64.89.64 - DNS (1): 1.1.1.1 - DNS (2): 101.101.101.101 - DNS (3): 8.8.8.8 1. Show MAC Information ``` ip link show ``` 2. Set Mac Address ``` ip link set address A0:A1:A2:A3:A4:A5 dev enp3s0 ``` 3. Show IPv4 Route ``` ip route show ``` 4. Clear Network IP Route ``` ip addr flush dev enp3s0 ``` 5. Set IP ``` ip address add 89.64.89.64/25 broadcast + dev enp3s0 ``` 6. Add Route (Gateway) ``` ip route add default via 89.64.89.64 dev enp3s0 ``` 7. Check ``` ping google.com ``` --- ## 3 Install System 1. Install Packages ``` pacstrap /mnt base base-devel linux linux-firmware intel-ucode ``` 2. Update Pacman ``` pacman -Syy ``` 3. 建立 Fstab ``` genfstab -U /mnt >> /mnt/etc/fstab ``` 4. Chroot in System ``` arch-chroot /mnt ``` --- ## 4 Arch Local Set 1. Set Time Zone - Link and Lock localtime ``` ln -sf /usr/share/zoneinfo/Asia/Taipei /etc/localtime hwclock --systohc ``` - Check ``` hwclock --show ``` 2. Set Language - Echo UTF-8 ```sh echo "en_US.UTF-8 UTF-8" > /etc/locale.gen; echo "zh_TW.UTF-8 UTF-8" >> /etc/locale.gen; echo "LANG=en_US.UTF-8" > /etc/locale.conf; ``` - Genl language 記得執行否則進入桌面會沒有英文字,連打字都無法。 ``` locale-gen ``` 3. Set PC hostname - Hostname to /etc/hostname ``` echo "AzamiArch" > /etc/hostname ``` - Install vim ``` pacman -Sy vim vim /etc/hosts ``` - Edit /etc/hosts ```shell= 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost 127.0.1.1 AzamiArch.localdomain AzamiArch ``` 4. Set Bootload Connect - 建立 Inital Ramdisk ``` mkinitcpio -p linux ``` - Set root Password ``` passwd ``` - Install Bootloader ``` pacman -Sy grub os-prober efibootmgr ``` - Set Bootloader ```shell= os-prober grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub grub-mkconfig -o /boot/grub/grub.cfg ``` 5. Network 二選一不然沒網路 - 固定 IP ``` pacman -Sy networkmanager systemctl enable NetworkManager ``` - 浮動 IP ``` pacman -Sy dhcp dhcpcd systemctl enable dhcpcd ``` 6. Reboot ```shell exit umount -R /mnt reboot ``` --- ## 5 Network(Option) and User Add ### Set Network (Option) - Set nmtui 如果使用固定ip的使用者,發現重啓後網路就連不上了可透過 nmtui 圖形化設定介面再設定網路(之後應該就不會在連不上了) ``` nmtui ``` - 記得重新激活activate ```shell= # ethernet # Mac # ipv4 -> Mannual # Address # GateWay # DNS # ipv6 -> disabled ``` ### Add User 1. Set sudo group ``` vim /etc/sudoers ``` 將%wheel ALL=(ALL)前面註解拿掉 ```shell= # Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL) ALL ``` 2. Add user and sudo group ```sh useradd -m -u 1001 "your-user-name" passwd "your-user-name" usermod "your-user-name" -G wheel ``` 3. Reboot - 重新啟動可以進到終端機介面,你的arch就裝好了 - 登入$user帳號,而不是root帳號 --- # II Arch GUI ## GUI 家族 - I3 - [I3(jorjor)](https://hackmd.io/@C108152352/SkUc85beh#812-alacritty) - Bspwm - [Fast, Automatic](https://github.com/gh0stzk/dotfiles) - [Lightweight](https://wiki.archcraft.io/docs/window-managers/tiling-wm/bspwm/) - [Personalization,Manual](https://zhuanlan.zhihu.com/p/568211941) 以下步驟盡量不要少,不然會缺東西 ## 1. Install Bspwm(Fast, Automatic) ```= sh sudo pacman -S xorg bspwm sxhkd mkdir ~/.config cd ~/.config mkdir bspwm mkdir sxhkd cp /usr/share/doc/bspwm/examples/bspwmrc bspwm/ cp /usr/share/doc/bspwm/examples/sxhkdrc sxhkd/ ``` ## 2. 基礎配置 1. Install ``` sudo pacman -Sy alacritty curl lxdm ``` 2. 修改~/.config/sxhkd/sxhkdrc ```= sh super + Return alacritty ``` 3. Enable Dispaly Manager ``` sudo systemctl enable lxdm ``` 4. Reboot - 重啟後右下角Default選Bspwm - 登入$user ## 3. Install Bspwm (RiceInstaller) 1. RiceInstaller ```= sh curl -LO http://gh0stzk.github.io/dotfiles/RiceInstaller -o $HOME/RiceInstaller chmod +x RiceInstaller ./RiceInstaller ``` 2. Reboot - 重啟後開始設定檔案 - 登入$user ## 4. Non-essential settings (可略過) ### Dorker Theme(Light 眼睛刺痛) - Install ```= sh sudo pacman -S qt5ct yay -S arc-gtk-theme gtk-theme-arc-git ``` - Edit open qt5ct > docker - Reforence [Full Icon Theme](https://www.gnome-look.org/browse?cat=132&ord=latest-) ### Neofetch(裝B) - Install ``` sudo pacman -Sy neofetch ``` - Set ``` echo "neofetch" >> .zshrc ``` ### 彩蛋(裝B) - Step 1 ``` sudo vim /etc/pacman.conf ``` - Step 2 在“# Misc options”部分,去掉“Color”前的“#”。 - Step 2 按enter添加,大小寫要對 ``` ILoveCandy ``` ### 桌布(原始桌布很丑) 1. Download Pictures 2. Setting Desktop ``` feh --no-fehbg --bg-fill ./Pictures/yudachi2.png ./Pictures/yudachi.png ``` --- # III 安裝套件 - 建議 - 先安裝瀏覽器,再打開此網頁複製指令:) - 套件根據需求裝 - 部分套件dotfiles已預裝 - 目前已整理 - System Tools - System Manager - System Security - Media - Server # System Tools ## Language (fcitx5-chewing:新酷音) 在BSPWM上有BUG 等修正 1. Install ``` sudo pacman -S fcitx5-im fcitx5-chinese-addons fcitx5-material-color fcitx5-pinyin-zhwiki fcitx5-chewing noto-fonts-cjk adobe-source-code-pro-fonts noto-fonts-emoji ``` 2. Seting - 掛在背景 ``` fcitx5 & ``` - 修改設定 - 要自己摸一下,在不會用請看Reference - 預設使用ctrl+space來切換英\中 ``` fcitx5-configtool ``` ![image](https://hackmd.io/_uploads/H1Z_lkY_R.png) - Boot Start ``` echo "fcitx5 &" >> ~/.config/bspwm/bspwmrc ``` - Debug 有問題用fcitx5-diagnose看一下是哪邊沒裝好~ ``` fcitx5-diagnose ``` - 環境檔案 經測試可略過,不影響使用,如有問題再加上 [.pam_environment](https://drive.google.com/file/d/10LpXQRf24nHurOpbZ8LMGe5EcLcimmQH/view?usp=drive_link) in ~/.pam_environment - Reference: [Fcitx5: 有可能是Arch Linux最好用的中文输入法](https://www.bilibili.com/video/BV1Wu411o7Kd/?vd_source=b812d95e8999d70d8412cb26e9445513) ## Monitor (Option) 主要給雙螢幕的設定 1. Set is HDMI-1 on left,DP-2 on right " --auto" is auto choose display px,or use" --mode 1920x1080" display px. 2. Check monitor ``` xrandr -q ``` 3. If device is HDMI-1 and DP-2 ``` xrandr --output HDMI-1 --auto --output DP-2 --auto --right-of HDMI-1 ``` 4. Boot Start ``` echo "xrandr --output HDMI-1 --auto --output DP-2 --auto --right-of HDMI-1" >> .config/bspwm/bspwmrc ``` ## Audio 1. Install Pipewire ``` sudo pacman -S pipewire pipewire-pulse pipewire-audio pipewire-alsa pipewire-jack wireplumber ``` 2. Check ``` pactl info ``` ![image](https://hackmd.io/_uploads/BJDqyGDEkg.png) 3. Restart ``` systemctl --user enable --now pipewire pipewire-pulse wireplumber ``` 4. Auto Install [EasyEffects.sh](https://ivonblog.com/posts/linux-easyeffects/) ``` sudo pacman -S easyeffects bash -c "$(curl -fsSL https://raw.githubusercontent.com/JackHack96/PulseEffects-Presets/master/install.sh)" ``` 5. Restart ``` sudo systemctl restart pipewire pipewire-pulse wireplumber ``` ## Bluetoot(Option) 沒有藍芽不用做這部!!! 1. Install ```= sh sudo pacman -S bluez bluez-utils blueberry ``` - Option - blueman - blueberry 2. Start servec ```= sh sudo systemctl enable --now bluetooth reboot ``` 3. Open blueberry connect ## Network Time Protocol 1. Install ``` sudo pacman -S ntp ``` 2. Open ntp.conf ``` sudo vim /etc/ntp.conf ``` 註解掉原本的設定並添加以下設定 ```.vim= # 自己指定 NTP 伺服器 server tock.stdtime.gov.tw server watch.stdtime.gov.tw server time.stdtime.gov.tw server clock.stdtime.gov.tw server tick.stdtime.gov.tw ``` 3. Enable and Start sevser ``` sudo systemctl enable --now ntpd ``` --- # System Manager ## Auto monut USB ``` sudo pacman -S udisks2 udiskie echo 'udiskie &' >> ~/.config/bspwm/bspwmrc ``` ## Task Manager - btop ``` sudo pacman -S btop ``` ## Message Manager - Install Dunst ``` sudo pacman -S dunst ``` - Set ``` mkdir .config/dunst cp /etc/dunst/dunstrc .config/dunst/ echo 'dunst &' >> ~/.config/bspwm/bspwmrc ``` ## File Manager 1. Install Thuner right buttom unzip ``` sudo pacman -S thunar thunar-volman thunar-archive-plugin xarchiver ``` 2. Set ``` echo "--no-startup thunar --daemon &" >> ~/.config/bspwm/bspwmrc ``` 3. Install WebDAV ``` sudo pacman -S gvfs gvfs-dnssd ``` 4. Thunar press Ctrl+l ## Connect Nas 1. Install ``` sudo pacman -Sy cifs-utils ``` 2. Set 新增儲存NAS資料的folder ``` mkdir /home/am15/NAS ``` - sudo vim /etc/fstab ``` //nasaddress/yourfile /home/user/NAS cifs auto,user,rw,username=yourusername,password=yourpassword 0 1 ``` - 更新 /etc/fstab ``` mount -a ``` ## Print 1. Set HP ``` sudo systemctl enable --now cups sudo pacman -S hplip python-pyqt5 sudo hp-setup ``` --- # System Security # Secure Shell ## Server - Install SSH ``` sudo pacman -S openssh ``` - Set ``` sudo vim /etc/ssh/sshd_config ``` Edit ```shell= # Authentication: LoginGraceTime 24h PermitRootLogin no #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 ``` - Enable SSH Sevser ``` sudo systemctl enable --now sshd ``` ## Clinet [參考](https://liedward.com/linux/ssh-scp-log/) 製作ssh公私鑰 1. GenKey ``` ssh-keygen ``` - **以下步驟可以Enter略過** 1. 會詢問產生的ssh key要存放的位置 > 預設為 /home/am15/.ssh/id_rsa 2. 會詢問要不要設定 passphrase > 有設定可以增加安全性 最後會有兩個key 一個有副檔名 .pub 為公鑰,而沒有副檔名的為私鑰 **注意私鑰要保存好 絕對不能被竊取** 2. 將公鑰放到伺服器上 ``` ssh-copy-id -i your_key_path am15@server_host ``` 成功後會顯示如下的訊息 ```shell= /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'username@server_host'" and check to make sure that only the key(s) you wanted were added. ``` ## X11 (Clinet) - `cd .ssh/` Setting ```shell= Host eda.nclab.nkust.edu.tw HostName eda.nclab.nkust.edu.tw User nike910115 Port 15656 #ForwardX11 yes ForwardX11Trusted yes ``` ## tigervnc ### Sever - Archlinux install ``` sudo pacman -Sy tigervnc ``` - mk .vnc ``` mkdir .vnc vim .vnc/config ``` - Add confug ```.vim= session=bspwm geometry=2560x1440 localhost alwaysshared ``` - Enable Sevser ``` sudo systemctl enable vncserver@:1 vncserver :1 & ``` - Ref - [TigerVNC](https://ivonblog.com/posts/linux-tigervnc-server/) ### Client - Windows Download - [Tigervnc Cilent](https://sourceforge.net/projects/tigervnc/) - [Mobaxterm](https://mobaxterm.mobatek.net/download.html) ## Firewall - Install ufw and start service ``` sudo pacman -S ufw sudo systemctl enable --now ufw ``` ### Client - 施工中... ## Ban Ip 1. Install fail2ben and Start Severice ``` sudo pacman -S fail2ben sudo systemctl enable --now fail2ben ``` 2. Edit jail.local - Open ``` sudo vim /etc/fail2ban/jail.d/ssh.local ``` - add ```shell= [sshd] enabled = true port = ssh filter = sshd logpath = %(sshd_log)s backend = %(sshd_backend)s maxretry = 6 bantime = -1 ``` 4. Reboot ``` sudo systemctl restart faill2ben ``` 5. Check ``` sudo systemctl status faill2ben sudo fail2ban-client status sshd sudo tail -f /var/log/fail2ban.log ``` --- # Media ## Install - 備註 - 'defule' for pacman - '*' for yay - 選需要的就好了 ## Option - Text Edit - sublime-text-4 - Browser - brave-bin - microsoft-edge-bin - Video palyer - mpv - vlc - [FreeTube*](https://ivonblog.com/posts/freetube-usage/) - Music player - deadbeef - Image display - digikam - social - discord - 編輯截圖工具 - flameshot - Office - libreoffice-dev-zh-tw* - [MS_office](https://medium.com/@MekhaL/installing-office365webdesktop-on-arch-linux-with-snap-38f3c3b01a95) - Window - freedownloadmanager - ntfs-3g --- # Docker and Server - 對外的服務一律建議搭建在Docker - Docker 鏡像站 - [linuxserver.io](https://www.linuxserver.io/our-images) - [docker image](https://hub.docker.com/_/docker) - 到申請[domain name](https://dash.infinityfree.com/) 1. Insatall Docker and Start Sevsre ``` sudo pacman -S docker docker-compose sudo systemctl enable --now docker.service ``` 2. Add user to docker group(Option) 如果每次下指令不想加`sudo`在做這部 ``` sudo usermod -aG docker $USER newgrp docker ``` 3. Test Finsh ``` docker run hello-world ``` - 管理 1. Dispaly all images ``` sudo docker images -a ``` 2. Remove images ``` sudo docker rmi -f <images_id1> <images_id2> ... <images_idn> ``` --- ## 代整理 - [Sonarr](https://freehands.cc/posts/sonarr-in-docker/) - 請搭配JellyFin影音串流 - 請搭配Wireguard隱藏IP - 請搭配NginxSSL加密網頁傳輸(本地可略過) - [JellyFin]() - [Wireguard]() - [Openvpn Server](https://github.com/angristan/openvpn-install) - [Openvpn Client]() - [Nginx]() - [JupyterLab]() - [Overleaf]() --- ## Overleaf (Docker install) - Allow Use prot - SSH 22 - HTTP 80 - HTTPS 443 1. Install overleaf toolkit - 請參考[這個](https://tnnidm.com/build-and-use-overleaf-server/index.html) ``` git clone https://github.com/overleaf/toolkit.git ./overleaf ``` - Initialize the service ``` cd ./overleaf bin/init ``` 2. Dwonload full version latex env - 因為每年4月texlive官方會更新版本,造成版本不符問題,拉取完整latex時候需要先檢查texlive版本,然後拉取對應的完整版鏡像 ```shell= # 檢查texlive版本 docker exec sharelatex tlmgr --version # 需要設定成2025年的倉庫如下 docker exec sharelatex tlmgr option repository https://mirrors.tuna.tsinghua.edu.cn/tex-historic-archive/systems/texlive/2021/tlnet-final/ # 拉取完整latex docker exec sharelatex tlmgr install scheme-full ``` 3. Setting 趁下載時進行檔案配置 - variables.env ```shell= SHARELATEX_APP_NAME=Latex Server SHARELATEX_SITE_URL=https://latex.xxxxx.com ``` - overleaf.rc ```shell= SHARELATEX_PORT=80 ``` - nginx.conf ```shell= http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 443 ssl; server_name 你申请https的域名; ssl_certificate 上述域名对应的用于HTTPS的.pem文件地址; ssl_certificate_key 上述域名对应的用于HTTPS的.key文件地址; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; server_tokens off; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; client_max_body_size 1024M; location / { proxy_pass http://localhost:80; # sharelatex容器映射出来的端口 proxy_set_header X-Forwarded-Proto $scheme; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_read_timeout 3m; proxy_send_timeout 3m; } } } ``` - 修改反代nginx的大小限制。 ``` sudo docker exec -it sharelatex bash ``` - (a) 修改docker容器裡面以下三個檔案中: - /etc/nginx/templates/nginx.conf.template - /etc/nginx/nginx.conf - /overleaf/server-ce/nginx/nginx.conf.template //這一項如果沒有就不管了 ``` client_max_body_size: 50M // 50M !把50修改為1024 ``` - /overleaf/services/web/config/settings.defaults.js ``` maxUploadSize: 50 * 1024 * 1024, // 50 MB !把50修改为1024 ``` - /overleaf/services/web/app/src/Features/Uploads/ArchiveManager.js ``` const isTooLarge = totalSizeInBytes > ONE_MEG * 300 // !把300 改为1024 ``` - (b) 如果也使用了宿主機反代,則修改宿主機反代,1panel面板在 網站>>設定>>設定修改,將以下兩項全部設定為1024m ```shell= client_body_buffer_size 1024m client_max_body_size 1024m ``` 5. 掛載容器 ``` bin/up ``` 6. 用戶管理 - [用戶建立參考](https://github.com/overleaf/overleaf/wiki/Creating-and-managing-users) - 添加用戶 ```= sh # Overleaf Toolkit users: bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/create-user --admin --email=joe@example.com" # legacy docker-compose.yml users: docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/create-user --admin --email=joe@example.com" ``` - 移除用戶 ```= sh # Overleaf Toolkit users: bin/docker-compose exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/delete-user --email=joe@example.com" # legacy docker-compose.yml users: docker exec sharelatex /bin/bash -ce "cd /overleaf/services/web && node modules/server-ce-scripts/scripts/delete-user --email=joe@example.com" ``` ## 參考 [1](https://docs.vultr.com/how-to-install-overleaf-community-edition-on-ubuntu-20-04-lts) [1](https://tnnidm.com/build-and-use-overleaf-server/index.html) [1](https://www.hlmg.tech/archives/1714119406699) [1](https://www.wangsy.fun/post/47) [坑](https://jjq0425.me/post/10046/) ## JellyFin (local install) 1. Insatal and Start Sevsre ``` sudo pacman -S jellyfin-server jellyfin-web sudo systemctl enable --now jellyfin.service ``` 2. monut or mkdir - monut ``` sudo mkdir JellyFin sudo monut /dev/nvme0p1 /opt/JellyFin ``` - mkdir ``` sudo mkdir JellyFin ``` 3. chown and chmod ``` sudo chown -R jellyfin:jellyfin JellyFin sudo chmod -R 755 JellyFin ``` 3. To web seting - [http://localhost:8096](http://localhost:8096) ## Virtual Private Network (Local install) ### Sever - Install Openvpn ``` curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh chmod +x openvpn-install.sh ``` - run ``` ./openvpn-install.sh ``` - Reforence [Github](https://github.com/angristan/openvpn-install) ---