# Setup Guide DO NOT ONLY USE THIS GUIDE, THIS MAY BE OUTDATED, MIND AS WELL CHECK [OFFICIAL ARCH LINUX INSTALL GUIDE](https://wiki.archlinux.org/title/Installation_guide) BTW, credit to [this dude](https://www.youtube.com/watch?v=YC7NMbl4goo). ## Connect To Internet * Connect to the network. * Ethernet -- Plug in the cable. * Wi-Fi -- Use `iwctl` to set network settings. * Once entered, use `device list` to list out network devices. * Then use selected device to scan network. `station <device> get-networks` (usually it is **wlan0**) * Connect to the network you prefer `station <device> connect <SSID>` * Enter your password and enter `exit` to leave **iwctl**. * Verify the connection by `ping archlinux.org` ## Enable SSH (so that you can copy paste commands) 1. Enable SSH on Arch Linux * Enter `systemctl enable sshd` (should be enabled by default) * Start SSH `systemctl start sshd` * Then set a password for the current user with `passwd` command. 2. Enter `ip addr` to get the local [ip](https://en.wikipedia.org/wiki/IP_address) (should look something like **192.168.0.15**) 3. Go to your other computer and ssh to your arch device `ssh root@<local ip>` ## Write Random Data (OPTIONAL) This step may take a while 1. List blocks with command `lsblk` to show drives that we will write data into. Here are examples of drives: * nvme0n1, nvme1n1, nvme2n1 * sda, sdb, sdc 2. Write random data `/dev/urandom` or fill with zeros `/dev/zero` ``` dd if=/dev/urandom of=/dev/nvme0n1 status=progress bs=4096 dd if=/dev/urandom of=/dev/sda status=progress bs=4096 ``` ## Partitioning 1. List blocks with command `lsblk` to show drives for partitioning. I'll use my SSD as the primary drive and HDD as a backup drive. ([Setup your own partitions that suits your needs](https://wiki.archlinux.org/title/Partitioning)) 2. Use `gdisk /dev/<drive>` to partition the drive * Inside gdisk, * Print out the table with `p` command; * Create a new partition with the `n` command; * Write partitions to disk with the `w` command. * The below table shows the disk setup I have for my #### primary drive (Updated Layout) | partition | first sector | last sector | code | usage | | --- | --- | --- | --- | --- | | 1 (efi) | default | +1G | ef00 | /boot | | 2 (swap) | default | +20G | 8200 | Swap | | 3 (root) | default | +75G | 8300 | / | | 4 (home) | default | default | 8300 | /home | #### Backup Drive | partition | first sector | last sector | code | | --- | --- | --- | --- | | default | default | default | 8300 | Here are something to consider. * For **Swap Partition**, There are many rules, some suggest `1 RAM + sqrt{RAM}`, **`1.5x RAM Size`** or **`2x RAM Size`**. Decide yourself according to your RAM Size but aim for at least `1 RAM Size`, I'll choose `1 RAM + sqrt{RAM}`. :::info E.g. For 16GB RAM, swap size should be from **+16G** to **+32G** ::: * For **Root Partition**, **+50G** is usually enough for most people, but you download lots of applications, you can use more size. * You can use **LVM(Logical Volume Management)** for easier future resizing. * Seperate **Home Partition** is optional. * You can setup **LUKS(Linux Unified Key Setup)** to secure your disk with password ## Format The Partitions FAT32 on EFI partiton (Partition 1) ``` mkfs.fat -F32 /dev/nvme0n1p1 ``` Setup swap device (Partition 2) ``` mkswap /dev/nvme0n1p2 ``` BTRFS on root and home (Partition 3 and 4) *Note: We format them here, but apply labels/subvolumes in the next step.* ``` mkfs.btrfs -f /dev/nvme0n1p3 mkfs.btrfs -f /dev/nvme0n1p4 ``` BTRFS on backups ``` mkfs.btrfs -L backups /dev/sda1 ``` ## Mount The File Systems **1. Create BTRFS Subvolumes (Crucial for Timeshift)** Mount the root partition temporarily to create the subvolumes required by Timeshift. ``` mount /dev/nvme0n1p3 /mnt btrfs subvolume create /mnt/@ btrfs subvolume create /mnt/@snapshots btrfs subvolume create /mnt/@var_log umount /mnt ``` **2. Mount Partitions Created** * Mount **Root Partition** (with subvolume) ``` mount -o noatime,compress=zstd,subvol=@ /dev/nvme0n1p3 /mnt ``` * Create directories ``` mkdir -p /mnt/{home,boot,backups,.snapshots,var/log} ``` * Mount **Home** (Partition 4), **Snapshots**, and **Logs** ``` mount -o noatime,compress=zstd /dev/nvme0n1p4 /mnt/home mount -o noatime,compress=zstd,subvol=@snapshots /dev/nvme0n1p3 /mnt/.snapshots mount -o noatime,compress=zstd,subvol=@var_log /dev/nvme0n1p3 /mnt/var/log ``` * Mount **Backups** ``` mount /dev/sda1 /mnt/backups ``` * Mount **EFI (Boot)** ``` mount /dev/nvme0n1p1 /mnt/boot ``` * Enable **Swap** ``` swapon /dev/nvme0n1p2 ``` ## Install Arch Install arch with base-devel, plus **nano** (editor), **btrfs-progs** (disk tools), and **microcode**. ``` pacstrap -K /mnt base base-devel linux linux-firmware nano btrfs-progs intel-ucode git # Note: Use 'amd-ucode' instead if you have an AMD CPU ``` ## Configure the system 1. Generate the fstab file with command `genfstab -U -p /mnt > /mnt/etc/fstab` 2. Croot root into the system `arch-chroot /mnt /bin/bash` 3. Setup Mirror with following commands: ``` pacman -S reflector cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak reflector --verbose --latest 10 --protocol https --sort rate --save /etc/pacman.d/mirrorlist pacman -Sy ``` 4. Setup bootloader * Install grub and efibootmgr with command `pacman -S grub efibootmgr` * Setup grub on **efi partition** with command `grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB` * Edit grub with command `nano /etc/default/grub` ``` GRUB_CMDLINE_LINUX="root=/dev/nvme0n1p3 resume=/dev/nvme0n1p2 nvidia_drm.modeset=1" GRUB_TIMEOUT_STYLE=hidden ``` *(Added nvidia_drm.modeset=1 here for Wayland/Nvidia support. Note: Root is p3, Swap is p2 now)* * Reload linux with command `mkinitcpio -P` 5. Setup `update-grub` * Create and edit `update-grub` command ``` nano /usr/sbin/update-grub ``` * Paste the following to the file ``` #!/bin/sh set -e exec grub-mkconfig -o /boot/grub/grub.cfg "$@" ``` * Assign the ownership to the root with command `chown root:root /usr/sbin/update-grub` * Change file permission with command `chmod 755 /usr/sbin/update-grub` * Test the command `update-grub` 6. Set the Time Zone **I live in Hong Kong, set your time zone base on [this guide](https://wiki.archlinux.org/title/Installation_guide#Time).** * Set time zone to Hong Kong `ln -sf /usr/share/zoneinfo/Hongkong /etc/localtime` * Run `hwclock --systohc` to generate /etc/adjtime * To prevent clock drift and ensure accurate time, set up time synchronization using a [Network Time Protocol (NTP)](https://en.wikipedia.org/wiki/Network_Time_Protocol) client such as systemd-timesyncd. * Add in the NTP servers (remember to uncomment NTP and FallbackNTP) `nano /etc/systemd/timesyncd.conf` ``` [Time] NTP=stdtime.gov.hk 0.hk.pool.ntp.org 1.hk.pool.ntp.org 2.hk.pool.ntp.org 3.hk.pool.ntp.org FallbackNTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org ``` * Enable timesyncd with command `systemctl enable systemd-timesyncd.service` 7. Setup Locale **[Do not install all Locales, only install your `Primary Language` and `English](https://www.google.com/search?q=%5Bhttps://www.reddit.com/r/linuxquestions/comments/adi0qb/why_not_install_all_locales_why_only_select_a_few/%5D(https://www.reddit.com/r/linuxquestions/comments/adi0qb/why_not_install_all_locales_why_only_select_a_few/))**` * Edit locale list `nano /etc/locale.gen` * Uncomment the UTF8 lang you want. For me, `en_HK.UTF-8` is enough. * Save the file and run command `locale-gen` * Edit locale config `nano /etc/locale.conf` * Add language `LANG=en_HK.UTF-8` 8. Network configuration `echo "myMachineName" > /etc/hostname` 9. Users * First, use `passwd` command to secure the root user by setting a password * Then install the shell `pacman -S zsh` * Add a new user with command `useradd -m -G wheel -s /bin/zsh <myUserName>` * Set password for user `passwd myUserName` * Add wheel group to sudoers `EDITOR=nano visudo` ``` ## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL:ALL) ALL ``` 10. Wireless connections * Network ``` pacman -S bluez bluez-utils systemctl enable bluetooth.service pacman -S networkmanager systemctl enable NetworkManager ``` 11. Install Fonts `pacman -S noto-fonts noto-fonts-extra noto-fonts-cjk noto-fonts-emoji ttf-roboto ttf-roboto-mono otf-latinmodern-math ttf-liberation ttf-gentium-plus adobe-source-code-pro-fonts ttf-ubuntu-font-family` 12. **Enable Multilib (Crucial for Steam/Nvidia)** * Edit config file: `nano /etc/pacman.conf` * Find multilib and uncomment both lines ``` [multilib] Include = /etc/pacman.d/mirrorlist ``` * Sync repositories: `pacman -Sy` 13. **Install Nvidia Driver** * Install nvidia: `pacman -S nvidia` * Edit initramfs: `nano /etc/mkinitcpio.conf` * Go to HOOKS, delete `kms` and add `systemd` after base * Save changes * And update: `mkinitcpio -P` * Enable Hibernation/Suspend Preservation: * Create file: `nano /etc/modprobe.d/nvidia-power-management.conf` * Content: `options nvidia NVreg_PreserveVideoMemoryAllocations=1 NVreg_TemporaryFilePath=/var/tmp` * Add Pacman Hook: * `mkdir -p /etc/pacman.d/hooks/` * `nano /etc/pacman.d/hooks/nvidia.hook` * Paste: ``` [Trigger] Operation=Install Operation=Upgrade Operation=Remove Type=Package Target=nvidia Target=nvidia-open Target=nvidia-lts Target=linux [Action] Description=Updating NVIDIA module in initcpio Depends=mkinitcpio When=PostTransaction NeedsTargets Exec=/bin/sh -c 'while read -r trg; do case $trg in linux*) exit 0; esac; done; /usr/bin/mkinitcpio -P' ``` ## Install Desktop Environment 1. Install kde plasma with command `pacman -S plasma` and select these: * `multimedia-gstreamer` * `pipewire-jack` * `noto-fonts` * `ttf-joypixels` 2. Install kde applications with command `pacman -S kde-applications` and select these: ``` # These are 100% outdated, im lazy to update but things included are apps I still suggest using. accessibility-inspector ark dolphin dolphin-plugins gwenview kclock kdebugsettings kdeconnect kget kio-admin kio-gdrive knotes konsole ksystemlog kweather partitionmanager spectacle ``` 3. Then, enable login with command `systemctl enable sddm.service` ## Install Other Useful Apps ``` pacman -S fastfetch git curl wget jdk-openjdk timeshift thunderbird pika-backup obs-studio firefox ghidra gamemode zaproxy ``` neofetch is discontinued, find alternatives if your hardware is reletively new. (Replaced with fastfetch in command above). ## Reboot ``` exit umount -R /mnt reboot now ``` # Postinstall Linux Is Not Secure By Default but it can be very secure with proper customization ## Mirrorlist Update Automation 1. Create the config file: `sudo nano /etc/xdg/reflector/reflector.conf` 2. Paste this content (adjust for your location): ``` --save /etc/pacman.d/mirrorlist --protocol https --country "Hong Kong,China" --latest 10 --sort rate ``` 3. Enable the timer: `sudo systemctl enable --now reflector.timer` ## Periodic TRIM for ssd Without TRIM, the SSD has to erase blocks while you are trying to write new data, which makes the drive significantly slower over time. ``` sudo systemctl enable --now fstrim.timer ``` ## Auto Pacman Cache Cleaning This automatically deletes all but the most recent 3 versions of installed packages ``` sudo pacman -S pacman-contrib sudo systemctl enable --now paccache.timer ``` ## Install yay with command **Warning: Do NOT run this as root.** 1. Switch to user account `su - <myUserName>` 2. Clone yay repository `git clone https://aur.archlinux.org/yay.git` 3. Switch to cloned directory `cd yay` 4. Install yay `makepkg -si` 5. Cleanup `cd .. && rm -rf yay` ## Backups 1. Timeshift: Timeshift's scheduling doesn't work defaultly... ``` sudo pacman -S cronie systemctl start cronie systemctl enable --now cronie.service ``` After rebooting, `systemctl status cronie` to make sure it is working. *Open Timeshift wizard and select "BTRFS" mode.* 2. Pikabackup: Also setup scheduling for pikabackup, it is useful for retrieving data. :::info Timeshift is for partitions related to the OS. Pikabackup is for partitions in home partition. ::: ## Security [https://www.youtube.com/watch?v=QxNsyrftJ8I](https://www.youtube.com/watch?v=QxNsyrftJ8I) 1. Install ufw firewall by `sudo pacman -S ufw` ``` sudo ufw limit 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw enable ``` 2. Use [AppArmor](https://www.youtube.com/watch?v=KYM-Dzivnjs) ## Configure Z Shell 1. [Add Oh My Zsh + PowerLevel10k](https://www.youtube.com/watch?v=DmpMgTL6R9A) 2. Add `fastfetch` to `~/.zshrc` ## Input method * [Arch Wiki](https://wiki.archlinux.org/title/Input_method) * Add fcitx5 to Arch [youtube video](https://www.youtube.com/watch?v=HYYeih-rF1g) ## Add Encryption System For KDE Vault `sudo pacman -Syu cryfs encfs gocryptfs` ## Customise Pacman 2. Uncomment `Color` 3. Add `ILoveCandy` to the same chunk of conf as the Color you deleted to make progress bar become pacman eating dots 4. Save the conf and run `sudo pacman -Sy` ## Other * Find other [postinstall things](https://www.youtube.com/watch?v=odgD_RdJjCU&pp=ygUWQXJjaCBsaW51eCBwb3N0aW5zdGFsbA%3D%3D) with google and youtube * Watch this [video](https://www.youtube.com/watch?v=xhVS1HKwGWw&t=36s)