- sign up for arch news feed: Arch Linux
- and/or mailing list: Info | arch-announce@lists.archlinux.org - lists.archlinux.org
- sort out GTK styling: GTK - ArchWiki
- and QT styling: Qt - ArchWiki
- basically RTFM again as it has changed a bit since
- subscribe to RSS feeds for all major software installed
- mention archinstall and git as setup requirements, nmtui on first boot
Edit the /etc/hosts file to include the hostname at the end of the file:
echo "127.0.1.1 $HOSTNAME.localdomain $HOSTNAME" | sudo tee -a /etc/hosts$HOSTNAME is likely to be unset with dash, fish and zsh.
sudo pacman -Syu - < ~/.dotfiles/etc/packages.txtOn first stow command, use the following to prevent future new files from being created:
stow --no-folding "$MODULE_NAME"Then continue to use:
stow --restow basesudo ln -sfT dash /usr/bin/sh
/usr/bin/cat << EOF | sudo tee /usr/share/libalpm/hooks/bash-to-dash.hook
[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = bash
[Action]
Description = Re-pointing /bin/sh symlink to dash...
When = PostTransaction
Exec = /usr/bin/ln -sfT dash /usr/bin/sh
Depends = dash
EOFfwupdmgr refresh --force
fwupdmgr get-updates
fwupdmgr updateCreate the drop-in file directory for a autologin.conf to be added:
sudo mkdir /etc/systemd/system/getty@tty1.service.dThen populate the drop-in file with the following:
/usr/bin/cat << EOF | sudo tee /etc/systemd/system/getty@tty1.service.d/autologin.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-f -- $USER' --autologin $USER tty1
EOFUpdate the /etc/pacman.conf file to have colour output and change the number of parallel downloads to match CPU count:
...
COLORS
...
ParallelDownloads = 8
...
Make sure both lines are uncommented.
mkdir "$SOURCES_DIR"
cd "$SOURCES_DIR"
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
sudo pacman -Syu - < ~/.dotfiles/etc/aur.txtTo enable 32-bit software, such as Steam to be installed, multilib packages need to be uncommented inside /etc/pacman.conf:
[multilib]
Include = /etc/pacman.d/mirrorlist
Setup configuration files for using yubikey, making sure all file permissions are correct:
/usr/bin/cat << EOF >> ~/.local/share/gnupg/scdaemon.conf
disable-ccid
EOF
/usr/bin/cat << EOF >> ~/.local/share/gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-gnome3
enable-ssh-support
ttyname $GPG_TTY
default-cache-ttl 60
max-cache-ttl 120
EOF
find ~/.local/share/gnupg -type d -exec chmod 700 {} \;
find ~/.local/share/gnupg -type f -exec chmod 600 {} \;Retrieve public key from keyoxide servers.
gpg -k
sudo systemctl enable --now pcscd.service
gpg --recv "$KEYID"Then update the trust level to ultimate.
gpg --edit-key "$KEYID"
trust
5
y
saveExport public key from the ssh agent:
ssh-add -L | grep "cardno:xxxxxxxxx" > ~/.ssh/id_rsa_yubikey.pubCreate a host entry for GitHub to test against:
/usr/bin/cat << EOF >> ~/.ssh/config
Host github.com
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa_yubikey.pub
EOFssh -T git@github.comThis maybe unnecessary rather than just using yay -Syu 1password, but it's what the docs say...
curl -sS https://downloads.1password.com/linux/keys/1password.asc | gpg --import
cd "$SOURCES_DIR"
git clone https://aur.archlinux.org/1password.git
cd 1password
makepkg -siUpdating is done with just git pull and makepkg -si.
To install the CLI, download the latest release from 1Password CLI Releases
ARCH="amd64" && \
wget "https://cache.agilebits.com/dist/1P/op2/pkg/v2.31.0/op_linux_${ARCH}_v2.31.0.zip" -O op.zip && \
unzip -d op op.zip && \
sudo mv op/op /usr/local/bin/ && \
rm -r op.zip op && \
sudo groupadd -f onepassword-cli && \
sudo chgrp onepassword-cli /usr/local/bin/op && \
sudo chmod g+s /usr/local/bin/opInstall gnome-keyring, start the systemd service and add the following to /etc/pam.d/hyprlock:
#%PAM-1.0
auth include login
auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start
Automatically change keyring password with user password:
#%PAM-1.0
...
password optional pam_gnome_keyring.so
Integrate with Zen Browser until it is officially supported by 1Password:
sudo mkdir /etc/1password
echo "zen-bin" | sudo tee -a /etc/1password/custom_allowed_browsersBefore being able to clone the the password store, the remote machine needs to be added to ~/.ssh/config:
Host $REMOTE_HOST
HostName $IPAddress
User $HOST_USER
IdentitiesOnly yes
IdentityFile ~/.ssh/id_rsa_yubikey.pub
Using gopass to manage and clone the password store from the remote machine:
mkdir "$PASSWORD_STORE_DIR"
cd "$PASSWORD_STORE_DIR"
gopass clone "$REMOTE_HOST":~/.password-storeEnroll a user's fingerprint
sudo fprintd-enroll "$USER"To verify the fingerprint has been registered successfully:
fprintd-verifyThen edit /etc/pam.d/sudo to use either the fingerprint reader or password for sudo operations.
#%PAM-1.0
auth sufficient pam_fprintd_grosshack.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
...
Using Hyprland's hyprpolkitagent to get password prompts for GUI applications (e.g. 1Password).
First copy the /usr/lib/pam.d/polkit-1 to /etc/pam.d/, then edit it to make use of fprintd:
#%PAM-1.0
auth sufficient pam_fprintd_grosshack.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
...
Enable and start all required services:
sudo systemctl enable --now cups.service
sudo systemctl enable --now bluetooth.service
sudo systemctl enable --now fprintd.service
sudo systemctl enable --now pcscd.service
sudo systemctl enable --now sshd.service
systemctl --user enable --now blueman-manager.service
systemctl --user enable --now bluetooth-applet.service
systemctl --user enable --now gnome-keyring-daemon.service
systemctl --user enable --now hypridle.service
systemctl --user enable --now hyprpolkitagent.service
systemctl --user enable --now mpd.service
systemctl --user enable --now mpd-mpris.service
systemctl --user enable --now mpris-proxy.service
systemctl --user enable --now random-wallpaper.service
systemctl --user enable --now sunsetr.service
systemctl --user enable --now swaync.service
systemctl --user enable --now swww.service
systemctl --user enable --now syncthing.service
systemctl --user enable --now waybar.service
systemctl --user enable --now podman.socket
systemctl --user enable --now random-wallpaper.timerIf the device continuously connects and disconnects.
bluetoothctl
> power on
> agent on
> pair 00:00:00:00:00:00
# type the pair code into the keyboard as prompted
> connect 00:00:00:00:00:00
> trust 00:00:00:00:00:00
> agent off
> quitUsing mpd as the local music server. First the correct directories need to be created (based on mpd.conf):
mkdir ~/.local/share/mpd
mkdir ~/.local/share/mpd/playlists
mkdir ~/.local/share/mpd/stateTo make sure commands such as apropos or fuzzel_man can find manual pages:
sudo mandbCreate the same directory path that the .qcow2 image originated from:
mkdir -p ~/.local/share/gnome-boxes/imagesThen copy the image into that folder from an external drive, and load into QEMU using virsh.
cp /run/media/$USER/media/images/virtual-machine.qcow2 ~/.local/share/gnome-boxes/images/
cp /run/media/$USER/media/images/virtual-machine.xml ~/.local/share/gnome-boxes/
cd ~/.local/share/gnome-boxes/
virsh define virtual-machine.xmlList all available images:
virsh -c qemu:///session list --allIf the user is required to access virtual machines from qemu:///system, add them to the libvirt user group.
sudo usermod --append --groups libvirt "$USER"background #1F1F28
foreground #DCD7BA
selection_background #2D4F67
selection_foreground #C8C093
regular0 #16161D
regular1 #C34043
regular2 #76946A
regular3 #C0A36E
regular4 #7E9CD8
regular5 #957FB8
regular6 #6A9589
regular7 #C8C093
bright0 #727169
bright1 #E82424
bright2 #98BB6C
bright3 #E6C384
bright4 #7FB4CA
bright5 #938AA9
bright6 #7AA89F
bright7 #DCD7BA
color16 #FFA066
color17 #FF5D62