merged arch-install contents

scripts/arch-install/README.md

@@ -0,0 +1 @@
+Notes, lists and scripts for installing Arch linux.

scripts/arch-install/app_list.txt

@@ -0,0 +1,75 @@
+kate
+okular
+nextcloud-client
+keepassxc
+unrar
+kleopatra
+kgpg
+xclip
+libreoffice-fresh
+libreoffice-fresh-en-gb
+hunspell-en_au
+evolution
+evolution-on
+filelight
+base-devel
+git
+openfortissl
+mpv
+cups
+elisa
+kdeconnect
+element-desktop
+ttf-liberation
+steam
+bluez
+bluez-utils
+remmina
+freerdp
+flameshot
+solaar
+virt-manager
+x11-ssh-askpass
+openfortivpn
+networkmanager-fortisslvpn
+strongswan
+networkmanager-strongswan
+networkmanager-openconnect
+networkmanager-openvpn
+wireguard-tools
+docker
+docker-compose
+libva-utils
+ark
+bottles
+gwenview
+icedtea
+gparted
+nut monitor
+obs studio
+teamviewer
+ventoy
+radeontop
+zram-generator
+code
+nano-syntax-highlighting
+
+
+
+pikaur
+brave-bin
+spotify
+proton-ge-bin
+vmware-horizon-client
+vscodium-bin
+anydesk
+jellyfin media player
+kemai
+microsip
+kwallet-secrets (requires reboot)
+code-marketplace
+code-features
+
+
+vmrc
+

scripts/arch-install/create-unified-image.sh

@@ -0,0 +1,41 @@
+#! /bin/bash
+rm /boot/initramfs-intel-combined.img
+rm /boot/initramfs-intel-combined-lts.img
+rm /boot/initramfs-intel-combined-zen.img
+rm /boot/arch-unified-unsigned.efi
+rm /boot/arch-unified-unsigned-lts.efi
+rm /boot/arch-unified-unsigned-zen.efi
+cat /boot/intel-ucode.img /boot/initramfs-linux.img > /boot/initramfs-intel-combined.img
+cat /boot/intel-ucode.img /boot/initramfs-linux-lts.img > /boot/initramfs-intel-combined-lts.img
+cat /boot/intel-ucode.img /boot/initramfs-linux-zen.img > /boot/initramfs-intel-combined-zen.img
+objcopy \
+  --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
+  --add-section .cmdline="/boot/cmdline" --change-section-vma .cmdline=0x30000 \
+  --add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
+  --add-section .linux="/boot/vmlinuz-linux" --change-section-vma .linux=0x2000000 \
+  --add-section .initrd="/boot/initramfs-intel-combined.img" --change-section-vma .initrd=0x3000000 \
+  "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/arch-unified-unsigned.efi"
+objcopy \
+  --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
+  --add-section .cmdline="/boot/cmdline" --change-section-vma .cmdline=0x30000 \
+  --add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
+  --add-section .linux="/boot/vmlinuz-linux-lts" --change-section-vma .linux=0x2000000 \
+  --add-section .initrd="/boot/initramfs-intel-combined-lts.img" --change-section-vma .initrd=0x3000000 \
+  "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/arch-unified-unsigned-lts.efi"
+objcopy \
+  --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
+  --add-section .cmdline="/boot/cmdline" --change-section-vma .cmdline=0x30000 \
+  --add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
+  --add-section .linux="/boot/vmlinuz-linux-zen" --change-section-vma .linux=0x2000000 \
+  --add-section .initrd="/boot/initramfs-intel-combined-zen.img" --change-section-vma .initrd=0x3000000 \
+  "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/arch-unified-unsigned-zen.efi"
+mv /efi/arch-unified-signed.efi /efi/arch-unified-signed-last-good-$(date +%Y-%m-%d_%H-%M).efi
+mv /efi/arch-unified-signed-lts.efi /efi/arch-unified-signed-last-good-$(date +%Y-%m-%d_%H-%M)-lts.efi
+mv /efi/arch-unified-signed-zen.efi /efi/arch-unified-signed-last-good-$(date +%Y-%m-%d_%H-%M)-zen.efi
+find /efi/arch-unified-signed*.efi -mtime +7 -exec rm {} \;
+#cp /boot/arch-unified-unsigned.efi /efi/arch-unified-signed.efi
+#cp /boot/arch-unified-unsigned-lts.efi /efi/arch-unified-signed-lts.efi
+#cp /boot/arch-unified-unsigned-zen.efi /efi/arch-unified-signed-zen.efi
+sbsign --key /boot/db.key --cert /boot/db.crt --output /efi/arch-unified-signed.efi /boot/arch-unified-unsigned.efi 
+sbsign --key /boot/db.key --cert /boot/db.crt --output /efi/arch-unified-signed-lts.efi /boot/arch-unified-unsigned-lts.efi 
+sbsign --key /boot/db.key --cert /boot/db.crt --output /efi/arch-unified-signed-zen.efi /boot/arch-unified-unsigned-zen.efi 

scripts/arch-install/notes

@@ -0,0 +1,102 @@
+Secret service
+
+do not install kwallet
+
+install kwallet-secrets from AUR instead. This provides org.freedesktop.secrets functionality, which is needed by Evolution and Docker Credential helper.
+
+install docker cred helper: https://docs.docker.com/engine/reference/commandline/login/#credentials-store
+
+
+
+
+
+SSH Agent
+
+make sure ssh-agent and ssh-askpass are installed.
+
+Add the following to /lib/systemd/user/ssh-agent.socket
+
+
+	[Unit]
+	Description=SSH key agent
+
+	[Service]
+	Type=simple
+	Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
+	# DISPLAY required for ssh-askpass to work
+	Environment=DISPLAY=:0
+	ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
+
+	[Install]
+	WantedBy=default.target
+
+
+Add the following line to ~/.bash_profile
+
+
+	export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"
+
+
+Enable the user service
+
+
+	systemctl enable --user ssh-agent
+
+
+(Note no use of sudo, this is a user service)
+
+Restart.
+
+At next login, SSH_AUTH_SOCK should be set at login by bash_profile, that variable is called 
+by the ssh-agent service which starts and daemonises ssh-agent on the socket specified by SSH_AUTH_SOCK
+
+
+Nanorc, install nano-syntax-highlighting
+mkdir ~/.config/nano
+touch ~/.config/nano/nanorc
+add
+  include /usr/share/nano/*.nanorc
+to ~/.config/nano/nanorc
+
+
+VS Code
+
+D-bus secret service must be running first, install kwallet-secrets from the AUR
+
+install code-marketplace and code-features from the AUR
+install code package from community repo
+install docker and docker-compose
+Install docker-credential-secretservice from Aur
+mkdir ~/.docker
+nano ~/.docker/config.json
+
+  {
+    "credstore": "secretservice"
+  }
+
+normal docker post install steps:
+
+  sudo usermod -aG docker <username>
+  sudo nano /etc/docker/daemon.json (assuming normal zfs setup with nvme/system/docker dataset mounted at /var/lib/docker )
+
+    {
+      "storage-driver": "zfs"
+    }
+
+  sudo systemctl enable/start docker.socket and docker.service
+  newgrp docker or reboot
+
+login to the gitlab registry (for access to CCL containers)
+
+  docker login registry.gitlab.com -u "mbalsillie" -p "<pat token>"
+
+Check kwallet, Secret service > Passwords > registry.gitlab.com to confirm password has been stored correctly.
+
+Open vs code, install extensions:
+
+  remote-containers
+  ansible
+  terraform
+  pylance
+
+Should be good to open the repo folder now and launch in container.

scripts/arch-install/packages

@@ -0,0 +1,3 @@
+nano
+tree
+

scripts/arch-install/packages-desktop

@@ -0,0 +1,6 @@
+tree
+keepassxc
+plasma
+okular
+kate
+nextcloud-client

scripts/arch-install/zram0.conf

@@ -0,0 +1,15 @@
+# Install zram-generator package
+# Place this file in /etc/systemd/zram-generator.conf.d/
+# Ensure zvol has been created to match writeback-device
+# sudo zfs create -V 8G -o volblocksize=4096 -o volmode=dev -o primarycache=none -o secondarycache=none -o compression=off nvme/zvol/zram0
+# sudo systemctl daemon-reload
+# sudo systemctl start /dev/zram0
+# zramctl to confirm device is created
+
+
+[zram0]
+host-memory-limit = none
+zram-size = min(ram / 4, 4096)
+compression-algorithm = zstd
+swap-priority = 100
+writeback-device = /dev/zvol/nvme/zvol/zram0