1
0

merged arch-install contents

This commit is contained in:
michael 2024-01-12 00:14:09 +13:00
parent c6755e8d97
commit 52c455d490
7 changed files with 243 additions and 0 deletions

View File

@ -0,0 +1 @@
Notes, lists and scripts for installing Arch linux.

View File

@ -0,0 +1,75 @@
kate
okular
nextcloud-client
keepassxc
unrar
kleopatra
kgpg
xclip
libreoffice-fresh
libreoffice-fresh-en-gb
hunspell-en_au
evolution
evolution-on
filelight
base-devel
git
openfortissl
mpv
cups
elisa
kdeconnect
element-desktop
ttf-liberation
steam
bluez
bluez-utils
remmina
freerdp
flameshot
solaar
virt-manager
x11-ssh-askpass
openfortivpn
networkmanager-fortisslvpn
strongswan
networkmanager-strongswan
networkmanager-openconnect
networkmanager-openvpn
wireguard-tools
docker
docker-compose
libva-utils
ark
bottles
gwenview
icedtea
gparted
nut monitor
obs studio
teamviewer
ventoy
radeontop
zram-generator
code
nano-syntax-highlighting
pikaur
brave-bin
spotify
proton-ge-bin
vmware-horizon-client
vscodium-bin
anydesk
jellyfin media player
kemai
microsip
kwallet-secrets (requires reboot)
code-marketplace
code-features
vmrc

View File

@ -0,0 +1,41 @@
#! /bin/bash
rm /boot/initramfs-intel-combined.img
rm /boot/initramfs-intel-combined-lts.img
rm /boot/initramfs-intel-combined-zen.img
rm /boot/arch-unified-unsigned.efi
rm /boot/arch-unified-unsigned-lts.efi
rm /boot/arch-unified-unsigned-zen.efi
cat /boot/intel-ucode.img /boot/initramfs-linux.img > /boot/initramfs-intel-combined.img
cat /boot/intel-ucode.img /boot/initramfs-linux-lts.img > /boot/initramfs-intel-combined-lts.img
cat /boot/intel-ucode.img /boot/initramfs-linux-zen.img > /boot/initramfs-intel-combined-zen.img
objcopy \
--add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
--add-section .cmdline="/boot/cmdline" --change-section-vma .cmdline=0x30000 \
--add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
--add-section .linux="/boot/vmlinuz-linux" --change-section-vma .linux=0x2000000 \
--add-section .initrd="/boot/initramfs-intel-combined.img" --change-section-vma .initrd=0x3000000 \
"/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/arch-unified-unsigned.efi"
objcopy \
--add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
--add-section .cmdline="/boot/cmdline" --change-section-vma .cmdline=0x30000 \
--add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
--add-section .linux="/boot/vmlinuz-linux-lts" --change-section-vma .linux=0x2000000 \
--add-section .initrd="/boot/initramfs-intel-combined-lts.img" --change-section-vma .initrd=0x3000000 \
"/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/arch-unified-unsigned-lts.efi"
objcopy \
--add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
--add-section .cmdline="/boot/cmdline" --change-section-vma .cmdline=0x30000 \
--add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \
--add-section .linux="/boot/vmlinuz-linux-zen" --change-section-vma .linux=0x2000000 \
--add-section .initrd="/boot/initramfs-intel-combined-zen.img" --change-section-vma .initrd=0x3000000 \
"/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "/boot/arch-unified-unsigned-zen.efi"
mv /efi/arch-unified-signed.efi /efi/arch-unified-signed-last-good-$(date +%Y-%m-%d_%H-%M).efi
mv /efi/arch-unified-signed-lts.efi /efi/arch-unified-signed-last-good-$(date +%Y-%m-%d_%H-%M)-lts.efi
mv /efi/arch-unified-signed-zen.efi /efi/arch-unified-signed-last-good-$(date +%Y-%m-%d_%H-%M)-zen.efi
find /efi/arch-unified-signed*.efi -mtime +7 -exec rm {} \;
#cp /boot/arch-unified-unsigned.efi /efi/arch-unified-signed.efi
#cp /boot/arch-unified-unsigned-lts.efi /efi/arch-unified-signed-lts.efi
#cp /boot/arch-unified-unsigned-zen.efi /efi/arch-unified-signed-zen.efi
sbsign --key /boot/db.key --cert /boot/db.crt --output /efi/arch-unified-signed.efi /boot/arch-unified-unsigned.efi
sbsign --key /boot/db.key --cert /boot/db.crt --output /efi/arch-unified-signed-lts.efi /boot/arch-unified-unsigned-lts.efi
sbsign --key /boot/db.key --cert /boot/db.crt --output /efi/arch-unified-signed-zen.efi /boot/arch-unified-unsigned-zen.efi

102
scripts/arch-install/notes Normal file
View File

@ -0,0 +1,102 @@
Secret service
do not install kwallet
install kwallet-secrets from AUR instead. This provides org.freedesktop.secrets functionality, which is needed by Evolution and Docker Credential helper.
install docker cred helper: https://docs.docker.com/engine/reference/commandline/login/#credentials-store
SSH Agent
make sure ssh-agent and ssh-askpass are installed.
Add the following to /lib/systemd/user/ssh-agent.socket
[Unit]
Description=SSH key agent
[Service]
Type=simple
Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket
# DISPLAY required for ssh-askpass to work
Environment=DISPLAY=:0
ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK
[Install]
WantedBy=default.target
Add the following line to ~/.bash_profile
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket"
Enable the user service
systemctl enable --user ssh-agent
(Note no use of sudo, this is a user service)
Restart.
At next login, SSH_AUTH_SOCK should be set at login by bash_profile, that variable is called
by the ssh-agent service which starts and daemonises ssh-agent on the socket specified by SSH_AUTH_SOCK
Nanorc, install nano-syntax-highlighting
mkdir ~/.config/nano
touch ~/.config/nano/nanorc
add
include /usr/share/nano/*.nanorc
to ~/.config/nano/nanorc
VS Code
D-bus secret service must be running first, install kwallet-secrets from the AUR
install code-marketplace and code-features from the AUR
install code package from community repo
install docker and docker-compose
Install docker-credential-secretservice from Aur
mkdir ~/.docker
nano ~/.docker/config.json
{
"credstore": "secretservice"
}
normal docker post install steps:
sudo usermod -aG docker <username>
sudo nano /etc/docker/daemon.json (assuming normal zfs setup with nvme/system/docker dataset mounted at /var/lib/docker )
{
"storage-driver": "zfs"
}
sudo systemctl enable/start docker.socket and docker.service
newgrp docker or reboot
login to the gitlab registry (for access to CCL containers)
docker login registry.gitlab.com -u "mbalsillie" -p "<pat token>"
Check kwallet, Secret service > Passwords > registry.gitlab.com to confirm password has been stored correctly.
Open vs code, install extensions:
remote-containers
ansible
terraform
pylance
Should be good to open the repo folder now and launch in container.

View File

@ -0,0 +1,3 @@
nano
tree

View File

@ -0,0 +1,6 @@
tree
keepassxc
plasma
okular
kate
nextcloud-client

View File

@ -0,0 +1,15 @@
# Install zram-generator package
# Place this file in /etc/systemd/zram-generator.conf.d/
# Ensure zvol has been created to match writeback-device
# sudo zfs create -V 8G -o volblocksize=4096 -o volmode=dev -o primarycache=none -o secondarycache=none -o compression=off nvme/zvol/zram0
# sudo systemctl daemon-reload
# sudo systemctl start /dev/zram0
# zramctl to confirm device is created
[zram0]
host-memory-limit = none
zram-size = min(ram / 4, 4096)
compression-algorithm = zstd
swap-priority = 100
writeback-device = /dev/zvol/nvme/zvol/zram0