Arch Linux - hpaluch/hpaluch.github.io GitHub Wiki
Arch Linux
I'm currently playing with https://archlinux.org/ to see if it will fit my needs (simple customizable and fast Linux distribution without containers - because containers are another threat to freedom).
Currently I use openSUSE 15.4 + XFCE4 as main GUI. But I'm more more and more scared by
Which locks everything and forces users to use selected container registries (bye bye freedom of choice)...
So in future I will have only 2 options:
- Use Linux distribution that will keep using packages - currently Debian and/or Arch and several others (but the list is slowly shrinking) to avoid container trap pursued by Canonical (snap), RedHat (flatpack) and SUSE (what's name?)
- Switch to FreeBSD, NetBSD or OpenBSD - there is additional benefit that there is no systemd. Especially systemd case is painful remainder to all its preachers that it is necessary for Unix system to work - so how could BSDs run without systemd? Miracle?
Shortcomings of Arch Linux
Several complex packages are missing or challenging on Arch Linux:
-
GitLab - no official Omnibus packages, you have to carefully follow custom installation guide at: https://wiki.archlinux.org/title/GitLab
Update: I did it (with small changes regarding new sidekiq-cluster startup). But later found that https://gitlab.archlinux.org does NOT use that package. They rather use Docker image - see https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/gitlab/tasks/main.yml?ref_type=heads#L13
-
OpenStack - installation (Host!) is entirely missing as one can see an empty chapter: https://wiki.archlinux.org/title/OpenStack#Deploy_OpenStack (all remainder of Wiki describes Guest images, but not Host installation). There are several AUR packages at the begining, but without guide you are done.
Pacman basics
Pacman is Arch Linux's Package manager. Nice feature is that it is fast.
- To update all packages:
pacman -Syu
- To search for package starting with
vim
:pacman -Ss ^vim
- To install
vim package
:pacman -S vim
- To install
vim
package and dependencies, but avoid reinstall of already present packages:pacman -S --needed vim
- To list all files owned by
alsa-utils
package:pacman -Ql alsa-utils
To search full repositories (core
and extra
) for files (see Generating PDF-manuals):
sudo pacman -Fy tgtermes.sty
Various things I install:
sudo pacman -S --needed lsof curl wget mc vim wget tmux
To have SMB client install
sudo pacman -S --needed smbclient
However there is missing /etc/samba/smb.conf
as pointed out on:
- https://bbs.archlinux.org/viewtopic.php?id=234432
- you can download it using:
cd curl -fsSL 'https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default;hb=HEAD' > smb.conf
- and install:
sudo mkdir -p /etc/samba sudo cp smb.conf /etc/samba
- in my case I need to enable NT1 protocol to connect to very old NAS:
diff -u /etc/samba/smb.conf{.orig,} --- /etc/samba/smb.conf.orig 2023-06-07 12:44:39.969302787 +0200 +++ /etc/samba/smb.conf 2023-06-07 12:46:08.328958183 +0200 @@ -21,6 +21,8 @@ # #======================= Global Settings ===================================== [global] +client min protocol = NT1 +server min protocol = NT1 # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = MYGROUP
- and test it:
smbclient -N -L IP_OF_YOUR_SMB_SERVER
Use AUR (Community) repositories
Many packages are available on 3rd party repositories
called Arch User Repository (AUR)
for various reasons (for example license).
I will show example for streamripper
(it allows saving songs
from Internet radios).
As can be easily googled it is available only on AUR:
So now we have to follow https://wiki.archlinux.org/title/Arch_User_Repository to setup our Arch linux for building package from AUR repositories:
First we have to install development package and git:
sudo pacman -S --needed base-devel devtools git
Now checkout our AUR package:
mkdir -p ~/aur
cd ~/aur
git clone https://aur.archlinux.org/streamripper.git
cd streamripper
Ensure there is PKGBUILD file and run build:
ls -l PKGBUILD
makepkg -cs --nosign
- confirm installation of dependencies.
- after a while package should be build:
ls -og *.zst -rw-r--r-- 1 81618 Jun 7 11:08 streamripper-1.64.6-4-x86_64.pkg.tar.zst
- and install it:
sudo pacman -U streamripper-1.64.6-4-x86_64.pkg.tar.zst
- and command like this should start saving radio streams (see Audio section below):
cd streamripper http://stream.antenne.de:80/heavy-metal # it should create folder named by your RADIO station and store streamed MP3s there
To see all your pacman installation command history try this:
grep PACMAN /var/log/pacman.log
IPv6 notes
By default IPv6 announces your MAC based address (which is perfect for tracking your PC around whole Internet). To use rather temporary IPv6 address you have to follow https://wiki.archlinux.org/title/IPv6#Privacy_extensions
In my case I created file /etc/sysctl.d/40-ipv6.conf
with contents:
# replace MAC based IPv6 addresses with temporary IP addresses
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
And reloaded it with systemctl restart systemd-sysctl
My nftables
NF tables is replacement of all existing Linux kernel firewalls (iptables, ip6tables, ebtables,...). It is poorly documented (as most stuff today) with rather incomplete examples.
WARNING!
Direct use of nftables (
/etc/nftables.conf
) clashes with libvirt - you have to rather usefirewalld
package that is well integrated with libvirt.
To use nftables on Arch Linux you have to install first:
pacman -S nftables
Here is my /etc/nftables.conf
for workstation - based on Arch's original:
table inet filter
delete table inet filter
table inet filter {
chain input {
type filter hook input priority filter
policy drop
ct state invalid log prefix "[NFT] Input INVALID: " \
drop comment "early drop of invalid connections"
# allow DHCPv4 server -> client
udp dport 68 ct state { new, untracked } accept
# allow DHCPv6 server -> client
udp dport 546 ct state { new, untracked } accept
ct state {established, related} accept comment "allow tracked connections"
iifname lo accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport ssh accept comment "allow sshd"
counter log prefix "[NFT] Input DROP: " drop
}
chain forward {
type filter hook forward priority filter
policy drop
counter log prefix "[NFT] Forward DROP: " drop
}
}
WARNING! Above configuration will not work if you will use libvirt (there are needed many rules for libvirt's NAT network, etc...)
Known features:
- intentionally dropping IPv4 multicasts (224.0.0.1) - I have no use for them
Known bugs:
- dropping some IPv6 multicasts - not yet resolved
To test it you need to run as root:
/usr/sbin/nft -cf /etc/nftables.conf
When you are ready, enable and start nftables service:
systemctl enable --now nftables
You can reload it any time with:
/usr/sbin/nft -f /etc/nftables.conf
Arch Linux as GUI Workstation
My plan is to evaluate Arch Linux as standard X-Window workstation with sound video, Firefox, LibreOffice - to see how it will compare to existing openSUSE 15.4. I will use XFCE on both environments.
Sound
Let's start with sound card support - on kernel side, today standard is ALSA (which replaced OSS some time ago). Following https://wiki.archlinux.org/title/ALSA we have to:
pacman -S alsa-utils
To list available sound cards you can use:
aplay -L
null
Discard all samples (playback) or generate zero samples (capture)
default:CARD=NVidia_1
HDA NVidia, ALC883 Analog
Default Audio Device
sysdefault:CARD=NVidia_1
HDA NVidia, ALC883 Analog
Default Audio Device
...
Default is usually fine.
Now you have to add yourself to group audio
using command like:
sudo /usr/sbin/usermod -G audio -a $USER
- and logout/login (you can also use
newgrp audio
but it has side effects)
Setting default volume:
-
ALSA is "kind" to mute Master volume by default - so you will here nothing...
-
on 1st terminal run some kind of sound generator
# random noise generator speaker-test # play samples while true;do aplay /usr/share/sounds/alsa/*.wav;done
-
on 2nd terminal run
alsamixer
and:- press
M
unmute Master channelMM
should change toOO
- press
Up
arrow to set desired volume - when done press ESC once
- press
-
now you can abort sound/noise generator on 1st terminal using Ctrl-C
-
to store settings we have to follow https://unix.stackexchange.com/questions/210113/default-sound-volume-for-all-alsa-devices and run:
sudo alsactl store
Usefull CLI sound application:
-
mp3 player for both local files and streamed (shoutcast) mp3:
pacman -S mpg123
-
to play streamed mp3 radio you can do this:
-
point your browser to radio list, for example on:
-
download Winamp list (pls) - and extract suitable URL from that list.
-
in my case I can run:
mpg123 http://stream.antenne.de:80/heavy-metal
-
there is also great program to save songs from radio:
-
please see section on AUR on this wiki, how to build and install AUR streamripper package.
Please note that situation is much worse on X-Windows side, because:
- Gnome pushed their own
esound
daemon as new standard, how should X-apps access sound device (to solve problem with exclusive device access) - also KDE pushed their own
arts
sound daemon (of course incompatible withesound
) - later there was another innovation -
Pulse Audio
- and now we have another innovation
Pipe Wire
So far it seems that most X-apps prefer Pulse Audio
with fallback do direct access to
kernel ALSA device. However nobody knows for how long.
X-Window
Once we have working Audio we can install X-Window GUI system.
NOTE: For people from Microsoft OS it may look confusing, becasue:
- X-Server is the main process that provides GUI for applications
- X-app is client application that connects to GUI X-Server - using DISPLAY environment variable.
So first we have to find X-Server that will work with our graphics card and install start scripts. We have to follow: https://wiki.archlinux.org/title/Xorg
First we have to know what king of graphics card we have, in my case:
lspci -v | grep -A1 -e VGA -e 3D
06:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce 210] (rev a2) (prog-if 00 [VGA controller])
Subsystem: ZOTAC International (MCO) Ltd. GeForce 210 1GB [Synergy Edition]
As pointed out you have 2 choices regarding nVidia:
- using proprietary closed-source drivers (this is generally issue because significant portion is in Linux kernel)
- using open-source 2D driver - my case
Here is command to install opens-source 2D driver for nVidia:
sudo pacman -S --needed xf86-video-nouveau
All X-server installations also needs common X-server package:
sudo pacman -S --needed xorg-server
We now have 2 choices how to run X-Window:
- using GUI login manager that always starts when system boots (original was called XDM - X-Window Display Manager)
- using
startx
script
I prefer later option - because sometimes I simply don't need local GUI (or I will do ssh -Y
and run command
remotely). So we have to follow: https://wiki.archlinux.org/title/Xinit
sudo pacman -S --needed xorg-xinit
Now we need to install suitable Window Manager or whole environment - I always vote for XFCE. So we have to follow: https://wiki.archlinux.org/title/Xfce
For the first time I will install both xfce4 and additions:
pacman -S --needed xfce4 xfce4-goodies
# I always press ENTER to accept default options
# It will install around 500MB of files
Now we have to modify session startup script /etc/X11/xinit/xinitrc
this way:
diff -u /etc/X11/xinit/xinitrc{.orig,}
--- /etc/X11/xinit/xinitrc.orig 2023-06-07 11:29:18.176548108 +0200
+++ /etc/X11/xinit/xinitrc 2023-06-07 11:30:07.213023532 +0200
@@ -48,8 +48,8 @@
unset f
fi
-twm &
-xclock -geometry 50x50-1+1 &
-xterm -geometry 80x50+494+51 &
-xterm -geometry 80x20+494-0 &
-exec xterm -geometry 80x66+0+0 -name login
+/usr/bin/xfce4-terminal &
+exec /usr/bin/startxfce4
+# here we will get only in case of failure
+exit 1
+
To start X-Window:
- login on LOCAL console as non-root user
- run
startx
- after a while you should see
xfce4-terminal
- few seconds later XFCE4 Window manager with menus should initialize
If you are lucky you can test 3D graphics:
sudo pacman -S --needed mesa-demos
Ant try something famous - for example gears
(you can use Arrows keys
to rotate view and ESC to quit) or also famous teapot
.
Customizing X-Window
There is already installed Thunar file manager (included with XFCE). To support:
- MTP (Android devices connected via USB)
- SMB (Windows shares)
We have to install Gnome VFS packages:
pacman -S --needed gvfs-mtp gvfs-smb
- WARNING! You may need to restart whole system in some cases so Thunar will now support
smb://...
or some gvfsd services.
New we will gradually add various components to have comfort X-Environment
Installing additional fonts: I tried:
# traditonal X-Window fonts
pacman -S --needed xorg-font-util xorg-fonts-100dpi xorg-fonts-75dpi xorg-fonts-misc xorg-fonts-type1
# various fixed size fonts for terminals
pacman -S --needed terminus-font
pacman -S --needed ttf-fantasque-sans-mono ttf-fira-mono ttf-jetbrains-mono ttf-monofur ttf-monoid
pacman -S --needed otf-crimson-pro ttf-anonymous-pro ttf-crimson-pro
Best PDF viewer:
sudo pacman -S --needed evince
WARNING! Latest Evince has annoying "popup" feature. As true Gnome application it can't be disabled:
WinAmp like player:
pacman -S --needed qmmp
To install right Firefox + uBlock plugin we may follow:
pacman -S --needed firefox firefox-ublock-origin
WARNING! If you install firefox-developer-edition
you will need
to install external plugins - those one provided packages (for example above
firefox-ublock-origin
will not work, becasue there is different path:
- plugin packages install into
/usr/lib/firefox/browser/extensions/
- but
firefox-developer-edition
uses/usr/lib/firefox-developer-edition/browser/....
To be able to download videos from various sites (that are flooded with ads and thus unusable):
sudo pacman -S --needed ffmpeg yt-dlp
NOTE: yt-dlp
is not X-Windows application - you can happily use it even from CLI
TODO: Proper audio support - testing:
sudo pacman -S --needed pulseaudio-alsa pavucontrol
If you like GUI for SMART disk utility (smartctl
on CLI) you can install:
sudo pacman -S --needed gsmartcontrol
Now something controversial: There are some websites and applications that do not work under Firefox (Teams, Skype) or have issues under Firefox (tme.eu e-shop). For such cases I have to install Chromium (open-source base for Chrome):
sudo pacman -S --needed chromium
Tips
If you clone or transfer Arch filesystem to another hardware or another filesystem you have
to regenerate initrd with additional -P
(presets) option, e.g., mkinitcpio -P
Using Hyprland
Hyprland is unique "Window Manager", err. Wayland compositor. Official Arch wiki page is on https://wiki.archlinux.org/title/Hyprland
You should install at least these packages:
pacman -S --needed hyprland kitty waybar wofi
Where:
hyprland
is Wayland compositorkitty
is interesting terminal (usingkitten icat image.png
it can display images between text and other stuffwaybar
provides basic applets (fromsway
compositor)wofi
provides nice application menu
You have to start it from local console using command Hyprland
(notice capital letter H
).
Most important shortcuts:
Win
+Q
- runs Kitty terminalWin
+R
- runs application menu (wofi
)WIn
+M
- exists hyprland
After first run you can find all shortcuts in generated config
file ~/.config/hypr/hyprland.conf
Lynx with UTF-8 on console
To run Lynx with proper UTF-8 characters on local console (with ISO-8859-2 characters available) I use:
echo $LANG
# must output something with UTF-8: en_US.UTF-8
# this loads ISO-8859-2 characters with UTF-8 translation (I hope)
setfont lat2-16
showconsolefont
lynx -display_charset utf-8
Combining:
- https://wiki.archlinux.org/title/Linux_console And other sources.
Warning! File ~/lynx_bookmarks.html
has specified ISO-8859-1 encoding by default.
You can fix it by overriding this line to:
<META http-equiv="content-type" content="text/html;charset=utf-8">
Tip: under regular terminal just using lynx -display_charset utf-8
should work (xfce4-terminal
uses UTF-8 as default).
Resources
- Infrastructure
- nice overview: https://wiki.archlinux.org/title/DeveloperWiki:Staff_Services
- key project with ansible roles: https://gitlab.archlinux.org/archlinux/infrastructure
- creating custom packages (TODO)