Arch Linux Dell XPS 15 (9560) - Base Arch¶
Pre-installation¶
UEFI¶
Before installing it is necessary to modify some UEFI Settings. They can be accessed by pressing the F2 key repeatedly when booting.
- Change the SATA Mode from the default "RAID" to "AHCI". This will allow Linux to detect the NVME SSD. If dual booting with an existing Windows installation, Windows will not boot after the change but this can be fixed without a reinstallation.
- Change Fastboot to "Thorough" in "POST Behaviour". This prevents intermittent boot failures.
- Disable secure boot to allow Linux to boot.
Installation of Arch Linux can proceed normally. Refer to the Installation guide for more information.
Change Keyboard layout¶
If you don't have an EN:Intl. Keyboard layout you should change it to your layout. In my case it is de-latin1-nodeadkeys1.
1 | loadkeys de-latin1-nodeadkeys |
Connect to a wireless network during installation (temporary)¶
Run wifi-menu to get a graphical interface to connect to your wifi.
1 | wifi-menu |
Afterwards you establish the connection change back to TTY1 with ALT+F1.
Run dhclient to receive an ip via dhcp:
1 | dhclient wlp2s0 |
Update the system clock¶
Use timedatectl(1) to ensure the system clock is accurate:
1 2 | timedatectl set-ntp true
systemctl restart systemd-timesyncd
|
To check the service status, use timedatectl status.
Installation¶
Preparing Disks¶
I'll encrypt my Data so my Partition layout looks like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | +----------------+----------------+-----------------------------------------------------------------------------------------------+ | | | | | | | | | | LUKS encrypted volume | LUKS encrypted volume | LUKS encrypted volume | LUKS encrypted volume | | | | /dev/mapper/swap | /dev/mapper/tmp | /dev/mapper/root | /dev/mapper/home | | | |_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _| | | | | | | | | | | 16 GiB | 30 GiB | 50 GiB | 100%FREE | | | | Logical volume1 | Logical volume2 | Logical volume3 | Logical volume4 | | | | /dev/mapper/osvg-swap | /dev/mapper/osvg-tmp | /dev/mapper/osvg-root | /dev/mapper/osvg-home | | | EF02 |_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _| | EF00 | 8 MiB | | | 1050 MiB | BIOS | 8E00 | | EFI partition | Boot partition | 100%FREE | | /dev/nvme0n1p1 | /dev/nvme0n1p2 | /dev/nvme0n1p3 | +----------------+----------------+-----------------------------------------------------------------------------------------------+ |
Create these partitions with gdisk so that you have GPT instead of MBR.
Old partition table
If you get the message that the kernel is still using the old partition table run:
1 | partprobe /dev/nvme0n1 |
If you still get the message the the kernel is using the old partition table you have to reboot your device and perform all steps except the partitioning again.
Wipe Data on all partitions¶
1 2 3 | dd if=/dev/zero of=/dev/nvme0n1p1 bs=1M status=progress dd if=/dev/zero of=/dev/nvme0n1p2 bs=1M status=progress dd if=/dev/uransom of=/dev/nvme0n1p3 bs=1M status=progress |
Preparing the logical volumes¶
1 2 3 4 5 6 | pvcreate /dev/nvme0n1p3
vgcreate osvg /dev/nvme0n1p3
lvcreate -L 16G -n swap osvg
lvcreate -L 30G -n tmp osvg
lvcreate -L 50G -n root osvg
lvcreate -l 100%FREE -n home osvg
|
Setup LUKS for our partitions¶
Create an encrypted root with a key you can remember.
1 | cryptsetup luksFormat /dev/mapper/osvg-root |
Open the root filesystem to create an encryption key for all other partitions.
1 2 3 4 5 6 | cryptsetup luksOpen /dev/mapper/osvg-root root mkfs.ext4 /dev/mapper/root mount /dev/mapper/root /mnt mkdir -pm 700 /mnt/etc/luks-keys dd if=/dev/random of=/mnt/etc/luks-keys/home bs=1 count=1024 status=progress chmod 000 /mnt/etc/luks-keys/home |
Use the encrypted key to create our encrypted home and add a pass phrase for emergency access:
1 2 | cryptsetup luksFormat /dev/mapper/osvg-home cryptsetup luksAddKey /dev/mapper/osvg-home /mnt/etc/luks-keys/home |
Now we open home, make a filesystem and mount it to /mnt/home.
1 2 3 4 | cryptsetup luksOpen --key-file=/mnt/etc/luks-keys/home /dev/mapper/osvg-home home
mkfs.ext4 /dev/mapper/home
mkdir /mnt/home
mount /dev/mapper/home /mnt/home
|
and rebuild the EFI and boot partition:
1 | mkfs.fat -F32 /dev/nvme0n1p1 |
Setup and mount the boot/EFI partition:
1 2 3 4 5 | mkdir /mnt/boot mkdir /mnt/efi mount /dev/nvme0n1p1 /mnt/efi mkdir -p /mnt/efi/EFI/arch mount --bind /mnt/efi/EFI/arch /mnt/boot |
Install Arch¶
Sort mirrors by speed¶
The pacman package provides a Bash script, /usr/bin/rankmirrors, which can be used to rank the mirrors according to their connection and opening speeds to take advantage of using the fastest local mirror.
Back up the existing /etc/pacman.d/mirrorlist:
1 | cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak |
Download a german mirrorlist:
1 | curl -L -o /etc/pacman.d/mirrorlist "https://bit.ly/1yFCU2R"
|
Edit /etc/pacman.d/mirrorlist.bak and uncomment mirrors for testing with rankmirrors.
Run the following sed line to uncomment every mirror:
1 | sed -i 's/^#Server/Server/' /etc/pacman.d/mirrorlist
|
Install the base packages¶
Use the pacstrap script to install the base package group:
1 | pacstrap /mnt base base-devel intel-ucode wpa_supplicant dialog |
btrfs-progs or specific wireless firmware; see packages.both for comparison.
To install packages and other groups such as base-devel, append the names to pacstrap (space separated) or to individual pacman commands after the #Chroot step.
Configure the system¶
Gen fstab¶
Generate an fstab file (use -U or -L to define by UUID or labels, respectively):
1 | genfstab -U /mnt >> /mnt/etc/fstab |
/mnt/etc/fstab afterwards, and edit it in case of errors.
Add the following at the end of the /mnt/etc/fstab configuration Adjust the 30G to the size of your /tmp partition.
1 2 | /dev/mapper/tmp /tmp tmpfs defaults,size=30G 0 0 /dev/mapper/swap none swap sw 0 0 |
Modify /mnt/etc/crypttab¶
Add these at the end to the /mnt/etc/crypttab.
1 2 3 | swap /dev/mapper/osvg-swap /dev/urandom swap,cipher=aes-xts-plain64,size=256 tmp /dev/mapper/osvg-tmp /dev/urandom tmp,cipher=aes-xts-plain64,size=256 home /dev/mapper/osvg-home /etc/luks-keys/home |
Chroot¶
Change root into the new system:
1 | arch-chroot /mnt |
Uncomment pacman multilib option¶
In /etc/pacman.conf uncomment the following lines.
1 2 3 4 | [...] [multilib] Include = /etc/pacman.d/mirrorlist [...] |
Install Packages¶
1 2 | pacman -Sy pacman -S grub efibootmgr networkmanager network-manager-applet wireless_tools zsh w3m vim powertop bc git |
Fix vim dark colors stuff¶
1 2 3 4 5 | cat << EOF >> /etc/vimrc " Set background to dark for better readability in SSH connections set background=dark EOF |
set vim to default editor¶
1 2 3 | cat << EOF >> /etc/environment EDITOR=vim EOF |
Create my User¶
1 2 3 | useradd -m -G wheel,audio,video,users,uucp,disk,optical,storage,rfkill -s /bin/zsh phg passwd phg |
Disable root login¶
1 | passwd -l root |
Allow group wheel so user sudo¶
Uncomment %wheel ALL=(ALL) ALL. Use visudo to edit the /etc/sudoers file.
Keep http_proxy variables¶
Add the following at the end of the 'Defaults' section.
1 2 | Defaults env_keep += "http_proxy" Defaults env_keep += "https_proxy" |
Install yay¶
Clone the yay sources. Build, install and delete it.
1 2 3 4 5 6 | git clone https://aur.archlinux.org/yay.git chown phg:phg yay cd yay sudo -u phg makepkg -si cd .. rm -rf yay |
Time zone¶
Set the time zone:
1 | ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime |
Run hwclock(8) to generate /etc/adjtime:
1 | hwclock --systohc |
This command assumes the hardware clock is set to UTC. See Time#Time standard for details.
Enable timedated service:
1 | systemctl enable systemd-timesyncd |
Locale¶
Uncomment the following localizations in /etc/locale.gen:
1 2 3 4 5 6 7 8 | [...] de_DE.UTF-8 UTF-8 de_DE ISO-8859-1 de_DE@euro ISO-8859-15 [...] en_US.UTF-8 UTF-8 en_US ISO-8859-1 [...] |
and generate them with:
1 | locale-gen |
Set the LANG variable in locale.conf(5) accordingly, for example:
/etc/locale.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 | LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_TIME=de_DE.UTF-8 LC_CTYPE=en_US.UTF-8 LC_COLLATE=C LC_MONETARY=de_DE.UTF-8 LC_MESSAGES=en_US.UTF-8 LC_PAPER=de_DE.UTF-8 LC_NAME=de_DE.UTF-8 LC_ADDRESS=de_DE.UTF-8 LC_TELEPHONE=de_DE.UTF-8 LC_MEASUREMENT=de_DE.UTF-8 LC_IDENTIFICATION=de_DE.UTF-8 |
Setup console¶
Install console powerline font¶
Install the console powerline fonts.
1 | sudo -u phg yay -S powerline-console-fonts ttf-ms-fonts ttf-dejavu |
Edit the /etc/vconsole.conf file and add the following to the TOP of the file:
1 2 | FONT=ter-powerline-v14n [...] |
Set keymap¶
If you set the keyboard layout, make the changes persistent in vconsole.conf(5):
/etc/vconsole.conf
1 2 | [...] KEYMAP=de-latin1-nodeadkeys |
Hostname¶
Create the hostname(5) file:
/etc/hostname
1 | yoetunheimr |
Consider adding a matching entry to hosts(5):
1 2 3 4 5 | /etc/hosts 127.0.0.1 localhost.localdomain localhost ::1 localhost.localdomain localhost 127.0.1.1 yoetunheimr.sao.local yoetunheimr |
See also Network configuration#Set the hostname.
Edit mkinitpico¶
Add the keyboard, keymap, lvm2 and encrypt hooks to mkinitcpio.conf:
/etc/mkinitcpio.conf:
HOOKS=(base udev autodetectkeyboard keymapconsolefont modconf blockencrypt lvm2filesystems fsck)
Generate initramfs¶
1 | mkinitcpio -p linux |
Install GRUB¶
1 2 | grub-mkconfig -o /boot/grub/grub.cfg grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=grub |
Configuring the boot loader¶
In order to unlock the encrypted root partition at boot, the following kernel parameters need to be set by the boot loader (/etc/default/grub):
1 2 | GRUB_CMDLINE_LINUX_DEFAULT="quiet acpi_rev_override=1 pci=nommconf" GRUB_CMDLINE_LINUX="cryptdevice=/dev/mapper/osvg-root:root root=/dev/mapper/root" |
Command explanation
acpi_rev_override=1is needed to get the NVIDIA graphics card working resp. to disable it.- The kernel option
pci=nommconfdisables Memory-Mapped PCI Configuration Space, which is available in Linux since kernel 2.6. Very roughly, all PCI devices have an area that describe this device (which you see with lspci -vv), and the originally method to access this area involves going through I/O ports, while PCIe allows this space to be mapped to memory for simpler access. cryptdevice=/dev/mapper/osvg-root:root root=/dev/mapper/rootconfigures the crypt device.
Generate GRUB config¶
1 | grub-mkconfig -o /boot/grub/grub.cfg |
See Dm-crypt/System configuration#Boot loader for details.
Reboot into the installed system¶
Leave the chroot environment.
1 | exit
|
Unmount all partitions and reboot.
1 2 | umount -R /mnt reboot |
Modify UEFI¶
Open UEFI Configuration menu. (F12 -> Setup) Go to:
1 2 3 4 5 6 7 8 9 10 | - General
| - Boot Sequence
\ Boot List Option
\ Add Boot Option
| - Boot Option Name
| \ "Linux"
| - File System List
| \ PciRoot(0x0)/[...]
| - File Name
| \ "\EFI\grub\grubx64.efi"
|
Afterwards set "Linux" in the Boot Sequence to the top.
Post installation configuration¶
Install useful services¶
1 2 | pacman -S acpid dbus avahi cups cronie
systemctl enable acpid avahi-daemon org.cups.cupsd.service cronie
|
Get graphics card and X working¶
Install graphic card tools¶
1 | sudo pacman -S bbswitch bumblebee primus lib32-primus |
libglvnd as libgl provider.
Enable the bumblebee service.
1 | sudo systemctl enable bumblebeed.service
|
Graphics card drivers/utils¶
1 2 | yay -Sy yay -S nvidia nvidia-utils lib32-nvidia-utils |
Get my dot files¶
Clone my dotfiles.
1 2 3 4 5 6 7 8 9 10 11 12 | sh -c "$(curl -fsSL https://raw.github.com/robbyrussell/oh-my-zsh/master/tools/install.sh)" sudo pacman -Sy sudo pacman -S python-pip cd ~ git clone --recurse https://github.com/shokinn/.files.git ~/.files cd .files git remote -v git remote set-url origin git@github.com:shokinn/.files.git pip install --user -r dotdrop/requirements.txt alias dotdrop='eval $(grep -v "^#" ~/.files/.env.public) ~/.files/dotdrop.sh' dotdrop install git clone https://github.com/bhilburn/powerlevel9k.git ~/.oh-my-zsh/custom/themes/powerlevel9k |
Powertop¶
Optimize power comsumption¶
Run the following command to calibrate your power consumption:
1 | sudo powertop --calibrate |
Note
Your screen will turn several times black and keep black for a couple minutes!
Don't worry :)
Make powertop optimazations permanent¶
/etc/systemd/system/powertop.service:
1 2 3 4 5 6 7 8 9 10 11 | cat <<EOF | sudo tee /etc/systemd/system/powertop.service [Unit] Description=PowerTOP auto tune [Service] Type=oneshot ExecStart=/usr/sbin/powertop --auto-tune [Install] WantedBy=multi-user.target EOF |
1 2 3 | sudo systemctl daemon-reload
sudo systemctl start powertop.service
sudo systemctl enable powertop.service
|
Install packages¶
Install audio packages¶
1 2 3 | sudo pacman -S \ alsa-utils \ alsa-oss |
Install various packages¶
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | sudo pacman -S \ exfat-utils \ openssh \ net-tools \ libsecret \ gnome-keyring \ libgnome-keyring \ mc \ htop \ linux-headers \ wireguard-dkms \ wireguard-tools \ rsync yay -S tldr |
Enable SSH-Agent Serive¶
1 2 3 | systemctl --user daemon-reload
systemctl --user enable ssh-agent.service
systemctl --user start ssh-agent.service
|
TODO¶
- Crypto fixen
- Use an Hardware device for 2nd Factor authentication
- Maybe use TOTP as 2nd Factor?