https://wiki.archlinux.org/title/Installation_guide For NON-GRAPHICAL with NO SWAP system definitely need > 2 GB live. I think wisest to go with 4 G resized to 3 G available (for snapshots + growth). VMWARE-specific GOING TO TRY 3GB Maxed for image 'archLinux' Guest OS version: Other 3.x or later Linux (64-bit) 4 GB resized to 3 GB at least for non-graphical. Non-graph uses 2365 MB. 3.5 GB (w/o Swap), to pre-allocate more resize down to 3.5 GB. USB 3.0 controller CD/DEV Drive 1: Datastore ISO file, select the archLinux install .iso image. Nic adapter type: E1000 There should be no /sys/firmware/efi/eifvars/ directory. https://wiki.archlinux.org/index.php/installation_guide N.b. recent change that you install the very minimal metapackages with 'pacstrap'. Exec a bash shell. section "Connect to the Internet" Unless there's a special need, just enable (and start if needed) systemd-networkdrvice and systemd-resolved (which are installed systemd package), and set up the files. Verify with systemd-resolve --status (details in "archLinux.txt" file) Wireless setup: wifi-menu -o. It does work with wireless-ac! vim /etc/wpa_supplicant/* and enable following line: update_config=1 If network is working, just use DHCP for initial installation (We'll set up permanent networking in chroot session later) NTP: Use OOTB systemd-timesyncd rather than full NTP! TODO: Learn how to work it through DHCP. Until then... Set 'NTP=' value in /etc/systemd/timesyncd.conf to space-delimited servers. (default prolly fine) systemctl restart systemd-timesyncd timedatectl timesync-status section "Partition the disks" (To determine fs block size: blockdev --getbsz /dev/whatever) parted /dev/sda 'mklabel gpt' parted /dev/sda p Determine sector size, .5 kB for VMware. I did this, but not sure its correct: [~ 200M /boot ext4; set 1 boot on /boot USELESS nowadays 2 Gib swap] 1 Mib: mkpart bios_grub ext2 2048s 4095s; set 1 bios_grub on; name 1 bios_grub (Start at 2048s instead of 0 due to alignment warning; 2048s == 1 MB with sector size of .5 kB) Remainder btrfs: mkpart btrfs_sys btrfs 4096s 100%; set 2 boot on; name 2 btrfs_sys ("set 3 lvm on" for an ext2 partition for LVM) Due to inability for kernel to read modified partition table, I had to reboot after changing partitions. Make sure to check after quitting parted: parted /dev/sdX p section "Format the partitions" I did this, but not sure its correct: Did mkfs.*, mkswap with -L mount LABEL=btr_s1 /mnt btrfs fi resize Xg /mnt # Constrain total btrfs fs size (2355m required for yaourt install) btrfs quota enable /mnt btrfs subv create /mnt/root date > /mnt/root/imhere.txt btrfs subv list /mnt/root (to determine btrfs number, prolly 257) btrfs subv set-default /mnt umount /mnt mount LABEL=btr_s1 /mnt cat /mnt/imhere.txt # Verify mounted right subv mkdir /mnt/var /mnt/boot btrfs subv create /mnt/tmp, /mnt/var/tmp, /mnt/home chmod --reference=/tmp /mnt/tmp chmod --reference=/var/tmp /mnt/var/tmp #mount LABEL=BOOT /mnt/boot Not if no separate boot partition #swapon LABEL=SWAP_PRIMARY Not if no disk swap section "Select the mirrors" If /etc/pacman.d/mirrorlist doesn't contain a list of optimized mirrors then do it manually: If no 'reflector' then: pacman -S reflector [if mirrorlist not working then enable 1 repos] reflector --country US --protocol https,http --score 20 --sort rate --save /etc/pacman.d/mirrorlist after section "Install the base packages" Copy your wireless config profile file from /etc/netctl to /mnt/etc/netctl OR Copy to under /mnt/etc/... /etc/systemd/network/X.network #/etc/resolv.conf (resolvconf.conf won't work yet) ? taken care of by prev? #/etc/resolvconf.conf ? taken care of by prev? ! Has /etc/resolvconf.conf been replaced with /etc/systemd/resolved.conf ? section "Fstab" Use -L switch to genfstab. Notice the double >> in the command. section "Locale" Enable only "en_US.UTF-8 UTF-8" in /etc/locale.gen section "Network configuration" WIRELESS: pacman --noconfirm -S iw wpa_supplicant dialog ETH via systemd-networkd: Create file /etc/systemd/network/X.network, specifying device name, addr, gw, like: [Match] Name=ens192 [Network] LLMNR=no Address=192.168.101.206 Gateway=192.168.101.246 DNS=192.168.101.251 DNS=75.75.75.75 DNS=75.75.76.76 #Domains=admc.com,other.com Multiple like this Domains=admc.com,other.com Seems that systemd-resolved is required to honor the DNS setting here. [Add additional nameservers to "/etc/resolvconf.conf". /etc/resolv* not even used with systemd-resolved!!!] systemctl enable systemd-networkd systemctl enable systemd-resolved systemctl enable systemd-timesyncd Disable LLMNR LLMNR is an unnecessary security risk. Disable: In all systemd/*.network files in [Network] section: LLMNR=no (because default is LLMNR=yes) In /etc/systemd/resolved.conf LLMNR=no (because default is LLMNR=yes) When using LLMNR you'll see listeners on ports 53 and 5355 ("ss -nlt"). section "Boot loader" pacman --noconfirm -S grub Pixel-specific: Need to replace to "GRUB_GFXMODE=1280x850x16" in /etc/default/grub And replace to: GRUB_CMDLINE_LINUX_DEFAULT="modprobe.blacklist=ehci_pci video=800x600" Before running "grub-mkconfig comment out in /etc/default/grub the line: GRUB_CMDLINE_LINUX_DEFAULT="quiet" grub-install --target=i386-pc /dev/sdx grub-mkconfig -o /boot/grub/grub.cfg AFTER Installation Guide [I guess only if you need to add disks, etc.: VMware only: Instead of rebooting, shut down the VM with: exec shutdown -h now Actions > Guest OS > Host device ] Repeat the hwclock step because somebody says it had no effect in chroot. For wireless: After restart need to start up wireless with: netctl list (to see /etc/netctl/* profiles) netctl start pacman --noconfirm -S intel-ucode <=== NOT YET! Stop tmpfs mounting: systemctl mask tmp.mount EC2-Only! I had to run "pacman -Syy" before pacman could install anything. pacman --noconfirm -S for below: [I don't know about NetworkManager or netctl (which I haven't been using lately) but systemd-networkd does not need dhcpcd for it to correctly work interfaces with DHCP. Running dhcpcd at same as systemd-networkd creates conflicting configs.] + Minimal (*= needed for ec2; #= needed for Uplink Labs EC2) btrfs-progs #*git sudo #*parted base-devel (needed to build yaourt* [and package-query]) [ec2 comes with gcc-multilib and other build tools which conflict with bd] [Uplink Labs has neither, but yaourt is obsolete and probably don't need PQ. Will learn soon enough if need to install something for makepkg to succeed] *Set up my USER account with wheel sudo access *Pull package-query and yay* AS NON-ROOT from git and build them according to https://archlinux.fr/yaourt-en* ! DEFER last built until late on. Hangs here! RUN yaourt* as NON-ROOT USER * yaourt is DEPRECATED!!! Use yay docs and usage suck for aurutils and rua. # below means to install to ec2. + Non-X aws-cli # Is this now provided with image? diffutils #freerdp #jq #bc *svn [try to use just git on new servers] openssh #*traceroute rsync #bind [*bind-tools (now must install full "bind"! Ug) smartmontools [don't need for virtualized disk space] #*zip #*unzip #p7zip #*pkgfile #cronie #[*genius (unfortunately contains gnome-genius and has X dependencies, now not available???) Just usr binary /usr/local/bin/genius! # gnu-netcat #*by yaourt: *nuttcp #lsof [vim for non-graphical] open-vm-tools (if VMware VM) hdparm [sdparam if SCSI] [maybe don't need for virtualized disk] OPTIONAL *ffmpeg *mp3wrap *gpac *imagemagick #*jdk11-openjdk (message about "gtk2" suggested dependency) #hunspell-en_us (or aspell-en if don't need spelling in non-text docs) #exim #npm ?pacman-contrib (to get script 'rankmirrors' and 'paclist') #s-nail #man-db #man-pages #whois #mlocate #AUR: powershell Very long-running install fails with 51 test failures as of 2024-01-28 #AUR: speed-test Runtime not working in mid/late 2023 #dmidecode #screen #nfs-utils for NFS client #inetutils #expac #sysstat #expect (this gives mkpasswd which we prefer to genpasswd) #AUR: aws-cli-v2-bin AUR: downgrade AUR: git-htmldocs AUR: zerofree *xfsprogs (if need XFS file system) *ntfs-3g (if need to mount NTFS) [depending on purpose: nodejs npm groovy [depending how/where installing, may get the 1st two] VMware only: systemctl enable vmtoolsd IF GRAPHICAL THEN ALSO: vmware-vmblock-fuse.service cat /proc/version > /etc/arch-release +Graphics [Updated per 2023 article https://itsfoss.com/install-kde-arch-linux/: ] Install packages/groups: xorg plasma plasma-wayland-session kde-applications Enable things: systemctl enable sddm.service [ Obsoleted: Install: xorg-server xf86-video-intel mesa mesa-demos sddm xorg-xclock ("mesa" will install mesa-libgl too). I installed xorg-xinit but I think unnecessary (See sddm page to have KDE wallet unlock automatically) Default target is graphical.target (~ runlevel 5), so test sddm and KDE with: systemctl start sddm enable autostart by enabling the service with: systemctl enable sddm Install: plasma-meta (do plasma group instead if want to try to exclude some crap) kde-meta-kdebase kdegraphics-okular kruler ] +X: xclip alsa-utils gvim vlc gimp audacity inkscape dia xterm brave ?graphical only: icedtea-web icedtea-web-doc? youtube-dl freerdp enable crontab by enabling the service with: systemctl enable cronie OpenSSH config ONLY FOR X-capable host: /etc/ssh/ssh_config host * X11Forwarding yes /etc/ssh/sshd_config X11Forwarding yes PermitRootLogin no /etc/ssh/sshadmind.config (after put in place) (Just a copy of sshd_config with Port 722, PidFile /run/sshadmind.pid, AllowUsers root) #X11Forwarding yes DISABLE this line if non-graphical server PermitRootLogin prohibit-password Copy over and load ~/code-templates/archLinux/sshadmind.service to /etc/systemd/system/ systemctl enable sshd # Though sshd.socket service was more efficient, it has a vulnerability systemctl enable sshadmind After reboot, run last build step for yaourt. KDE Setup Konsole setup Add to Panel Default profile: font +2 Settings: Show tabs when necessary, no menubar by default KDE Start > System Settings Panel setup Add seconds, date, holidays to time widget (RMB when in setup mode) Add logoff/lock widget Disable mouse gestures from fucking with windows Disable touchpad when mouse detected Set res to 1280x850 Pick a nicer splash screen Kill baloo!!!! Voracious file indexer that kills system periodically. Edit "~/.config/baloofilerc". Insert at top: [Basic Settings] Indexing-Enabled=false Music + tuxguitar timidity Set default runlevel if not graphical: systemctl set-default [-f] multi-user.target|graphical.target Copy in ADMC groups and /sbin/nologin accounts. Check with grpck, pwck. Sound Use scripts at ~beyla:pixel/bin/ Mousepad Execute ~beyla:pixel/setup/touchpad/enable-atmel.sh X Execute ~beyla:pixel/setup/xorg/xaccel.sh So far I don't care about screen or keyboard brightness USB Xonar U3 USB setup. It creates "card 1" as reported by "aplay -l" Vidcam, microphone, audio: Use vlc capture to test. Install vendor-specific graphics driver. Update all packages: pacman -Syu pacman -Fy pkgfile -u TODO: Try infinality-bundle meta package to see if graphics improves from https://gist.github.com/bendavis78/827089ff8f2a8d8975ee#recommendations Flash the RW_LEGACY according to https://johnlewis.ie/custom-chromebook-firmware/rom-download/ Shouldn't need to mess with write protection screw since have already set the legacy slot as default. See pixel.txt re. building kernel for Pixel If have more than one sound card, may need to assign the one you want used in /usr/share/alsa/alsa.conf according to https://wiki.archlinux.org/index.php/Advanced_Linux_Sound_Architecture Graphics Setup ATI xf86-video-amdgpu LATEST open source AMD Radeon + 3D: mesa (pulled in by prev). (lib32-mesa optional for 32-bit) + H/w accel: mesa-vdpau, lib32-mesa-vdpau (Optional proprietary driver AMDPU PRO on top of amdgpu) Tips: Can't use nomodeset or vga= params "since radeon requires KMS" Check radeon not disabled by kernel module blacklisting. xf86-video-ati ATI/Radeon open source driver + 3D: mesa (pulled in by prev). (lib32-mesa optional for 32-bit) + H/w accel: mesa-vdpau, lib32-mesa-vdpau Tips: Can't use nomodeset or vga= params "since radeon requires KMS" Check radeon not disabled by kernel module blacklisting. OR catalyst (AUR proprietary) Requires installation of an older Xorg! Card-specific driver then several *catalyst* packages. Intel xf86-video-intel NVIDIA # Installing my archLinux-svr image Only nic adapter type E1000 works with archLinux (despite archLinux docs). With archLinux-svr VM shut down, copy the VM directory to new directory of new VM name. Except files: *log, *.nvram Shell scriplet to rename all files to contain new VM name. Search and replace these files (others are empty or are not text): *.vmx *.vmxf *0.vmdk Replace name archLinux-min with new VM name AND update hex volume superdir in the same strings. Boot up passwd root Rename /etc/systemd/network/* to .network and update it. Update /etc/hostname and /etc/hosts Reboot and verify hostname correct and DNS working pacman --noconfirm -Syu systemctl start vmtoolsd After verify appears in ESXI console, same but 'enable' systemctl start sshd.socket After test, same but 'enable' systemctl start sshadmind After test, same but 'enable'https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingCert MAINTENANCE: Boot up archLinux-min and archLinux-svr periodically and refresh pacman pkgs. !! Add lsof to archLinux-svr !! Change nic type to E1000 Exim trust via certs https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingCert Private keys must be decryped and readable to Exim runner. Client host is not added to the relay client list because client cert trumps that. If allow local mail delivery (good thing for reading bounces), then copy file aliases into place at /etc/mail/aliases. GOTCHA! Be liberal with "cd /etc/ssl/certs && c_rehash" commands after making any certain validity changes. s-nail gotcha The only way I can get rid of friggin' warning when using unauthenticated smtp mat is to: set v15-compat=yes set smtp-auth=none Put mail routing commands in /etc/mail.rc since should be same for everybody. Put From setting into ~/.mailrc files. Wireless Card for my card with Realtek RTL 8812AU chipset, I just had to install linux-headers from core; and rtl8812au-dkms-git from AUR. Only bad limitation is there is no password saving. You must either specify on command line or be prompted. Horizon client: Do aur install of packages vmware-keymaps, vmware-horizon-client