ejmg / An Idiots Guide To Installing Arch On A Lenovo Carbon X1 Gen 6
Projects that are alternatives of or similar to An Idiots Guide To Installing Arch On A Lenovo Carbon X1 Gen 6
-
installing arch dot txt
i am so sorry for this guide.
[[https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/dumb-pic-2.jpeg]]
this is an attempt at a comprehensive, start to finish, install guide for lenovo's 6th gen carbon x1. my model is the 20KG-0022US, which I bought from costco, and comes with an 8th gen intel i7, 16gb ram, and 512gb ssd. My instructions will thus have mentions of specific components from this laptops as they appear in the guide, but i will try to make it clear when such a case may not hold for others with respect to 6th gen x1 versions.
my motivation for this was pretty straightforward: i am an idiot that takes notes. by the time i was like... 3/4ths through the whole process, i realized these notes could be of use to a lot of other idiots who make the horrible choice of pushing themselves through the hellscape of boot loader configurations. also, something about writing the docs you wish to see? idk, sounds fake. anywho -- hope this idiot can help other idiots figure out how to do something that turns out to be not so much "hard" as it is an extended and complex process for those unfamiliar with the terrain. cheers.
i want to make a shoutout to specific sources for informing this guide. it's the result of mashing together and cross referencing the wiki with multiple guides where I would verify instructions and install strategies. Included in this list is [[https://www.youtube.com/channel/UCxQKHvKbmSzGMvUrVtJYnUA][LearnLinux.tv]], [[https://www.youtube.com/channel/UCNgMPxqWds9IYR_QFNPButw][Kai Hendry]], [[https://www.youtube.com/channel/UCNgMPxqWds9IYR_QFNPButw][Lucas Alvares Gomes]], [[https://ticki.github.io/blog/setting-up-archlinux-on-a-lenovo-yoga/][Ticki]], [[https://kozikow.com/2016/06/03/installing-and-configuring-arch-linux-on-thinkpad-x1-carbon/#Disable-secure-boot][Robert Kozikowski]], and [[https://delta-xi.net][Erik Sonnleitner]]. ya'll helped a homie get arch working on this kickass computer.
-
toc :TOC:
- [[#installing-arch-dot-txt][1 installing arch dot txt]]
- [[#why-you-should-or-should-not-install-arch][2 why you should or should not install arch]]
- [[#disclaimer-sacrifices-incantations-dont-sue-me-etc][3 disclaimer (sacrifices, incantations, don't sue me, etc.)]]
- [[#live-usb][4 live usb]]
- [[#setting-up-to-install][5 setting up to install]]
- [[#configure-our-mirrors-to-download-software-from][configure our mirrors to download software from]]
- [[#configure-wifi-optional][configure wifi ("optional")]]
- [[#debugging-advise][debugging advise:]]
- [[#freeze-partition-time][6 freeze: partition time!]]
- [[#make-sure-we-have-uefi][make sure we have (U)EFI]]
- [[#figure-out-where-our-main-drive-is][figure out where our main drive is]]
- [[#partitioning-and-configuring][partitioning and configuring]]
- [[#encryption-and-mounting][7 encryption and mounting]]
- [[#encryption-with-cryptsetup][encryption with
cryptsetup]] - [[#generation-of-logical-volumes-within-our-lvm][generation of logical volumes within our LVM]]
- [[#format-and-mount-our-logical-partitions][format and mount our logical partitions]]
- [[#encryption-with-cryptsetup][encryption with
- [[#installing-arch-and-setting-it-up-to-boot-and-run][8 installing arch and setting it up to boot and run]]
- [[#install-arch-onto-mnt][install arch onto
/mnt]] - [[#generate-our-fstab-file][generate our fstab file]]
- [[#log-into-arch-and-installing-stuff][log into arch and installing stuff!]]
- [[#modify-etcmkinitcpioconf-to-enable-encryption][modify
/etc/mkinitcpio.confto enable encryption]] - [[#setting-up-the-bootloader-itself][setting up the bootloader itself]]
- [[#reboot-and-start-arch][reboot and start arch]]
- [[#install-arch-onto-mnt][install arch onto
- [[#drivers-wifi-sudo-user][9 drivers, wifi, sudo user]]
- [[#utilities][utilities]]
- [[#touchpad-xorg-and-graphics-drivers][touchpad, xorg, and graphics drivers]]
- [[#configuring-sudo-adding-a-user-disabling-root][configuring sudo, adding a user, disabling root]]
- [[#loose-ends-desktop-stuff-etc][10 loose ends: desktop stuff, etc]]
- [[#desktop-environment][desktop environment]]
- [[#fonts][fonts]]
- [[#emacs][emacs]]
- [[#gpg-and-ssh][gpg and ssh]]
- [[#aur-and-aurman][AUR and aurman]]
- [[#other-tweaks-and-lenovo-x1c6-stuff][11 other tweaks and lenovo x1c6 stuff]]
- [[#cpu-throttling][cpu throttling]]
- [[#bios-update][bios update]]
- [[#trimming-ssd][trimming SSD]]
- [[#hibernate-support][hibernate support]]
- [[#suspend-support][suspend support]]
-
why you should or should not install arch
- Pros
- you can learn a small bit about how linux and operating systems work
- very up to date software
- access to things like AUR
- run a very lightweight system that, outside of even more niche and esoteric operating systems, avoids bloat and waste
- want something extremely sad and nerdy to """brag about""" (don't do this)
- a great community that is insanely intelligent and welcoming
- Cons
- my friend Chris Allen made a [[https://github.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/pull/3][PR deleting the entire guide]] and
simply suggesting you Don't Install Arch
- the man has a /solid/ point
- it can take a lot of time to get going
- this is assuming your hardware (non X1C6) is well supported or doesn't have some proprietary code that throws you into kernel h e l l
- you could equally do something better with your time, like sleep, call your mom, or, idk, hangout with friends if you have those.
- it has the most up to date packages, which translates to instability
and things breaking more often
- if you do software, this is actually something you often don't want outside of maybe what you work on the most.
- a community with members known for [[https://github.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/pull/5][rote recitation of "just look at the wiki"]] and [[https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/user-testimonials.png][who like to discourage making things easily accessible]] for those who don't have all day to mess around on a computer
- my friend Chris Allen made a [[https://github.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/pull/3][PR deleting the entire guide]] and
simply suggesting you Don't Install Arch
- Pros
-
disclaimer (sacrifices, incantations, don't sue me, etc.) since we are installing arch, there a a few precautions you'll want to take/keep in mind:
- if your shit gets destroyed, it is 1000% not my problem and not my fault lmao
- that said, that's an extremely unlikely outcome, please don't let this liability bulletpoint scare you
- you may want to form a pentagram with some usb cords, placing a copy of the GNU GPLv3 license at its center, and playing some soft but slightly erotic ambient music so that we may pray to stallman that this goes smoothly
[[https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/stallman-dot-png.jpg][st. ignucius, may he guide us]]
- put aside like 2-4 hours for this depending on how inexperienced you are
- just keep this in mind and or be somewhere you can stop and leave your laptop plugged in on the chance you need to do something else
-
live usb
- download the img from https://www.archlinux.org/download/
- torrent is faster, also remember to seed
- alternatively just dl the iso directly, slightly slower
- install
- find your usb
#+BEGIN_SRC sh
lsblk
#+END_SRC
- it will probably be named
sdaorsdb, pay attention to the size of the drives upon output to be sure. - you are going to use the name of the drive itself,
sdx, so do not include a number, such assdx1in the drive name for the command below - make sure it is unmounted with: #+BEGIN_SRC umount /dev/sdx # x = letter of your actual drive #+END_SRC
- it will probably be named
- in term: #+BEGIN_SRC sh dd bs=4M if=/path/to/iso of=/path/to/usb status=progress oflag=sync #+END_SRC
- example in my case:
#+BEGIN_SRC sh
dd bs=4M if=~/Downloads/archlinux-2018.07.01-x86_64.iso of=/dev/sda status=progress oflag=sync
#+END_SRC
- note: I did this on Ubuntu with Gnome, and it proved not possible to format it with the drive entirely unmounted because of how Nautillus handles mounting jump drives. Therefore, I actually did this with it mounted but had no problems so ¯_(ツ)/¯ linux ¯_(ツ)/¯ ymmv ¯_(ツ)_/¯
- upon finishing, insert the usb into the x1
- find your usb
#+BEGIN_SRC sh
lsblk
#+END_SRC
- disable safe boot
- turn on laptop (or hard reset to ensure true "turn off"), press enter at lenovo boot screen
- under Security, you will find the option. Disable it.
- (optional) enable Thunerbolt BIOS Assist Mode
- this effects the process of enabling S3, which is something at the very
end of this guide
- if you are going to do that, it saves you a reboot (and it doesn't effect you really either way)
- You will find the option under Config
- this effects the process of enabling S3, which is something at the very
end of this guide
- ensure your usb is first in boot order
- under Startup, go to boot
- using the
-and+keys, make sure it is at the top of the list- I had to use
Shiftwhile pressing+for it to affect
- I had to use
- press
F10to save our configs and exit.
If everything went well, we will now boot into the arch iso.
- download the img from https://www.archlinux.org/download/
-
setting up to install you are going to need to be familiar with vim, nano, pico, emacs, idc, something, this is on you, fam.
** configure our mirrors to download software from
- this is the difference between a 20kb/s and ~10mb/s download speed, at
least in my case first time round
- the mirror list is found in /etc/pacman.d/mirrorlist
- the logic is simple: the earlier a mirror item appears in the list,
the greater preference it is given for use as a source.
- copy and paste a server that is close to you geographically and insert
it at the top of the list.
- server i chose for those in USA who are lazy:
#+BEGIN_SRC sh
Server = http://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch
#+END_SRC
- important refresh our mirrorlist
#+BEGIN_SRC sh
pacman -Syu
#+END_SRC
- we will now have (hopefully) fast downloads for our packages
** configure wifi ("optional")
1. x1 does not have a ether port, but adaptors exist
- these adaptors supposedly work without issue but I don't have one,
so I'm assuming you don't either
- dilemma: we don't have fucking internet by default
- solution: netctl
2. find the name of your wifi card device
- I would assume x1's have the same name, but who knows:
#+BEGIN_SRC sh
ip link
#+END_SRC
- mine was wlp2s0, arch wiki suggests that anything that starts with
a w is probably the wifi card
3. figure out the wifi point you are going to use.
- I'm going to assume it is either of "simple" wpa or wpa-enterprise
- the latter is at corporate or university settings if that helps
- luckily netctl provides templates for both. copy the appropriate
one and place it in the root of netctl as so:
#+BEGIN_SRC sh
# simple wpa, such as home routers
cp /etc/netctl/examples/wireless-wpa /etc/netctl/
# enterprise wpa
cp /etc/netctl/examples/wireless-wpa-configsection /etc/netctl/<NAME-YOU-WANT-TO-GIVE-IT>
#+END_SRC
- ~wireless-wpa~ looks like this:
#+BEGIN_SRC conf
Description='A simple WPA encrypted wireless connection'
Interface=wlan0
Connection=wireless
Security=wpa
IP=dhcp
ESSID='MyNetwork'
# Prepend hexadecimal keys with \"
# If your key starts with ", write it as '""<key>"'
# See also: the section on special quoting rules in netctl.profile(5)
Key='WirelessKey'
# Uncomment this if your ssid is hidden
#Hidden=yes
# Set a priority for automatic profile selection
#Priority=10
#+END_SRC
- ~wireless-wpa-configsection~ looks like this:
#+BEGIN_SRC conf
Description='A wireless connection using a custom network block configuration'
Interface=wlan0
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
'ssid="University"'
'key_mgmt=WPA-EAP'
'eap=TTLS'
'group=TKIP'
'pairwise=TKIP CCMP'
'anonymous_identity="anonymous"'
'identity="myusername"'
'password="mypassword"'
'priority=1'
'phase2="auth=PAP"'
)
#+END_SRC
- *in both cases*:
- ~Interface~ takes the value of the wifi card device name we
found earlier
- ~Security~, ~Connection~, and ~IP~ remain untouched
- Do what you will with ~Description~
- For vanilla ~wireless-wpa~, the config explains itself:
- ~ESSID~ is the name of your wifi access point
- ~Key~ is the password
- For ~wireless-wpa-configsection~, things can be trickier:
- ~ssid~ is access point
- ~key_mgmt~ should remain untouched in most cases
- ~eap~ is entirely dependent on your case, for many (aka
including me), it is ~PEAP~
- ~pairwise~ is dependent on your situation (i did not need it)
- ~anonymous_identity~ is dependent on your situation (i did not need it)
- ~password~ is password
- ~priority~ is dependent on your situation (i did not need it)
- ~phase2~ is dependent on your situation (i did not need it)
- if my list appears not very useful in terms of help and
explanation, then you understand the very nature of who is
writing it and i'm so sorry i'm trying
- example ~wireless-wpa-configsection~ i actually used (with
values obviously substituted in):
#+BEGIN_SRC conf
Description='lol'
Interface=wlp2s0
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
'ssid="wutang"'
'key_mgmt=WPA-EAP'
'eap=PEAP'
'identity="ghostfacekillah"'
'password="suuuuuuuuuuuuu69"'
)
#+END_SRC
4. save your config file, time to connect:
#+BEGIN_SRC sh
netctl start <NAME-OF-YOUR-WIFI-PROFILE>
#+END_SRC
- it should take like 3 seconds to connect
- if nothing happens, it worked
- check with a quick ~ping 8.8.8.8~, if packets are shooting out, you
got internet.
- otherwise, diagnose with ~journalctl -xe~ and use those arch wikis
and forums! welcome to arch :) :) :) :)
** debugging advise:
- i did not run into this during install time, but when i later
tried to connect to wifi, a few different commands came in handy
to debug my situation:
1. stop previous connection
- can't have more than one netctl service going, so:
#+BEGIN_SRC sh
netctl stop
#+END_SRC
2. systemctl fuckery
- systemctl sometimes gets in the way with its service/handling
of netctl, stop it
#+BEGIN_SRC sh
systemctl stop [email protected]<PROFILE>.service
#+END_SRC
3. ip link may have your services as ~up~, put them as ~down~
- ~netctl~ does not like it when your link is up before it runs,
so turn it off:
#+BEGIN_SRC sh
ip link set <INTERFACE> down
#+END_SRC
-
freeze: partition time! that was a bad joke jesus christ forgive me ** make sure we have (U)EFI
- i am doing all of this on the presumption we have EFI, maybe should have brought that up while we were in BIOS
- use the following command to ensure we are in EFI mode:
#+BEGIN_SRC sh
ls /sys/firmware/efi/
#+END_SRC
- if the directory exists, we are good ** figure out where our main drive is
- find our drives with
lsblkyet again- my x1 came with a PCIe ssd, yours may or may not and, more
importantly, this influences its name as seen with
lsblk(i think)- for the PCIe ssd, it will be called something like
nvme0n1, with each partition appending ap1,p2, and so forth - for others, it may appear as the traditional
sda, with a number appended for each partition as it did above for your usb stick. - will assume we are using
nvme0n1as our os drive hereon
- for the PCIe ssd, it will be called something like
- my x1 came with windows installed and i assumed yours did, too.
- i am going to kill windows with this install.
- cannot have an optimally secure setup otherwise (or rather, I'm not going to put up with that much of a headache).
- if you want to keep a dual boot setup, this is not the guide for you.
- i am sorry to fail you like this, my kings and queens. f. ** partitioning and configuring
- i am going to kill windows with this install.
- my x1 came with a PCIe ssd, yours may or may not and, more
importantly, this influences its name as seen with
- we will now format our main drive with arch
#+BEGIN_SRC
gdisk /dev/nvme0n1
#+END_SRC
- you will enter a prompt of sorts for gdisk
- you should get some output about a valid GPT partition found alongside with a protected MBR partition. This is good.
- we will now wipe the disk.
- this is permanent. stop now or forever hold your peace
- I will be listing the commands in order and describe what they do
as subpoints:
-
o- we are wiping the disk. answer
yto continue.
- we are wiping the disk. answer
-
n- command for making a new partition.
-
Enter- we want the default number for the partition, and this convention will hold throughout the rest of the guide.
-
Enter- we don't want to specify the starting vector for the partition, and this convention will hold throughout the rest of the guide.
-
+512MB- we want our first partition to be of size 512MB. This is to meet the specification for a EFI boot partition.
-
EF00- this is the hex code type to indicate we want the partition to be of EFI
- partition 1 done
-
n- making another partition
EnterEnter-
Enter- the final partition is going to take the rest of our disk. If you do not want this, assign it something else like we did above.
-
8E00- this is the linux LVM (logical volume manager) format, which we are going to need for our encryption scheme.
- second partition done
- we are now done making /physical/ partitions
-
w- we are going to write to disk
-
y- we just wrote to disk. goodbye everything else
-
-
encryption and mounting ** encryption with
cryptsetup- make sure to use our second partition - not our EFI partition #+BEGIN_SRC sh # in my case, this is... cryptsetup luksFormat /dev/nvme0n1p2 #+END_SRC - you will be prompted for a password, make it a good one - we do not specify the luks type, such asluks2, because it is incompatible with GRUB. We will not be using GRUB, but I do not want to screw myself (or you) out of that option. - for the love of god, do not forget this password - this process could take like 2 or 3 or 4 hours depending on your experience and the last thing you need to do is forget the fucking luks password. - what we have now is a Luks container, which we will be using to put our actual OS/data in, which makes handling encryption logic easier in the long run. ** generation of logical volumes within our LVM 1. open our encrypted container: - we need to name the container, I am choosingmain_partfor main partition, it really doesn't matter #+BEGIN_SRC sh cryptsetup open --type luks /dev/nvme0n1p2 main_part #+END_SRC - this should now be available at/dev/mapper/main_part2. create a physical volume within our LVM partition: #+BEGIN_SRC sh pvcreate /dev/mapper/main_part #+END_SRC - this creates a "physical" volume inside of our luks container 3. create a volume group - we need to name this one, I'm choosingmain_groupto continue the theme - this will go on "top" of our physical container we just made, ergo why we create our group from it. #+BEGIN_SRC sh vgcreate main_group /dev/mapper/main_part #+END_SRC 4. generate our logical partitions within the luks containerI am following the wiki piece for piece here, and what you ultimately make the size of your swap (if any), root, and home (if any) is completely your call. The numbers I use are pulled from thin air and because I have so much space to use with the ssd that came with my x1. Note that for each instance, we are taking our logical partition from the volume group we just created. *Be conscious of this*. 1. create swap: #+BEGIN_SRC sh # 8 gb for swap lvcreate -L8G main_group -n swap #+END_SRC 2. create root #+BEGIN_SRC sh # 64 gb for root lvcreate -L64G main_group -n root #+END_SRC 3. create home #+BEGIN_SRC sh lvcreate -l 100%FREE main_group -n home #+END_SRC - we use a special trick to allocate all remaining memory in our ssd to home. it goes without saying that do not do this if you do not want to allocate all of it to home, etc.
** format and mount our logical partitions
Note that our resultant logical volumes are named
~<VOLUME_GROUP_NAME>-<root|home|swap>~, so my home is
~/dev/mapper/main_group-home~ for example.
1. root and home:
#+BEGIN_SRC sh
mkfs.ext4 /dev/mapper/main_group-root
mkfs.ext4 /dev/mapper/main_group-home
#+END_SRC
2. swap:
#+BEGIN_SRC
mkswap /dev/mapper/main_group-swap
#+END_SRC
3. mount our new volumes
1. mount our new volumes
The logic here is that ~/mnt/~ translates to ~/~ for our actual
arch system once we install arch, so keep this in
mind. ~/mnt/boot~ becomes ~/boot/~, ~/mnt/home/~ becomes home,
etcetera.
#+BEGIN_SRC sh
mount /dev/mapper/main_group-root /mnt/
mkdir /mnt/home
mount /dev/mapper/main_group-home /mnt/home
swapon /dev/mapper/main_group-swap
#+END_SRC
2. mount our bootloader
Remember the first partition we made (~nvme0n1p1~ in my case)? We
now need to mount it as the boot loader:
#+BEGIN_SRC sh
mkdir /mnt/boot/
mount /dev/nvme0n1p1 /mnt/boot
#+END_SRC
-
installing arch and setting it up to boot and run ** install arch onto
/mnt#+BEGIN_SRC sh pacstrap /mnt/ base
#+END_SRC- note, a popular additional option to include is
base-devel, so install that as well if you see yourself needing to compile and link a lot of things, such as through AUR. -
CONGRATS!
- you have installed arch!
-
CONGRATS!
- you are not even remotely close to done installing arch!
- it won't even boot correctly as of now!
- welcome to arch :~) ** generate our fstab file
- this is important for boot loading purposes, not the last time you will deal with this. It holds information about partitions, can't say much more about this. #+BEGIN_SRC sh genfstab -p /mnt >> /mnt/etc/fstab #+END_SRC ** log into arch and installing stuff! #+BEGIN_SRC arch-chroot /mnt #+END_SRC
we are now in the arch install and no longer "in" the live usb, fyi. let's get to work then:
-
installing important packages
- we have access to things, like wifi, that are not yet actually
configured yet on the operating system, thus we should take advantage
of this by installing some packages.
- some of these are subjective, others are ones I have taken from people who know more about arch than I do
- we have access to things, like wifi, that are not yet actually
configured yet on the operating system, thus we should take advantage
of this by installing some packages.
-
for a fact will want to install all the packages in relation to wifi if you do not have an adapter like me. #+BEGIN_SRC sh pacman -S wpa_supplicant networkmanager network-manager-applet dialog #+END_SRC
-
packages for intel microcode drivers, important
- microcode is key to stability and patching issues with intel processors that is released as proprietary code. The linux kernal can do this directly for us.
- need to modify
/etc/pacman.conf - it will have two lines commented out regarding ~multilib, uncomment them as so: #+BEGIN_SRC conf [multilib] Include = /etc/pacman.d/mirrorlist #+END_SRC
- now install intel microcode: #+BEGIN_SRC pacman -Sy intel-ucode #+END_SRC
-
other packages others recommend: #+BEGIN_SRC sh pacman -S linux-headers linux-lts linux-lts-headers #+END_SRC
- we are essentially installing another copy of the linux kernal for purposes of stability: if something goes wrong with an update of the kernal, you will have a backup kernal to get into.
- additionally, we are installing the headers for both the current kernal and the lts kernal: these are useful for other packages that need to link/bind against them for development purposes, etc.
-
we install another useful operating system: #+BEGIN_SRC sh pacman -S emacs #+END_SRC
- .... or vim if that's your choice.... definitely more efficient memory wise
- c.f. i will /die/ before i give up my elisp
- you should probably also install tools like
git** modify/etc/mkinitcpio.confto enable encryption
-
there is a variable in here named
HOOKS, which the file makes clear is important to the boot order of the operating system.- make yours look like this:
#+BEGIN_SRC conf
HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck)
#+END_SRC
- you will notice that we moved
keyboardto afterautodetect -
added
keymapto afterkeyboard -
added
encryptandlvm2afterblockand beforefilesystems - do not fuck this up
- you will notice that we moved
- make yours look like this:
#+BEGIN_SRC conf
HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck)
#+END_SRC
-
regenerate our
initramfs: #+BEGIN_SRC sh mkinitcpio -p linux #+END_SRC- we regenerate the image of the operating system here
- it now takes into account the new boot items and order we have
specified in the
HOOKSvariable
-
if you installed the
linux-ltskernal, you have to do it again for that as well #+BEGIN_SRC sh mkinitcpio -p linux-lts #+END_SRC- we are getting there, lads, hold on. for the promise land is close. ** setting up the bootloader itself I am using bootctl, not grub. Your call to make ultimately.
-
create our loader with bootctl #+BEGIN_SRC bootctl --path=/boot/ install #+END_SRC
-
create arch loader
- modify the file
/boot/loader/loader.confto reflect the following: #+BEGIN_SRC conf default arch timeout 3 editor 0 #+END_SRC-
defaultis the default entry to select when booting -
timeoutis the time before the entry is loaded at the boot menu -
editoris whether to enable the the kernal parameters editor. This is import to disable for security purpose and is enabled by default, so make sure to disable as above
-
- modify the file
-
create arch.conf
- you are going to need a variable value provided by the command
blkid- you will either need to write it down by hand to copy with nano
or use
emacsorvimto evaluate it in buffer to copy- emacs has
eshell, which you can use like the normal shell but copy and paste with - vim has the command
:r !blkidwhich will read in the file directly
- emacs has
- this variable is the
UUIDfor/dev/nvme0n1p2as given fromblkid-
/dev/nvme0n1p2is the second physical partition we made at the very beginning. If yours is/dev/sda2or similar, use that instead. - you will know it is the correct entry if the line also includes
TYPE="crypto_LUKS" PARTLABEL="Linux LVM"
-
- example:
#+BEGIN_SRC conf
/dev/nvme0n1p2: UUID="really-long-string-of-alphanumericals" TYPE="crypto_LUKS" PARTLABEL="Linux LVM" PARTUUID="another-long-string-of-alphanumericals"
#+END_SRC
- note: we want the value of
UUID, NOTPARTUUIDor anything else.
- note: we want the value of
- you will either need to write it down by hand to copy with nano
or use
- with this value copied, create the file
/boot/loader/entries/arch.conf: #+BEGIN_SRC conf title Arch Linux linux /vmlinuz-linux # not a typo initrd /intel-ucode.img # this must come before the entry immediately below initrd /initramfs-linux.img # what we made with mkinitcpio -p linux options cryptdevice=UUID=long-alphanumerica-string-WITHOUT-QUOTES:cryptlvm root=/dev/mapper/main_group-root quiet rw #+END_SRC- as i try to hint, make sure to remove the quotes around the UUID value as copied and pasted
- note that we add a
:cryptlvmto the end of that value - after a single space, we added the location of our root
partition within the luks container,
root=/dev/mapper/main_group-root/in my case - finally, we add the options
quiet rw** reboot and start arch
- you are going to need a variable value provided by the command
- From here, we can officially reboot into our install and it should work
- 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉
- 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉
- execute
exitthenshutdown now- remove the usb once the laptop turns off
- you should eventually see the boot screen which will automatically boot into arch after 2 seconds or so
- enter your password for the encrypted partition when asked, then login
as
rootand press enter for the password, seeing as we have yet to make one.
- note, a popular additional option to include is
-
drivers, wifi, sudo user
.... we aren't done yet :~) 🎉🎉🎉 ** utilities
-
wifi
- i hope you installed those wifi packages i told you to install and or you have a lan connection
- refollow the steps we did above for wifi to regain our connection
-
reconfigure our mirror list
- again, do as we did before with
/etc/pacman.d/mirrorlist
- again, do as we did before with
-
configure locale.gen and time
- enter
/etc/locale.gen- we need to tell arch what our locale is by going to the line and
uncommenting our respective locale
- usa peeps will use the line
en_US.UTF-8 UTF8
- usa peeps will use the line
- we need to tell arch what our locale is by going to the line and
uncommenting our respective locale
- run
locale-gen - run
localectl set-locale LANG="en_US.UTF-8"- this is separate from step 2.
- some applications need it because they won't respect the changes brought by step #2
- sync our clock with
hwclock --systohc --utc
- enter
-
change password for root with
passwd- self explanatory, but know this is the password exclusively for
root, not for your own user you'll make later who will have sudo user privileges.
- self explanatory, but know this is the password exclusively for
-
as of now, you will have to manually connect to wifi access points.
- tools like
wifi-menuhelp you find access points - it will also help you make a config for it. even if the initial
connection attempt fails, preserve the config (it'll ask you) and go
in to edit it.
wifi-menuwill then be able to use the corrected config the next time you try. ** touchpad, xorg, and graphics drivers I am choosing to not use wayland because while it is the future of linux desktop management, it is still not 100% ready for userland.
- tools like
-
touchpad install #+BEGIN_SRC sh pacman -S xf86-input-libinput #+END_SRC
-
xorg #+BEGIN_SRC sh pacman -S xorg-server xorg-xinit xorg-apps mesa xterm #+END_SRC
- we need xterm in addition to xorg if we want to have a minimally
functional deskto a la
twmwindows manager that xorg default supports
- we need xterm in addition to xorg if we want to have a minimally
functional deskto a la
-
intel drivers
- to my knowledge, we only have 32 bit drivers in case you are wondering why we are instaling 32 bit drivers /shrug #+BEGIN_SRC sh pacman -S xf86-video-intel lib32-intel-dri lib32-mesa lib32-libgl #+END_SRC
- at this point, if you want, you can use a very primitive GUI via
twm, which is the default tiling window manager of xorg. To do this, simply runstartx. If it looks weird and ugly, it worked.- personally, i'm going to stay in the default tty shell. ** configuring sudo, adding a user, disabling root
-
install
sudo- i am not joking, arch does not come with
sudoby default #+BEGIN_SRC sh pacman -S sudo #+END_SRC
- i am not joking, arch does not come with
-
enable sudo for other users via
visudo- it is bad to edit the sudoers file with a normal editor.
visudomakes a temporary file and checks that any edits are syntactically correct before saving and affecting the changes. - we need to uncomment the following line:
#+BEGIN_SRC shell
#+END_SRC
- make sure to not uncomment the one after this one, they have somewhat similar contents but are not the same ofc
- visudo uses vi by default. If you do not know how to use vi, simply execute the following to use nano instead: #+BEGIN_SRC sh EDITOR=nano visudo #+END_SRC
- it is bad to edit the sudoers file with a normal editor.
-
creating new user
- make your actual user account with the following, substituting your desired name: #+BEGIN_SRC sh useradd -m -G wheel -s /bin/bash #+END_SRC
- give your new user a password #+BEGIN_SRC sh passwd #+END_SRC
- reboot (or just exit, but I like being sure) your machine, and
make sure you can login as your new user.
-
this is critical before we disable root
- otherwise risk not being to log back in
-
this is critical before we disable root
-
disable root login
- you don't have to do this, but I think it is a good security
practice to have
- makes it much much harder to get into your machine by making adversaries guess the username itself in addition to
- if you are enabling ssh, i believe this does not effect that, so make sure to disable root logins via ssh as well.
- as your new user, simple execute:
#+BEGIN_SRC sh
sudo passwd -l root
#+END_SRC
- exit and retry to login as root, should no longer be able to
- it'll show "login incorrect" errors even when using the correct password for root user
- exit and retry to login as root, should no longer be able to
- you don't have to do this, but I think it is a good security
practice to have
-
-
loose ends: desktop stuff, etc ** desktop environment still not done :~)
we will go for kde5 plasma for now because it is absolutely gorgeous, is not bloated, and is easy to get accustomed to. i may possibly add an addendum for a tiling wm like dwm if I can get it figured out.
#+BEGIN_SRC sh pacman -S plasma-meta kde-applications # don't do the last if you don't want kde apps, i do, though. #+END_SRC
- this might take a quick minute given the total DL is about ~3gb iirc
now we need to enable it by creating a
.xinitrcfile in our home with the following content: #+BEGIN_SRC sh echo "exec startkde" >> .xinitrc #+END_SRCto use your beautiful new desktop, simply execute
startxand KDE should now load. Nice!-
whenever you reboot your laptop, you will need to execute
startxto get your desktop. If you don't want the hassle, then put this in your.profileonce you know your desktop starts as expected withstartx: #+BEGIN_SRC sh if [[ ! $DISPLAY && $XDG_VTNR -eq 1 ]]; then exec startx fi #+END_SRC- more stuff on customizing xorg startup: https://wiki.archlinux.org/index.php/Xinit *** kde discover
-
KDE discover is the DE's app store. It won't work fully by default because of how arch handles its applications. You need to install the following for it to work as expected: #+BEGIN_SRC sh pacman -S packagekit-qt5 #+END_SRC
- you may still get an error about
parley.knsrc, from what I can tell and searching online, this is """harmless""". ** fonts fonts, and how they work, is actually one of the more confusing things i encountered during this journey
- you may still get an error about
-
partitioning drives and encrypting them makes much more sense vs font configurations in retrospect
- the following should help you get some very nice looking fonts on your computer along with full emoji support more or less
- completely ripped from a reddit post [[https://www.reddit.com/r/archlinux/comments/5r5ep8/make_your_arch_fonts_beautiful_easily/][here]]
-
install the fonts
#+BEGIN_SRC sh pacman -S ttf-dejavu ttf-liberation noto-fonts #+END_SRC
-
enable font presets
#+BEGIN_SRC sh sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d #+END_SRC
-
create a file,
/etc/fonts/local.confwith following:#+BEGIN_SRC html Noto Sans serif Noto Serif sans-serif Noto Sans monospace Noto Mono #+END_SRC
-
then go to Fonts (use KDE's search bar, accessible via the bottom left button on the desktop panel), and make sure the edits are reflected there, i.e. that you now have Noto Sans as your font for everything minus fixed width text, which should be Hack.
-
you can do more edits to tweak fonts to your liking here.
-
resetting the computer should make sure the edits take full effect across all apps, etc.
** emacs
- ispell doesn't work by default because the required programs aren't installed. let's fix that: #+BEGIN_SRC sh pacman -S aspell-en # ispell didn't work for some reason, so we use its successor. #+END_SRC
- emojis don't work by default, install and run
emojify-mode- forgot that you need to install
emojify(which I had) but also manually run it to actually display them (or enable them globally). ** gpg and ssh
- forgot that you need to install
- ssh
- don't yell at me i know that it's probably not the best thing that I do this, but in my personal defense it is only for personal projects and my own servers
- say you have an ssh key you would like to use on your new install:
- first, install
openssh - execute the following: #+BEGIN_SRC sh mkdir ~/.ssh cp ~/.ssh/ cp ~/.ssh/.pub chmod 700 ~/.ssh chmod 600 ~/.ssh/ chmod 600 ~/.ssh/.pub #+END_SRC
- first, install
- gpg
- install gpg
- should already be installed but yeah
- import the key: #+BEGIN_SRC sh gpg --import #+END_SRC ** AUR and aurman
- install gpg
- AUR is the Arch User Repository, and it holds a bunch of additional packages that pacman does not have (or customized in different ways, etc).
-
aurmanis a AUR Helper, a tool that helps to install packages hosted up on AUR- it is really good to look into how AUR works and how to do AUR installs on your own for the sake of being able to help yourself when something breaks, etc
- to install
aurman:- first, we need to install the PGP key of the author:
#+BEGIN_SRC sh
curl -sSL https://github.com/polygamma.gpg | gpg --import -
#+END_SRC
- this simply downloads the author's key and imports it directly into your GPG keychain
- now install
aurman- it is common advise to make a specific directory where you can go download and install your AUR packages, so: #+BEGIN_SRC sh mkdir ~/aur_pkg cd aur_pkg git clone https://aur.archlinux.org/aurman.git cd aurmen/ makepkg -si # DO NOT USE SUDO HERE #+END_SRC
- first, we need to install the PGP key of the author:
#+BEGIN_SRC sh
curl -sSL https://github.com/polygamma.gpg | gpg --import -
#+END_SRC
- to search for a package on AUR and install, it is just like with pacman:
#+BEGIN_SRC sh
aurman -Ss # search
aurman -S # install
#+END_SRC
- pls go see how it works in its totality: https://github.com/polygamma/aurman
- make sure to checkout the install scripts/configs you are using
- some malware was recently discovered on AUR
- this should not be surprising: bad people are everywhere and the arch community has been saying for years to make sure to check the code you use before compiling it on your system
- not your mom, tho, help the CCP or NSA run botnets for all i care man
- example, I use [[https://spideroak.com/one/][spideroak one]] as private, encrypted, and more trustworthy dropbox service, and there is a maintained AUR install for it: #+BEGIN_SRC sh aurman -S spideroak-one # ta-da #+END_SRC
- pls go see how it works in its totality: https://github.com/polygamma/aurman
- other tweaks and lenovo x1c6 stuff
this stuff is mostly related to lenovo thinkpads, but the ssd trimming and
hibernate support are applicable to anyone, and i'm sure figuring out how to
flash a bios could be useful to others.
** cpu throttling
- cpu throttling
- so turns out there is some unfortunate fuckery with Lenovo thinkpad
cpu's right now
- artificially throttled while underload because of misaligned temp values
- lets install a script that fixes this
#+BEGIN_SRC sh
aurman -S lenovo-throttling-fix-git
sudo systemctl enable --now lenovo_fix.service
#+END_SRC
- usual warnings apply about this not being endorsed by lenovo, etc etc
- lenovo i love you, please stop hurting us like this
- please look at the script yourself, see the options you have: https://github.com/erpalma/lenovo-throttling-fix ** bios update Lenovo has released several bios updates since many x1c6 units shipped (at least my model for sure).
- these updates have had several improvements that are honestly worth risking a manual bios update (including explicit s3 suspend support for linux).
- recall that disclaimer I had at the beginning? this action, more than anything, requires it you are responsible for the result of updating your bios. i am not.
- to update your bios:
- first install the
fwupdpackage which is a cross-vendor daemon that allows you to install firmware updates provided from your manufacturer directly from linux. #+BEGIN_SRC sh sudo pacman -S fwupd #+END_SRC - next we will refresh the update metadata and check for updates: #+BEGIN_SRC sh fwupdmgr refresh fwupdmgr get-updates #+END_SRC
- lastly, lets do the update! verify from the above commands the you have updates that need to be applied. make sure your laptop is hooked up to power. #+BEGIN_SRC sh fwupdmgr update #+END_SRC
- first install the
- so turns out there is some unfortunate fuckery with Lenovo thinkpad
cpu's right now
- cpu throttling
** trimming SSD
- not lenovo exclusive but /shrug/
- "trimming" your ssd regularly improves its performance by allowing it to better know where it has memory free to use
- make sure you can do it with command
lsblk --discard- non-zero values in the first and second column for your SSD means yes
- if so, now install
utils-linuxand enable the service for periodic trimming #+BEGIN_SRC sh pacman -S utils-linux systemctl enable fstrim.timer #+END_SRC- you can tweak the time interval this occurs, that's on you
- for those possibly wondering: we don't need to enable trimming in lvm's conf nor for dm-crypt with this method, which is both nice and more secure. That said, you could potentially get better performance doing these alterations as well, but I won't. ** hibernate support
- we need to change our HOOKS in
/etc/mkinitcpio.confonce more:- we are adding the
resumeargument between lvm2 and filesystems #+BEGIN_SRC conf HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 resume filesystems fsck) #+END_SRC
- we are adding the
- we need to regenerate our
initramfsonce again:- if you installed
linux-lts, you need to do this for that as well. #+BEGIN_SRC sh mkinitcpio -p linux
- if you installed
- we now need to edit our
arch.confloader so it knows we have access to hibernation- tweaking the kernel parameters in
optionsby addingresume=/dev/mapper/main_group-swap, or whatever the path is for your encrypted swap partition in/dev/mapper/is. - example, near the end of the last line: #+BEGIN_SRC sh title Arch Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options cryptdevice=UUID=:cryptlvm root=/dev/mapper/main_group-root resume=/dev/mapper/main_group-swap quiet rw #+END_SRC ** suspend support The X1C6 is capable of supporting both s3 vs s0i3 sleep states.
- tweaking the kernel parameters in
- s3 - The s3 sleep state is where the CPU has no power. RAM maintains power, refreshes slowly. This is the traditional "suspend" state most people are familiar with.
- s0i3 - The s0i3 sleep state is a new standard being pushed by MCSFT that makes laptops behave more akin to phones. It allows devices to connect to wifi, update, refresh user data, etc.
This guide suggests enabling the S3 sleep state because the S0i3 sleep state is not well supported in Linux yet and it comes with higher power usage.
- confirm that you don't have s3 currently enabled by executing: #+BEGIN_SRC sh dmesg | grep -i "acpi: (supports" #+END_SRC
- update your bios as described above. You must be running bios >= v1.30 because the bios option is new.
- reboot your machine and change
Config -> Power -> Sleep State - Set to "Linux" - book back into linux and re-run the
dmesgcommand again to ensure that S3 is now available.