• installing arch dot txt

  i am so sorry for this guide.

  [[https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/dumb-pic-2.jpeg]]

  this is an attempt at a comprehensive, start to finish, install guide for lenovo's 6th gen carbon x1. my model is the 20KG-0022US, which I bought from costco, and comes with an 8th gen intel i7, 16gb ram, and 512gb ssd. My instructions will thus have mentions of specific components from this laptops as they appear in the guide, but i will try to make it clear when such a case may not hold for others with respect to 6th gen x1 versions.

  my motivation for this was pretty straightforward: i am an idiot that takes notes. by the time i was like... 3/4ths through the whole process, i realized these notes could be of use to a lot of other idiots who make the horrible choice of pushing themselves through the hellscape of boot loader configurations. also, something about writing the docs you wish to see? idk, sounds fake. anywho -- hope this idiot can help other idiots figure out how to do something that turns out to be not so much "hard" as it is an extended and complex process for those unfamiliar with the terrain. cheers.

  i want to make a shoutout to specific sources for informing this guide. it's the result of mashing together and cross referencing the wiki with multiple guides where I would verify instructions and install strategies. Included in this list is [[https://www.youtube.com/channel/UCxQKHvKbmSzGMvUrVtJYnUA][LearnLinux.tv]], [[https://www.youtube.com/channel/UCNgMPxqWds9IYR_QFNPButw][Kai Hendry]], [[https://www.youtube.com/channel/UCNgMPxqWds9IYR_QFNPButw][Lucas Alvares Gomes]], [[https://ticki.github.io/blog/setting-up-archlinux-on-a-lenovo-yoga/][Ticki]], [[https://kozikow.com/2016/06/03/installing-and-configuring-arch-linux-on-thinkpad-x1-carbon/#Disable-secure-boot][Robert Kozikowski]], and [[https://delta-xi.net][Erik Sonnleitner]]. ya'll helped a homie get arch working on this kickass computer.

• toc :TOC:

• [[#installing-arch-dot-txt][1 installing arch dot txt]]
• [[#why-you-should-or-should-not-install-arch][2 why you should or should not install arch]]
• [[#disclaimer-sacrifices-incantations-dont-sue-me-etc][3 disclaimer (sacrifices, incantations, don't sue me, etc.)]]
• [[#live-usb][4 live usb]]
• [[#setting-up-to-install][5 setting up to install]]
  • [[#configure-our-mirrors-to-download-software-from][configure our mirrors to download software from]]
  • [[#configure-wifi-optional][configure wifi ("optional")]]
  • [[#debugging-advise][debugging advise:]]
• [[#freeze-partition-time][6 freeze: partition time!]]
  • [[#make-sure-we-have-uefi][make sure we have (U)EFI]]
  • [[#figure-out-where-our-main-drive-is][figure out where our main drive is]]
  • [[#partitioning-and-configuring][partitioning and configuring]]
• [[#encryption-and-mounting][7 encryption and mounting]]
  • [[#encryption-with-cryptsetup][encryption with cryptsetup]]
  • [[#generation-of-logical-volumes-within-our-lvm][generation of logical volumes within our LVM]]
  • [[#format-and-mount-our-logical-partitions][format and mount our logical partitions]]
• [[#installing-arch-and-setting-it-up-to-boot-and-run][8 installing arch and setting it up to boot and run]]
  • [[#install-arch-onto-mnt][install arch onto /mnt]]
  • [[#generate-our-fstab-file][generate our fstab file]]
  • [[#log-into-arch-and-installing-stuff][log into arch and installing stuff!]]
  • [[#modify-etcmkinitcpioconf-to-enable-encryption][modify /etc/mkinitcpio.conf to enable encryption]]
  • [[#setting-up-the-bootloader-itself][setting up the bootloader itself]]
  • [[#reboot-and-start-arch][reboot and start arch]]
• [[#drivers-wifi-sudo-user][9 drivers, wifi, sudo user]]
  • [[#utilities][utilities]]
  • [[#touchpad-xorg-and-graphics-drivers][touchpad, xorg, and graphics drivers]]
  • [[#configuring-sudo-adding-a-user-disabling-root][configuring sudo, adding a user, disabling root]]
• [[#loose-ends-desktop-stuff-etc][10 loose ends: desktop stuff, etc]]
  • [[#desktop-environment][desktop environment]]
  • [[#fonts][fonts]]
  • [[#emacs][emacs]]
  • [[#gpg-and-ssh][gpg and ssh]]
  • [[#aur-and-aurman][AUR and aurman]]
• [[#other-tweaks-and-lenovo-x1c6-stuff][11 other tweaks and lenovo x1c6 stuff]]
  • [[#cpu-throttling][cpu throttling]]
  • [[#bios-update][bios update]]
  • [[#trimming-ssd][trimming SSD]]
  • [[#hibernate-support][hibernate support]]
  • [[#suspend-support][suspend support]]

• why you should or should not install arch

  1. Pros
     • you can learn a small bit about how linux and operating systems work
     • very up to date software
     • access to things like AUR
     • run a very lightweight system that, outside of even more niche and esoteric operating systems, avoids bloat and waste
     • want something extremely sad and nerdy to """brag about""" (don't do this)
     • a great community that is insanely intelligent and welcoming
  2. Cons
     • my friend Chris Allen made a [[https://github.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/pull/3][PR deleting the entire guide]] and simply suggesting you Don't Install Arch
       • the man has a /solid/ point
     • it can take a lot of time to get going
       • this is assuming your hardware (non X1C6) is well supported or doesn't have some proprietary code that throws you into kernel h e l l
       • you could equally do something better with your time, like sleep, call your mom, or, idk, hangout with friends if you have those.
     • it has the most up to date packages, which translates to instability and things breaking more often
       • if you do software, this is actually something you often don't want outside of maybe what you work on the most.
     • a community with members known for [[https://github.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/pull/5][rote recitation of "just look at the wiki"]] and [[https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/user-testimonials.png][who like to discourage making things easily accessible]] for those who don't have all day to mess around on a computer

• disclaimer (sacrifices, incantations, don't sue me, etc.) since we are installing arch, there a a few precautions you'll want to take/keep in mind:

  1. if your shit gets destroyed, it is 1000% not my problem and not my fault lmao
  • that said, that's an extremely unlikely outcome, please don't let this liability bulletpoint scare you
  2. you may want to form a pentagram with some usb cords, placing a copy of the GNU GPLv3 license at its center, and playing some soft but slightly erotic ambient music so that we may pray to stallman that this goes smoothly

  [[https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/stallman-dot-png.jpg][st. ignucius, may he guide us]]

  3. put aside like 2-4 hours for this depending on how inexperienced you are
  • just keep this in mind and or be somewhere you can stop and leave your laptop plugged in on the chance you need to do something else

• live usb

  1. download the img from https://www.archlinux.org/download/
     • torrent is faster, also remember to seed
     • alternatively just dl the iso directly, slightly slower
  2. install
     • find your usb #+BEGIN_SRC sh lsblk #+END_SRC
       • it will probably be named sda or sdb, pay attention to the size of the drives upon output to be sure.
       • you are going to use the name of the drive itself, sdx, so do not include a number, such as sdx1 in the drive name for the command below
       • make sure it is unmounted with: #+BEGIN_SRC umount /dev/sdx # x = letter of your actual drive #+END_SRC
     • in term: #+BEGIN_SRC sh dd bs=4M if=/path/to/iso of=/path/to/usb status=progress oflag=sync #+END_SRC
     • example in my case: #+BEGIN_SRC sh dd bs=4M if=~/Downloads/archlinux-2018.07.01-x86_64.iso of=/dev/sda status=progress oflag=sync #+END_SRC
       • note: I did this on Ubuntu with Gnome, and it proved not possible to format it with the drive entirely unmounted because of how Nautillus handles mounting jump drives. Therefore, I actually did this with it mounted but had no problems so ¯_(ツ)/¯ linux ¯_(ツ)/¯ ymmv ¯_(ツ)_/¯
     • upon finishing, insert the usb into the x1
  3. disable safe boot
     • turn on laptop (or hard reset to ensure true "turn off"), press enter at lenovo boot screen
     • under Security, you will find the option. Disable it.
  4. (optional) enable Thunerbolt BIOS Assist Mode
     • this effects the process of enabling S3, which is something at the very end of this guide
       • if you are going to do that, it saves you a reboot (and it doesn't effect you really either way)
     • You will find the option under Config
  5. ensure your usb is first in boot order
     • under Startup, go to boot
     • using the - and + keys, make sure it is at the top of the list
       • I had to use Shift while pressing + for it to affect
     • press F10 to save our configs and exit.

  If everything went well, we will now boot into the arch iso.

• setting up to install you are going to need to be familiar with vim, nano, pico, emacs, idc, something, this is on you, fam.

** configure our mirrors to download software from - this is the difference between a 20kb/s and ~10mb/s download speed, at least in my case first time round - the mirror list is found in /etc/pacman.d/mirrorlist - the logic is simple: the earlier a mirror item appears in the list, the greater preference it is given for use as a source. - copy and paste a server that is close to you geographically and insert it at the top of the list. - server i chose for those in USA who are lazy: #+BEGIN_SRC sh Server = http://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch #+END_SRC - important refresh our mirrorlist #+BEGIN_SRC sh pacman -Syu #+END_SRC - we will now have (hopefully) fast downloads for our packages ** configure wifi ("optional") 1. x1 does not have a ether port, but adaptors exist - these adaptors supposedly work without issue but I don't have one, so I'm assuming you don't either - dilemma: we don't have fucking internet by default - solution: netctl 2. find the name of your wifi card device - I would assume x1's have the same name, but who knows: #+BEGIN_SRC sh ip link #+END_SRC - mine was wlp2s0, arch wiki suggests that anything that starts with a w is probably the wifi card 3. figure out the wifi point you are going to use. - I'm going to assume it is either of "simple" wpa or wpa-enterprise - the latter is at corporate or university settings if that helps - luckily netctl provides templates for both. copy the appropriate one and place it in the root of netctl as so: #+BEGIN_SRC sh # simple wpa, such as home routers cp /etc/netctl/examples/wireless-wpa /etc/netctl/

           # enterprise wpa
           cp /etc/netctl/examples/wireless-wpa-configsection /etc/netctl/<NAME-YOU-WANT-TO-GIVE-IT>
         #+END_SRC
       - ~wireless-wpa~ looks like this:
         #+BEGIN_SRC conf
           Description='A simple WPA encrypted wireless connection'
           Interface=wlan0
           Connection=wireless

           Security=wpa
           IP=dhcp

           ESSID='MyNetwork'
           # Prepend hexadecimal keys with \"
           # If your key starts with ", write it as '""<key>"'
           # See also: the section on special quoting rules in netctl.profile(5)
           Key='WirelessKey'
           # Uncomment this if your ssid is hidden
           #Hidden=yes
           # Set a priority for automatic profile selection
           #Priority=10
         #+END_SRC
       - ~wireless-wpa-configsection~ looks like this:
         #+BEGIN_SRC conf
           Description='A wireless connection using a custom network block configuration'
           Interface=wlan0
           Connection=wireless
           Security=wpa-configsection
           IP=dhcp
           WPAConfigSection=(
               'ssid="University"'
               'key_mgmt=WPA-EAP'
               'eap=TTLS'
               'group=TKIP'
               'pairwise=TKIP CCMP'
               'anonymous_identity="anonymous"'
               'identity="myusername"'
               'password="mypassword"'
               'priority=1'
               'phase2="auth=PAP"'
           )
         #+END_SRC
       - *in both cases*:
         - ~Interface~ takes the value of the wifi card device name we
           found earlier
         - ~Security~, ~Connection~, and ~IP~ remain untouched
         - Do what you will with ~Description~
       - For vanilla ~wireless-wpa~, the config explains itself:
         - ~ESSID~ is the name of your wifi access point
         - ~Key~ is the password
       - For ~wireless-wpa-configsection~, things can be trickier:
         - ~ssid~ is access point
         - ~key_mgmt~ should remain untouched in most cases
         - ~eap~ is entirely dependent on your case, for many (aka
           including me), it is ~PEAP~
         - ~pairwise~ is dependent on your situation (i did not need it)
         - ~anonymous_identity~ is dependent on your situation (i did not need it)
         - ~password~ is password
         - ~priority~ is dependent on your situation (i did not need it)
         - ~phase2~ is dependent on your situation (i did not need it)
         - if my list appears not very useful in terms of help and
           explanation, then you understand the very nature of who is
           writing it and i'm so sorry i'm trying
         - example ~wireless-wpa-configsection~ i actually used (with
           values obviously substituted in):
           #+BEGIN_SRC conf
             Description='lol'
             Interface=wlp2s0
             Connection=wireless
             Security=wpa-configsection
             IP=dhcp
             WPAConfigSection=(
                 'ssid="wutang"'
                 'key_mgmt=WPA-EAP'
                 'eap=PEAP'
                 'identity="ghostfacekillah"'
                 'password="suuuuuuuuuuuuu69"'
             )
           #+END_SRC
  4. save your config file, time to connect:
     #+BEGIN_SRC sh
       netctl start <NAME-OF-YOUR-WIFI-PROFILE>
     #+END_SRC
     - it should take like 3 seconds to connect
     - if nothing happens, it worked
     - check with a quick ~ping 8.8.8.8~, if packets are shooting out, you
       got internet.
       - otherwise, diagnose with ~journalctl -xe~ and use those arch wikis
         and forums! welcome to arch :) :) :) :)

** debugging advise: - i did not run into this during install time, but when i later tried to connect to wifi, a few different commands came in handy to debug my situation: 1. stop previous connection - can't have more than one netctl service going, so: #+BEGIN_SRC sh netctl stop #+END_SRC

       2. systemctl fuckery
          - systemctl sometimes gets in the way with its service/handling
            of netctl, stop it
            #+BEGIN_SRC sh
              systemctl stop [email protected]<PROFILE>.service
            #+END_SRC

       3. ip link may have your services as ~up~, put them as ~down~
          - ~netctl~ does not like it when your link is up before it runs,
            so turn it off:
            #+BEGIN_SRC sh
              ip link set <INTERFACE> down
            #+END_SRC

• freeze: partition time! that was a bad joke jesus christ forgive me ** make sure we have (U)EFI

  • i am doing all of this on the presumption we have EFI, maybe should have brought that up while we were in BIOS
  • use the following command to ensure we are in EFI mode: #+BEGIN_SRC sh ls /sys/firmware/efi/ #+END_SRC
    • if the directory exists, we are good ** figure out where our main drive is
  • find our drives with lsblk yet again
    • my x1 came with a PCIe ssd, yours may or may not and, more importantly, this influences its name as seen with lsblk (i think)
      • for the PCIe ssd, it will be called something like nvme0n1, with each partition appending a p1, p2, and so forth
      • for others, it may appear as the traditional sda, with a number appended for each partition as it did above for your usb stick.
      • will assume we are using nvme0n1 as our os drive hereon
    • my x1 came with windows installed and i assumed yours did, too.
      • i am going to kill windows with this install.
        • cannot have an optimally secure setup otherwise (or rather, I'm not going to put up with that much of a headache).
      • if you want to keep a dual boot setup, this is not the guide for you.
      • i am sorry to fail you like this, my kings and queens. f. ** partitioning and configuring
  1. we will now format our main drive with arch #+BEGIN_SRC gdisk /dev/nvme0n1 #+END_SRC
     • you will enter a prompt of sorts for gdisk
     • you should get some output about a valid GPT partition found alongside with a protected MBR partition. This is good.
  2. we will now wipe the disk.
     • this is permanent. stop now or forever hold your peace
     • I will be listing the commands in order and describe what they do as subpoints:
       • o
         • we are wiping the disk. answer y to continue.
       • n
         • command for making a new partition.
       • Enter
         • we want the default number for the partition, and this convention will hold throughout the rest of the guide.
       • Enter
         • we don't want to specify the starting vector for the partition, and this convention will hold throughout the rest of the guide.
       • +512MB
         • we want our first partition to be of size 512MB. This is to meet the specification for a EFI boot partition.
       • EF00
         • this is the hex code type to indicate we want the partition to be of EFI
         • partition 1 done
       • n
         • making another partition
       • Enter
       • Enter
       • Enter
         • the final partition is going to take the rest of our disk. If you do not want this, assign it something else like we did above.
       • 8E00
         • this is the linux LVM (logical volume manager) format, which we are going to need for our encryption scheme.
         • second partition done
         • we are now done making /physical/ partitions
       • w
         • we are going to write to disk
       • y
         • we just wrote to disk. goodbye everything else

• encryption and mounting ** encryption with cryptsetup - make sure to use our second partition - not our EFI partition #+BEGIN_SRC sh # in my case, this is... cryptsetup luksFormat /dev/nvme0n1p2 #+END_SRC - you will be prompted for a password, make it a good one - we do not specify the luks type, such as luks2, because it is incompatible with GRUB. We will not be using GRUB, but I do not want to screw myself (or you) out of that option. - for the love of god, do not forget this password - this process could take like 2 or 3 or 4 hours depending on your experience and the last thing you need to do is forget the fucking luks password. - what we have now is a Luks container, which we will be using to put our actual OS/data in, which makes handling encryption logic easier in the long run. ** generation of logical volumes within our LVM 1. open our encrypted container: - we need to name the container, I am choosing main_part for main partition, it really doesn't matter #+BEGIN_SRC sh cryptsetup open --type luks /dev/nvme0n1p2 main_part #+END_SRC - this should now be available at /dev/mapper/main_part 2. create a physical volume within our LVM partition: #+BEGIN_SRC sh pvcreate /dev/mapper/main_part #+END_SRC - this creates a "physical" volume inside of our luks container 3. create a volume group - we need to name this one, I'm choosing main_group to continue the theme - this will go on "top" of our physical container we just made, ergo why we create our group from it. #+BEGIN_SRC sh vgcreate main_group /dev/mapper/main_part #+END_SRC 4. generate our logical partitions within the luks container

     I am following the wiki piece for piece here, and what you ultimately
     make the size of your swap (if any), root, and home (if any) is
     completely your call. The numbers I use are pulled from thin air and
     because I have so much space to use with the ssd that came with my
     x1.
  
     Note that for each instance, we are taking our logical partition from
     the volume group we just created. *Be conscious of this*.
  
     1. create swap:
        #+BEGIN_SRC sh
          # 8 gb for swap
          lvcreate -L8G main_group -n swap
        #+END_SRC
     2. create root
        #+BEGIN_SRC sh
          # 64 gb for root
          lvcreate -L64G main_group -n root
        #+END_SRC
     3. create home
        #+BEGIN_SRC sh
          lvcreate -l 100%FREE main_group -n home
        #+END_SRC
        - we use a special trick to allocate all remaining memory in our
          ssd to home. it goes without saying that do not do this if you
          do not want to allocate all of it to home, etc.
  

** format and mount our logical partitions

  Note that our resultant logical volumes are named
  ~<VOLUME_GROUP_NAME>-<root|home|swap>~, so my home is
  ~/dev/mapper/main_group-home~ for example.

  1. root and home:
     #+BEGIN_SRC sh
       mkfs.ext4 /dev/mapper/main_group-root
       mkfs.ext4 /dev/mapper/main_group-home
     #+END_SRC

  2. swap:
     #+BEGIN_SRC 
       mkswap /dev/mapper/main_group-swap
     #+END_SRC

  3. mount our new volumes

     1. mount our new volumes
         
        The logic here is that ~/mnt/~ translates to ~/~ for our actual
        arch system once we install arch, so keep this in
        mind. ~/mnt/boot~ becomes ~/boot/~, ~/mnt/home/~ becomes home,
        etcetera. 
        #+BEGIN_SRC sh
          mount /dev/mapper/main_group-root /mnt/
          mkdir /mnt/home
          mount /dev/mapper/main_group-home /mnt/home
          swapon /dev/mapper/main_group-swap
        #+END_SRC

     2. mount our bootloader
         
        Remember the first partition we made (~nvme0n1p1~ in my case)? We
        now need to mount it as the boot loader:
        #+BEGIN_SRC sh
          mkdir /mnt/boot/
          mount /dev/nvme0n1p1 /mnt/boot
        #+END_SRC

• installing arch and setting it up to boot and run ** install arch onto /mnt #+BEGIN_SRC sh pacstrap /mnt/ base
  #+END_SRC

  • note, a popular additional option to include is base-devel, so install that as well if you see yourself needing to compile and link a lot of things, such as through AUR.
  • CONGRATS!
    • you have installed arch!
  • CONGRATS!
    • you are not even remotely close to done installing arch!
    • it won't even boot correctly as of now!
    • welcome to arch :~) ** generate our fstab file
  • this is important for boot loading purposes, not the last time you will deal with this. It holds information about partitions, can't say much more about this. #+BEGIN_SRC sh genfstab -p /mnt >> /mnt/etc/fstab #+END_SRC ** log into arch and installing stuff! #+BEGIN_SRC arch-chroot /mnt #+END_SRC

  we are now in the arch install and no longer "in" the live usb, fyi. let's get to work then:

  1. installing important packages

     • we have access to things, like wifi, that are not yet actually configured yet on the operating system, thus we should take advantage of this by installing some packages.
       • some of these are subjective, others are ones I have taken from people who know more about arch than I do

  2. for a fact will want to install all the packages in relation to wifi if you do not have an adapter like me. #+BEGIN_SRC sh pacman -S wpa_supplicant networkmanager network-manager-applet dialog #+END_SRC

  3. packages for intel microcode drivers, important

     • microcode is key to stability and patching issues with intel processors that is released as proprietary code. The linux kernal can do this directly for us.
     • need to modify /etc/pacman.conf
     • it will have two lines commented out regarding ~multilib, uncomment them as so: #+BEGIN_SRC conf [multilib] Include = /etc/pacman.d/mirrorlist #+END_SRC
     • now install intel microcode: #+BEGIN_SRC pacman -Sy intel-ucode #+END_SRC

  4. other packages others recommend: #+BEGIN_SRC sh pacman -S linux-headers linux-lts linux-lts-headers #+END_SRC

     • we are essentially installing another copy of the linux kernal for purposes of stability: if something goes wrong with an update of the kernal, you will have a backup kernal to get into.
     • additionally, we are installing the headers for both the current kernal and the lts kernal: these are useful for other packages that need to link/bind against them for development purposes, etc.

  5. we install another useful operating system: #+BEGIN_SRC sh pacman -S emacs #+END_SRC

     • .... or vim if that's your choice.... definitely more efficient memory wise
     • c.f. i will /die/ before i give up my elisp
     • you should probably also install tools like git ** modify /etc/mkinitcpio.conf to enable encryption

  6. there is a variable in here named HOOKS, which the file makes clear is important to the boot order of the operating system.

     • make yours look like this: #+BEGIN_SRC conf HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck) #+END_SRC
       • you will notice that we moved keyboard to after autodetect
       • added keymap to after keyboard
       • added encrypt and lvm2 after block and before filesystems
       • do not fuck this up

  7. regenerate our initramfs: #+BEGIN_SRC sh mkinitcpio -p linux #+END_SRC

     • we regenerate the image of the operating system here
     • it now takes into account the new boot items and order we have specified in the HOOKS variable

  8. if you installed the linux-lts kernal, you have to do it again for that as well #+BEGIN_SRC sh mkinitcpio -p linux-lts #+END_SRC

     • we are getting there, lads, hold on. for the promise land is close. ** setting up the bootloader itself I am using bootctl, not grub. Your call to make ultimately.

  9. create our loader with bootctl #+BEGIN_SRC bootctl --path=/boot/ install #+END_SRC

  10. create arch loader

      • modify the file /boot/loader/loader.conf to reflect the following: #+BEGIN_SRC conf default arch timeout 3 editor 0 #+END_SRC
        • default is the default entry to select when booting
        • timeout is the time before the entry is loaded at the boot menu
        • editor is whether to enable the the kernal parameters editor. This is import to disable for security purpose and is enabled by default, so make sure to disable as above

  11. create arch.conf

      1. you are going to need a variable value provided by the command blkid
         • you will either need to write it down by hand to copy with nano or use emacs or vim to evaluate it in buffer to copy
           • emacs has eshell, which you can use like the normal shell but copy and paste with
           • vim has the command :r !blkid which will read in the file directly
         • this variable is the UUID for /dev/nvme0n1p2 as given from blkid
           • /dev/nvme0n1p2 is the second physical partition we made at the very beginning. If yours is /dev/sda2 or similar, use that instead.
           • you will know it is the correct entry if the line also includes TYPE="crypto_LUKS" PARTLABEL="Linux LVM"
         • example: #+BEGIN_SRC conf /dev/nvme0n1p2: UUID="really-long-string-of-alphanumericals" TYPE="crypto_LUKS" PARTLABEL="Linux LVM" PARTUUID="another-long-string-of-alphanumericals" #+END_SRC
           • note: we want the value of UUID, NOT PARTUUID or anything else.
      2. with this value copied, create the file /boot/loader/entries/arch.conf: #+BEGIN_SRC conf title Arch Linux linux /vmlinuz-linux # not a typo initrd /intel-ucode.img # this must come before the entry immediately below initrd /initramfs-linux.img # what we made with mkinitcpio -p linux options cryptdevice=UUID=long-alphanumerica-string-WITHOUT-QUOTES:cryptlvm root=/dev/mapper/main_group-root quiet rw #+END_SRC
         • as i try to hint, make sure to remove the quotes around the UUID value as copied and pasted
         • note that we add a :cryptlvm to the end of that value
         • after a single space, we added the location of our root partition within the luks container, root=/dev/mapper/main_group-root/ in my case
         • finally, we add the options quiet rw ** reboot and start arch
  • From here, we can officially reboot into our install and it should work
    • 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉
    • 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉
  • execute exit then shutdown now
    • remove the usb once the laptop turns off
    • you should eventually see the boot screen which will automatically boot into arch after 2 seconds or so
  • enter your password for the encrypted partition when asked, then login as root and press enter for the password, seeing as we have yet to make one.

• drivers, wifi, sudo user

  .... we aren't done yet :~) 🎉🎉🎉 ** utilities

  1. wifi

     • i hope you installed those wifi packages i told you to install and or you have a lan connection
     • refollow the steps we did above for wifi to regain our connection

  2. reconfigure our mirror list

     • again, do as we did before with /etc/pacman.d/mirrorlist

  3. configure locale.gen and time

     1. enter /etc/locale.gen
        • we need to tell arch what our locale is by going to the line and uncommenting our respective locale
          • usa peeps will use the line en_US.UTF-8 UTF8
     2. run locale-gen
     3. run localectl set-locale LANG="en_US.UTF-8"
        • this is separate from step 2.
        • some applications need it because they won't respect the changes brought by step #2
     4. sync our clock with hwclock --systohc --utc

  4. change password for root with passwd

     • self explanatory, but know this is the password exclusively for root, not for your own user you'll make later who will have sudo user privileges.

  5. as of now, you will have to manually connect to wifi access points.

     • tools like wifi-menu help you find access points
     • it will also help you make a config for it. even if the initial connection attempt fails, preserve the config (it'll ask you) and go in to edit it. wifi-menu will then be able to use the corrected config the next time you try. ** touchpad, xorg, and graphics drivers I am choosing to not use wayland because while it is the future of linux desktop management, it is still not 100% ready for userland.

  6. touchpad install #+BEGIN_SRC sh pacman -S xf86-input-libinput #+END_SRC

  7. xorg #+BEGIN_SRC sh pacman -S xorg-server xorg-xinit xorg-apps mesa xterm #+END_SRC

     • we need xterm in addition to xorg if we want to have a minimally functional deskto a la twm windows manager that xorg default supports

  8. intel drivers

     • to my knowledge, we only have 32 bit drivers in case you are wondering why we are instaling 32 bit drivers /shrug #+BEGIN_SRC sh pacman -S xf86-video-intel lib32-intel-dri lib32-mesa lib32-libgl #+END_SRC
     • at this point, if you want, you can use a very primitive GUI via twm, which is the default tiling window manager of xorg. To do this, simply run startx. If it looks weird and ugly, it worked.
       • personally, i'm going to stay in the default tty shell. ** configuring sudo, adding a user, disabling root

  9. install sudo

     • i am not joking, arch does not come with sudo by default #+BEGIN_SRC sh pacman -S sudo #+END_SRC

  10. enable sudo for other users via visudo

      • it is bad to edit the sudoers file with a normal editor. visudo makes a temporary file and checks that any edits are syntactically correct before saving and affecting the changes.
      • we need to uncomment the following line: #+BEGIN_SRC shell

        Uncomment to allow members of group wheel to execute any command

        %wheel ALL=(ALL) ALL # <-- this line if its now clear enough, fam

      #+END_SRC

      • make sure to not uncomment the one after this one, they have somewhat similar contents but are not the same ofc
      • visudo uses vi by default. If you do not know how to use vi, simply execute the following to use nano instead: #+BEGIN_SRC sh EDITOR=nano visudo #+END_SRC

  11. creating new user

      • make your actual user account with the following, substituting your desired name: #+BEGIN_SRC sh useradd -m -G wheel -s /bin/bash #+END_SRC
      • give your new user a password #+BEGIN_SRC sh passwd #+END_SRC
      • reboot (or just exit, but I like being sure) your machine, and make sure you can login as your new user.
        • this is critical before we disable root
          • otherwise risk not being to log back in

  12. disable root login

      • you don't have to do this, but I think it is a good security practice to have
        • makes it much much harder to get into your machine by making adversaries guess the username itself in addition to
        • if you are enabling ssh, i believe this does not effect that, so make sure to disable root logins via ssh as well.
      • as your new user, simple execute: #+BEGIN_SRC sh sudo passwd -l root #+END_SRC
        • exit and retry to login as root, should no longer be able to
          • it'll show "login incorrect" errors even when using the correct password for root user

• loose ends: desktop stuff, etc ** desktop environment still not done :~)

  we will go for kde5 plasma for now because it is absolutely gorgeous, is not bloated, and is easy to get accustomed to. i may possibly add an addendum for a tiling wm like dwm if I can get it figured out.

  #+BEGIN_SRC sh pacman -S plasma-meta kde-applications # don't do the last if you don't want kde apps, i do, though. #+END_SRC

  • this might take a quick minute given the total DL is about ~3gb iirc

  now we need to enable it by creating a .xinitrc file in our home with the following content: #+BEGIN_SRC sh echo "exec startkde" >> .xinitrc #+END_SRC

  to use your beautiful new desktop, simply execute startx and KDE should now load. Nice!

  • whenever you reboot your laptop, you will need to execute startx to get your desktop. If you don't want the hassle, then put this in your .profile once you know your desktop starts as expected with startx: #+BEGIN_SRC sh if [[ ! $DISPLAY && $XDG_VTNR -eq 1 ]]; then exec startx fi #+END_SRC

    • more stuff on customizing xorg startup: https://wiki.archlinux.org/index.php/Xinit *** kde discover

  • KDE discover is the DE's app store. It won't work fully by default because of how arch handles its applications. You need to install the following for it to work as expected: #+BEGIN_SRC sh pacman -S packagekit-qt5 #+END_SRC

    • you may still get an error about parley.knsrc, from what I can tell and searching online, this is """harmless""". ** fonts fonts, and how they work, is actually one of the more confusing things i encountered during this journey

  • partitioning drives and encrypting them makes much more sense vs font configurations in retrospect

    • the following should help you get some very nice looking fonts on your computer along with full emoji support more or less
    • completely ripped from a reddit post [[https://www.reddit.com/r/archlinux/comments/5r5ep8/make_your_arch_fonts_beautiful_easily/][here]]

  • install the fonts

    #+BEGIN_SRC sh pacman -S ttf-dejavu ttf-liberation noto-fonts #+END_SRC

  • enable font presets

    #+BEGIN_SRC sh sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d #+END_SRC

  • create a file, /etc/fonts/local.conf with following:

    #+BEGIN_SRC html Noto Sans serif Noto Serif sans-serif Noto Sans monospace Noto Mono #+END_SRC

  • then go to Fonts (use KDE's search bar, accessible via the bottom left button on the desktop panel), and make sure the edits are reflected there, i.e. that you now have Noto Sans as your font for everything minus fixed width text, which should be Hack.

  • you can do more edits to tweak fonts to your liking here.

  • resetting the computer should make sure the edits take full effect across all apps, etc.

** emacs

1. ispell doesn't work by default because the required programs aren't installed. let's fix that: #+BEGIN_SRC sh pacman -S aspell-en # ispell didn't work for some reason, so we use its successor. #+END_SRC
2. emojis don't work by default, install and run emojify-mode
   • forgot that you need to install emojify (which I had) but also manually run it to actually display them (or enable them globally). ** gpg and ssh
3. ssh
   • don't yell at me i know that it's probably not the best thing that I do this, but in my personal defense it is only for personal projects and my own servers
   • say you have an ssh key you would like to use on your new install:
     1. first, install openssh
     2. execute the following: #+BEGIN_SRC sh mkdir ~/.ssh cp ~/.ssh/ cp ~/.ssh/.pub chmod 700 ~/.ssh chmod 600 ~/.ssh/ chmod 600 ~/.ssh/.pub #+END_SRC
4. gpg
   1. install gpg
      • should already be installed but yeah
   2. import the key: #+BEGIN_SRC sh gpg --import #+END_SRC ** AUR and aurman

• AUR is the Arch User Repository, and it holds a bunch of additional packages that pacman does not have (or customized in different ways, etc).
• aurman is a AUR Helper, a tool that helps to install packages hosted up on AUR
  • it is really good to look into how AUR works and how to do AUR installs on your own for the sake of being able to help yourself when something breaks, etc
• to install aurman:
  • first, we need to install the PGP key of the author: #+BEGIN_SRC sh curl -sSL https://github.com/polygamma.gpg | gpg --import - #+END_SRC
    • this simply downloads the author's key and imports it directly into your GPG keychain
  • now install aurman
    • it is common advise to make a specific directory where you can go download and install your AUR packages, so: #+BEGIN_SRC sh mkdir ~/aur_pkg cd aur_pkg git clone https://aur.archlinux.org/aurman.git cd aurmen/ makepkg -si # DO NOT USE SUDO HERE #+END_SRC
• to search for a package on AUR and install, it is just like with pacman: #+BEGIN_SRC sh aurman -Ss # search aurman -S # install #+END_SRC
  • pls go see how it works in its totality: https://github.com/polygamma/aurman
    • make sure to checkout the install scripts/configs you are using
    • some malware was recently discovered on AUR
    • this should not be surprising: bad people are everywhere and the arch community has been saying for years to make sure to check the code you use before compiling it on your system
    • not your mom, tho, help the CCP or NSA run botnets for all i care man
  • example, I use [[https://spideroak.com/one/][spideroak one]] as private, encrypted, and more trustworthy dropbox service, and there is a maintained AUR install for it: #+BEGIN_SRC sh aurman -S spideroak-one # ta-da #+END_SRC

• other tweaks and lenovo x1c6 stuff this stuff is mostly related to lenovo thinkpads, but the ssd trimming and hibernate support are applicable to anyone, and i'm sure figuring out how to flash a bios could be useful to others. ** cpu throttling
  • cpu throttling
    • so turns out there is some unfortunate fuckery with Lenovo thinkpad cpu's right now
      • artificially throttled while underload because of misaligned temp values
    • lets install a script that fixes this #+BEGIN_SRC sh aurman -S lenovo-throttling-fix-git sudo systemctl enable --now lenovo_fix.service #+END_SRC
      • usual warnings apply about this not being endorsed by lenovo, etc etc
      • lenovo i love you, please stop hurting us like this
      • please look at the script yourself, see the options you have: https://github.com/erpalma/lenovo-throttling-fix ** bios update Lenovo has released several bios updates since many x1c6 units shipped (at least my model for sure).
    • these updates have had several improvements that are honestly worth risking a manual bios update (including explicit s3 suspend support for linux).
    • recall that disclaimer I had at the beginning? this action, more than anything, requires it you are responsible for the result of updating your bios. i am not.
    • to update your bios:
      • first install the fwupd package which is a cross-vendor daemon that allows you to install firmware updates provided from your manufacturer directly from linux. #+BEGIN_SRC sh sudo pacman -S fwupd #+END_SRC
      • next we will refresh the update metadata and check for updates: #+BEGIN_SRC sh fwupdmgr refresh fwupdmgr get-updates #+END_SRC
      • lastly, lets do the update! verify from the above commands the you have updates that need to be applied. make sure your laptop is hooked up to power. #+BEGIN_SRC sh fwupdmgr update #+END_SRC

** trimming SSD

• not lenovo exclusive but /shrug/
  • "trimming" your ssd regularly improves its performance by allowing it to better know where it has memory free to use
• make sure you can do it with command lsblk --discard
  • non-zero values in the first and second column for your SSD means yes
• if so, now install utils-linux and enable the service for periodic trimming #+BEGIN_SRC sh pacman -S utils-linux systemctl enable fstrim.timer #+END_SRC
  • you can tweak the time interval this occurs, that's on you
• for those possibly wondering: we don't need to enable trimming in lvm's conf nor for dm-crypt with this method, which is both nice and more secure. That said, you could potentially get better performance doing these alterations as well, but I won't. ** hibernate support

1. we need to change our HOOKS in /etc/mkinitcpio.conf once more:
   • we are adding the resume argument between lvm2 and filesystems #+BEGIN_SRC conf HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 resume filesystems fsck) #+END_SRC
2. we need to regenerate our initramfs once again:
   • if you installed linux-lts, you need to do this for that as well. #+BEGIN_SRC sh mkinitcpio -p linux

     mkinitcpio -p linux-lts

     #+END_SRC
3. we now need to edit our arch.conf loader so it knows we have access to hibernation
   • tweaking the kernel parameters in options by adding resume=/dev/mapper/main_group-swap, or whatever the path is for your encrypted swap partition in /dev/mapper/ is.
   • example, near the end of the last line: #+BEGIN_SRC sh title Arch Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options cryptdevice=UUID=:cryptlvm root=/dev/mapper/main_group-root resume=/dev/mapper/main_group-swap quiet rw #+END_SRC ** suspend support The X1C6 is capable of supporting both s3 vs s0i3 sleep states.

• s3 - The s3 sleep state is where the CPU has no power. RAM maintains power, refreshes slowly. This is the traditional "suspend" state most people are familiar with.
• s0i3 - The s0i3 sleep state is a new standard being pushed by MCSFT that makes laptops behave more akin to phones. It allows devices to connect to wifi, update, refresh user data, etc.

This guide suggests enabling the S3 sleep state because the S0i3 sleep state is not well supported in Linux yet and it comes with higher power usage.

1. confirm that you don't have s3 currently enabled by executing: #+BEGIN_SRC sh dmesg | grep -i "acpi: (supports" #+END_SRC
2. update your bios as described above. You must be running bios >= v1.30 because the bios option is new.
3. reboot your machine and change Config -> Power -> Sleep State - Set to "Linux"
4. book back into linux and re-run the dmesg command again to ensure that S3 is now available.