Updated on 13 Dec 2020
Attention: this installation guide is just the detailed procedure that i followed to install ArchLinux on my HP Elitebook 8470p so it does not take into account problems on other machines
If you have already installed Arch please go to "ArchLinux Configuration" section below
First follow the ArchLinux Installation Guide until the disk partition section
I choose to use UEFI with GPT partition table.
Reason "You are using Arch. Why would you even consider legacy anything?"
This is my partition scheme
| Mount point | Partition type | Size |
|---|---|---|
| /mnt/boot | EFI system partition | 512M |
| [SWAP] | Linux swap | 6G (6GB RAM) |
| /mnt | Linux x86-64 root (/) | Remainder |
From now i suppose that the disk to partitionate is /dev/sda To make this partiotion scheme:
- Remove all the partitions with
fdiskorgdisk - Check with
fdisk -l /dev/sdaif your hard drive hasDisklabel type: gptif not convert it to GPT withsgdisk -g /dev/sda - Make the partitions with
gdisk
| Partition type | gdisk code |
|---|---|
| EFI system partition | ef00 |
| Linux swap | 8200 |
| Linux x86-64 root (/) | 8304 |
It's recommended to use FAT32 for the EFI System Partition
mkfs.ext4 /dev/sda3
mkfs.fat -F32 /dev/sda1
mkswap /dev/sda2mount /dev/sda3 /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
swapon /dev/sda2pacstrap /mnt base linux linux-firmwareI prefer to install other packages while chrooted.
Insted of using -U option i decided to use PARTUUID as source identifier since i choose GPT
genfstab -t PARTUUID /mnt >> /mnt/etc/fstabThen follow the system configuration section until the bootloader
While chrooted please make sure that you install those in order to have a usable system when rebooted. Especially net-tools,iw and iwd for the network and WiFi
pacman -S nano net-tools htop iw iwd zsh intel-ucode git reflector curlSince i had some problems with the HP UEFI firmware i decided to use GRUB as bootloader instead of use UEFI directly BUT i will remove GRUB as soon as possible
First check your firmware bitness
Please make sure that you have installed the microcode (intel-ucode or amd-ucode ) before installing GRUB
While chrooted follow the GRUB UEFI Installation:
pacman -S grub efibootmgr
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUBRemeber that if you firmware bitness is 32 you have to use
--target=i386-efi
I don't know if that applies to all HPs but it's worth to check
As described in HP Elitebook 840 G1 UEFI setup: "The problem is that HP hard coded the paths for the OS boot manager in their UEFI boot manager to \EFI\Microsoft\Boot\bootmgfw.efi to boot Microsoft Windows, regardless of how the UEFI NVRAM variables are changed"
With the HP Elitebook 8470p i experienced the same issue and followed the "Using the Customized Boot path option" section **but remember ** that your EFI path is \EFI\GRUB\grubx64.efi **not ** \EFI\grub\grubx64.efi
Then finally boot your ArchLinux
exit
umount -R /mnt
rebootchsh -s /bin/zshThe wired connection is not covered yet
If you installed the packages in the "Install some useful stuff" then:
systemctl enable systemd-networkd
systemctl enable systemd-resolver
systemctl enable iwd
systemctl start systemd-networkd
systemctl start systemd-resolver
systemctl start iwd
ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.confEdit /etc/iwd/main.conf with:
[General]
AddressRandomization=once
AddressRandomizationRange=nic
EnableNetworkConfiguration=true
[Network]
NameResolvingService=systemdThen run iwctl and connect to a wireless network
station wlan0 scan
station wlan0 get-networks
station wlan0 connect your_networkand then try to ping google.com. It should work.
First install sudo and allow the wheel group to run it
pacman -S sudo
EDITOR=nano visudoThen simply uncomment the %wheel ALL=(ALL) ALL line and add your user
useradd -m -G rfkill,uucp,wheel,tty,power,audio,users -s /bin/zsh your_fancy_username
passwd your_fancy_username
exitReferences: Sudo and Users and groups
Optional: if you want to speed-up the download you can run reflector:
sudo reflector --verbose --latest 30 --sort rate --save /etc/pacman.d/mirrorlistPlease install Oh My Zsh (check the link instructions)
Then to install all the packages:
cd ~
git clone https://github.com/iolk/dot-files.git
mv dot-files/* ./
mv dot-files/.* ./
rmdir dot-files
pacman -S --needed $(comm -12 <(pacman -Slq | sort) <(sort .pkg-list))You can check and modify the packages in the .pkg-list if you want
In order to syncronize my KeePass file between devices i use Google Drive. I decided to use RClone to mount my drive directory.
Simply run rclone configure and configure a remote (in this case a Google Drive remote) and then:
- Check the file
~/.config/systemd/user/keepassondrive.service(set proper dirs/remote) systemctl --user enable keepassondrive
That allows you to mount you remote directory as soon as the internet connection is established
nano ~/.config/redshift/redshift.confsystemctl enable tlp
systemctl enable acpidEnable font presets by creating symbolic links:
sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d
sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d
sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.dThe above will disable embedded bitmap for all fonts, enable sub-pixel RGB rendering, and enable the LCD filter which is designed to reduce colour fringing when subpixel rendering is used.
If you want to change your gtk/icon/cursor theme just install it and run lxappearance to set it
To install the cursor theme put the theme files in ~/.icons in this case you can see the Vimix-cursors folder
To install the theme download it and extract in /usr/share/themes/
Themes used in this configuration:
- GTK: Nordic Darker
- Icon: Papirus
- Cursor: Vimix
In the ~/.config/gtk-3.0/settings.ini you can change the gtk-application-prefer-dark-theme option
To start libvirt
~/.config/i3/scripts/libvirtd_start.shFor futher configurations: https://libvirt.org/auth.html https://jamielinux.com/docs/libvirt-networking-handbook/ https://www.redhat.com/archives/vfio-users/2015-November/msg00159.html
If virsh net-list --all shows no networks make a file default.xml: (ref.)
<network>
<name>default</name>
<uuid>9a05da11-e96b-47f3-8253-a3a482e445f5</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:0a:cd:21'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>then
sudo virsh net-define --file default.xml
sudo virsh net-start default
sudo virsh net-autostart --network defaultI set up some aliases in the .zshrc file so to start/stop the docker.service run dockerd start/stop:
Useful commands:
d rm $(d ps -aq)
d kill $(d ps -aq)
d rmi $(d images --filter "dangling=true" -q --no-trunc)sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-composesudo systemctl start mpd
sudo systemctl enable mpdFrom the ArchLinux Security page:
- Firewall
- VPN
- AppArmor
- Kernel lockdown mode
- Microcode
- Hardware vulnerabilities
- Password manager
- Do not use the root account for daily use
- Enforce a delay after a failed login attempt
- Lock out user after three failed login attempts
- Limit amount of processes
- Run Xorg rootless
- Kernel hardening
- DNSCrypt
- Wiki Pages
- Encription
- Customize all notifications
- Secure Boot
- Security (needs improvements)
- Music Player
- Maintenance (script/guide)
- Docker
- USB automount
- Kernel-based Virtualizzation
- PCI passthrough (Easy but you require an additional video card)
- List of application
- GTK, Icon and cursor theme
- My ArchLinux install guide
Currently evaluating Sway + Wayland