Arch Linux - Post-installation

Personal Arch Linux post-installation guide; this is part of my Linux installation guide.

WARNING: Put special attention when installing packages from the AUR. Carefully check the PKGBUILD, any .install files and any other files in the package for malicious or dangerous commands.

Privilege elevation

sudo

As the root user, open /etc/sudoers using visudo

$ EDITOR=vim visudo

and uncomment the line %wheel ALL=(ALL:ALL) ALL to allow members of the wheel group to run commands as other users.

Create unprivileged user

As the root user, create a non-privileged user user

$ useradd -U -u <uid> -m -k /dev/null user
$ passwd user

where <uid> is the user ID. Add user to the wheel group

$ usermod -aG wheel user

It will be assumed that the rest of this guide is done using an unprivileged user.

Mount options

In /etc/fstab, change relatime to noatime for the root and home filesystems.

Microcode

For AMD processors

$ sudo pacman -S amd-ucode

For Intel processors

$ sudo pacman -S intel-ucode

The boot loader must be configured to load either amd-ucode.img or intel-ucode.img as the first initrd. The section below shows how to configure rEFInd. (See the ArchWiki for other boot loaders.)

Kernel parameters

• Microcode: initrd=\amd-ucode.img or initrd=\intel-ucode.img.

• Specify that the root device is mounted as read-write instead of read-only (see this): rw.

• Silent boot: quiet loglevel=3 udev.log_priority=3.

The parameters above must be placed in the corresponding boot stanza in /boot/EFI/refind/refind.conf

/boot/EFI/refind/refind.conf

...
menuentry "Arch Linux" {
    volume    "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    loader    /vmlinuz-linux
    initrd    /initramfs-linux.img
    options   "cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:cryptroot root=/dev/mapper/cryptroot rw quiet loglevel=3 udev.log_priority=3 initrd=\intel-ucode.img"
}

Linux console

Make the desired console font persistent by setting FONT in /etc/vconsole.conf

/etc/vconsole.conf

FONT=<font>

Boot loader

rEFInd

Get rEFInd themes and copy the relevant files to the ESP

$ git clone https://github.com/bobafetthotmail/refind-theme-regular.git
$ git clone https://github.com/htower/refind-theme-regular-black.git
$ sudo mkdir -p /boot/EFI/refind/theme/icons
$ sudo cp refind-theme-regular/icons/256-96/* /boot/EFI/refind/theme/icons
$ sudo cp refind-theme-regular-black/icons/256-96/bg.png /boot/EFI/refind/theme/icons/bg_black.png
$ sudo cp refind-theme-regular-black/icons/256-96/selection-big.png /boot/EFI/refind/theme/icons/selection_black-big.png
$ sudo cp refind-theme-regular-black/icons/256-96/selection-small.png /boot/EFI/refind/theme/icons/selection_black-small.png

Comment out all configuration values in /boot/EFI/refind/refind.conf and include the file myconf.conf

/boot/EFI/refind/refind.conf

...
include myconf.conf
...

Create /boot/EFI/refind/myconf.conf with the following content

/boot/EFI/refind/myconf.conf

timeout 20
use_nvram false
hideui label,singleuser,hints
use_graphics_for linux,osx,windows
showtools shell,gdisk,memtest,mok_tool,apple_recovery,windows_recovery,about,hidden_tags,firmware,reboot,exit

icons_dir theme/icons
big_icon_size 128
small_icon_size 48
banner theme/icons/bg_black.png
selection_big theme/icons/selection_black-big.png
selection_small theme/icons/selection_black-small.png

Network configuration

NetworkManager

$ sudo systemctl unmask NetworkManager.service
$ sudo systemctl enable --now NetworkManager.service
$ sudo systemctl enable --now NetworkManager-dispatcher.service

Firewall

firewalld

$ sudo pacman -S firewalld
$ sudo systemctl unmask firewalld.service
$ sudo systemctl enable --now firewalld.service

NTP

chrony

$ sudo pacman -S chrony

Apply the following configuration in /etc/chrony.conf:

/etc/chrony.conf

...
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
...

systemd-timesyncd.service is in conflict with chronyd.service, so disable it first and then enable chronyd.service

$ sudo systemctl disable systemd-timesyncd.service
$ sudo systemctl enable chronyd.service

Install the dispatcher script

$ git clone https://aur.archlinux.org/networkmanager-dispatcher-chrony.git
$ cd networkmanager-dispatcher-chrony/
$ makepkg -si

Power management

TLP

$ sudo pacman -S ethtool smartmontools tlp tlp-rdw
$ sudo systemctl enable tlp.service

Mask systemd services to avoid conflicts with TLP's radio device switching options

$ sudo systemctl mask systemd-rfkill.service
$ sudo systemctl mask systemd-rfkill.socket

Configure TLP via /etc/tlp.d/01-myconf.conf

/etc/tlp.d/01-myconf.conf

TLP_DEFAULT_MODE=AC
DISK_DEVICES="<dev1> ... <devn>"
USB_BLACKLIST_PHONE=1
USB_AUTOSUSPEND_DISABLE_ON_SHUTDOWN=1
RESTORE_DEVICE_STATE_ON_STARTUP=1

Fonts

$ sudo pacman -S ttf-ibm-plex ttf-fira-mono ttf-font-awesome

X Window System

$ sudo pacman -S xorg-server xorg-xinit xorg-xrandr

Keyboard and touchpad configuration

Touchpad - Tap-to-click and correct scrolling

Add Option "Tapping" "On" and Option "NaturalScrolling" "Off" to the touchpad section in /etc/X11/xorg.conf.d/40-libinput.conf:

/etc/X11/xorg.conf.d/40-libinput.conf

Section "InputClass"
	Identifier "libinput touchpad catchall"
	MatchIsTouchpad "on"
	MatchDevicePath "/dev/input/event*"
	Driver "libinput"
	Option "Tapping" "On"
	Option "NaturalScrolling" "Off"
EndSection

If the file does not exist, copy 40-libinput.conf from /usr/share/X11/xorg.conf.d/.

Screen colour temperature

redshift

$ sudo pacman -S redshift

Monitor colour calibration

xcalib

$ sudo pacman -S xcalib

Sound

PipeWire

$ sudo pacman -S pipewire wireplumber pipewire-alsa pipewire-pulse pipewire-jack pavucontrol

Desktop notifications

dunst

$ sudo pacman -S libnotify dunst

Window manager

dwm

If not already installed, install the required dependencies

$ sudo pacman -S libx11 libxft libxinerama

Install my fork of dwm

$ git clone https://github.com/icanalesm/dwm.git
$ cd dwm
$ make
$ sudo make install

To execute dwm with startx, add exec dwm at the end of ~/.xinitrc.

Terminal emulator

st

Install my fork of st:

$ git clone https://github.com/icanalesm/st.git
$ cd st
$ make
$ sudo make install

Backlight control

brightctl

$ git clone https://github.com/icanalesm/brightctl.git
$ cd brightctl

Apply the desired configuration. Compile and install

$ make
$ sudo make install

Configure sudo to allow user user the execution of brightctl as root without a password. Open /etc/sudoers.d/usercmds using visudo

$ sudo EDITOR=vim visudo -f /etc/sudoers.d/usercmds

and add the following lines:

/etc/sudoers.d/usercmds

## brightctl commands
user <hostname>=NOPASSWD:/usr/local/bin/brightctl

where <hostname> is the machine's hostname.

Web browser

Firefox

$ sudo pacman -S firefox

PDF viewer

zathura

$ sudo pacman -S zathura zathura-pdf-mupdf zathura-ps zathura-djvu

Image viewer

feh

$ sudo pacman -S feh imagemagick