The rather unusual, opinionated and commented ArchLinux installation

First of all, this tutorial doesn't prevent you from following the ArchWiki - Installation guide, it is not standalone.

Pre-installation#

First basic steps#

For those first steps, I think you are a big boy enough to do them alone.

So you can download the ArchLinux iso, verify its signature, boot the live environment, set the keyboard layout, verify the boot mode, connect to the internet, update the system clock. If you're not confident with those steps check the ArchWiki.

Partition the disks#

Identify the block device associated to disks with lsblk or fdisk -l.

Now we will use dm-crypt to encrypt an entire system with LVM on LUKS on only one disk.

UEFI is enabled, so I will use a GPT partition type and an EFI system partition (ESP).

So we will have two partitions: one ESP and one partition that will host the LUKS container.

# fdisk /dev/sda
g # create GUID Partition Table (GPT)
n # create a new partition (EFI system partition)
1 # partition number
2048 # 1st sector
+550M # last sector
t # change partition type
1 # EFI system
n # create a new partition (LVM for later LUKS encrypted container)
2 # partition number
<ENTER> # default 1st sector
<ENTER> # default last sector
t # change partition type
2 # select partiton 2
30 or 31 depending on your architecture # partition type: Linux LVM
p # print the partition table
w # write table to disk and exit

Secure erase#

Don't forget to check the drive preparation.

LUKS container#

Lot of people will use the default values of cryptsetup but for a more secure setup I used camellia for ciphering rather than the NIST validated (understand NSA compliant) AES algorithm, the much stronger and newer password-based key derivation function argon2 rather than the default pbkdf2, and the SHA-2 sha512 instead of the default sha256 because SHA-3 keccak or finalist blake2 are not available here.

cryptsetup benchmark won't show you those and sometimes even /proc/crypto will not show you camellia for example (even if it is available).

Create the LUKS encrypted container:

cryptsetup luksFormat --type luks2 --cipher camellia-xts-plain64 --key-size 512 --iter-time 2000 --pbkdf argon2id --hash sha512 /dev/sda2

If you don't fear the NSA or just want to comply to your corporate policy use those settings than can be more than 10 times faster thanks to the embedded TPM enabling to use AES-NI (AES instruction set).

cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 256 --pbkdf argon2id --hash sha512 /dev/sda2

Open the LUKS container:

cryptsetup open /dev/sda2 cryptlvm

The decrypted container is now available at /dev/mapper/cryptlvm.

Preparing the logical volumes#

Create a physical volume on top of the opened LUKS container:

pvcreate /dev/mapper/cryptlvm

Create a volume group, adding the previously created physical volume to it:

vgcreate myvg /dev/mapper/cryptlvm

Create all your logical volumes on the volume group:

lvcreate -L 8G myvg -n swap
lvcreate -l 100%FREE myvg -n root

Format your filesystems on each logical volume:

mkfs.fat -F32 /dev/sda1
mkfs.ext4 /dev/myvg/root # or /dev/mapper/myvg-root
mkswap /dev/myvg/swap # or /dev/mapper/myvg-swap

Mount your filesystems:

mount /dev/myvg/root /mnt
swapon /dev/myvg/swap
mkdir /mnt/boot/ && mkdir /mnt/efi
mount /dev/sda1 /mnt/efi # mount ESP to /efi outside /boot

Check the partition table: lsblk -f /dev/sda.

Installation#

Select the mirrors#

Again, here it let you select the mirrors.

Install the base packages#

Install the base + some useful packages:

pacstrap /mnt base linux-firmware linux linux-lts linux-zen base-devel sudo wget curl lvm2 neovim

Note: neovim is the Vim's future text editor, the command called nvim will allow to edit files from the chrooted environment.

Fstab#

Generate an fstab file by UUID:

genfstab -U /mnt >> /mnt/etc/fstab

Check /mnt/etc/fstab correctness and add /efi/EFI/arch /boot none defaults,bind 0 0 to mount the EFI mountpoint at boot since we mounted ESP outside of /boot.

So you should have something similar to:

# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>

# /dev/mapper/myvg-root
UUID=b1566d2d-96db-4efb-8098-06cbdc2ba17d	/         	ext4      	rw,relatime	0 1

# /dev/sda1
UUID=3203-97C0      	/efi      	vfat      	rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro	0 2

# /dev/mapper/myvg-swap
UUID=e0729c70-df94-44c9-849a-1f1cfedc5db8	none      	swap      	defaults,pri=-2	0 0

/efi/EFI/arch	/boot	none	defaults,bind	0 0

Chroot#

Change root into the new system:

arch-chroot /mnt

Time zone#

Set the time zone:

ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime

Run hwclock to generate /etc/adjtime:

hwclock --systohc

Localization#

Uncomment locales in /etc/locale.gen, and generate them with:

locale-gen

As I'm French, for me locales were:

en_GB.UTF-8 UTF-8
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8

Set variables in /etc/locale.conf, for example:

LC_ADDRESS=fr_FR.UTF-8
LC_COLLATE=fr_FR.UTF-8
LC_CTYPE=fr_FR.UTF-8
LC_IDENTIFICATION=fr_FR.UTF-8
LC_MONETARY=fr_FR.UTF-8
LC_MESSAGES=en_US.UTF-8
LC_MEASUREMENT=fr_FR.UTF-8
LC_NAME=fr_FR.UTF-8
LC_NUMERIC=fr_FR.UTF-8
LC_PAPER=fr_FR.UTF-8
LC_TELEPHONE=fr_FR.UTF-8
LC_TIME=fr_FR.UTF-8
LANG=fr_FR.UTF-8
LANGUAGE=fr_FR:fr:en_US:en_GB:en

Set the keyboard layout in /etc/vconsole.conf, for example (for AZERTY default keyboard):

KEYMAP=fr

Network configuration#

Create the hostname file (/etc/hostname):

archway

Add matching entries to /etc/hosts:

127.0.0.1 localhost
::1       localhost

Initramfs#

Configuring mkinitcpio HOOKS in /etc/mkinitcpio.conf to work with encrypt:

HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt lvm2 resume filesystems fsck)

Recreate the initramfs images:

mkinitcpio -P

Copy linux images to ESP:

mkdir -p /efi/EFI/arch
cp -a /boot/vmlinuz-* /efi/EFI/arch/
cp -a /boot/initramfs-* /efi/EFI/arch/

Root password#

Easy!

Change root password:

passwd

Boot loader + Microcode (rEFInd)#

I know what you're about to say:

WTF man! Why don't you use GRUB?

Because rEFInd works better for EFI partitions as the name states.

About Microcode:

For AMD processors, install the amd-ucode package. For Intel processors, install the intel-ucode package.

pacman -S refind amd-ucode intel-ucode
cp -a /boot/{amd,intel}-ucode.img /efi/EFI/arch/
refind-install

Warning: this won't work for VirtualBox, check the ArchWiki.

Then we need to edit /boot/refind_linux.conf:

"Boot with default options"  "cryptdevice=UUID=fcaa743b-9ad8-4699-9329-fbb9bec4de80:cryptlvm root=/dev/myvg/root rw add_efi_memmap initrd=\EFI\arch\initramfs-%v.img resume=/dev/myvg/swap"
"Boot with fallback initramfs"    "cryptdevice=UUID=fcaa743b-9ad8-4699-9329-fbb9bec4de80:cryptlvm root=/dev/myvg/root rw add_efi_memmap initrd=\EFI\arch\initramfs-%v-fallback.img resume=/dev/myvg/swap"
"Boot to terminal"   "cryptdevice=UUID=fcaa743b-9ad8-4699-9329-fbb9bec4de80:cryptlvm root=/dev/myvg/root rw add_efi_memmap systemd.unit=multi-user.target resume=/dev/myvg/swap"

Note: Use backslashes \ for initrd and forward slashes / for other attributes.

Note: The UUID value is the one of the device block where is the LUKS container. For example, you can display it with lsblk -f /dev/sda2 or retrieve it with lsblk -f /dev/sda2 | grep nvme | awk '{ print $4 }' >> /boot/refind_linux.conf.

Note: add pci=noaer to disable PCI Express Advanced Error Reporting if you have a lot of error displaying in the TTY.

Copy /boot/refind_linux.conf to /efi/EFI/arch/refind_linux.conf.

And also edit /efi/EFI/refind/refind.conf in order to work with %v in refind_linux.conf:

...
extra_kernel_version_strings linux-zen,linux-lts,linux
...

So this way we have to configure the boot entries only once for multiple kernels.

Do not bind mount the ESP to /boot before using refind-install else it will fail:

mount --bind /efi/EFI/arch /boot

Alternative bootloader (Grub)#

Warning: As I'm not using Grub, this section may be outdated.

If you like pain (and don't have any style), you can still try to make GRUB2 works with an UEFI LVM on LUKS install.

sudo pacman -S grub ntfs-3g os-prober

Since we have linux, linux-zen and linux-lts installed, we want a better multiple kernels management:

So we will edit /etc/default/grub:

  • Disable submenu: GRUB_DISABLE_SUBMENU=y
  • Recall previous entry: GRUB_DEFAULT=saved and GRUB_SAVEDEFAULT=true

No we need the configuration for LVM on LUKS:

GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX="cryptdevice=UUID=290e01ae-b0cb-4843-8533-fe5a448299f9:cryptlvm"
GRUB_CMDLINE_LINUX_DEFAULT="resume=/dev/myvg/swap"

Add some custom entries in /etc/grub.d/40_custom:

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.
menuentry "System shutdown" {
  echo "System shutting down"
  halt
}

menuentry "System restart" {
  echo "System rebooting"
  reboot
}

if [ ${grub_platform} == "efi" ]; then
  menuentry "Firmware setup" {
    fwsetup
  }
fi

Install grub fully into the ESP:

grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=grub --boot-directory=/efi

Then generate the grub config:

grub-mkconfig -o /efi/grub/grub.cfg

The linux part of /efi/grub/grub.cfg should now look like this:

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Arch Linux, with Linux linux-lts' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-lts-advanced-6d84cc5c-6109-4c21-98c4-c5ec95f31ba4' {
        savedefault
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod fat
        set root='hd0,gpt1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275//disk@0,gpt1' --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  2EE2-5ECE
        else
          search --no-floppy --fs-uuid --set=root 2EE2-5ECE
        fi
        echo    'Loading Linux linux-lts ...'
        linux   /EFI/arch/vmlinuz-linux-lts root=/dev/mapper/myvg-root rw cryptdevice=UUID=290e01ae-b0cb-4843-8533-fe5a448299f9:cryptlvm resume=/dev/myvg/swap
        echo    'Loading initial ramdisk ...'
        initrd  /EFI/arch/intel-ucode.img /EFI/arch/initramfs-linux-lts.img
}
menuentry 'Arch Linux, with Linux linux-lts (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-lts-fallback-6d84cc5c-6109-4c21-98c4-c5ec95f31ba4' {
        savedefault
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod fat
        set root='hd0,gpt1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275//disk@0,gpt1' --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  2EE2-5ECE
        else
          search --no-floppy --fs-uuid --set=root 2EE2-5ECE
        fi
        echo    'Loading Linux linux-lts ...'
        linux   /EFI/arch/vmlinuz-linux-lts root=/dev/mapper/myvg-root rw cryptdevice=UUID=290e01ae-b0cb-4843-8533-fe5a448299f9:cryptlvm resume=/dev/myvg/swap
        echo    'Loading initial ramdisk ...'
        initrd  /EFI/arch/initramfs-linux-lts-fallback.img
}
menuentry 'Arch Linux, with Linux linux' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-advanced-6d84cc5c-6109-4c21-98c4-c5ec95f31ba4' {
        savedefault
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod fat
        set root='hd0,gpt1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275//disk@0,gpt1' --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  2EE2-5ECE
        else
          search --no-floppy --fs-uuid --set=root 2EE2-5ECE
        fi
        echo    'Loading Linux linux ...'
        linux   /EFI/arch/vmlinuz-linux root=/dev/mapper/myvg-root rw cryptdevice=UUID=290e01ae-b0cb-4843-8533-fe5a448299f9:cryptlvm resume=/dev/myvg/swap
        echo    'Loading initial ramdisk ...'
        initrd  /EFI/arch/intel-ucode.img /EFI/arch/initramfs-linux.img
}
menuentry 'Arch Linux, with Linux linux (fallback initramfs)' --class arch --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-linux-fallback-6d84cc5c-6109-4c21-98c4-c5ec95f31ba4' {
        savedefault
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_gpt
        insmod fat
        set root='hd0,gpt1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint-ieee1275='ieee1275//disk@0,gpt1' --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  2EE2-5ECE
        else
          search --no-floppy --fs-uuid --set=root 2EE2-5ECE
        fi
        echo    'Loading Linux linux ...'
        linux   /EFI/arch/vmlinuz-linux root=/dev/mapper/myvg-root rw cryptdevice=UUID=290e01ae-b0cb-4843-8533-fe5a448299f9:cryptlvm resume=/dev/myvg/swap
        echo    'Loading initial ramdisk ...'
        initrd  /EFI/arch/initramfs-linux-fallback.img
}

### END /etc/grub.d/10_linux ###

Reboot#

You know how to reboot right?

Ok ok, but it's better to unmount all the partitions first umount -R /mnt.

Post-installation#

Before we begin#

It could be nice to setup a DHCP client to avoid manual IP configuration.

Enable this DHCP client temporarily (we'll install dhclient with NetworkManager later):

systemctl start systemd-networkd

Then list you interfaces to retrieve your interface name:

  • networkctl list
  • or ip link

For example for a Wired adapter using DHCP, create the file /etc/systemd/network/20-wired.network:

[Match]
Name=enp1s0

[Network]
DHCP=yes

Then restart the network manager and it's included DHCP client & start the DNS client:

systemctl restart systemd-networkd
systemctl start systemd-resolved

Now we have Internet access, let's update the system before installing anything:

pacman -Syu

We'll use a lot this terminal so let's get a fancier zsh shell:

pacman -S zsh zsh-autosuggestions zsh-completions zsh-history-substring-search zsh-syntax-highlighting

To enable the ZSH plugins, add this to your .zshrc:

# syntax highlighting: zsh-syntax-highlighting
source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
# autosuggestions: zsh-autosuggestions
source /usr/share/zsh/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
# history search: zsh-history-substring-search
source /usr/share/zsh/plugins/zsh-history-substring-search/zsh-history-substring-search.zsh

System administration#

Users, groups and privilege escalation#

We already installed sudo with pacstrap.

Add a new user and assign sudo privilege

useradd -m -G wheel -s /usr/bin/zsh noraj
passwd noraj
EIDOR=nvim visudo

And uncomment %wheel ALL=(ALL) ALL.

Exit root session and log back as user.

Creating default XDG directories

sudo pacman -S xdg-user-dirs
xdg-user-dirs-update

Package management#

Repositories#

Send stats about packages.

sudo pacman -S pkgstats
sudo systemctl start pkgstats.timer

Arch User Repository#

Install a pacman wrapper for AUR support, for example pikaur, pakku, yay:

sudo pacman -S git && git config --global init.defaultBranch master
cd /tmp
git clone https://aur.archlinux.org/pikaur.git
cd pikaur
makepkg -si

Please, don't install yaourt, check the pacman wrapper ArchWiki page.

Graphical user interface#

Display drivers#

Install some utils and associated drivers (example for intel iGPU):

sudo pacman -S xf86-video-intel mesa mesa-demos vulkan-intel

See the wiki for AMD & NVIDIA drivers.

Desktop environments#

As we want a true graphical library backed desktop environment (understand a Qt DE as GTK is only the GIMP library), we have barely two choices: KDE or LXQT, but LXQT is very light (nice for a VM but too light for a nice desktop experience).

Install KDE Desktop Environment

sudo pacman -S plasma-meta
sudo systemctl enable sddm

Configure KDE:

  • System Settings > Workspace Behavior > Desktop Effects > Disable Translucency that behave bad for dark themes.
  • System Settings > Startup and Shutdown > Background Services > Disable Bluetooth, we don't need it
  • System Settings > Search > File Search > Deselect "Enable File Search"
  • System Settings > Regional Settings > Set Language and Formats
  • System Settings > Inputs Devices > Keyboard > Layouts > Check Configure layouts and add your keymap

PS: you may want to install a VTE before rebooting or you'll be forced to use a TTY.

Audio server#

Replace PulseAudio with PipeWire + WirePlumber:

sudo pacman -S --needed pipewire pipewire-pulse wireplumber

Refs.: PipeWire - Audio, WirePlumber

Networking#

If not already installed, install NetworkManager network manager and applets, (also install DHCP client now before internet is interrupted).

sudo pacman -S networkmanager kdeplasma-addons plasma-nm dhclient
sudo systemctl enable NetworkManager
sudo systemctl start NetworkManager
sudo systemctl stop systemd-networkd
sudo systemctl stop systemd-resolved

Strenght of NetworkManager are: official package for KDE applet, integrated wifi manager, nice integration with KDE.

Drawback of NetworkManger: does not support dhcpcd ≥ 9.0.0 currently. So let's change of DHCP client and use dhclient instead.

sudo pacman -S dhclient # not running as systemd service unlike dhcpcd
sudo systemctl disable dhcpcd
sudo systemctl stop dhcpcd
sudoedit /etc/NetworkManager/conf.d/dhcp-client.conf
[main]
dhcp=dhclient
sudo systemctl restart NetworkManager

Encrypted Wi-Fi passwords by using KDE wallet.

Alternative with systemd-resolved#

Install systemd-resolvconf.

sudo pacman -S systemd-resolvconf

Disallow /etc/resolv.conf overwrite if you plan to install a DNS server like dnsmasq or systemd-resolved, else skip this:

sudoedit /etc/NetworkManager/conf.d/dns.conf
[main]
dns=none

Replace /etc/resolv.conf with a symbolic link so any software will rely on 127.0.0.53.

ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Define DNS servers:

sudo mkdir /etc/systemd/resolved.conf.d/
sudoedit /etc/systemd/resolved.conf.d/dns_servers.conf
# Default resolver, using Quad9
[Resolve]
DNS=9.9.9.9 149.112.112.112 2620:fe::fe 2620:fe::9
Domains=~.

# OpenNIC TLDs
[Resolve]
DNS=51.158.108.203 51.77.149.139 2001:41d0:404:200::976
Domains=~bbs ~chan ~cyb ~dyn ~epic ~geek ~gopher ~indy ~libre ~neo ~null ~o ~oss ~oz ~parody ~pirate

Enable lax DNSSEC:

sudoedit /etc/systemd/resolved.conf.d/dnssec.conf
[Resolve]
DNSSEC=allow-downgrade

Enable lax DNS over TLS:

sudoedit /etc/systemd/resolved.conf.d/dns_over_tls.conf
[Resolve]
DNSOverTLS=opportunistic

Disable multicast services:

sudoedit /etc/systemd/resolved.conf.d/multicast.conf
[Resolve]
MulticastDNS=no
LLMNR=no

Restart and apply:

sudo systemctl daemon-reload
sudo systemctl restart systemd-resolved.service
sudo systemctl enable systemd-resolved.service

Verify the configuration was applied with resolvectl status.

General#

Software#

Install a VTE (Virtual Terminal Emulator):

sudo pacman -S kitty # konsole qterminal

Install net browsers and plugins.

sudo pacman -S firefox
pikaur -S firefox-extension-arch-search

Install media software (lot of codecs are already installed as dependencies of media players):

  • video player: vlc, smaplayer
  • media metadata: mediainfo mediainfo-gui
  • video converter: handbrake
  • download youtube audio/video: yt-dlp
  • audio player: audacious clementine elisa
  • image viewer: nomacs gwenview
sudo pacman -S vlc smplayer mediainfo mediainfo-gui handbrake yt-dlp audacious clementine elisa nomacs gwenview

Install general software:

sudo pacman -S keepassxc kmail code kate okular qbittorrent quassel-monolithic speedcrunch dolphin wl-clipboard p7zip unrar aria2 bleachbit openssh expect ksysguard btop nfoview

Man#

Install the man CLI and the linux pages:

sudo pacman -S man-db man-pages

Fonts#

Install some fonts!

sudo pacman -S ttf-liberation noto-fonts ttf-roboto ttf-anonymous-pro ttf-hack ttf-inconsolata noto-fonts-emoji powerline-fonts adobe-source-code-pro-fonts ttf-fira-mono ttf-fira-code

Theming#

Colorized command output#

Aliases for colorized output:

alias diff='diff --color=auto'
alias grep='grep --color=auto'
alias ls='ls --color=auto'
export LESS=-R
man() {
  LESS_TERMCAP_md=$'\e[01;31m' \
  LESS_TERMCAP_me=$'\e[0m' \
  LESS_TERMCAP_se=$'\e[0m' \
  LESS_TERMCAP_so=$'\e[01;44;33m' \
  LESS_TERMCAP_ue=$'\e[0m' \
  LESS_TERMCAP_us=$'\e[01;32m' \
  command man "$@"
}

Color wrappers:

sudo pacman -S grc
KDE#
Oh-my-zsh#

Install oh-my-zsh:

pikaur -S oh-my-zsh-git

Then I'm using the Spaceship ZSH theme:

pikaur -S spaceship-prompt

And since we are using the AUR package of oh-my-zsh, we will use the spaceship theme as an oh-my-zsh theme:

sudo ln -s /usr/lib/spaceship-prompt/spaceship.zsh-theme /usr/share/oh-my-zsh/custom/themes/spaceship.zsh-theme

I'm using this zshrc.

Tmux#

Install a Terminal multiplexers:

sudo pacman -S tmux

Then I'm using a Powerline theme of Tmux Themepack.

This manually installable like that:

git clone https://github.com/jimeh/tmux-themepack.git ~/.tmux-themepack

Then adding a line with the desired theme in ~/.tmux.conf:

source-file "${HOME}/.tmux-themepack/powerline/default/red.tmuxtheme"

I'm using this tmux conf.

Neovim#

Install neovim:

sudo pacman -S neovim

I'm using this neovim config.

SDDM#

Install SDDM theme (sddm-sugar-dark) via System settings > Startup and Shutdown > Login Screen (SDDM) > Theme > Get new login screens. Then custom the theme: sudoedit /usr/share/sddm/themes/sugar-dark/theme.conf. Most often you'll want to change those parts:

[General]
Background="Background.jpg"
; Must match the name of the image in the theme directory. Any standard image file format is allowed with transparency supported. (e.g. background.jpeg/illustration.GIF/Foto.png)
ScreenWidth=1920
ScreenHeight=1080
; Adjust to your resolution to help SDDM speed up on calculations

# [Design Customizations]
MainColor="snow"
AccentColor="dodgerblue"

## [Interface Behavior]
ForceHideCompletePassword=true
## If you don't like to see any character at all not even while being entered set this to true.
rEFInd#

Install rEFInd theme (rEFInd theme Regular):

sh -c "$(curl -fsSL https://raw.githubusercontent.com/noraj/refind-theme-regular/master/install.sh)"

Nice to have#

For automounting device:

sudo pacman -S udisks2 udiskie

Spectacle is a great KDE screenshot (and screen recording) application (working on Wayland). The plugins allow to upload picture to various cloud providers.

sudo pacman -S spectacle
mkdir -p ~/Pictures/Screenshots

Spell checker (this one will work with vscode) but it's better if you can run a languagetool server:

sudo pacman -S hunspell hunspell-en_US hunspell-fr
sudo pacman -S languagetool

KDE Partition Manager is like Gparted but in Qt.

sudo pacman -S partitionmanager

Thunderbird is the most powerful email client but uses GTK. KMail is also mature and feature-rich but uses Qt and can be integrated into Kontact (with agenda, contacts, etc.).

sudo pacman -S thunderbird
sudo pacman -S kmail kmail-account-wizard kontact

Install a FTP, SFTP client.

sudo pacman -S filezilla

Some pastebin clients:

pikaur -S ruby-haste

Veracrypt is a disk encryption manager and create encrypted containers.

sudo pacman -S veracrypt

KDE ISO Image Writer:

sudo pacman -S isoimagewriter

The best tldr client so far: tlrc.

pikaur -S tlrc

Reflector#

Install Reflector:

a script which can retrieve the latest mirror list from the MirrorStatus page, filter the most up-to-date mirrors, sort them by speed

sudo pacman -S reflector

Automation#

Pacman hook#

You can also create a pacman hook that will run reflector and remove the .pacnew file created every time pacman-mirrorlist gets an upgrade.

Create /etc/pacman.d/hooks/mirrorupgrade.hook:

sudo mkdir /etc/pacman.d/hooks/
sudoedit /etc/pacman.d/hooks/mirrorupgrade.hook
[Trigger]
Operation = Upgrade
Type = Package
Target = pacman-mirrorlist

[Action]
Description = Updating pacman-mirrorlist with reflector and removing pacnew...
When = PostTransaction
Depends = reflector
Exec = /bin/sh -c "reflector --country France --age 24 --sort rate --save /etc/pacman.d/mirrorlist; rm -f /etc/pacman.d/mirrorlist.pacnew"

This will get an unlimited list of all type of mirrors (IPv4/IPv6, ftp,https,http,rsync) located in France that synchronized within the last 24 hours and sort them by download speed.

Systemd service timer#

Run reflector on a weekly basis, create /etc/systemd/system/reflector.timer:

[Unit]
Description=Run reflector weekly

[Timer]
OnCalendar=Mon *-*-* 7:00:00
RandomizedDelaySec=15h
Persistent=true

[Install]
WantedBy=timers.target

But we will also need a service file /etc/systemd/system/reflector.service:

[Unit]
Description=Pacman mirrorlist update
Wants=network-online.target
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/reflector --country France --age 24 --sort rate --save /etc/pacman.d/mirrorlist

[Install]
RequiredBy=multi-user.target

You can then start reflector one shot with systemctl start reflector.service, or enable it to start at each boot with systemctl enable reflector.service or just use the one week timer: systemctl start reflector.timer and systemctl enable reflector.timer.

PS: do not forget sudo systemctl daemon-reload to get the new service available.

Virtualbox (host)#

Install VirtualBox, the dkms module and linux hearders:

sudo pacman -S virtualbox virtualbox-host-dkms linux-headers linux-zen-headers linux-lts-headers

Install the extension pack:

pikaur -S virtualbox-ext-oracle

BlackArch#

We can transform our ArchLinux into a penetration testing distro and security lab by adding the BlackArch repos on top of it.

curl -O https://blackarch.org/strap.sh
chmod +x strap.sh
sudo ./strap.sh
sudo pacman -Syu

I also made a meta package to quickly install all common tools required for penetration testing:

pikaur -S ba-pentest-commons-meta
Share