Skip to content

Latest commit

ย 

History

History
1038 lines (982 loc) ยท 48.6 KB

File metadata and controls

1038 lines (982 loc) ยท 48.6 KB

installing arch dot txt

i am so sorry for this guide.

https://raw.githubusercontent.com/ejmg/an-idiots-guide-to-installing-arch-on-a-lenovo-carbon-x1-gen-6/master/dumb-pic-2.jpeg

this is an attempt at a comprehensive, start to finish, install guide for lenovoโ€™s 6th gen carbon x1. my model is the 20KG-0022US, which I bought from costco, and comes with an 8th gen intel i7, 16gb ram, and 512gb ssd. My instructions will thus have mentions of specific components from this laptops as they appear in the guide, but i will try to make it clear when such a case may not hold for others with respect to 6th gen x1 versions.

my motivation for this was pretty straightforward: i am an idiot that takes notes. by the time i was likeโ€ฆ 3/4ths through the whole process, i realized these notes could be of use to a lot of other idiots who make the horrible choice of pushing themselves through the hellscape of boot loader configurations. also, something about writing the docs you wish to see? idk, sounds fake. anywho โ€“ hope this idiot can help other idiots figure out how to do something that turns out to be not so much โ€œhardโ€ as it is an extended and complex process for those unfamiliar with the terrain. cheers.

i want to make a shoutout to specific sources for informing this guide. itโ€™s the result of mashing together and cross referencing the wiki with multiple guides where I would verify instructions and install strategies. Included in this list is LearnLinux.tv, Kai Hendry, Lucas Alvares Gomes, Ticki, Robert Kozikowski, and Erik Sonnleitner. yaโ€™ll helped a homie get arch working on this kickass computer.

toc

why you should or should not install arch

  1. Pros
    • you can learn a small bit about how linux and operating systems work
    • very up to date software
    • access to things like AUR
    • run a very lightweight system that, outside of even more niche and esoteric operating systems, avoids bloat and waste
    • want something extremely sad and nerdy to โ€œโ€โ€œbrag aboutโ€โ€œโ€ (donโ€™t do this)
    • a great community that is insanely intelligent and welcoming
  2. Cons
    • my friend Chris Allen made a PR deleting the entire guide and simply suggesting you Donโ€™t Install Arch
      • the man has a solid point
    • it can take a lot of time to get going
      • this is assuming your hardware (non X1C6) is well supported or doesnโ€™t have some proprietary code that throws you into kernel h e l l
      • you could equally do something better with your time, like sleep, call your mom, or, idk, hangout with friends if you have those.
    • it has the most up to date packages, which translates to instability and things breaking more often
      • if you do software, this is actually something you often donโ€™t want outside of maybe what you work on the most.
    • a community with members known for rote recitation of โ€œjust look at the wikiโ€ and who like to discourage making things easily accessible for those who donโ€™t have all day to mess around on a computer

disclaimer (sacrifices, incantations, donโ€™t sue me, etc.)

since we are installing arch, there a a few precautions youโ€™ll want to take/keep in mind:

  1. if your shit gets destroyed, it is 1000% not my problem and not my fault lmao
    • that said, thatโ€™s an extremely unlikely outcome, please donโ€™t let this liability bulletpoint scare you
  2. you may want to form a pentagram with some usb cords, placing a copy of the GNU GPLv3 license at its center, and playing some soft but slightly erotic ambient music so that we may pray to stallman that this goes smoothly

    st. ignucius, may he guide us

  3. put aside like 2-4 hours for this depending on how inexperienced you are
    • just keep this in mind and or be somewhere you can stop and leave your laptop plugged in on the chance you need to do something else

live usb

  1. download the img from https://www.archlinux.org/download/
    • torrent is faster, also remember to seed
    • alternatively just dl the iso directly, slightly slower
  2. install
    • find your usb
      lsblk
              
      • it will probably be named sda or sdb, pay attention to the size of the drives upon output to be sure.
      • you are going to use the name of the drive itself, sdx, so do not include a number, such as sdx1 in the drive name for the command below
      • make sure it is unmounted with:
        umount /dev/sdx # x = letter of your actual drive
                    
    • in term:
      dd bs=4M if=/path/to/iso of=/path/to/usb status=progress oflag=sync
              
    • example in my case:
      dd bs=4M if=~/Downloads/archlinux-2018.07.01-x86_64.iso of=/dev/sda status=progress oflag=sync
              
      • note: I did this on Ubuntu with Gnome, and it proved not possible to format it with the drive entirely unmounted because of how Nautillus handles mounting jump drives. Therefore, I actually did this with it mounted but had no problems so ยฏ\_(ใƒ„)_/ยฏ linux ยฏ\_(ใƒ„)_/ยฏ ymmv ยฏ\_(ใƒ„)_/ยฏ
    • upon finishing, insert the usb into the x1
  3. disable safe boot
    • turn on laptop (or hard reset to ensure true โ€œturn offโ€), press enter at lenovo boot screen
    • under Security, you will find the option. Disable it.
  4. (optional) enable Thunerbolt BIOS Assist Mode
    • this effects the process of enabling S3, which is something at the very end of this guide
      • if you are going to do that, it saves you a reboot (and it doesnโ€™t effect you really either way)
    • You will find the option under Config
  5. ensure your usb is first in boot order
    • under Startup, go to boot
    • using the - and + keys, make sure it is at the top of the list
      • I had to use Shift while pressing + for it to affect
    • press F10 to save our configs and exit.

If everything went well, we will now boot into the arch iso.

setting up to install

you are going to need to be familiar with vim, nano, pico, emacs, idc, something, this is on you, fam.

configure our mirrors to download software from

  • this is the difference between a 20kb/s and ~10mb/s download speed, at least in my case first time round
  • the mirror list is found in /etc/pacman.d/mirrorlist
    • the logic is simple: the earlier a mirror item appears in the list, the greater preference it is given for use as a source.
  • copy and paste a server that is close to you geographically and insert it at the top of the list.
    • server i chose for those in USA who are lazy:
      Server = http://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch
              
  • important refresh our mirrorlist
    pacman -Syu
        
    • we will now have (hopefully) fast downloads for our packages

configure wifi (โ€œoptionalโ€)

  1. x1 does not have a ether port, but adaptors exist
    • these adaptors supposedly work without issue but I donโ€™t have one, so Iโ€™m assuming you donโ€™t either
    • dilemma: we donโ€™t have fucking internet by default
    • solution: netctl
  2. find the name of your wifi card device
    • I would assume x1โ€™s have the same name, but who knows:
      ip link
              
    • mine was wlp2s0, arch wiki suggests that anything that starts with a w is probably the wifi card
  3. figure out the wifi point you are going to use.
    • Iโ€™m going to assume it is either of โ€œsimpleโ€ wpa or wpa-enterprise
      • the latter is at corporate or university settings if that helps
      • luckily netctl provides templates for both. copy the appropriate one and place it in the root of netctl as so:
        # simple wpa, such as home routers
        cp /etc/netctl/examples/wireless-wpa /etc/netctl/<NAME-YOU-WANT-TO-GIVE-IT>
        
        # enterprise wpa
        cp /etc/netctl/examples/wireless-wpa-configsection /etc/netctl/<NAME-YOU-WANT-TO-GIVE-IT>
                    
      • wireless-wpa looks like this:
        Description='A simple WPA encrypted wireless connection'
        Interface=wlan0
        Connection=wireless
        
        Security=wpa
        IP=dhcp
        
        ESSID='MyNetwork'
        # Prepend hexadecimal keys with \"
        # If your key starts with ", write it as '""<key>"'
        # See also: the section on special quoting rules in netctl.profile(5)
        Key='WirelessKey'
        # Uncomment this if your ssid is hidden
        #Hidden=yes
        # Set a priority for automatic profile selection
        #Priority=10
                    
      • wireless-wpa-configsection looks like this:
        Description='A wireless connection using a custom network block configuration'
        Interface=wlan0
        Connection=wireless
        Security=wpa-configsection
        IP=dhcp
        WPAConfigSection=(
            'ssid="University"'
            'key_mgmt=WPA-EAP'
            'eap=TTLS'
            'group=TKIP'
            'pairwise=TKIP CCMP'
            'anonymous_identity="anonymous"'
            'identity="myusername"'
            'password="mypassword"'
            'priority=1'
            'phase2="auth=PAP"'
        )
                    
      • in both cases:
        • Interface takes the value of the wifi card device name we found earlier
        • Security, Connection, and IP remain untouched
        • Do what you will with Description
      • For vanilla wireless-wpa, the config explains itself:
        • ESSID is the name of your wifi access point
        • Key is the password
      • For wireless-wpa-configsection, things can be trickier:
        • ssid is access point
        • key_mgmt should remain untouched in most cases
        • eap is entirely dependent on your case, for many (aka including me), it is PEAP
        • pairwise is dependent on your situation (i did not need it)
        • anonymous_identity is dependent on your situation (i did not need it)
        • password is password
        • priority is dependent on your situation (i did not need it)
        • phase2 is dependent on your situation (i did not need it)
        • if my list appears not very useful in terms of help and explanation, then you understand the very nature of who is writing it and iโ€™m so sorry iโ€™m trying
        • example wireless-wpa-configsection i actually used (with values obviously substituted in):
          Description='lol'
          Interface=wlp2s0
          Connection=wireless
          Security=wpa-configsection
          IP=dhcp
          WPAConfigSection=(
              'ssid="wutang"'
              'key_mgmt=WPA-EAP'
              'eap=PEAP'
              'identity="ghostfacekillah"'
              'password="suuuuuuuuuuuuu69"'
          )
                          
  4. save your config file, time to connect:
    netctl start <NAME-OF-YOUR-WIFI-PROFILE>
        
    • it should take like 3 seconds to connect
    • if nothing happens, it worked
    • check with a quick ping 8.8.8.8, if packets are shooting out, you got internet.
      • otherwise, diagnose with journalctl -xe and use those arch wikis and forums! welcome to arch :) :) :) :)

debugging advise:

  • i did not run into this during install time, but when i later tried to connect to wifi, a few different commands came in handy to debug my situation:
    1. stop previous connection
      • canโ€™t have more than one netctl service going, so:
        netctl stop <PROFILE>
                    
    2. systemctl fuckery
      • systemctl sometimes gets in the way with its service/handling of netctl, stop it
        systemctl stop netctl@<PROFILE>.service
                    
    3. ip link may have your services as up, put them as down
      • netctl does not like it when your link is up before it runs, so turn it off:
        ip link set <INTERFACE> down
                    

freeze: partition time!

that was a bad joke jesus christ forgive me

make sure we have (U)EFI

  • i am doing all of this on the presumption we have EFI, maybe should have brought that up while we were in BIOS
  • use the following command to ensure we are in EFI mode:
    ls /sys/firmware/efi/
        
    • if the directory exists, we are good

figure out where our main drive is

  • find our drives with lsblk yet again
    • my x1 came with a PCIe ssd, yours may or may not and, more importantly, this influences its name as seen with lsblk (i think)
      • for the PCIe ssd, it will be called something like nvme0n1, with each partition appending a p1, p2, and so forth
      • for others, it may appear as the traditional sda, with a number appended for each partition as it did above for your usb stick.
      • will assume we are using nvme0n1 as our os drive hereon
    • my x1 came with windows installed and i assumed yours did, too.
      • i am going to kill windows with this install.
        • cannot have an optimally secure setup otherwise (or rather, Iโ€™m not going to put up with that much of a headache).
      • if you want to keep a dual boot setup, this is not the guide for you.
      • i am sorry to fail you like this, my kings and queens. f.

partitioning and configuring

  1. we will now format our main drive with arch
    gdisk /dev/nvme0n1
        
    • you will enter a prompt of sorts for gdisk
    • you should get some output about a valid GPT partition found alongside with a protected MBR partition. This is good.
  2. we will now wipe the disk.
    • this is permanent. stop now or forever hold your peace
    • I will be listing the commands in order and describe what they do as subpoints:
      • o
        • we are wiping the disk. answer y to continue.
      • n
        • command for making a new partition.
      • Enter
        • we want the default number for the partition, and this convention will hold throughout the rest of the guide.
      • Enter
        • we donโ€™t want to specify the starting vector for the partition, and this convention will hold throughout the rest of the guide.
      • +512MB
        • we want our first partition to be of size 512MB. This is to meet the specification for a EFI boot partition.
      • EF00
        • this is the hex code type to indicate we want the partition to be of EFI
        • partition 1 done
      • n
        • making another partition
      • Enter
      • Enter
      • Enter
        • the final partition is going to take the rest of our disk. If you do not want this, assign it something else like we did above.
      • 8E00
        • this is the linux LVM (logical volume manager) format, which we are going to need for our encryption scheme.
        • second partition done
        • we are now done making physical partitions
      • w
        • we are going to write to disk
      • y
        • we just wrote to disk. goodbye everything else

encryption and mounting

encryption with cryptsetup

  • make sure to use our second partition
    • not our EFI partition
      # in my case, this is...
      cryptsetup luksFormat /dev/nvme0n1p2
              
    • you will be prompted for a password, make it a good one
    • we do not specify the luks type, such as luks2, because it is incompatible with GRUB. We will not be using GRUB, but I do not want to screw myself (or you) out of that option.
      • for the love of god, do not forget this password
      • this process could take like 2 or 3 or 4 hours depending on your experience and the last thing you need to do is forget the fucking luks password.
    • what we have now is a Luks container, which we will be using to put our actual OS/data in, which makes handling encryption logic easier in the long run.

generation of logical volumes within our LVM

  1. open our encrypted container:
    • we need to name the container, I am choosing main_part for main partition, it really doesnโ€™t matter
      cryptsetup open --type luks /dev/nvme0n1p2 main_part
              
    • this should now be available at /dev/mapper/main_part
  2. create a physical volume within our LVM partition:
    pvcreate /dev/mapper/main_part
        
    • this creates a โ€œphysicalโ€ volume inside of our luks container
  3. create a volume group
    • we need to name this one, Iโ€™m choosing main_group to continue the theme
    • this will go on โ€œtopโ€ of our physical container we just made, ergo why we create our group from it.
      vgcreate main_group /dev/mapper/main_part
              
  4. generate our logical partitions within the luks container

    I am following the wiki piece for piece here, and what you ultimately make the size of your swap (if any), root, and home (if any) is completely your call. The numbers I use are pulled from thin air and because I have so much space to use with the ssd that came with my x1.

    Note that for each instance, we are taking our logical partition from the volume group we just created. Be conscious of this.

    1. create swap:
      # 8 gb for swap
      lvcreate -L8G main_group -n swap
              
    2. create root
      # 64 gb for root
      lvcreate -L64G main_group -n root
              
    3. create home
      lvcreate -l 100%FREE main_group -n home
              
      • we use a special trick to allocate all remaining memory in our ssd to home. it goes without saying that do not do this if you do not want to allocate all of it to home, etc.

format and mount our logical partitions

Note that our resultant logical volumes are named <VOLUME_GROUP_NAME>-<root|home|swap>, so my home is /dev/mapper/main_group-home for example.

  1. root and home:
    mkfs.ext4 /dev/mapper/main_group-root
    mkfs.ext4 /dev/mapper/main_group-home
        
  2. swap:
    mkswap /dev/mapper/main_group-swap
        
  3. mount our new volumes
    1. mount our new volumes

      The logic here is that /mnt/ translates to / for our actual arch system once we install arch, so keep this in mind. /mnt/boot becomes /boot/, /mnt/home/ becomes home, etcetera.

      mount /dev/mapper/main_group-root /mnt/
      mkdir /mnt/home
      mount /dev/mapper/main_group-home /mnt/home
      swapon /dev/mapper/main_group-swap
              
    2. mount our bootloader

      Remember the first partition we made (nvme0n1p1 in my case)? We now need to mount it as the boot loader:

      mkdir /mnt/boot/
      mount /dev/nvme0n1p1 /mnt/boot
              

installing arch and setting it up to boot and run

install arch onto /mnt

pacstrap /mnt/ base   
  • note, a popular additional option to include is base-devel, so install that as well if you see yourself needing to compile and link a lot of things, such as through AUR.
  • CONGRATS!
    • you have installed arch!
  • CONGRATS!
    • you are not even remotely close to done installing arch!
    • it wonโ€™t even boot correctly as of now!
    • welcome to arch :~)

generate our fstab file

  • this is important for boot loading purposes, not the last time you will deal with this. It holds information about partitions, canโ€™t say much more about this.
    genfstab -p /mnt >> /mnt/etc/fstab
        

log into arch and installing stuff!

arch-chroot /mnt

we are now in the arch install and no longer โ€œinโ€ the live usb, fyi. letโ€™s get to work then:

  1. installing important packages
    • we have access to things, like wifi, that are not yet actually configured yet on the operating system, thus we should take advantage of this by installing some packages.
      • some of these are subjective, others are ones I have taken from people who know more about arch than I do
  2. for a fact will want to install all the packages in relation to wifi if you do not have an adapter like me.
    pacman -S wpa_supplicant networkmanager network-manager-applet dialog 
        
  3. packages for intel microcode drivers, important
    • microcode is key to stability and patching issues with intel processors that is released as proprietary code. The linux kernal can do this directly for us.
    • need to modify /etc/pacman.conf
    • it will have two lines commented out regarding ~multilib, uncomment them as so:
      [multilib]
      Include = /etc/pacman.d/mirrorlist
              
    • now install intel microcode:
      pacman -Sy intel-ucode
              
  4. other packages others recommend:
    pacman -S linux-headers linux-lts linux-lts-headers
        
    • we are essentially installing another copy of the linux kernal for purposes of stability: if something goes wrong with an update of the kernal, you will have a backup kernal to get into.
    • additionally, we are installing the headers for both the current kernal and the lts kernal: these are useful for other packages that need to link/bind against them for development purposes, etc.
  5. we install another useful operating system:
    pacman -S emacs
        
    • .... or vim if thatโ€™s your choice.... definitely more efficient memory wise
    • c.f. i will die before i give up my elisp
    • you should probably also install tools like git

modify /etc/mkinitcpio.conf to enable encryption

  1. there is a variable in here named HOOKS, which the file makes clear is important to the boot order of the operating system.
    • make yours look like this:
      HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck)
              
      • you will notice that we moved keyboard to after autodetect
      • added keymap to after keyboard
      • added encrypt and lvm2 after block and before filesystems
      • do not fuck this up
  2. regenerate our initramfs:
    mkinitcpio -p linux
        
    • we regenerate the image of the operating system here
    • it now takes into account the new boot items and order we have specified in the HOOKS variable
  3. if you installed the linux-lts kernal, you have to do it again for that as well
    mkinitcpio -p linux-lts
        
    • we are getting there, lads, hold on. for the promise land is close.

setting up the bootloader itself

I am using bootctl, not grub. Your call to make ultimately.

  1. create our loader with bootctl
    bootctl --path=/boot/ install
        
  2. create arch loader
    • modify the file /boot/loader/loader.conf to reflect the following:
      default arch
      timeout 3
      editor 0 
              
      • default is the default entry to select when booting
      • timeout is the time before the entry is loaded at the boot menu
      • editor is whether to enable the the kernal parameters editor. This is import to disable for security purpose and is enabled by default, so make sure to disable as above
  3. create arch.conf
    1. you are going to need a variable value provided by the command blkid
      • you will either need to write it down by hand to copy with nano or use emacs or vim to evaluate it in buffer to copy
        • emacs has eshell, which you can use like the normal shell but copy and paste with
        • vim has the command :r !blkid which will read in the file directly
      • this variable is the UUID for /dev/nvme0n1p2 as given from blkid
        • /dev/nvme0n1p2 is the second physical partition we made at the very beginning. If yours is /dev/sda2 or similar, use that instead.
        • you will know it is the correct entry if the line also includes TYPE="crypto_LUKS" PARTLABEL="Linux LVM"
      • example:
        /dev/nvme0n1p2: UUID="really-long-string-of-alphanumericals" TYPE="crypto_LUKS" PARTLABEL="Linux LVM" PARTUUID="another-long-string-of-alphanumericals"
                    
        • note: we want the value of UUID, NOT PARTUUID or anything else.
    2. with this value copied, create the file /boot/loader/entries/arch.conf:
      title Arch Linux
      linux /vmlinuz-linux # not a typo
      initrd /intel-ucode.img # this must come before the entry immediately below
      initrd /initramfs-linux.img # what we made with mkinitcpio -p linux
      options cryptdevice=UUID=long-alphanumerica-string-WITHOUT-QUOTES:cryptlvm root=/dev/mapper/main_group-root quiet rw
              
      • as i try to hint, make sure to remove the quotes around the UUID value as copied and pasted
      • note that we add a :cryptlvm to the end of that value
      • after a single space, we added the location of our root partition within the luks container, root=/dev/mapper/main_group-root/ in my case
      • finally, we add the options quiet rw

reboot and start arch

  • From here, we can officially reboot into our install and it should work
    • ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰
    • ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰
  • execute exit then shutdown now
    • remove the usb once the laptop turns off
    • you should eventually see the boot screen which will automatically boot into arch after 2 seconds or so
  • enter your password for the encrypted partition when asked, then login as root and press enter for the password, seeing as we have yet to make one.

drivers, wifi, sudo user

.... we arenโ€™t done yet :~) ๐ŸŽ‰๐ŸŽ‰๐ŸŽ‰

utilities

  1. wifi
    • i hope you installed those wifi packages i told you to install and or you have a lan connection
    • refollow the steps we did above for wifi to regain our connection
  2. reconfigure our mirror list
    • again, do as we did before with /etc/pacman.d/mirrorlist
  3. configure locale.gen and time
    1. enter /etc/locale.gen
      • we need to tell arch what our locale is by going to the line and uncommenting our respective locale
        • usa peeps will use the line en_US.UTF-8 UTF8
    2. run locale-gen
    3. run localectl set-locale LANG="en_US.UTF-8"
      • this is separate from step 2.
      • some applications need it because they wonโ€™t respect the changes brought by step #2
    4. sync our clock with hwclock --systohc --utc
  4. change password for root with passwd
    • self explanatory, but know this is the password exclusively for root, not for your own user youโ€™ll make later who will have sudo user privileges.
  5. as of now, you will have to manually connect to wifi access points.
    • tools like wifi-menu help you find access points
    • it will also help you make a config for it. even if the initial connection attempt fails, preserve the config (itโ€™ll ask you) and go in to edit it. wifi-menu will then be able to use the corrected config the next time you try.

touchpad, xorg, and graphics drivers

I am choosing to not use wayland because while it is the future of linux desktop management, it is still not 100% ready for userland.

  1. touchpad install
    pacman -S xf86-input-libinput
        
  2. xorg
    pacman -S xorg-server xorg-xinit xorg-apps mesa xterm
        
    • we need xterm in addition to xorg if we want to have a minimally functional deskto a la twm windows manager that xorg default supports
  3. intel drivers
    • to my knowledge, we only have 32 bit drivers in case you are wondering why we are instaling 32 bit drivers /shrug
      pacman -S xf86-video-intel lib32-intel-dri lib32-mesa lib32-libgl
              
    • at this point, if you want, you can use a very primitive GUI via twm, which is the default tiling window manager of xorg. To do this, simply run startx. If it looks weird and ugly, it worked.
      • personally, iโ€™m going to stay in the default tty shell.

configuring sudo, adding a user, disabling root

  1. install sudo
    • i am not joking, arch does not come with sudo by default
      pacman -S sudo
              
  2. enable sudo for other users via visudo
    • it is bad to edit the sudoers file with a normal editor. visudo makes a temporary file and checks that any edits are syntactically correct before saving and affecting the changes.
    • we need to uncomment the following line:
    ## Uncomment to allow members of group wheel to execute any command
    # %wheel ALL=(ALL) ALL # <-- this line if its now clear enough, fam
        
    • make sure to not uncomment the one after this one, they have somewhat similar contents but are not the same ofc
    • visudo uses vi by default. If you do not know how to use vi, simply execute the following to use nano instead:
      EDITOR=nano visudo
              
  3. creating new user
    • make your actual user account with the following, substituting your desired name:
      useradd -m -G wheel -s /bin/bash <NAME>
              
    • give your new user a password
      passwd <NAME>
              
    • reboot (or just exit, but I like being sure) your machine, and make sure you can login as your new user.
      • this is critical before we disable root
        • otherwise risk not being to log back in
  4. disable root login
    • you donโ€™t have to do this, but I think it is a good security practice to have
      • makes it much much harder to get into your machine by making adversaries guess the username itself in addition to
      • if you are enabling ssh, i believe this does not effect that, so make sure to disable root logins via ssh as well.
    • as your new user, simple execute:
      sudo passwd -l root
              
      • exit and retry to login as root, should no longer be able to
        • itโ€™ll show โ€œlogin incorrectโ€ errors even when using the correct password for root user

loose ends: desktop stuff, etc

desktop environment

still not done :~)

we will go for kde5 plasma for now because it is absolutely gorgeous, is not bloated, and is easy to get accustomed to. i may possibly add an addendum for a tiling wm like dwm if I can get it figured out.

pacman -S plasma-meta kde-applications # don't do the last if you don't want kde apps, i do, though.
  • this might take a quick minute given the total DL is about ~3gb iirc

now we need to enable it by creating a .xinitrc file in our home with the following content:

echo "exec startkde" >> .xinitrc

to use your beautiful new desktop, simply execute startx and KDE should now load. Nice!

  • whenever you reboot your laptop, you will need to execute startx to get your desktop. If you donโ€™t want the hassle, then put this in your .profile once you know your desktop starts as expected with startx:
    if [[ ! $DISPLAY && $XDG_VTNR -eq 1 ]]; then
      exec startx
    fi
        

kde discover

  • KDE discover is the DEโ€™s app store. It wonโ€™t work fully by default because of how arch handles its applications. You need to install the following for it to work as expected:
    pacman -S packagekit-qt5
        
    • you may still get an error about parley.knsrc, from what I can tell and searching online, this is โ€œโ€โ€œharmlessโ€โ€œโ€.

fonts

fonts, and how they work, is actually one of the more confusing things i encountered during this journey

  • partitioning drives and encrypting them makes much more sense vs font configurations in retrospect
    • the following should help you get some very nice looking fonts on your computer along with full emoji support more or less
    • completely ripped from a reddit post here
  • install the fonts
    pacman -S ttf-dejavu ttf-liberation noto-fonts
        
  • enable font presets
    sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d
    sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d
    sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d
        
  • create a file, /etc/fonts/local.conf with following:
    <?xml version="1.0"?>
    <!DOCTYPE fontconfig SYSTEM "fonts.dtd">
    <fontconfig>
        <match>
            <edit mode="prepend" name="family"><string>Noto Sans</string></edit>
        </match>
        <match target="pattern">
            <test qual="any" name="family"><string>serif</string></test>
            <edit name="family" mode="assign" binding="same"><string>Noto Serif</string></edit>
        </match>
        <match target="pattern">
            <test qual="any" name="family"><string>sans-serif</string></test>
            <edit name="family" mode="assign" binding="same"><string>Noto Sans</string></edit>
        </match>
        <match target="pattern">
            <test qual="any" name="family"><string>monospace</string></test>
            <edit name="family" mode="assign" binding="same"><string>Noto Mono</string></edit>
        </match>
    </fontconfig>
        
  • then go to Fonts (use KDEโ€™s search bar, accessible via the bottom left button on the desktop panel), and make sure the edits are reflected there, i.e. that you now have Noto Sans as your font for everything minus fixed width text, which should be Hack.
  • you can do more edits to tweak fonts to your liking here.
  • resetting the computer should make sure the edits take full effect across all apps, etc.

emacs

  1. ispell doesnโ€™t work by default because the required programs arenโ€™t installed. letโ€™s fix that:
    pacman -S aspell-en # ispell didn't work for some reason, so we use its successor.
        
  2. emojis donโ€™t work by default, install and run emojify-mode
    • forgot that you need to install emojify (which I had) but also manually run it to actually display them (or enable them globally).

gpg and ssh

  1. ssh
    • donโ€™t yell at me i know that itโ€™s probably not the best thing that I do this, but in my personal defense it is only for personal projects and my own servers
    • say you have an ssh key you would like to use on your new install:
      1. first, install openssh
      2. execute the following:
        mkdir ~/.ssh
        cp <private key> ~/.ssh/<private key>
        cp <public key> ~/.ssh/<public key>.pub
        chmod 700 ~/.ssh
        chmod 600 ~/.ssh/<private key>
        chmod 600 ~/.ssh/<public key>.pub
                    
  2. gpg
    1. install gpg
      • should already be installed but yeah
    2. import the key:
      gpg --import <gpg key>
              

AUR and aurman

  • AUR is the Arch User Repository, and it holds a bunch of additional packages that pacman does not have (or customized in different ways, etc).
  • aurman is a AUR Helper, a tool that helps to install packages hosted up on AUR
    • it is really good to look into how AUR works and how to do AUR installs on your own for the sake of being able to help yourself when something breaks, etc
  • to install aurman:
    • first, we need to install the PGP key of the author:
      curl -sSL https://github.com/polygamma.gpg | gpg --import -
              
      • this simply downloads the authorโ€™s key and imports it directly into your GPG keychain
    • now install aurman
      • it is common advise to make a specific directory where you can go download and install your AUR packages, so:
    mkdir ~/aur_pkg
    cd aur_pkg
    git clone https://aur.archlinux.org/aurman.git
    cd aurmen/
    makepkg -si # DO NOT USE SUDO HERE
        
  • to search for a package on AUR and install, it is just like with pacman:
    aurman -Ss <query> # search
    aurman -S <pkg> # install
        
    • pls go see how it works in its totality: https://github.com/polygamma/aurman
      • make sure to checkout the install scripts/configs you are using
      • some malware was recently discovered on AUR
      • this should not be surprising: bad people are everywhere and the arch community has been saying for years to make sure to check the code you use before compiling it on your system
      • not your mom, tho, help the CCP or NSA run botnets for all i care man
    • example, I use spideroak one as private, encrypted, and more trustworthy dropbox service, and there is a maintained AUR install for it:
      aurman -S spideroak-one # ta-da
              

other tweaks and lenovo x1c6 stuff

this stuff is mostly related to lenovo thinkpads, but the ssd trimming and hibernate support are applicable to anyone, and iโ€™m sure figuring out how to flash a bios could be useful to others.

cpu throttling

  • cpu throttling
    • so turns out there is some unfortunate fuckery with Lenovo thinkpad cpuโ€™s right now
      • artificially throttled while underload because of misaligned temp values
    • lets install a script that fixes this
      aurman -S lenovo-throttling-fix-git
      sudo systemctl enable --now lenovo_fix.service
              

bios update

Lenovo has released several bios updates since many x1c6 units shipped (at least my model for sure).

  • these updates have had several improvements that are honestly worth risking a manual bios update (including explicit s3 suspend support for linux).
  • recall that disclaimer I had at the beginning? this action, more than anything, requires it you are responsible for the result of updating your bios. i am not.
  • to update your bios:
    • first install the fwupd package which is a cross-vendor daemon that allows you to install firmware updates provided from your manufacturer directly from linux.
    sudo pacman -S fwupd
        
    • next we will refresh the update metadata and check for updates:
    fwupdmgr refresh 
    fwupdmgr get-updates
        
    • lastly, lets do the update! verify from the above commands the you have updates that need to be applied. make sure your laptop is hooked up to power.
    fwupdmgr update
        

trimming SSD

  • not lenovo exclusive but shrug
    • โ€œtrimmingโ€ your ssd regularly improves its performance by allowing it to better know where it has memory free to use
  • make sure you can do it with command lsblk --discard
    • non-zero values in the first and second column for your SSD means yes
  • if so, now install utils-linux and enable the service for periodic trimming
    pacman -S utils-linux
    systemctl enable fstrim.timer
        
    • you can tweak the time interval this occurs, thatโ€™s on you
  • for those possibly wondering: we donโ€™t need to enable trimming in lvmโ€™s conf nor for dm-crypt with this method, which is both nice and more secure. That said, you could potentially get better performance doing these alterations as well, but I wonโ€™t.

hibernate support

  1. we need to change our HOOKS in /etc/mkinitcpio.conf once more:
    • we are adding the resume argument between lvm2 and filesystems
      HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 resume filesystems fsck)
              
  2. we need to regenerate our initramfs once again:
    • if you installed linux-lts, you need to do this for that as well.
      mkinitcpio -p linux
      # mkinitcpio -p linux-lts
              
  3. we now need to edit our arch.conf loader so it knows we have access to hibernation
    • tweaking the kernel parameters in options by adding resume=/dev/mapper/main_group-swap, or whatever the path is for your encrypted swap partition in /dev/mapper/ is.
    • example, near the end of the last line:
      title Arch Linux
      linux /vmlinuz-linux
      initrd /intel-ucode.img
      initrd /initramfs-linux.img
      options cryptdevice=UUID=<LONG-ALPHANUM-STRING>:cryptlvm root=/dev/mapper/main_group-root resume=/dev/mapper/main_group-swap quiet rw
              

suspend support

The X1C6 is capable of supporting both s3 vs s0i3 sleep states.

  • s3 - The s3 sleep state is where the CPU has no power. RAM maintains power, refreshes slowly. This is the traditional โ€œsuspendโ€ state most people are familiar with.
  • s0i3 - The s0i3 sleep state is a new standard being pushed by MCSFT that makes laptops behave more akin to phones. It allows devices to connect to wifi, update, refresh user data, etc.

This guide suggests enabling the S3 sleep state because the S0i3 sleep state is not well supported in Linux yet and it comes with higher power usage.

  1. confirm that you donโ€™t have s3 currently enabled by executing:
    dmesg | grep -i "acpi: (supports"
        
  2. update your bios as described above. You must be running bios >= v1.30 because the bios option is new.
  3. reboot your machine and change Config -> Power -> Sleep State - Set to "Linux"
  4. book back into linux and re-run the dmesg command again to ensure that S3 is now available.