/posts/desktop-os-migration-notes2024/09/02

Desktop OS Migration Notes

2024/09/02
BTW, I use... nevermind.
GNULinuxarchwikirEFIndNetworkManagerOh My ZshPowerlevel10ksudo

Install

Personal installation notes for Yggdrasil(Desktop -> Server). UEFI install.

LiveUSB

Latest Arch ISO, booted into the live environment, going to follow the installation guide from the wiki.

Display

# echo 3 > /sys/class/graphics/fbcon/rotate_all to rotate clockwise, using monitor vertically

Disk Partition

# fdisk /dev/sda because I order my own SATA ports every time I install new drives

docker uses /var -> more maintenance if separate.

  • 1G EFI /dev/sda1 -> "/boot"
  • 4G swap `/dev/sda2
  • 920G root /dev/sda3 -> "/"

"Savage installation."

passwd to create live account password for ssh access to install from remote.

tmux <bind> + : resize-pane -R 20 for pane sizing

Mirrorlist

reflector --verbose --latest 5 --sort rate --save /etc/pacman.d/mirrorlist to overwrite mirrorlist with top 5 fast mirrors.

I was tempted to run hardened, but I'll save that for next install.

install base packages and other packages that you might need on the system, such as vim because I need something to get stuck in. I got the man-db, man-pages because those are essentials and some firmware related packaged.

linux-firmware-qlogic -> available from repo

missing modules from AUR =>

  • aic94xx -> aic94xx-firmware
  • ast -> ast-firmware
  • xhci_pci -> upd72020x-fw
  • wd719x -> wd719x-firmware

Following the installation guide to generate fstab -> grabbing UUID from /etc/fstab to use with boot loader.

chroot - Installed System

after chroot-ing into the installed system, continued with the wiki.

Recycling hardware's hostname # echo yggdrasil > /etc/hostname

CPU microcode

Since I'm running an old intel chip I decided to download intel-ucode from the repo.

I totally didn't forget to install it earlier

Bootloader

I need to get a boot loader for the motherboard firmware to load the kernel, and more so because I wiped the pre-existing EFI partition that was created by Windows, because I didn't like that there was 2 recovery partitions in front of the EFI partition.

rEFInd

I like the simplicity of rEFInd, and I'm using UEFI installation so it should "just work". # pacman -S refind

then running # refind-install was enough create an entry in /boot/refind_linux.conf, however it used my live usb, and used labels.

UUID from fstab earlier to specify "/" root disk mount point, UUID=e192a67b-b649-4fde-a673-92f99a9acca5, replaced USB label with this. We could add initrd= entry for loading microcode before initial file system, but /etc/mkinitcpio.conf HOOKS array contains microcode which will generate a combined image. I'm pretty sure that I've read that rEFInd will find the correct initramfs automatically from /boot if nothing is specified, but I'll manually specify both in my refind_linux.conf

Reboot

unmounted following wiki, rebooted, unmounted live installation media, successful boot into bare system.

Networking

After booting didn't have network because i didn't get any managers and link was set to down.

ss -atu all TCP sockets with port numbers

  • ip li set enp8s0 up didn't get any ip because no DHCP installed
  • ip addr add 192.168.0.82/24 dev enp8s0 manually assign ip to my ethernet device
    • Only able to reach local network
  • ip route show -> empty
    • ip route add default via 192.168.0.1 dev enp8s0 manual default gateway entry
  • Still unable to resolve domain names
    • manual entry in /etc/resolv.conf
      • nameserver 9.9.9.9
  • Able to download network manager because mirrors are properly reached.
    • (Optional) # pacman -S networkmanager or some other network manager
    • (Optional) # systemctl enable NetworkManager.service
  • Needed SSH to use it from my laptop
    • # pacman -S openssh
    • # systemctl enable sshd

Side knowledge

When dealing with systemd services with systemctl, enable means it will start on boot, while start doesn't mean it will start on next boot

Set Up

After networking was persistent, I created a user account for daily use added it to /etc/sudoers, then I went to get a different shell because pretty colours on terminal go brrr (I wanted to set environment variables and didn't want to migrate them later).

Zsh

I like the out-of-box feature that Oh My Zsh offers, as well as the look of powerline, so I'll use Zsh as I normally do.

Since I'll be only using user over ssh there won't be a need to get supported fonts since a patched font is already installed on my laptop, and root prompt won't be messed up.

Powerlevel10k

~~Formerly known as Powerlevel9k~~ Clean modern prompt theme for the visually dry command line.

After setting the theme to ZSH_THEME="powerlevel10/powerlevel10k" in my .zshrc and running source ~/.zshrc it made me go through a setup wizard to choose my powerlevel theme, I chose something different from my laptop to visually set apart the environment.

Security

User

Following Arch Wiki, I added a 4 second delay between failed login attempts. Then I edited the pam_faillock.so to uncomment the default values just to make sure that they were being used, just for my own sanity.

From the Wiki...

To unlock a user, do:

$ faillock --user *username* --reset

I'll limit process counts later...

Same with setting up Wayland, I don't really need to use GUI yet, I do plan on trying valve's new deadlock, so maybe. I do remember the old choice of X11 + i3 vs Wayland + Sway, when Wayland was still brand new. I'll try out Sway this time, whenever I get around to installing a graphical environment.

I'm not sure if that's the best combo for gaming, but it's the oneI want, so whatever.

Before I restricted the root login, I wanted to make sure visudo would use rvim to edit, and I also enabled insults, because I thought it would be funny to have on my local system.

Wiki Says...

Always use visudo to edit /etc/sudoers because it will error check before copying over.

Just had to make sure Defaults targetpw or rootpw was set in the /etc/sudoers Tested by adding Defaults env_reset,timestamp_timeout=0, just so I can double check that it asks for my password instead of root password. Commented it because I will leave the default grace period.

I created a group named ssh, added my user to it, then edited /etc/ssh/sshd_config to only limit ssh login to users that only belong to this group.

There's more user & permission separation I can do, but I'll settle for disabling root account with the settings so far.

# passwd -l root

I'll need to setup other users to use with docker and other services later.

Package Management

I love pacman don't get me wrong, but picking a AUR helper was choice paralysis hell for me last time. It seems like yaourt has been removed, I'll build from source until I feel like I need to get a helper this time, and looks like pacman can be used to do most of the things now.

pacman

I'm going to come back to fine-tuning, for now mirrors are fast and I have all the space to let the cache build.

Wrapping Up

I'll finish setting up power management, GUI & multimedia, and networking and other optimizations such as enabling TRIM for my SSDs on a later post for optimizing the install, since this covers most of the installation part.