szboardstretcher |
09-17-2012 02:51 PM |
Simple Arch Set Up
Edit: added simple stateful firewall setup using iptables, with info from archwiki
I had a need to install a minimal system -- and being the way I am, I created a document on how to do it. Then I ended up installing it on my laptop, to offer a friendly desktop. So, here is a step by step, sort of copy and paste guide to installing Arch on a laptop with intel wireless and video.
Anything you don't understand can be quickly googled im sure.
Code:
# <boot to usb/cd whatever>
#
# bring up wireless networking
#
ip link set wlan0 up
wifi-menu wlan0
#
# partition disks and mount
#
fdisk /dev/sda
new, primary, 20g, bootable
new, primary, 1024m, type, swap
new, primary, all
write, quit
mkfs.ext4 /dev/sda1
mkfs.ext4 /dev/sda3
mkswap /dev/sda2
swapon /dev/sda2
mount /dev/sda1 /mnt
mkdir /mnt/home
mount /dev/sda3 /mnt/home
#
# for pacman to work, change siglevel to TrustAll
# bootstrap the new drives, generate an fstab based
# on it
#
# trust all packages -- do not verify package signatures
# fyi: its better to leave package signature requirements enabled
vi /etc/pacman.conf (TrustAll)
pacstrap /mnt base base-devel
genfstab -p /mnt > /mnt/etc/fstab
#
# chroot into new system...
#
arch-chroot /mnt
#
# language and region settings required
#
vi /etc/locale.gen
uncomment en_US-UTF line
echo LANG=en_US.UTF-8 > /etc/locale.conf
export LANG=en_US.UTF-8
ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime
locale-gen
#
# set hostname, enable dhcp on eth0 interface
# make pacman change to TrustAll again
#
echo ArchTerminal > /etc/hostname
vi /etc/hosts
ArchTerminal 127.0.0.1
echo ArchTerminal > /etc/hostname
vi /etc/rc.conf
interface=eth0
vi /etc/pacman.conf
TrustAll
#
# install packages required for rest of installation
# up to reboot, restart wireless to make config file
#
pacman -S wireless_tools netcfg wpa_supplicant\
wpa_actiond dialog dhclient grub-bios os-prober
vi /etc/rc.conf
# add these to the DAEMONS
net-auto-wireless @ntpdate dbus
wifi-menu
#
# add intel915 support to boot, run mkinitcpio
# create grub config, install grub to mbr on new drive
#
# for intel915 support
vi /etc/mkinitcpio.conf
MODULES="i915"
# standard stuff
mkinitcpio -p linux
grub-install --target=i386-pc --recheck /dev/sda
cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
grub-mkconfig -o /boot/grub/grub.cfg
#
# set password for root, exit chroot, unmount
# all drives and reboot into new system
#
passwd root
exit
umount /mnt/home
umount /mnt
reboot
#
# log into new system
# bring up wireless again, update system
# add a non-root user, install relevant packages for system
#
<login>
ip link set wlan0 up
wifi-menu
pacman --sync --refresh --sysupgrade
adduser (add a non-root user [groups = lp games video audio optical storage scanner power users)
pacman -S alsa-utils xorg-server xorg-xinit xorg-server-utils xf86-video-intel \
xf86-input-synaptics xterm terminator openbox obconf wget \
obmenu openbox-themes chromium firefox nitrogen slim slim-themes \
archlinux-themes-slim tint2 rox minicom dmenu ntp gvim synergy \
ristretto flashplugin keepassx volwheel xfce4-clipman-plugin conky xcompmgr
#
# install X and openbox, create default configuration
# make 'startx' run openbox
#
su - (non-root-user)
mkdir -p .config/openbox
cp /etc/xdg/openbox/{rc.xml,menu.xml,autostart,environment} ~/.config/openbox
chmod +x ~/.config/openbox/autostart
echo "exec openbox-session" > ~/.xinitrc
#
# bind alt-f2 to dmenu
# startup with: dmenu, tint2, nitrogen, dropbox
#
vi ~/.config/openbox/rc.xml
<keybind key="A-F2">
<action name="execute"><execute>dmenu_run</execute></action>
</keybind>
vi ~/.config/openbox/autostart
/usr/bin/nitrogen --restore &
/usr/bin/xcompmgr -cfF -t-9 -l-11 -r9 -o.95 -D6 &
/usr/bin/tint2 &
/usr/bin/dmenu &
sleep 2
/usr/bin/dropboxd &
/usr/bin/xfce4-clipman &
/usr/bin/volwheel
#
# firewall setup
# @https://wiki.archlinux.org/index.php/Simple_Stateful_Firewall
#
iptables -N TCP
iptables -N UDP
iptables -p FORWARD DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable
rc.d save iptables
vi /etc/rc.conf
add 'iptables' to DAEMON list to start iptables at startup
#
# optional setup
#
# dropbox
# as non-root-user
cd ~
mkdir ./AURbuilds
cd AURbuilds
wget http://aur.archlinux.org/packages/dr/dropbox/dropbox.tar.gz
tar zxvf dropbox.tar.gz
cd dropbox
makepkg -s
pacman -U dropbox-1.4...whatever...xz
# synergy
# either run this, or add it to openbox/autostart
synergyc --daemon --name terminal42 192.192.192.222
# tint2
# run tint2conf and enable battery if laptop
tint2conf
# slim
vi /etc/inittab
comment out id:3, uncomment id:5
uncomment x:5...slim line
# rox
right click on image, select run action*, drag and drop risseto to it
# conky
# http://www.iceflatline.com/2009/12/my-conky-configuration/
copy and paste code into .conkyrc
echo "/usr/bin/conky &" >> ~/.config/openbox/autostart
|