513 lines
14 KiB
Markdown
513 lines
14 KiB
Markdown
---
|
|
title: Archlinux
|
|
date: 2023-11-29T20:33:48+0100
|
|
lastmod: 2024-10-26T11:51:51+0000
|
|
tags:
|
|
- archlinux
|
|
- systemd
|
|
|
|
#showDate: false
|
|
showReadingTime: false
|
|
showWordCount: false
|
|
showPagination: false
|
|
#showAuthor: false
|
|
showBreadcrumbs: true
|
|
|
|
feed_exclude: true
|
|
# site_exclude: true
|
|
---
|
|
|
|
Arch Linux
|
|
|
|
## Systemd Unit files
|
|
|
|
A nice and informative article about unit files.
|
|
|
|
<https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files>
|
|
|
|
## Unlock locked user accounts
|
|
|
|
If your user account is locked, wait 15 minutes (usually) and you can try again.
|
|
|
|
If you need to unlock your account immediately: run this command (if you have another user
|
|
that can login on the box):
|
|
|
|
```console
|
|
$ sudo faillock --user dominic --reset
|
|
```
|
|
|
|
Calling `faillock` without arguments show an overview.
|
|
|
|
## Predictable network interfaces
|
|
|
|
Get back the "old" interface names like `eth0` or `wlan0` with
|
|
{{< man systemd.link 5 >}}.
|
|
|
|
### Ethernet
|
|
|
|
This makes my ethernet interface be called **eth0** again.
|
|
|
|
Create `/usr/lib/systemd/network/80-ether.link` with this content:
|
|
|
|
```systemd
|
|
[Match]
|
|
Type=ether
|
|
|
|
[Link]
|
|
NamePolicy=keep kernel
|
|
```
|
|
|
|
Reboot.
|
|
|
|
### Wireless
|
|
|
|
This makes my wireless interface be called **wlan0** again.
|
|
|
|
Create `/usr/lib/systemd/network/80-wlan.link` with this content:
|
|
|
|
```systemd
|
|
[Match]
|
|
Type=wlan
|
|
|
|
[Link]
|
|
NamePolicy=keep kernel
|
|
```
|
|
|
|
Reboot.
|
|
|
|
## Setup WiFi networks
|
|
|
|
### Using **iwctl**
|
|
|
|
```console
|
|
$ iwctl device list
|
|
$ iwctl station wlan0 scan
|
|
$ iwctl station wlan0 get-networks
|
|
$ iwctl station wlan0 connect {ssid}
|
|
```
|
|
|
|
### Using **nmcli** (NetworkManager)
|
|
|
|
```console
|
|
$ nmcli device wifi list
|
|
$ nmcli device wifi rescan
|
|
$ nmcli device wifi connect {ssid} --ask
|
|
$ nmcli device wifi show-password
|
|
```
|
|
|
|
Last command shows the connected SSID and a QR-code within the terminal.
|
|
|
|
### Using NetworkManager
|
|
|
|
We create some files in `/etc/NetworkManager/conf.d`:
|
|
|
|
#### Using `iwd` as the WiFi backend
|
|
|
|
`wifi_backend.conf`:
|
|
|
|
```ini
|
|
[device]
|
|
wifi.backend=iwd
|
|
```
|
|
|
|
#### Using `dhcpcd` as DHCP client
|
|
|
|
`dhcp-client.conf`:
|
|
|
|
```ini
|
|
[main]
|
|
dhcp=dhcpcd
|
|
```
|
|
|
|
### Using **systemd-networkd**
|
|
|
|
```console
|
|
# wpa_passphrase MyNetwork SuperSecretPassphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
|
|
# systemctl enable wpa_supplicant@wlan0
|
|
```
|
|
|
|
Create `/etc/systemd/network/00-wireless-dhcp.network` and fill it with:
|
|
|
|
```systemd
|
|
[Match]
|
|
Name=wlan0
|
|
|
|
[Network]
|
|
DHCP=yes
|
|
```
|
|
|
|
Enable <kbd>systemd-networkd</kbd>:
|
|
|
|
```console
|
|
# systemctl enable systemd-networkd.service
|
|
```
|
|
|
|
Reboot.
|
|
|
|
## Using the CPU with hashcat
|
|
|
|
```console
|
|
$ hashcat -I
|
|
hashcat (v6.2.6) starting in backend information mode
|
|
|
|
OpenCL Info:
|
|
============
|
|
|
|
OpenCL Platform ID #1
|
|
Vendor..: Intel(R) Corporation
|
|
Name....: Intel(R) OpenCL Graphics
|
|
Version.: OpenCL 3.0
|
|
|
|
Backend Device ID #1
|
|
Type...........: GPU
|
|
Vendor.ID......: 8
|
|
Vendor.........: Intel(R) Corporation
|
|
Name...........: Intel(R) UHD Graphics 620
|
|
Version........: OpenCL 3.0 NEO
|
|
Processor(s)...: 24
|
|
Clock..........: 1150
|
|
Memory.Total...: 14368 MB (limited to 2047 MB allocatable in one block)
|
|
Memory.Free....: 7136 MB
|
|
Local.Memory...: 64 KB
|
|
OpenCL.Version.: OpenCL C 1.2
|
|
Driver.Version.: 24.31.30508
|
|
```
|
|
|
|
This is what I've seen on `hashcat -I` for a long time now but I never dig myself
|
|
into this "problem" -- but today I tried to find the reason why there is no CPU
|
|
listed on my Carbon X1 Gen7 laptop.
|
|
|
|
After a few minutes doing some trial & error I finally got the CPU listed after
|
|
installing _pocl_.
|
|
|
|
```console
|
|
$ paru -S pocl
|
|
```
|
|
|
|
Or, on my gaming laptop running a cheap clone of Ubuntu:
|
|
|
|
```console
|
|
$ sudo apt install pocl-opencl-icd
|
|
```
|
|
|
|
Now my `hashcat -I` looks like this:
|
|
|
|
```console
|
|
$ hashcat -I took 6s
|
|
hashcat (v6.2.6) starting in backend information mode
|
|
|
|
OpenCL Info:
|
|
============
|
|
|
|
OpenCL Platform ID #1
|
|
Vendor..: Intel(R) Corporation
|
|
Name....: Intel(R) OpenCL Graphics
|
|
Version.: OpenCL 3.0
|
|
|
|
Backend Device ID #1
|
|
Type...........: GPU
|
|
Vendor.ID......: 8
|
|
Vendor.........: Intel(R) Corporation
|
|
Name...........: Intel(R) UHD Graphics 620
|
|
Version........: OpenCL 3.0 NEO
|
|
Processor(s)...: 24
|
|
Clock..........: 1150
|
|
Memory.Total...: 14368 MB (limited to 2047 MB allocatable in one block)
|
|
Memory.Free....: 7136 MB
|
|
Local.Memory...: 64 KB
|
|
OpenCL.Version.: OpenCL C 1.2
|
|
Driver.Version.: 24.31.30508
|
|
|
|
OpenCL Platform ID #2
|
|
Vendor..: The pocl project
|
|
Name....: Portable Computing Language
|
|
Version.: OpenCL 3.0 PoCL 6.0 Linux, Release, RELOC, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG
|
|
|
|
Backend Device ID #2
|
|
Type...........: CPU
|
|
Vendor.ID......: 128
|
|
Vendor.........: GenuineIntel
|
|
Name...........: cpu-haswell-Intel(R) Core(TM) i7-8665U CPU @ 1.90GHz
|
|
Version........: OpenCL 3.0 PoCL HSTR: cpu-x86_64-pc-linux-gnu-haswell
|
|
Processor(s)...: 8
|
|
Clock..........: 4800
|
|
Memory.Total...: 13716 MB (limited to 2048 MB allocatable in one block)
|
|
Memory.Free....: 6826 MB
|
|
Local.Memory...: 256 KB
|
|
OpenCL.Version.: OpenCL C 1.2 PoCL
|
|
Driver.Version.: 6.0
|
|
```
|
|
|
|
## Paru / Pacman
|
|
|
|
Found on [andreas-mausch.de](https://cheatsheets.andreas-mausch.de/paru) and
|
|
I had to copy this to my notes archive here...
|
|
|
|
<!-- paru start -->
|
|
|
|
### Install
|
|
|
|
#### install
|
|
|
|
```console
|
|
$ paru -S <package>
|
|
```
|
|
|
|
#### Edit PKGBUILD and skip checksum check
|
|
|
|
```console
|
|
$ paru -S gnucash-xbt --fm helix --mflags "--skipchecksums"
|
|
```
|
|
|
|
#### uninstall (-n: no backup files; -s: remove dependencies)
|
|
|
|
```console
|
|
$ paru -Rns <package>
|
|
```
|
|
|
|
#### system update
|
|
|
|
```console
|
|
$ paru -Syu
|
|
```
|
|
|
|
### Mirrors
|
|
|
|
#### select fastest
|
|
|
|
```console
|
|
$ sudo pacman-mirrors --fasttrack
|
|
```
|
|
|
|
#### select by country
|
|
|
|
```console
|
|
$ sudo pacman-mirrors --country Germany,France,Austria
|
|
```
|
|
|
|
### Search repo
|
|
|
|
#### search package
|
|
|
|
```console
|
|
$ paru -Ss <package>
|
|
```
|
|
|
|
#### package details
|
|
|
|
```console
|
|
$ paru -Si <package>
|
|
```
|
|
|
|
#### list files
|
|
|
|
```console
|
|
$ paru -Fl <package>
|
|
```
|
|
|
|
#### find package for file
|
|
|
|
```console
|
|
$ pkgfile <filename>
|
|
```
|
|
|
|
#### search command
|
|
|
|
```console
|
|
$ paru -F glxinfo
|
|
```
|
|
|
|
### Installed packages
|
|
|
|
#### search package
|
|
|
|
```console
|
|
$ paru -Qs <package>
|
|
```
|
|
|
|
#### package details
|
|
|
|
```console
|
|
$ paru -Qii <package>
|
|
```
|
|
|
|
#### list files
|
|
|
|
```console
|
|
$ paru -Ql <package>
|
|
```
|
|
|
|
#### orphans
|
|
|
|
```console
|
|
$ paru -Qdt
|
|
```
|
|
|
|
#### manually installed (list all aur)
|
|
|
|
```console
|
|
$ pacman -Qm
|
|
```
|
|
|
|
### Clean-up
|
|
|
|
#### clear cache
|
|
|
|
```console
|
|
$ paru -Sc
|
|
```
|
|
|
|
### Official repo vs. AUR
|
|
|
|
#### repo
|
|
|
|
```console
|
|
$ paru -[...] --repo
|
|
```
|
|
|
|
#### aur
|
|
|
|
```console
|
|
$ paru -[...] --aur
|
|
```
|
|
|
|
<!-- paru end -->
|
|
|
|
## Blocking IPs from a list with ipset
|
|
|
|
Using [ipset](https://wiki.archlinux.org/title/Ipset) should increase performance
|
|
on the box, also using the raw table should not create useless states as for what
|
|
I understand from the source article on
|
|
[serverfault.com](https://serverfault.com/a/823336).
|
|
|
|
```console
|
|
$ sudo ipset -N badips iphash
|
|
$ while read ip; do sudo ipset -A badips "$ip"; done < blocked.txt
|
|
$ sudo iptables -t raw -I PREROUTING -m set --match-set badips src,dst -j DROP
|
|
$ sudo iptables-save -f /etc/iptables/iptables.rules
|
|
```
|
|
|
|
Enable iptables in case it is not running yet.
|
|
|
|
```console
|
|
$ sudo systemctl enable --now iptables.service
|
|
```
|
|
|
|
Also make the ipset configuration persistent:
|
|
|
|
```console
|
|
$ sudo ipset save -file /etc/ipset.conf
|
|
$ sudo systemctl enable ipset.service
|
|
```
|
|
|
|
Reboot to test its persistency.
|
|
|
|
## Do not manage one specific USB dongle
|
|
|
|
`99-unmanaged-devices.conf`:
|
|
|
|
```ini
|
|
[keyfile]
|
|
unmanaged-devices=mac:xx:xx:xx:xx:xx:xx
|
|
```
|
|
|
|
## Prefer local DNS instead of systemd-resolved defaults
|
|
|
|
<https://unix.stackexchange.com/a/442599>
|
|
|
|
## CPU frequency scaling
|
|
|
|
<https://wiki.archlinux.org/title/CPU_frequency_scaling>
|
|
|
|
## YubiKeys
|
|
|
|
<https://wiki.archlinux.org/title/YubiKey>
|
|
|
|
## LunarVim custom key mappings
|
|
|
|
I know, this is an Arch Linux post but hey, I don't care.
|
|
|
|
<https://github.com/LunarVim/LunarVim/issues/2602>
|
|
|
|
## Mounting nfs shares with systemd
|
|
|
|
<https://wiki.archlinux.org/title/NFS#Mount_using_/etc/fstab_with_systemd>
|
|
|
|
## Arch Linux ARM installation on a Raspberry Pi 2
|
|
|
|
The wiki page is for Raspberry Pi 4.
|
|
|
|
<https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4>
|
|
|
|
## Create a 32-bit Wine prefix
|
|
|
|
I create my wine prefixes usually like this:
|
|
|
|
```console
|
|
$ export WINEPREFIX=/home/dominic/.wine-winlink
|
|
$ export WINEARCH=win32
|
|
$ wine wineboot
|
|
```
|
|
|
|
## Installing multiple ruby versions
|
|
|
|
I came to the point to test an older website from me and it was made with
|
|
Jekyll which I had to install quickly. Problems occured with OpenSSL and I
|
|
finally managed to install ruby version 2.7.1 and 3.0.0 in my home directory.
|
|
|
|
```console
|
|
$ rvm pkg install openssl
|
|
$ rvm install "ruby-3.0.0" --with-openssl-dir=$HOME/.rvm/usr
|
|
$ rvm install "ruby-2.7.1" --with-openssl-dir=$HOME/.rvm/usr
|
|
```
|
|
|
|
Later in the desired directory, I re-installed the gems because with ruby 2.7.1
|
|
I got another "Directory not found" error.
|
|
|
|
I had to do this because I used ruby 2.7.1 on one website.
|
|
|
|
```console
|
|
$ bundle install --force
|
|
```
|
|
|
|
## Bigger font for systemd-boot
|
|
|
|
Edit `/boot/loader/loader.conf`:
|
|
|
|
```
|
|
console-mode 0
|
|
```
|
|
|
|
Possible settings are:
|
|
|
|
| Value | Description |
|
|
| :---- | :------------------------------------------------------------------ |
|
|
| 0 | Standard UEFI 80x25 mode |
|
|
| 1 | 80x50 mode, not supported by all devices |
|
|
| 2 | the first non-standard mode provided by the device firmware, if any |
|
|
| auto | Pick a suitable mode automatically using heuristics |
|
|
| max | Pick the highest-numbered available mode |
|
|
| keep | Keep the mode selected by firmware (the default) |
|
|
|
|
More details can be found in {{< man loader.conf 5 >}}.
|
|
|
|
## Manual sections
|
|
|
|
| Section | Description |
|
|
| :------ | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
| 1 | Section 1 of the manual describes **user commands** and tools, for example, file manipulation tools, shells, compilers, web browsers, file and image viewers and editors, and so on |
|
|
| 2 | Section 2 of the manual describes the Linux **system calls**. A system call is an entry point into the Linux kernel. Usually, system calls are not invoked directly: instead, most system calls have corresponding C library wrapper functions which perform the steps required (e.g., trapping to kernel mode) in order to invoke the system call. Thus, making a system call looks the same as invoking a normal library function. |
|
|
| 3 | Section 3 of the manual describes all **library functions** excluding the library functions (system call wrappers) described in Section 2, which implement system calls. |
|
|
| 4 | Section 4 of the manual describes **special files (devices)**. |
|
|
| 5 | Section 5 of the manual describes various **file formats**, as well as the **corresponding C structures**, if any. |
|
|
| 6 | Section 6 of the manual describes the **games** and funny little programs available on the system. |
|
|
| 7 | Section 7 of the manual provides **overviews on various topics**, and describes conventions and protocols, character set standards, the standard filesystem layout, and miscellaneous other things. |
|
|
|
|
## Encoding videos with ffmpeg
|
|
|
|
This is not an Arch way of encoding videos, but since I do this on my...
|
|
|
|
```console
|
|
$ ffmpeg -i <input> -c:v libx264 -b:v 1M -maxrate 1M -bufsize 2M -pass 1 -f null /dev/null
|
|
$ ffmpeg -i <input> -c:v libx264 -b:v 1M -maxrate 1M -bufsize 2M -pass 2 <output>
|
|
```
|