---
keywords:
  - IT
---
# Archlinux
### clean system from old files
```
paccache -r
paccache -ruk0
paccache -rk1

yay -Ycc
flatpak uninstall --unused
journalctl --disk-usage && journalctl --vacuum-size={size}M
```
or prepare the file`/etc/systemd/journald.conf` and this value:`SystemMaxUse=50M`

## archinstall
#### preinstalled software
```
htop vim tmux bash-completion firefox networkmanager git sbctl tpm2-tools base-devel firefox-i18n-de gparted exfatprogs ntfs-3g udftools usbutils btop powertop wireguard-tools acpi_call unrar squashfs-tools bluez-tools bluez-utils ddcutil read-edid cups evemu dconf-editor diffutils libguestfs networkmanager-vpnc pam-u2f go gutenprint p7zip wayland-utils age

solo2 gpa libfido2 solo1 efitools fprintd opensc nitrokey-app rhash

keepassxc wl-clipboard element-desktop signal-desktop syncthing
thunderbird thunderbird-i18n-de libreoffice-fresh libreoffice-fresh-de nextcloud-client chromium aria2 meld gimp esptool pinta tracker tracker-miner paperwork pdftricks 
gnome-firmware dmidecode brasero clinfo opencl-mesa opencl-driver clpeak croc cups-pdf handbrake sdparm hdparm smartmontools openocd poke remmina gsmartcontrol partclone
radare2 cutter r2ghidra binwalk cabextract hashcat diffpdf ghex flashrom hwinfo i2c-tool nbd virtualbox bootterm veracrypt youtube-dl
```
### gparted
flash usb stick with gparted.iso and dd. boot it
1. mount encrypted luks2
## customize fresh system
#### change  /etc/mkinitcpio.conf
```
MODULES=(btrfs tpm_tis)
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)
```
#### generate linux image
```
sudo vim /etc/mkinitcpio.d/linux
sudo vim /etc/kernel/cmdline
sudo mkinitcpio -p linux
```
- /boot/loader/entries/arch.conf https://wiki.archlinux.org/title/Kernel_parameters#systemd-boot
- unified kernel image https://wiki.archlinux.org/title/Unified_kernel_image
- kernel cmdline
    - power state cpu
    - WARNING: do not use the partuuid in the cmdline. check the uuid correctness with the LUKS container, `blkid`
    - root and resume are links to the mapper
- reboot the system to check if anything is broken
- add secureboot https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot
- systemd-enroll tpm2
    - WARNING! do not delete slo0
    - call `systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=yes /dev/nvme0n1p2`
    - add to cmdline `rd.luks.options=tpm2-device=auto,tpm2-pin=yes`
    - regenerate unified kernel image `mkinitcpio -p linux`
    - check `sbctl verify` and resign
    - reboot and pray
- enable pcsc.socket

### git use credential store
https://gist.github.com/maelvls/79d49740ce9208c26d6a1b10b0d95b5e

### gnome thumbnail raw picture
https://support.system76.com/articles/fix-raw-image-previews/


## failure recovery
1. boot from archlinux usb stick
2. mount LUKS Container `cryptsetup luksOpen /dev/nvme0n1pX luksDev`
3. temporary dir `mkdir tmpmnt`
4. mount `mount -o subvol=@ /dev/mapper/luksDev tmp`
5. `arch-chroot tmp bash`
6. `mount /dev/nmve0n1p1 /boot`
7. fix stuff
8. `mkinicpio -p linux`
9. sync, unmount boot and tmp
10. `cryptsetup luksClose luksdev`