# With thanks to the arch wiki ("the wiki") and many individuals in the open source community who have shared their arch-linux-install gists on github
# Instead of listing the full install, this gist details extra notes I want to remember for next time as well as any choices I made for my system
# Installed on an HP Pavilion x360 14-dh2034nr

# I had the arch install guide and other pages open on my ipad next to me during the install

# Verify the ISO
# gpg (on linux) or gpg4win
# Can check developer signing keys at https://www.archlinux.org/people/developers/
# Burn to USB
# Normally using dd from linux as recommended in the wiki but this time rufus from windows was easiest

# Thankfully the rtl8822ce has drivers in the kernel (unlike some rtl wifi cards) so wifi could work in the live environment
# But I think it's easier to just plug in ethernet at this point and use it until after wifi works in the graphical environment

# First boot into the live environment to change NVMe SSD sector size to be more performant - for me, from 512 to 4096 bytes
# The first time I went most of the way through an install then changed this which broke everything and I had to start over
# So, do this first lol
# Reference the arch wiki SSD page
pacman -S nvme-cli
# Check using
nvme id-ns /dev/nvme0n1
# Look at lbaf lines, choose one with lowest rp (relative performance)
nvme format --lbaf=1 /dev/nvme0n1

# Turn off secure boot in the BIOS/UEFI
# Set hardware clock to UTC in the BIOS/UEFI
# Enable battery reporting in BIOS/UEFI
# Spam the appropriate key on boot to enter the boot device selection menu - F9 on this laptop

# Partition scheme
# Reference the "dm-crypt/Encrypting an entire system" page in the wiki, "LVM on LUKS" section
# Wipe first - cryptsetup commands in wiki
# Use gdisk for partitioning
# o to clear partitions, n for new partition, p to print
# 1024M for the combined boot and EFI system partition (code EF00)
# All defaults (rest of disk) for the LVM LUKS encryption (code 8300)
# 20G for swap (with 16G RAM), 128G for /, rest for /home/

# Making the filesystem for the EFI system partition failed at first with the error below because of the earlier SSD sector size change
#       WARNING: Not enough clusters for a 32 bit FAT!
# Solution is to add the "-s" option to change the number of sectors per cluster
mkfs.fat -F32 -s 1 /dev/nvme0n1p1

# Come back to LVM on LUKS section later for mkinitcpio and boot loader sections

# Adjusted the mirrorlist - I put the top 2 US first, then the next highest (up to date) was in Canada, then 1 more US below

# pacstrap with some extra packages to make working in the new environment easier
pacstrap /mnt base linux linux-firmware lvm2 intel-ucode man-db man-pages texinfo vim networkmanager git

# America/Detroit for time zone

# Check the LVM on LUKS page and the hibernation page for mkinitcpio options
# modules - ext4, hooks - keyboard, keymap, encrypt, lvm2, resume

# Setting up new user and sudo before reboot is easiest

# Chose systemd-boot for boot loader
# It seemed simple for this kind of setup and many people use it nowadays
# 3 steps - install with bootctl, configure /boot/loader/loader.conf, configure /boot/loader/entries/arch.conf
# Come back later for automatic updates with AUR package
# Reference microcode, LVM on LUKS, and hibernation page for arch.conf

# When unmounting partitions before boot, also "unmount" swap
swapoff -a

reboot

# AFTER checking that sudo works for user, lock/disable root login as specified on sudo page

# If need to connect to wifi before graphical environment, can use nmcli d
# But have to specify password on command line, so make sure to remove from ~/.bash_history with vim
# Then wipe ~/.viminfo

# This completes the Installation Guide from the wiki
# Next up is the General Recommendations for a more complete system

# Enable multilib for pacman

# Prep for building AUR packages
pacman -S --needed base-devel

# Prep for yay
pacman -S go

# Use git to download the yay package from AUR
# Then install with makepkg -si

# Grab the package for automatic systemd-boot updates from the AUR
yay -S systemd-boot-pacman-hook

# xorg for display server
pacman -S xorg xorg-apps
# mesa for intel display driver
pacman -S mesa
# xfce for desktop environment (and window manager)
pacman -S xfce4 xfce4-goodies
# lightdm for display manager
pacman -S lightdm lightdm-gtk-greeter
systemctl enable lightdm.service

# Make wifi usable in graphical mode
pacman -S network-manager-applet

reboot

# Change power settings, enable hibernating/suspending in xfce settings

# Audio
# Install alsa-utils, pulseaudio, pulseaudio-alsa, pavucontrol

# Chrony for NTP - good for laptops
# Install chrony
# Modify the default config at /etc/chrony.conf - get servers from https://www.ntppool.org/zone/us
# Disable systemd-timesyncd.service and enable chronyd.service
# Install networkmanager-dispatcher-chrony from AUR to change to offline/online mode automatically

# I setup DNSSEC, then it was super slow so I disabled it
# But now I can re-enable the setup quickly if needed
# Initial setup instructions below

# Decide on DNS provider using "Alternative DNS services" wiki page
# Add DNS provider to /etc/systemd/resolved.conf
# Enable DNSSEC, also in /etc/systemd/resolved.conf
# Make /etc/resolv.conf a symbolic link as described on systemd-resolved wiki page
# Start and enable systemd-resolved.service
# Verify with resolvectl status and resolvectl query

# Just enabling and starting systemd-resolved.service is supposed to help because DNS can be cached locally
# But I had trouble with it taking forever to resolve, so I left it disabled

# iptables is installed by default so I chose that for a firewall
# Enable/configure by checking the "Simple stateful firewall" page
# Quickest method is to copy the provided iptables.rules and ip6tables.rules to /etc/iptables/
iptables-restore < /etc/iptables/iptables.rules
ip6tables-restore < /etc/iptables/ip6tables.rules

# Then add rules to the TCP and UDP chains as necessary for hosted services
# Note: this assumes that you have already set port forwarding options on your modem/router if
# your local network is NAT'd

# Change keyboard and touchpad settings in xfce settings

# Enable periodic TRIM for the SSD as specified on the SSD wiki page

# Reference CUPS wiki page
# Install cups
# Enable the SOCKET instead of the service so CUPS only starts when needed

# Install other useful packages
# bash-completion
# nvme-cli
# gvfs
# gvfs-mtp
# gvfs-smb
# gnome-keyring
# firefox
# gnu-netcat
# keepassxc
# vlc
# wireshark-qt
# restic
# stow
# rsync

# Switch to a vim package which can interface with the system clipboard
# (has +xterm_clipboard listed in vim --version)
pacman -Rns vim
pacman -S gvim

# This is enough to get the system decently usable, beyond this point is mostly personal configuration
# I copied over my documents and configuration files from a previous Manjaro install to make things pretty
# gnu stow is a wonderful tool for managing dotfiles and other configuration files!