selfhosted-apps-docker/arch_linux_host_install
2022-12-25 13:13:03 +01:00
..
readme.md update 2022-12-25 13:13:03 +01:00

Arch Linux installation to serve as a docker host

guide-by-example

logo

Notice

Since 2022 I am using the archinstall script that comes with arch iso
After the install I use my ansible playbooks to setup the arch the way I like it

Purpose

Linux that will run docker.

This is not a hand holding explaining guide how to install arch.
It's more of a checklist on what to do if you already done it and know what you are doing.

Files and directory structure

/home/
└── bastard/
    └── docker/
        ├── container-setup #1
        ├── container-setup #2
        ├── ...

Make installation usb

wiki

sudo dd bs=4M if=archlinux-2020.05.01-x86_64.iso of=/dev/sdX status=progress oflag=direct

The above command will fuck your machine up if you dunno what you are doing.

Boot from the usb

This is BIOS/MBR setup as I am running on an old thinkpad with a busted screen, plus I like the simplicity of it.
So if theres boot menu option choose non-uefi.

Installation

  • create a single partition and mark it bootable
    cfdisk -z /dev/sda
  • build ext4 filesystem on it
    mkfs.ext4 /dev/sda1
  • mount the new partition
    mount /dev/sda1 /mnt
  • install the base system
    pacstrap /mnt base linux linux-firmware base-devel grub micro
  • generate fstab
    genfstab -U /mnt > /mnt/etc/fstab
  • chroot in to the new system
    arch-chroot /mnt
  • install grub
    grub-install /dev/sda
    grub-mkconfig -o /boot/grub/grub.cfg
  • set password for root
    passwd
  • remove the bootable media and restart the machine
    exit
    reboot

Basic configuration after the first boot

  • login as root

  • set hostname
    echo docker-host > /etc/hostname

  • add new user and set their password
    useradd -m -G wheel bastard
    passwd bastard

  • edit sudoers to allow users of the group wheel to sudo
    EDITOR=micro visudo
    %wheel ALL=(ALL) ALL

  • check the network interface name
    ip link

  • setup networking using systemd-networkd and systemd-resolved
    create 20-wired.network file either in static or dhcp configuration

    micro /etc/systemd/network/20-wired.network

    [Match]
    Name=enp0s25
    
    [Network]
    Address=10.0.19.2/24
    Gateway=10.0.19.1
    #DNS=8.8.8.8
    
    [Match]
    Name=enp0s25
    
    [Network]
    DHCP=yes
    

    for DNS resolution and hostname exposure using mDNS and LLMNR
    systemd-resolved will be used in stub mode
    by replacing /etc/resolv.conf with a link to stub-resolv.conf

    ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

    enable the services

    • systemctl enable --now systemd-resolved
    • systemctl enable --now systemd-networkd
  • uncomment desired locales in locale.gen
    micro /etc/locale.gen

  • generate new locales and set one system wide
    locale-gen
    localectl set-locale LANG=en_US.UTF-8

  • select timezone and set it permanent
    tzselect
    timedatectl set-timezone 'Europe/Bratislava'

  • set hardware clock and sync using ntp
    hwclock --systohc --utc
    timedatectl set-ntp true

  • setup a swap file
    dd if=/dev/zero of=/swapfile bs=1M count=8192 status=progress
    chmod 600 /swapfile
    mkswap /swapfile
    micro /etc/fstab
    /swapfile none swap defaults 0 0

  • reboot
    reboot

SSH, Docker, ZSH, AUR

From now on its login as non-root user.

Setup SSH access

wiki

  • install openssh package
    sudo pacman -S openssh
  • edit sshd_config
    sudo micro /etc/ssh/sshd_config
    PasswordAuthentication yes
  • enable sshd service
    sudo systemctl enable --now sshd

Setup docker

Wiki

  • have docker and docker-compose packages installed
    sudo pacman -S docker docker-compose
  • enable docker service
    sudo systemctl enable --now docker
  • add non-root user to the docker group
    sudo gpasswd -a bastard docker

ZSH shell

wiki

I like Zim, it's the fastest zsh framework and set up nicely out of the box

  • install zsh and curl packages
    sudo pacman -S zsh git curl
  • install zim
    curl -fsSL https://raw.githubusercontent.com/zimfw/install/master/install.zsh | zsh
  • change the default shell to zsh
    chsh -s /bin/zsh
  • I prefer steeef theme echo 'zmodule steeef' >> ~/.zimrc && zimfw install
Adding stuff to .zshrc

micro .zshrc

  • export EDITOR=micro
    export VISUAL=micro

  • for ctrl+f prepending sudo

    add_sudo (){
        BUFFER="sudo $BUFFER"
        zle -w end-of-line
    }
    zle -N add_sudo
    bindkey "^f" add_sudo
    
ZSH docker autocomplete

Here. For zim it's "Without oh-my-zsh shell" section.

Access to AUR

Using Yay.

  • install git package
    sudo pacman -S git
  • install yay
    git clone https://aur.archlinux.org/yay-bin.git
    cd yay-bin && makepkg -si
    cd .. && rm -rf yay-bin

ctop-bin and inxi are good AUR packages.

Extra stuff

wiki - general general recommendations
wiki - improving performance

CPU microcode

  • sudo pacman -S intel-ucode
  • sudo grub-mkconfig -o /boot/grub/grub.cfg

Some packages

Tools

  • sudo pacman -S fuse curl wget micro nnn bind-tools borg python-llfuse

Monitoring and testing

  • sudo pacman -S htop lm_sensors iotop nload powertop iproute2

Performance and maintenance

  • install cron and enable the service
    sudo pacman -S cronie
    sudo systemctl enable --now cronie

  • if ssd, enable periodic trim
    sudo pacman -S util-linux
    sudo systemctl enable --now fstrim.timer

  • set noatime in fstab to prevent unnecessary tracking of read times
    sudo micro /etc/fstab
    UUID=cdd..addb / ext4 rw,noatime 0 1

  • enable use of all cpu cores for makepkg jobs and disable compression
    sudo micro /etc/makepkg.conf
    MAKEFLAGS="-j$(nproc)"
    PKGEXT='.pkg.tar'

  • clean up old packages weekly, keep last 3
    sudo pacman -S pacman-contrib
    sudo systemctl enable --now paccache.timer

  • use reflector to get the fastest mirrors based on country -c <country code>
    sudo pacman -S reflector
    sudo reflector -c SK,CZ,UA -p http --score 20 --sort rate --save /etc/pacman.d/mirrorlist

    automatic mirror update with reflector

    /etc/xdg/reflector/reflector.conf

    --save /etc/pacman.d/mirrorlist
    --protocol http
    --country SK,CZ,UA
    --score 20
    --sort rate
    

    enable it, it will run weekly

    sudo systemctl enable --now reflector.timer

Comfort

  • enable colors in pacman.conf
    sudo micro /etc/pacman.conf
    Color

Notebook

Lid closed should not make the machine go to sleep.

  • Set lid handle switch to ignore in systemd logind.conf
    sudo micro /etc/systemd/logind.conf
    HandleLidSwitch=ignore

But this alone leaves the screen running nonstop.

Tried to find solution, and while sudo vbetool dpms off works, turning it back on does not sudo vbetool dpms on and it timesout without any message or error.

Might be specific for the hardware, currently its latitude E5570