Skip to main content
  1. Notes/

Archlinux

·
Archlinux Systemd
Table of Contents

Arch Linux

Systemd Unit files #

A nice and informative article about unit files.

https://www.digitalocean.com/community/tutorials/understanding-systemd-units-and-unit-files

Unlock locked user accounts #

If your user account is locked, wait 15 minutes (usually) and you can try again.

If you need to unlock your account immediately: run this command (if you have another user that can login on the box):

$ sudo faillock --user dominic --reset

Calling faillock without arguments show an overview.

Predictable network interfaces #

Get back the “old” interface names like eth0 or wlan0 with systemd.link(5) .

Ethernet #

This makes my ethernet interface be called eth0 again.

Create /usr/lib/systemd/network/80-ether.link with this content:

[Match]
Type=ether

[Link]
NamePolicy=keep kernel

Reboot.

Wireless #

This makes my wireless interface be called wlan0 again.

Create /usr/lib/systemd/network/80-wlan.link with this content:

[Match]
Type=wlan

[Link]
NamePolicy=keep kernel

Reboot.

Setup WiFi networks #

Using iwctl #

$ iwctl device list
$ iwctl station wlan0 scan
$ iwctl station wlan0 get-networks
$ iwctl station wlan0 connect {ssid}

Using nmcli (NetworkManager) #

$ nmcli device wifi list
$ nmcli device wifi rescan
$ nmcli device wifi connect {ssid} --ask
$ nmcli device wifi show-password

Last command shows the connected SSID and a QR-code within the terminal.

Using NetworkManager #

We create some files in /etc/NetworkManager/conf.d:

Using iwd as the WiFi backend #

wifi_backend.conf:

[device]
wifi.backend=iwd

Using dhcpcd as DHCP client #

dhcp-client.conf:

[main]
dhcp=dhcpcd

Using systemd-networkd #

# wpa_passphrase MyNetwork SuperSecretPassphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
# systemctl enable wpa_supplicant@wlan0

Create /etc/systemd/network/00-wireless-dhcp.network and fill it with:

[Match]
Name=wlan0

[Network]
DHCP=yes

Enable systemd-networkd:

# systemctl enable systemd-networkd.service

Reboot.

Using the CPU with hashcat #

$ hashcat -I
hashcat (v6.2.6) starting in backend information mode

OpenCL Info:
============

OpenCL Platform ID #1
  Vendor..: Intel(R) Corporation
  Name....: Intel(R) OpenCL Graphics
  Version.: OpenCL 3.0

  Backend Device ID #1
    Type...........: GPU
    Vendor.ID......: 8
    Vendor.........: Intel(R) Corporation
    Name...........: Intel(R) UHD Graphics 620
    Version........: OpenCL 3.0 NEO
    Processor(s)...: 24
    Clock..........: 1150
    Memory.Total...: 14368 MB (limited to 2047 MB allocatable in one block)
    Memory.Free....: 7136 MB
    Local.Memory...: 64 KB
    OpenCL.Version.: OpenCL C 1.2
    Driver.Version.: 24.31.30508

This is what I’ve seen on hashcat -I for a long time now but I never dig myself into this “problem” – but today I tried to find the reason why there is no CPU listed on my Carbon X1 Gen7 laptop.

After a few minutes doing some trial & error I finally got the CPU listed after installing pocl.

$ paru -S pocl

Or, on my gaming laptop running a cheap clone of Ubuntu:

$ sudo apt install pocl-opencl-icd

Now my hashcat -I looks like this:

$ hashcat -I                                                                                                                                        took 6s
hashcat (v6.2.6) starting in backend information mode

OpenCL Info:
============

OpenCL Platform ID #1
  Vendor..: Intel(R) Corporation
  Name....: Intel(R) OpenCL Graphics
  Version.: OpenCL 3.0

  Backend Device ID #1
    Type...........: GPU
    Vendor.ID......: 8
    Vendor.........: Intel(R) Corporation
    Name...........: Intel(R) UHD Graphics 620
    Version........: OpenCL 3.0 NEO
    Processor(s)...: 24
    Clock..........: 1150
    Memory.Total...: 14368 MB (limited to 2047 MB allocatable in one block)
    Memory.Free....: 7136 MB
    Local.Memory...: 64 KB
    OpenCL.Version.: OpenCL C 1.2
    Driver.Version.: 24.31.30508

OpenCL Platform ID #2
  Vendor..: The pocl project
  Name....: Portable Computing Language
  Version.: OpenCL 3.0 PoCL 6.0  Linux, Release, RELOC, LLVM 18.1.8, SLEEF, DISTRO, POCL_DEBUG

  Backend Device ID #2
    Type...........: CPU
    Vendor.ID......: 128
    Vendor.........: GenuineIntel
    Name...........: cpu-haswell-Intel(R) Core(TM) i7-8665U CPU @ 1.90GHz
    Version........: OpenCL 3.0 PoCL HSTR: cpu-x86_64-pc-linux-gnu-haswell
    Processor(s)...: 8
    Clock..........: 4800
    Memory.Total...: 13716 MB (limited to 2048 MB allocatable in one block)
    Memory.Free....: 6826 MB
    Local.Memory...: 256 KB
    OpenCL.Version.: OpenCL C 1.2 PoCL
    Driver.Version.: 6.0

Paru / Pacman #

Found on andreas-mausch.de and I had to copy this to my notes archive here…

Install #

install #

$ paru -S <package>

Edit PKGBUILD and skip checksum check #

$ paru -S gnucash-xbt --fm helix --mflags "--skipchecksums"

uninstall (-n: no backup files; -s: remove dependencies) #

$ paru -Rns <package>

system update #

$ paru -Syu

Mirrors #

select fastest #

$ sudo pacman-mirrors --fasttrack

select by country #

$ sudo pacman-mirrors --country Germany,France,Austria

Search repo #

search package #

$ paru -Ss <package>

package details #

$ paru -Si <package>

list files #

$ paru -Fl <package>

find package for file #

$ pkgfile <filename>

search command #

$ paru -F glxinfo

Installed packages #

search package #

$ paru -Qs <package>

package details #

$ paru -Qii <package>

list files #

$ paru -Ql <package>

orphans #

$ paru -Qdt

manually installed (list all aur) #

$ pacman -Qm

Clean-up #

clear cache #

$ paru -Sc

Official repo vs. AUR #

repo #

$ paru -[...] --repo

aur #

$ paru -[...] --aur

Blocking IPs from a list with ipset #

Using ipset should increase performance on the box, also using the raw table should not create useless states as for what I understand from the source article on serverfault.com.

$ sudo ipset -N badips iphash
$ while read ip; do sudo ipset -A badips "$ip"; done < blocked.txt
$ sudo iptables -t raw -I PREROUTING -m set --match-set badips src,dst -j DROP
$ sudo iptables-save -f /etc/iptables/iptables.rules

Enable iptables in case it is not running yet.

$ sudo systemctl enable --now iptables.service

Also make the ipset configuration persistent:

$ sudo ipset save -file /etc/ipset.conf
$ sudo systemctl enable ipset.service

Reboot to test its persistency.

Do not manage one specific USB dongle #

99-unmanaged-devices.conf:

[keyfile]
unmanaged-devices=mac:xx:xx:xx:xx:xx:xx

Prefer local DNS instead of systemd-resolved defaults #

https://unix.stackexchange.com/a/442599

CPU frequency scaling #

https://wiki.archlinux.org/title/CPU_frequency_scaling

YubiKeys #

https://wiki.archlinux.org/title/YubiKey

LunarVim custom key mappings #

I know, this is an Arch Linux post but hey, I don’t care.

https://github.com/LunarVim/LunarVim/issues/2602

Mounting nfs shares with systemd #

https://wiki.archlinux.org/title/NFS#Mount_using_/etc/fstab_with_systemd

Arch Linux ARM installation on a Raspberry Pi 2 #

The wiki page is for Raspberry Pi 4.

https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4

Create a 32-bit Wine prefix #

I create my wine prefixes usually like this:

$ export WINEPREFIX=/home/dominic/.wine-winlink
$ export WINEARCH=win32
$ wine wineboot

Installing multiple ruby versions #

I came to the point to test an older website from me and it was made with Jekyll which I had to install quickly. Problems occured with OpenSSL and I finally managed to install ruby version 2.7.1 and 3.0.0 in my home directory.

$ rvm pkg install openssl
$ rvm install "ruby-3.0.0" --with-openssl-dir=$HOME/.rvm/usr
$ rvm install "ruby-2.7.1" --with-openssl-dir=$HOME/.rvm/usr

Later in the desired directory, I re-installed the gems because with ruby 2.7.1 I got another “Directory not found” error.

I had to do this because I used ruby 2.7.1 on one website.

$ bundle install --force

Bigger font for systemd-boot #

Edit /boot/loader/loader.conf:

console-mode 0

Possible settings are:

ValueDescription
0Standard UEFI 80x25 mode
180x50 mode, not supported by all devices
2the first non-standard mode provided by the device firmware, if any
autoPick a suitable mode automatically using heuristics
maxPick the highest-numbered available mode
keepKeep the mode selected by firmware (the default)

More details can be found in loader.conf(5) .

Manual sections #

SectionDescription
1Section 1 of the manual describes user commands and tools, for example, file manipulation tools, shells, compilers, web browsers, file and image viewers and editors, and so on
2Section 2 of the manual describes the Linux system calls. A system call is an entry point into the Linux kernel. Usually, system calls are not invoked directly: instead, most system calls have corresponding C library wrapper functions which perform the steps required (e.g., trapping to kernel mode) in order to invoke the system call. Thus, making a system call looks the same as invoking a normal library function.
3Section 3 of the manual describes all library functions excluding the library functions (system call wrappers) described in Section 2, which implement system calls.
4Section 4 of the manual describes special files (devices).
5Section 5 of the manual describes various file formats, as well as the corresponding C structures, if any.
6Section 6 of the manual describes the games and funny little programs available on the system.
7Section 7 of the manual provides overviews on various topics, and describes conventions and protocols, character set standards, the standard filesystem layout, and miscellaneous other things.

Encoding videos with ffmpeg #

This is not an Arch way of encoding videos, but since I do this on my…

$ ffmpeg -i <input> -c:v libx264 -b:v 1M -maxrate 1M -bufsize 2M -pass 1 -f null /dev/null
$ ffmpeg -i <input> -c:v libx264 -b:v 1M -maxrate 1M -bufsize 2M -pass 2 <output>