$ gpg --keyserver-options auto-key-retrieve --verify archlinux-2024.04.01-x86_64.iso.sig
gpg: assuming signed data in 'archlinux-2024.04.01-x86_64.iso'
gpg: Signature made 2024-04-01T13:00:16 EST
gpg:                using EDDSA key 3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C
gpg:                issuer "pierre@archlinux.org"
gpg: key 76A5EF9054449A5C: public key "Pierre Schmitz <pierre@archlinux.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.org>" [unknown]
gpg:                 aka "Pierre Schmitz <pierre@archlinux.de>" [unknown]
gpg: WARNING: The key's User ID is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3E80 CA1A 8B89 F69C BA57  D98A 76A5 EF90 5444 9A5C

install to usb
- insert usb
- lsblk (alt: df)
  - ➔ usb = sda
- sudo dd bs=4M if=archlinux-2024.04.01-x86_64.iso of=/dev/sda status=progress oflag=sync
  - troubleshooting
    - error: dd: failed to open '/dev/sda': Device or resource busy
    - solution: using gparted, you can reformat the drive (from fat32) to ext4, then try again

step two :: boot the iso

boot the target system using the arch iso, and prepare for a guided install
- tuxwarrior: F2 for BIOS
- thinkpad: F12 for boot options (F1 for BIOS)
select ArchLinux install medium (x86_64, x64 UEFI)
- troubleshooting
  - grub error
    - error: you need to load the kernel first
    - error start_image() returned 0x800000000000001
    - solution
      - reinstall iso on usb
  - arch iso error
    - squashfs error unable to read
    - solution
      - re-install the ISO on another USB device

step three :: generate config for new hosts

on new host:
archinstall --dry-run
- install language ➔ english (default)
- locales ➔
  - keyboard us
  - loc lang en_AU.UTF-8
  - loc enc UTF-8
- mirrors and repositories ➔ colombia, united states, worldwide
- (Optional repositories ➔ leave blank (default)) [obsolete?]
- disk config ➔ partitioning ➔ use a best-effort default partition layout ➔ pick main hd ➔ ext4 ➔ separate partition for /home: no
- bootloader ➔ systemd-boot (default) [might not be in the right order]
- (disk encryption ➔ no (default)) [obsolete?]
- swap: True (default)
- unified kernel image: Disabled (default)
- hostname: tuxwarrior
- root password: leave blank (default)
- user account: leave empty (default)
- profile ➔ type ➔ minimal
- audio ➔ pipewire
- kernels ➔ linux (default)
- network configuration ➔ Use NetworkManager
- additional packages ➔ git nano tree wget
  - / to search
- timezone ➔ America/Panama
- automatic time sync ➔ True (default)
- ➔ Save configuration
  - ➔ Save user configuration (inc disk layout)
  - Save directory: /tmp ➔ yes ➔ answer no when asked if you want to encrypt
  - then abort to exit archinstall
curl -F'file=@user_configuration.json' https://0x0.st
on existing host / alternative host:
for this repo, inside dots/archinstall create folder for new host (use hostname as folder name)
- open page given above, like https://0x0.st/Xbov.json
- save raw content as user_configuration.json
- save file
from a pre-existing host directory, copy over and modify (if needed) options.sh, packages.txt and services.txt. this should be copied to new host directory
- example: copied from dots/archinstall/t470p to dots/archinstall/tuxwarrior
commit changes to this repo, adding the new host files

step four :: arch install :: the basics

ip link
- lo (loopback - special device)
- enp0s31f6 (ethernet)
- wlan0 (wifi)
iwctl
- station wlan0 scan
- station wlan0 get-networks
- station wlan0 connect -_-
- exit
cd /tmp
curl -L -O https://go.op.fo/fro/lnx-arch/raw/branch/master/scripts/archinstall_config_download.sh
- (-L to follow redirects, -O to save to disk)
chmod 755 archinstall_config_download.sh
cat archinstall_config_download.sh
./archinstall_config_download.sh
- hostname: tuxwarrior
- password: [poq.L1]
- make sure both user .json files have been downloaded and updated
  - two files should be listed: user_configuration.json and user_credentials.json
  - check datestamp shown at the end when running the script
archinstall --config user_configuration.json --creds user_credentials.json
- Install
- ➔ Would you like to chroot into ... perform post-installation config?
  - no
- reboot

step five :: arch install :: software & dot files (dots)

log in as poq
nmtui (activate internet connection)
set up ct (caretaker - system management tool)
- cd /tmp
- wget https://go.op.fo/fro/lnx-arch/raw/branch/master/scripts/ctsetup.sh
- cat ctsetup.sh ➔ verify the file content
- chmod 755 ctsetup.sh
- sudo ./ctsetup.sh
sudo ct yay (install yay, which is used to install aur packages)
sudo ct uf (full update, install packages)
- same as running the two commands:
- sudo ct s
- sudo ct dots
sudo ct dots+ (download wallpapers, fonts++)
sudo ufw enable (enable firewall)
loop install - untill all programs are successfully installed
- note that some packages (in packages.txt) might have to be removed, as they might no longer be active / be working
- ct s
reboot & re-login
startx (start window manager)
several windows will start
- in the background there might will be a window where you are asked to set password for the gnome keyring
  - the gnome keyring window will always be in focus, and there is no way to close the other windows while this is happening
  - press escape to close the gnome window
- ignore the pCloudDrive, Nextcloud and ProtonVPN windows
open and close firefox to have firefox's profile directory being created
- start firefox (SUP + D ➔ firefox)
- close firefox
open the terminal (SUP + Enter)
create local sync folder for nextcloud
- local folder must match $SYNCDIR_HOSTNAME in dots/environment/environment
  - t470p: mkdir /home/poq/nextcloud
  - tuxwarrior: mkdir /home/poq/nextcloud
ct s (install sw that were not installed first time around - not sure why not all sw is installed the first time around)
ct dots (the re-run of dots will deploy firefox settings)
ct services (enable services)
reboot & re-login
once again, press esc to close the gnome keyring window
- leave the other windows open
open firefox and log into bitwarden.com
- here you will find the needed usernames, passwords and one time codes for logging into the below mentioned applications
- settings ➔ change device name ➔ YYMM - poq @ tuxwarrior
- settings ➔ set as default browser
- settings ➔ and log into firefox sync
set up mega
- mv ~/MEGA ~/mega
- does not work great on i3, so the login windom is a small "pixel". need to select this "pixel" and press super+f key for full screen.
- login
- sync local /home/poq/mega with cloud /deviceSync
- when sync is setup, click the three dots next to the synced folders, and chose manage exclusion
- remove the exlusions for ~, ., ~. and tmp
  - only remaining exlusions: Thumbs.db, desktop.ini, crdownload and sb-????????-?????
set up pCloud
- log in
- the first time login process takes quite a while
- settings ➔ disk usage ➔ disk space: 2048 ➔ 10240 & cache size: 5120 ➔ 5120 (~51 gb)
set up nextcloud
- log in
  - server address: https://nx.op.fo
  - at this point the gnome keyring manager will pop up again, and ask for a password
    - leave both (password and confirm) fields blank, and press continue, and chose to store passwords unencrypted
      - "To use automatic unlocking with automatic login, you can set a blank password for the default keyring. Note that the contents of the keyring are stored unencrypted in this case."
      - https://wiki.archlinux.org/title/GNOME/Keyring
- pick local folder (created above, like /home/poq/nextcloud), and
- choose Synchronize everything from server
  - and disable the two options Ask before syncing folders larger than xxx and Ask before syncing external storages
- click Connect
wait for nextcloud to complete syncronisation
- this will likely take a few days, depending on the internet speed and the amount of data stored with nextcloud
set up protonvpn
- log in (but wait with enabling vpn until nextcloud has completed syncing)

step six :: post syncronisation tasks

syncDirSetup.sh (will set up ~/syncDir)
deploySshKeys.sh (deployment of ssh keys)
importGnupgKeys.sh (deployment of gnupgp keys)
gitReposSoftlinker.sh (create softlinks to all repos at ~/syncDir/gitRepos/)
chmodAllSh.sh (fixes mode change from 14001 to 217 errors in repo)
reboot and re-login

step seven :: nvidia (optional)

if the system runs nvidia, follow the steps in nvidia.md to set up the nvidia driver.

step eight :: post installation tasks

KITTEN
- $ kitten themes 'sakura night'
  - to list all themes: $ kitten themes
  - nice themes: 1984 dark, box, cyberpunk, falcon, flat, goa base, neowave, sakura night, tropical neon, ubunto
  - (search for tropical ➔ select tropical neon ➔ press M to modify kitten.conf and start using the theme)
VSCODIUM
- local sync
- open extensions and search for local sync
- install the extension
- open extension settings
  - 1. disable auto backup files on change
  - 1. set path to backup files:
    - /home/poq/syncDir/gitRepos/gt.op.fo/fiodb/db/vscodium/syncBackup
  - 1. run local sync: restore (ctrl + shift + p)
  - 1. enable auto backup files on change
- open workspace :: open all active projects
- file ➔ open workspace from file ➔ /home/poq/syncDir/gitRepos/gt.op.fo/fiodb/db/workspaces/vscodium/workspace/one.code-workspace
- several .sh files might be flagged as modified (in gitkraken they will show up as file mode changes from 14001 to 217, which means from chmod 755 to 644), then you can fix this running the command chmodAllSh.sh.
GITKRAKEN
- preferences ➔ integrations ➔ connect to gitlab
- preferences ➔ ssh ➔ uncheck use local ssh agent
- preferences ➔ ui customization ➔ theme: gitkraken dark - high contrast
- register fingerprint for ssh key(s)
  - if the ssh key for a git repo has never been used, the ssh connection will fail as the key is not yet registered.
  - $ ssh git@gt.op.fo -p 2002
  - Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
FIREFOX
- default browser:
  - settings ➔ select the option to set firefox as default browser
- default search engine:
  - change default search engine to presearch, and login to presearch
- theme
  - extensions icon ➔ manage extensions ➔ themes ➔ enable theme xxxx
  - or, enable:
- install dictionaries for
  - en-AU and
  - no-NB
- update singlefile name format (extension icon ➔ manage extensions ➔ extensions ➔ singlefile ➔ preferences ➔ file format):
  - old: %if-empty<{page-title}|No title> ({date-locale} {time-locale}).{filename-extension}
  - new: {year-locale}{month-locale}{day-locale}_{url-href-flat}_.{filename-extension}
- open https://archive.is/ and install extension found on the top of that page
- open web scrobbler extension and log in to last.fm
- extension: sidebery ➔ settings ➔
  - help ➔ import addon data ➔ /home/poq/syncDir/gitRepos/gitlab.com/dotsplus/firefox/addons/sidebery/ sidebery-data-....json
    - or, download the settings from: https://gitlab.com/pqq/dotsplus/-/tree/main/firefox/addons/sidebery
  - manual adjustments (if needed) ➔
    - delete default containers (personal, work, banking, and shopping)
    - select bigTech container ➔ manage rules for urls and add the following urls to include:
      - google.com, x.com, bing.com, youtube.com
    - select quick container ➔ manage rules and include:
      - quick.no, dlsoftware, quick3
- bitwarden ➔ settings ➔
  - autofill ➔
    - disable: display identities as suggestions
    - disable: display cards as suggestions
    - enable: Display suggestions when icon is selected
    - disable: always show cards as autofill suggestions on vault view
    - disable: always show identities as autofil suggestions on vault view
  - notifications ➔
    - disable: ask to save and use passkeys
  - appearance ➔
    - vault customization ➔
      - enable: Show quick copy actions on Vault
PCMAN
- edit ➔ preferences >
  - (general ➔ uncheck [ ] erase files on removable media instead of "trash can" creation) <<- no, will keep this checked for now
  - layout ➔ show in places ➔ unselect all but "trash can"
REAPER
- NOTE: much of this can very likey be omitted, as the settings can be imported from:
  - /home/poq/syncDir/gitRepos/gitlab.com/dotsplus/reaper/config/
- open reaper, and uncheck check for new versions
- import licence
  - located in protonmail under the 'licence' label, and on the nas server:
    - /mnt/nas/cb/software/licences/reaper.txt
  - import from file, or:
    - copy the licence key to the clipboard ➔ help ➔ about reaper ➔ import license key ➔ (licence is automatically loaded)
- options ➔ preferences
  - general ➔ paths >
    - default path to save new projects: /home/poq/syncDir/0_inProgress/mixing/
    - default render path: /home/poq/syncDir/0_downloads/
  - audio ➔ device ➔ audio system: pulseaudio
    - sample rate: 48000
  - appearance ➔ enable don't animate any toolbar button
  - appearance ➔ track meters ➔ enable reset peak indicators on play/seek
  - media ➔ import ➔ disable copy imported media to project media directory
- actions >
  - show action list ➔
    - new action ➔ new custom action ➔
      - custom action name: fk: cycle ripple editing mode
      - options: cycle ripple editing mode
      - press ok
      - assign shortcut: by clicking the add button, and typing ```
        
        override mapping view: toggle track zoom to minimum height
    - search for Unselect (clear selection of) all tracks/items/envelope points
      - assign shortcut: "Alt + Shift + Up"
- https://bertomaudio.com/denoiser-pro.html
  - login with: 231114_lemonsqueezycom@468910.xyz (pwd is sent to email)
  - /mnt/nas/cb/software/denoiserPro_bertonAudio
    - download
      - Bertom_DenoiserPro_3.0.7_GNU-LINUX.tar.xz
  - mkdir ~/.vst3 (verify folder in Reaper ➔ options ➔ preferences ➔ plug-ins ➔ vst)
  - tar -xf /mnt/nas/cb/software/denoiserPro_bertonAudio/latest/Bertom_DenoiserPro_3.0.9_LINUX.tar.xz -C ~/syncDir/0_downloads/
  - cp -r ~/syncDir/0_downloads/Bertom_DenoiserPro_3.0.9_LINUX/.avx2/Bertom_DenoiserPro.vst3/ ~/.vst3/
  - restart reaper ➔ add a new track ➔ select the fx button ➔ open vxt3: denoiser pro and load the licence file
    - /mnt/nas/cb/software/licences/bertom-denoiser-pro-license.lic
    - /mnt/nas/cb/software/denoiserPro_bertonAudio/bertom-denoiser-pro-license.lic
      - also located in protonmail under the 'licence' label
  - extra: ?
PRINTING
- remove services cups.socket and cups.path
  - $ sudo systemctl disable cups.path
  - $ sudo systemctl disable cups.socket
- $ system-config-printer
  - if usb printer, and turned on, the printer should show up
- useful: https://kb.adamsdesk.com/operating_system/arch_linux_install_network_printer/

error solving

the keyring is reset on each reboot
- symptoms: you're asked to re-login to nextcloud and protonvpn on each reboot
- open seahorse
- delete existing keyring (named default?)
- create new password keyring
  - name: oneRingToHoldThemAll
  - password: leave blank (no password)
  - set new keyring as default
- reboot
- verify, using seahorse, that the new keyring is used when saving credentials
- ref: https://forum.manjaro.org/t/gnome-keyring-keeps-being-reset/147118
misc
- for info on miscellaneous issues, please see https://gitlab.com/pqq/pIssues.2/-/issues/254.