Updated on 13 Dec 2020

Attention: this installation guide is just the detailed procedure that i followed to install ArchLinux on my HP Elitebook 8470p so it does not take into account problems on other machines

If you have already installed Arch please go to "ArchLinux Configuration" section below

First follow the ArchLinux Installation Guide until the disk partition section

I choose to use UEFI with GPT partition table.

Reason "You are using Arch. Why would you even consider legacy anything?"

This is my partition scheme

From now i suppose that the disk to partitionate is /dev/sda To make this partiotion scheme:

• Remove all the partitions with fdisk or gdisk
• Check with fdisk -l /dev/sda if your hard drive has Disklabel type: gpt if not convert it to GPT with sgdisk -g /dev/sda
• Make the partitions with gdisk

It's recommended to use FAT32 for the EFI System Partition

mkfs.ext4 /dev/sda3
mkfs.fat -F32 /dev/sda1
mkswap /dev/sda2

mount /dev/sda3 /mnt
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot
swapon /dev/sda2

pacstrap /mnt base linux linux-firmware

I prefer to install other packages while chrooted.

Insted of using -U option i decided to use PARTUUID as source identifier since i choose GPT

genfstab -t PARTUUID /mnt >> /mnt/etc/fstab

Then follow the system configuration section until the bootloader

While chrooted please make sure that you install those in order to have a usable system when rebooted. Especially net-tools,iw and iwd for the network and WiFi

pacman -S nano net-tools htop iw iwd zsh intel-ucode git reflector curl

Since i had some problems with the HP UEFI firmware i decided to use GRUB as bootloader instead of use UEFI directly BUT i will remove GRUB as soon as possible

First check your firmware bitness

Please make sure that you have installed the microcode (intel-ucode or amd-ucode ) before installing GRUB

While chrooted follow the GRUB UEFI Installation:

pacman -S grub efibootmgr
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB

Remeber that if you firmware bitness is 32 you have to use --target=i386-efi

I don't know if that applies to all HPs but it's worth to check

As described in HP Elitebook 840 G1 UEFI setup: "The problem is that HP hard coded the paths for the OS boot manager in their UEFI boot manager to \EFI\Microsoft\Boot\bootmgfw.efi to boot Microsoft Windows, regardless of how the UEFI NVRAM variables are changed"

With the HP Elitebook 8470p i experienced the same issue and followed the "Using the Customized Boot path option" section **but remember ** that your EFI path is \EFI\GRUB\grubx64.efi **not ** \EFI\grub\grubx64.efi

Then finally boot your ArchLinux

exit
umount -R /mnt
reboot

chsh -s /bin/zsh

The wired connection is not covered yet

If you installed the packages in the "Install some useful stuff" then:

systemctl enable systemd-networkd
systemctl enable systemd-resolver
systemctl enable iwd
systemctl start systemd-networkd
systemctl start systemd-resolver
systemctl start iwd

ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Edit /etc/iwd/main.conf with:

[General]
AddressRandomization=once
AddressRandomizationRange=nic
EnableNetworkConfiguration=true
[Network]
NameResolvingService=systemd

Then run iwctl and connect to a wireless network

station wlan0 scan
station wlan0 get-networks
station wlan0 connect your_network

and then try to ping google.com. It should work.

First install sudo and allow the wheel group to run it

pacman -S sudo 
EDITOR=nano visudo

Then simply uncomment the %wheel ALL=(ALL) ALL line and add your user

useradd -m -G rfkill,uucp,wheel,tty,power,audio,users -s /bin/zsh your_fancy_username
passwd your_fancy_username
exit

References: Sudo and Users and groups

Optional: if you want to speed-up the download you can run reflector:

sudo reflector --verbose --latest 30 --sort rate --save /etc/pacman.d/mirrorlist

Please install Oh My Zsh (check the link instructions)

Then to install all the packages:

cd ~
git clone https://github.com/iolk/dot-files.git
mv dot-files/* ./
mv dot-files/.* ./
rmdir dot-files
pacman -S --needed $(comm -12 <(pacman -Slq | sort) <(sort .pkg-list))

You can check and modify the packages in the .pkg-list if you want

In order to syncronize my KeePass file between devices i use Google Drive. I decided to use RClone to mount my drive directory.

Simply run rclone configure and configure a remote (in this case a Google Drive remote) and then:

• Check the file ~/.config/systemd/user/keepassondrive.service (set proper dirs/remote)
• systemctl --user enable keepassondrive

That allows you to mount you remote directory as soon as the internet connection is established

nano ~/.config/redshift/redshift.conf

TLP & acpid

systemctl enable tlp
systemctl enable acpid

Enable font presets by creating symbolic links:

sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d
sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d
sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d

The above will disable embedded bitmap for all fonts, enable sub-pixel RGB rendering, and enable the LCD filter which is designed to reduce colour fringing when subpixel rendering is used.

If you want to change your gtk/icon/cursor theme just install it and run lxappearance to set it

To install the cursor theme put the theme files in ~/.icons in this case you can see the Vimix-cursors folder

To install the theme download it and extract in /usr/share/themes/

Themes used in this configuration:

• GTK: Nordic Darker
• Icon: Papirus
• Cursor: Vimix

In the ~/.config/gtk-3.0/settings.ini you can change the gtk-application-prefer-dark-theme option

To start libvirt

~/.config/i3/scripts/libvirtd_start.sh

For futher configurations: https://libvirt.org/auth.html https://jamielinux.com/docs/libvirt-networking-handbook/ https://www.redhat.com/archives/vfio-users/2015-November/msg00159.html

If virsh net-list --all shows no networks make a file default.xml: (ref.)

<network>
  <name>default</name>
  <uuid>9a05da11-e96b-47f3-8253-a3a482e445f5</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:0a:cd:21'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'/>
    </dhcp>
  </ip>
</network>

then

sudo virsh net-define --file default.xml
sudo virsh net-start default
sudo virsh net-autostart --network default

I set up some aliases in the .zshrc file so to start/stop the docker.service run dockerd start/stop:

Useful commands:

d rm $(d ps -aq)
d kill $(d ps -aq)
d rmi $(d images --filter "dangling=true" -q --no-trunc)

sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose   
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose

sudo systemctl start mpd
sudo systemctl enable mpd

From the ArchLinux Security page:

• Firewall
• VPN
• AppArmor
• Kernel lockdown mode
• Microcode
• Hardware vulnerabilities
• Password manager
• Do not use the root account for daily use
• Enforce a delay after a failed login attempt
• Lock out user after three failed login attempts
• Limit amount of processes
• Run Xorg rootless
• Kernel hardening
• DNSCrypt

• Wiki Pages
• Encription
• Customize all notifications
• Secure Boot
• Security (needs improvements)
• Music Player
• Maintenance (script/guide)
• Docker
• USB automount
• Kernel-based Virtualizzation
• PCI passthrough (Easy but you require an additional video card)
• List of application
• GTK, Icon and cursor theme
• My ArchLinux install guide

Currently evaluating Sway + Wayland