I am writing this on the first day of the new year, 2026. I’ve mainly been using this blog/website to host my article about my Arch Linux install and I’ve kept that up-to-date with changes I’ve made to my system in the last two years (idea being: having a document that describes my setup so I could reproduce it, because I always forget which modifications I did).
2025 was the first year in my new house. We moved in July of 2024, It’s an old mansion (built in 1897). Our moving was something that simmered and we decided to just do it. The house is in good condition. One of the big things we did this year is to isolate the roof (effectively a new roof) and replace all glass with more modern isolating glass. I’ve kept track of gas usage so far, and early indications seem to be about 30 percent reduction in gas usage compared to 2024, which is great, because gas is expensive.
I also turned 50 in November which is kind of surreal.. A few days ago I was re-reading my reflections on 2023. It is a bit unsettling that I have to admit that that feeling of “purpose” that I mentioned there, hasn’t really emerged. Motivation has been a real struggle in 2025. It’s not for lack of doing big new things: new house, new project at work, working in a new programming language, a big sailing trip to Norway, been to the Carribean last year.
If I would have to summarize 2025, it would be as: too much.
The big reasons for that are not the fun things we did, like the vacations, and the travels, but I think they mostly stem from two things:
I’ve had more trouble than usual applying focus on work-related tasks. If I look at how that works, I think it is because of having to do things that really require focus, but having a schedule that has zero room for flex. My schedule is so tight that I constantly find myself having to stop what I’m doing and rush into the next have-to-do task, which can be anything from a weekly meeting, bookkeeping and administrative work for my company, to picking up my daughter for school or ballet.
From how 2025 has felt, I have a few ideas about what to do different in 2026..
So 2026. A new year ahead. I have a few ideas that I will try to do this year:
To do the above, means making some choices, specifically about what not to do, what to leave out, because a schedule can only get less crowded by simply not doing certain things, consciously.
I also hope to share a little bit more regularly here. I have a few good subjects in mind that deserve their own article.
Happy new year to all!
]]>I’m extremely impressed and very happy with this laptop - it is by far one of the best devices I’ve owned in a long time. It is near-silent, It uses ~5watts at idle, it’s fast, it’s sturdy and it looks good!
This is going to be quite a long article, so here’s a Table of Contents:
Prior to my Framework Laptop adventures, I’ve been planning to move to Arch Linux for a while. I’m a long-time Linux desktop user. I started out with those Red Hat CD-ROMs you’d buy at your local bookshop (this was around ‘96). I fooled around with SCO UnixWare, had a whole period of SGI IRIX after that and then some distro-hopping to Debian, Fedora, Arch Linux (in 2006), Gentoo and Void Linux, more-or-less in that order.
The last two-ish years I’ve been running on Void Linux, which I still strongly recommend and love - it’s a really good distribution with a nice balance between stability and simplicity.
I used the OS package manager for the essentials, like Gnome, Firefox, the
terminal, Wayland and X11, and used /opt like a sort of Program Files or
Applications directory where I had my own programs like IntelliJ, Postman,
PostgreSQL, etc.
This works relatively well: you don’t have a lot of demands on package availability in the distro itself and you keep things stable - only update your own stuff when you feel like it and/or when you need to.
At a certain point I had about 70 applications in /opt which became a burden
to keep up to date, so I set out to find a distribution that packages as much
as possible of the software I use, and where packaging it yourself is as simple
as possible.
I definitely prefer a rolling-release distro. I checked out Nix, Gentoo and Arch Linux. Nix I found really appealing (hard declarative) but I hated the syntax (maybe Guix one day? I like Scheme better).
Gentoo did have a comparable set of packaged software available, and it is one of my favorite distributions, but I had too many issues on my test-build virtual machine which blocked me from experimenting prior to running it on my daily driver.
So why move to Arch? Well, in one word: mind-share. The wiki, the amount of packaged software, sane package standards:
The above three things means a lot of convenience to a Linux desktop user. On Arch Linux, 99.9% of the software I ever used on Linux is packaged, most of it in the official repositories and a few in AUR. Next to that, AUR and PKGBUILD are so easy to get into, so you can easily package things yourself and share it with the community.
On most other distros the gap between what’s packaged and what isn’t is quite a bit larger which means you need alternative ways to get that software and keep it up-to-date, which in practice becomes error-prone and time-consuming.
On Arch Linux I made the choice to run everything packaged with pacman. If
I need something that isn’t packaged yet (currently the case for 5 packages of
which I packaged one already), I package it and publish it to AUR.
The rest of this article is essentially a how-to with notes about what I run and install. Feel free to peruse and/or replay!
You can find the BIOS guide on the Framework community website. The only settings I changed were:
The above causes the laptop to effectively run in a lower TDP setting. I think
it goes from 28watts to 22watts. This has a dramatic effect on the battery life
and thermals of the device. I don’t want a wild beast that blasts the fans as
soon as I type ls, so these settings are great for me. Did I mention the
laptop performs really great with these settings?
With the above and the settings I configure in TLP I get ~3watts idle with screen on normal brightness, Wi-Fi and Bluetooth enabled, and about ~45 celsius core temperatures.
Basically, download the ISO and follow the
installation guide. I
opted to use systemd-boot as boot manager and either systemd-networkd or
networkmanager-iwd as my network configuration tooling.
Whichever boot manager you use, you might want to set a few extra kernel parameters. I found the following additionals handle a bunch of stuff nicely on my Framework Laptop 13:
acpi_mask_gpe=0x1A acpi_osi="!Windows 2020" libata.allow_tpm=1 mem_sleep_default=deep net.ifnames=0 nvme.noacpi=1 nvme_core.default_ps_max_latency_us=0 root=LABEL=LINUX rtc_cmos.use_acpi_alarm=1 rw split_lock_detect=off tpm_tis.interrupts=0
Next to the default core and extra repositories, I enable multilib in
pacman.conf before installing. Additionally, I blacklist pam_systemd_home.so
because I don’t use systemd-homed and it spams the journal on any login or
auth action:
--- pacman.conf.orig 2023-08-06 12:09:44.849855338 +0300
+++ pacman.conf 2023-08-06 12:01:30.261984035 +0300
@@ -26,7 +26,7 @@
#IgnoreGroup =
#NoUpgrade =
-#NoExtract =
+NoExtract = usr/lib/security/pam_systemd_home.so
# Misc options
#UseSyslog
@@ -87,12 +87,11 @@
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist
-#[multilib]
-#Include = /etc/pacman.d/mirrorlist
+[multilib]
+Include = /etc/pacman.d/mirrorlist
You can install the following packages right after your system comes up first
boot, or you could do it during install with pacstrap (it doesn’t really
matter, but in any case, make sure core, contrib and multilib are enabled
in /etc/pacman.conf first):
pacman -S --needed acpi acpica acpi_call-dkms acpid alacritty alsa-firmware alsa-tools alsa-ucm-conf alsa-utils ansible-language-server ansible-lint ant antlr4 ardour aribb25 arj autoconf automake aws-cli base-devel bash bash-language-server bc bear bind biome bison blender bower btop bubblewrap bun busted bustle calibre cameractrls carla cdemu-client cdemu-daemon cdrdao cdrtools chawan chntpw cifs-utils clang clinfo clojure cmake corkscrew cpio cppcheck cpupower ctags cue cups curl dagger dash dconf-editor dcraw ddcutil debugedit delve deno desmume devtools direnv distrobox dive dmidecode dmraid dnsmasq docker docker-buildx docker-compose dool dos2unix dosfstools doxygen d-spy dvd+rw-tools dvisvgm editorconfig-checker editorconfig-core-c efibootmgr elixir emacs-wayland erlang eslint ethtool exfatprogs extra-cmake-modules fakeroot fastfetch fd fdupes file file-roller fio firefox flex fltk1.3 fontforge foomatic-db-engine foomatic-db-nonfree-ppds foomatic-db-ppds fractal freetype2-demos fs-uae fs-uae-launcher furnace fwupd fzf gamemode gamescope gcc gdb gdm gemini-cli ghidra gimp git git-filter-repo github-cli git-lfs glab gnome-backgrounds gnome-browser-connector gnome-calculator gnome-characters gnome-control-center gnome-disk-utility gnome-logs gnome-session gnome-settings-daemon gnome-shell gnome-shell-extension-appindicator gnome-shell-extension-desktop-icons-ng gnome-shell-extensions gnome-system-monitor gnome-themes-extra gnome-tweaks gnupg gnuplot go gopls go-tools gparted gperf gradle groovy gtksourceview3 gtkwave guile gvfs gvfs-gphoto2 gvfs-mtp gvfs-nfs gvfs-smb handbrake harfbuzz-cairo hdparm helix helm hplip htop hunspell hunspell-de hunspell-en_gb hunspell-en_us hunspell-es_es hunspell-fr hunspell-nl i2c-tools ifuse img2pdf inetutils inkscape iperf3 iptables-nft irssi iverilog iwd jekyll jfsutils jq jupyterlab jupyterlab-lsp jupyter-lsp jupyter-notebook just k9s kafka kddockwidgets kotlin kubeconform kubectl kubeseal leiningen lhasa libblockdev-crypto libblockdev-dm libblockdev-fs libblockdev-loop libblockdev-lvm libblockdev-mdraid libblockdev-mpath libblockdev-nvme libblockdev-part libblockdev-swap libebur128 libgoom2 libindicator-gtk3 librecad libreoffice-still libretro-beetle-pce libretro-beetle-psx-hw libretro-blastem libretro-core-info libretro-desmume libretro-dolphin libretro-flycast libretro-mame libretro-mgba libretro-mupen64plus-next libretro-nestopia libretro-picodrive libretro-ppsspp libretro-sameboy libretro-scummvm libretro-snes9x libtiger libva-mesa-driver libva-utils libvirt libwebp-utils libxcrypt-compat linux-firmware-bnx2x linux-firmware-liquidio linux-firmware-mellanox linux-firmware-nfp linux-firmware-qlogic linux-headers live-media lld lldb lm_sensors loupe lshw lsof lsscsi ltrace lua-language-server make mame mame-tools man-db mangohud man-pages mattermost-desktop maven mbedtls2 mednafen mesa-demos mesa-utils meson mgba-qt minikube mitmproxy mono mono-msbuild moreutils mpv mtools multipath-tools mupdf-tools mupen64plus mutter nasm nautilus nbd neovide neovim netbeans networkmanager-openvpn networkmanager-vpn-plugin-openvpn net-tools nfs-utils ninja nmap nodejs noto-fonts-emoji npm ntfs-3g nuget nvchecker nvme-cli nvtop ollama openai-codex openbsd-netcat opencl-clhpp opencl-headers opencode openldap openssh openvpn osv-scanner p7zip pacman-contrib pacutils papers papirus-icon-theme patch patchelf pciutils pdfarranger perf perl perl-lwp-protocol-https perl-net-dbus perl-x11-protocol perl-yaml pinentry piper pipewire pipewire-alsa pipewire-jack pipewire-libcamera pipewire-pulse pipewire-v4l2 pkgconf postgresql powertop ppsspp prettier projectm protonmail-bridge psutils python python-jsbeautifier python-jwcrypto python-kubernetes python-ldap python-lsp-server python-nose python-numpy python-opengl python-patch-ng python-pip python-pycryptodomex python-pylint python-pyopenssl python-pytest python-rope python-setuptools python-sphinx python-sphinx-autobuild python-sympy python-websockets python-wheel qbittorrent qjackctl qpwgraph qt5ct qt5-declarative qt5-tools qt5-wayland qt6ct qt6-multimedia-ffmpeg qt6-tools qt6-wayland quodlibet rabbitmq racket ranger realtime-privileges rebuild-detector recode retroarch retroarch-assets-glui retroarch-assets-ozone ripgrep rlwrap rsync ruby ruby-base64 ruby-bigdecimal ruby-csv ruby-default-gems ruby-irb ruby-rake-compiler rustup samba sane sbt scons screen scummvm sdcc sdl2_mixer seahorse seatd shfmt signal-desktop simple-scan smartmontools smbclient snapshot snes9x-gtk sof-firmware sox speedtest-cli squashfs-tools steam step-ca step-cli stern strace s-tui stylelint sudo syncthing sysdig sysprof sysstat tailwindcss-language-server taplo-cli tar terminus-font texinfo texlab texlive-basic texlive-bin texlive-fontsrecommended texlive-latex texlive-latexextra texlive-latexrecommended texlive-pictures the_silver_searcher thunderbird tidy tinyxxd tmux tokei traceroute tracker3-miners tree tree-sitter-cli tree-sitter-grammars ttf-ibm-plex ttf-ubuntu-font-family turbostat twine typescript typescript-language-server udftools udisks2-lvm2 uncrustify unixodbc unzip urlwatch usbutils util-linux uucp valgrind valkey vdpauinfo vhba-module-dkms vkd3d vscode-css-languageserver vscode-html-languageserver vscode-json-languageserver vue-language-server vulkan-tools w3m wayland-utils wgetpaste whois wimlib wine wine-mono wireless-regdb wireless_tools wireplumber wireshark-cli wireshark-qt wl-clipboard wmctrl wol xcb-util-errors xchm xclip xdelta3 xdg-desktop-portal-gnome xdg-user-dirs-gtk xdg-utils xdotool xfsprogs xmlstarlet xorg-fonts-100dpi xorg-fonts-misc xorg-font-util xorg-mkfontscale xorg-server xorg-server-devel xorg-xauth xorg-xdpyinfo xorg-xdriinfo xorg-xev xorg-xfontsel xorg-xhost xorg-xinit xorg-xinput xorg-xkill xorg-xlsclients xorg-xprop xorg-xrandr xorg-xrdb xorg-xset xorg-xsetroot xorg-xvinfo xorg-xwayland xorg-xwininfo yarn yasm yq yt-dlp zig zip zls zstd
pacman -S --needed qemu-full libvirt virt-manager
Note that the qemu-full package depends on qemu-chardev-baum which in turn
pulls in brltty, a braille (virtual?) keyboard service. If you don’t need
that:
pacman -R qemu-chardev-baum qemu-full brltty
userdel brltty
Later on in this guide we’ll set up libvirt so you can use virt-manager
comfortably.
You can install tlp to enable dynamically applying power management settings,
based on if your power connector is connected or if you’re on battery. We also
install tlp-pd which is the TLP project’s DBUS interface compatible
implementation of power-profile-daemon (which itself conflicts with tlp).
Installing tlp-pd Makes it possible to control TLP from things like Gnome,
Cosmic, KDE, etc.
pacman -S --needed tlp tlp-pd
systemctl enable --now tlp-pd
I use dracut on my desktop computer, because I need working LVM RAID mirrors
there. I couldn’t get that to work with mkinitcpio based initrd.
If you want to use dracut instead of mkinitcpio to generate initrd images,
you need to install it and remove the default initrd tooling:
pacman -S --needed dracut
pacman -R mkinitcpio mkinitcpio-busybox
Note that there are no hooks by default for rebuilding dracut-based initrd
images, so you’d need to do that manually after linux kernel package updates.
For example:
# Kernel version in package contains dot, on-disk it contains dash, hence the sed.
export KERNEL_VERSION=$(pacman -Q linux | awk '{print $2}' | sed 's|\.arch|-arch|g')
cp /lib/modules/$KERNEL_VERSION/vmlinuz /boot/vmlinuz-linux
dracut --kver $KERNEL_VERSION --force /boot/initramfs-linux-fallback.img
dracut --hostonly --no-hostonly-cmdline --kver $KERNEL_VERSION --force /boot/initramfs-linux.img
Wayland provides working gestures on Gnome out of the box, and Wayland is the default on Arch Linux. If, however, you have some reason to use X11 instead of Wayland by default and you want gestures to work, you can install Touchégg:
pacman -S --needed touchegg
Make sure you enable the service:
systemctl enable --now touchegg
And also install the required Gnome extension.
Devices like the Framework Laptop 13 have a fingerprint reader. If you want to use it, make sure to install the following packages:
pacman -S --needed libfprint fprintd
And make sure you enable the service:
systemctl enable --now fprintd
To configure the fingerprint reader, I needed to upgrade the firmware. Version
01000320 is known to not work with Linux. In my case, I had to use an older
version of fwupd (version 1.9.5 to be specific) - 1.9.10 did not work, but
I’ve had a report recently (thanks, Jan Schoone) that fwupd version 1.9.13
and possibly higher, does actually work these days (your milage may vary, etc).
In any case, I followed the instructions here
to update to the required firmware version 01000330 to make the fingerprint
reader work with Linux. Instructions below are based on the linked document:
# First downgrade fwupd...
wget --continue https://archive.archlinux.org/packages/f/fwupd/fwupd-1.9.5-2-x86_64.pkg.tar.zst --output fwupd-1.9.5-2-x86_64.pkg.tar.zst
pacman -U fwupd-1.9.5-2-x86_64.pkg.tar.zst
# Get firmware file and install...
wget --continue https://github.com/FrameworkComputer/linux-docs/raw/main/goodix-moc-609c-v01000330.cab --output goodix-moc-609c-v01000330.cab
fwupdtool install --allow-reinstall --allow-older goodix-moc-609c-v01000330.cab
Note: There might be a transfer error mentioned at the end. This can be safely ignored. Reboot and start a fresh terminal and show the device:
fwupdmgr get-devices 1e8c8470-a49c-571a-82fd-19c9fa32b8c3
Note: The above command sometimes times out the first time it’s run. Just run it
again and you’ll see some details about the fingerprint reader. Notably, the
version should now be: 01000330. You can now enroll fingerprints.
If your fingerprint reader is working, you can continue to follow the steps here to set it up for usage.
My Framework Laptop 13 is intel-based, so I install these packages additionally:
pacman -S --needed intel-gpu-tools vulkan-intel intel-media-driver libvdpau-va-gl intel-graphics-compiler intel-compute-runtime gst-plugin-va opencv python-opencv
Also, from AUR, I install these, making sure their version is synced with the above mentioned 64-bit versions, These make it possible for 32-bit apps to also use VAAPI-based hardware acceleration:
lib32-intel-gmmlib
lib32-intel-media-driver
If you have an AMD device instead, you might want these ones:
pacman -S --needed radeontop vulkan-radeon gst-plugin-va ollama-rocm opencv python-opencv
If you have an NVidia device instead, you might want these ones:
pacman -S --needed cuda ffnvcodec-headers libva-nvidia-driver nvidia-cg-toolkit nvidia-settings nvidia-utils nvidia-open-dkms nvtop opencl-nvidia openssl-1.1 gst-plugins-bad ollama-cuda opencv-cuda python-opencv-cuda nsight-compute nsight-systems
Note: The openssl-1.1 package is a (missing) dependency for
libnvidia-pkcs11.so contained in nvidia-utils.
Note 2: The opencv-cuda and python-opencv-cuda packages replace the opencv
and python-opencv packages installed previously.
Sublime Text has an official Arch linux
repository for its sublime-text and sublime-merge packages. If you want to
use those, do the following (as root):
# Install and sign the sublimehq pubkey.
curl -O https://download.sublimetext.com/sublimehq-pub.gpg
pacman-key --add sublimehq-pub.gpg
pacman-key --lsign-key 8A8F901A
rm sublimehq-pub.gpg
# Add sublime-text package repository to pacman.conf.
cat <<EOF >> "/etc/pacman.conf"
# Official Sublime Text and Sublime Merge repository.
[sublime-text]
SigLevel = Required DatabaseRequired TrustedOnly
Server = https://download.sublimetext.com/arch/stable/x86_64
EOF
# Update local pacman databases and install.
pacman -Syu sublime-text sublime-merge
The above is based on these instructions.
I like to install the lib32-* package equivalents of packages I installed. There isn’t an easy way to do this and it is a bit messy, but here’s how I do it:
# Clean beginnings.
mkdir -p ~/Desktop
rm ~/Desktop/lib32-candidates ~/Desktop/lib32-notfound
# Append a list of possible lib32-* package names by prepending to package name.
for p in `pacman -Qq | grep -v lib32`; do echo lib32-$p >> ~/Desktop/lib32-candidates; done
# Append a list of possible lib32-* package names which consist of lib32-firstnamepart.
for p in `pacman -Qq | grep -v lib32 | cut -d- -f1 | sort -u`; do echo lib32-$p >> ~/Desktop/lib32-candidates; done
# Remove known-not-working elements and make sure the output file is sorted and unique.
cat ~/Desktop/lib32-candidates | grep -v rustup | grep -v openssl-1.1 | grep -v mesa-amber | grep -v mesa-demos | sort -u -o ~/Desktop/lib32-candidates
# Abuse pacman -S to obtain invalid package names.
pacman -S --needed `cat ~/Desktop/lib32-candidates | sort -u` 2>&1 | grep 'error: target not found' | awk '{print $5}' > ~/Desktop/lib32-notfound
# Make sure that's sorted and unique too.
sort -o ~/Desktop/lib32-notfound ~/Desktop/lib32-notfound
# Use comm to diff the lists and only feed valid package names to pacman -S.
pacman -S --needed `comm -23 ~/Desktop/lib32-candidates ~/Desktop/lib32-notfound`
You can configure networking in all kinds of ways, but the two I document are
networkmanager-iwd and systemd-networkd.
I specifically chose networkmanager-iwd, because I have had extensive
problems with wpa_supplicant in combination with high performance network
requirements, like when you need to stream a 4K desktop at 60fps. Due to how
wpa_supplicant is instrumented by NetworkManager, that kind of use-case is
virtually impossible to get right. iwd seems to handle this use-case much
better and so I opt to use that in combination with networkmanager-iwd.
Note that networkmanager-iwd is an AUR package that uses iwd exclusively
and does not require or depend on wpa_supplicant in any way.
First configure iwd defaults:
mkdir -p /etc/iwd
cat <<EOF > "/etc/iwd/main.conf"
[General]
RoamThreshold=-80
RoamThreshold5G=-80
CriticalRoamThreshold=-90
CriticalRoamThreshold5G=-90
[Network]
EnableIPv6=true
NameResolvingService=systemd
[Scan]
DisablePeriodicScan=true
DisableRoamingScan=true
MaximumPeriodicScanInterval=3600
[DriverQuirks]
PowerSaveDisable=iwlwifi
EOF
iwd can be configured using iwctl, or it is managed completely by
networkmanager-iwd. See the iwd page
on the Arch wiki for more details about iwd.
I’ve opted to use networkmanager-iwd from AUR to manage my networking needs
because as it stands, it integrates much nicelier with graphical environments
like Gnome, Cosmic and KDE. To use networkmanager-iwd, you first need to
build the networkmanager-iwd package. See the section about how to
configure for package building for more
information about how do that.
systemctl disable --now systemd-networkd # systemd-networkd needs to be off
systemctl disable --now iwd # iwd is managed by networkmanager itself
systemctl enable --now NetworkManager # enable networkmanager
See the NetworkManager page on the Arch Wiki for details about how to use and configure NetworkManager. In practice, you’ll find it’s pretty straight-forward and that it can usually be configured graphically through your desktop environment of choice.
As an alternative to networkmanager-iwd, you can use systemd-networkd to
configure your network. This comes down to placing configuration files in
/etc/systemd/network. and enabling the systemd-networkd services.
cat <<EOF > "/etc/systemd/network/10-ethernet.network"
[Match]
Name=eth0
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
IgnoreCarrierLoss=10s
UseDomains=false
[DHCPv4]
RouteMetric=700
UseNTP=no
UseDNS=no
UseGateway=yes
UseRoutes=no
[IPv6AcceptRA]
RouteMetric=700
EOF
Note that this is an alternative to the single ethernet configuration shown previously. Let’s first create the physical device bind config:
cat <<EOF > "/etc/systemd/network/10-bind.network"
[Match]
Name=eth0 eth1
[Network]
Bridge=bridge0
EOF
Create the virtual bridge device:
cat <<EOF > "/etc/systemd/network/10-bridge.netdev"
[NetDev]
Name=bridge0
Kind=bridge
MACAddress=52:41:41:46:00:0b
EOF
And finally, the bridge network, configured by DHCP:
cat <<EOF > "/etc/systemd/network/10-bridge.network"
[Match]
Name=bridge0
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
IgnoreCarrierLoss=10s
UseDomains=false
[DHCPv4]
RouteMetric=700
UseNTP=no
UseDNS=no
UseGateway=yes
UseRoutes=no
[IPv6AcceptRA]
RouteMetric=700
EOF
Note that you first need to configure iwd to authenticate and connect to your
wireless network. After that, tell systemd-networkd about it:
cat <<EOF > "/etc/systemd/network/10-wireless.network"
[Match]
Name=wlan0
[Link]
RequiredForOnline=routable
[Network]
DHCP=yes
IgnoreCarrierLoss=10s
UseDomains=true
[DHCPv4]
RouteMetric=600
[IPv6AcceptRA]
RouteMetric=600
EOF
Enable systemd-networkd and iwd with:
systemctl disable --now NetworkManager # networkmanager needs to be off
systemctl enable --now iwd.service # iwd is not managed by systemd-networkd
systemctl enable --now systemd-networkd.service # enable systemd-networkd
systemctl disable --now systemd-networkd-wait-online.service # not this one
Note that we disable the waiting service, since we want to continue booting
even if there is no network. If you would like to know more about how you can
configure systemd-networkd, be sure to read the
systemd-networkd page on
the Arch wiki.
I use and customize a bunch of services on my device. So I don’t forget what I customized and why, let me document it.
The displaylink service is used, together with the evdi driver, to handle
externally connected displays, which connect through a dock or other type of
USB3 or Thunderbolt connection. Enable it as follows:
systemctl enable --now displaylink
Additionally, I’ve observed that the displaylink service consumes an
inordinate amount of CPU time after a suspend/resume cycle. A quick restart of
the service works around that. To do that automatically, we can create a systemd
unit file and enable it:
# Write the systemd unit file for restarting displaylink on resume:
cat <<EOF > "/etc/systemd/system/displaylink-restart.service"
[Unit]
Description=Restart DisplayLink after resume
After=suspend.target
[Service]
Type=simple
ExecStart=/bin/systemctl --no-block restart displaylink.service
[Install]
WantedBy=suspend.target
EOF
# Enable and start the automatic displaylink restart service:
systemctl enable --now displaylink-restart
The cpupower service reads from /etc/default/cpupower and configures the
default scheduler. Edit that file to set the default scheduler to powersave or
performance and then enable it:
systemctl enable --now cpupower.service
I don’t want any service auto-configuring stuff on my system, especially things like printers for example. Therefore I disable the Avahi zeroconf service:
systemctl mask avahi-daemon.service
systemctl mask avahi-daemon.socket
systemctl mask avahi-dnsconfd.service
Note that a side-effect of this, is that when you use something like xsane or
simplescan, you will get a password prompt dialog every time you start the
scanning tool. This is because, apparently, these tools use avahi somehow,
which then has to be invoked, which is then done through polkit, which raises
the password dialog so the avahi service can be started. Yeah.
Enable bluetooth with:
systemctl enable --now bluetooth.service
Bluetooth mostly just works out of the box, except for my XBox Series X|S
Wireless Game Controller. To get this to run, I use the xpadneo-dkms AUR
package. Additionally, I need to configure a few settings in
/etc/bluetooth/main.conf (add or set these settings yourself, or use patch
to apply the settings to your main.conf):
--- main.conf.orig 2023-07-31 19:01:29.473651656 +0300
+++ main.conf 2023-08-01 23:39:23.294653784 +0300
@@ -49,7 +49,7 @@
# Restricts all controllers to the specified transport. Default value
# is "dual", i.e. both BR/EDR and LE enabled (when supported by the HW).
# Possible values: "dual", "bredr", "le"
-#ControllerMode = dual
+ControllerMode = dual
# Maximum number of controllers allowed to be exposed to the system.
# Default=0 (unlimited)
@@ -100,7 +100,7 @@
# Specify the policy to the JUST-WORKS repairing initiated by peer
# Possible values: "never", "confirm", "always"
# Defaults to "never"
-#JustWorksRepairing = never
+JustWorksRepairing = confirm
# How long to keep temporary devices around
# The value is in seconds. Default is 30.
@@ -212,9 +212,9 @@
# LE default connection parameters. These values are superceeded by any
# specific values provided via the Load Connection Parameters interface
-#MinConnectionInterval=
-#MaxConnectionInterval=
-#ConnectionLatency=
+MinConnectionInterval=7
+MaxConnectionInterval=9
+ConnectionLatency=0
#ConnectionSupervisionTimeout=
#Autoconnecttimeout=
@@ -318,7 +318,7 @@
# AutoEnable defines option to enable all controllers when they are found.
# This includes adapters present on start as well as adapters that are plugged
# in later on. Defaults to 'true'.
-#AutoEnable=true
+AutoEnable=false
# Audio devices that were disconnected due to suspend will be reconnected on
# resume. ResumeDelay determines the delay between when the controller
After changes, restart the service:
systemctl restart bluetooth.service
Enable gdm with:
systemctl enable --now gdm.service
I prefer auto-login on some of my devices (no on laptop, yes on desktop). Add
the two lines or apply the below diff to /etc/gdm/custom.conf using patch
if you would like your user to allow GDM to automatically login (don’t forget
to replace $USER with your user name):
--- custom.conf.orig 2023-07-31 19:08:35.307832755 +0300
+++ custom.conf 2023-07-31 19:08:25.741219958 +0300
@@ -1,6 +1,8 @@
# GDM configuration storage
[daemon]
+AutomaticLogin=$USER
+AutomaticLoginEnable=True
# Uncomment the line below to force the login screen to use Xorg
#WaylandEnable=false
Reboot for the above to take effect.
The ollama service makes it possible to easily run AI models locally using
llama-cpp. Just like docker, this runs as a service and you use the ollama
command line utility to interact with it.
systemctl enable --now ollama.service
Remember to install ollama-cuda or ollama-rocm if you are using NVIDIA or
AMD devices respectively (see earlier chapter about that).
After the service is enabled and running, you can run a model as follows (we’re
using the deepcoder model here as an example):
ollama run deepcoder
This will download the model and start an interactive prompt.
First make sure containerd (a dependency for docker) does not load plugins
which are not relevant for this setup (these plugins cause loading errors in a
default setup like we’re building - this does not break, but it does cause a
lot of regular error messages in journalctl):
mkdir -p /etc/containerd
cat <<EOF > "/etc/containerd/config.toml"
version = 3
disabled_plugins = ["io.containerd.snapshotter.v1.blockfile", "io.containerd.snapshotter.v1.btrfs", "io.containerd.snapshotter.v1.devmapper", "io.containerd.snapshotter.v1.erofs", "io.containerd.snapshotter.v1.zfs", "io.containerd.differ.v1.erofs", "io.containerd.tracing.processor.v1.otlp", "io.containerd.internal.v1.tracing", "io.containerd.grpc.v1.cri"]
EOF
Now we configure Docker to use a specific IP range for the default network (the
bip setting) and a bunch of range-reservations for custom created networks
(the default-address-pools setting). Additionally, we use libvirtd’s
dnsmasq instance to resolve DNS (see next section):
mkdir -p /etc/docker
cat <<EOF > "/etc/docker/daemon.json"
{
"bip":"10.10.12.1/24",
"dns" : [ "10.10.12.1" ],
"default-address-pools": [
{ "base": "10.10.13.0/24", "size": 24 },
{ "base": "10.10.14.0/24", "size": 24 },
{ "base": "10.10.15.0/24", "size": 24 },
{ "base": "10.10.16.0/24", "size": 24 },
{ "base": "10.10.17.0/24", "size": 24 },
{ "base": "10.10.18.0/24", "size": 24 },
{ "base": "10.10.19.0/24", "size": 24 }
]
}
EOF
Enable docker with:
systemctl enable --now docker.service
I use docker without any further adjustments.
Enable libvirtd with:
systemctl enable --now libvirtd.service virtnetworkd.socket virtnetworkd-ro.socket virtnetworkd-admin.socket
The extra virtnetworkd socket enables are because I noticed that only
enabling libvirtd.service does not enable those, and they are needed when
you interact with network settings, like when doing virsh net-info default.
Now add your user to the libvirt group, so it can interact with the service:
sudo usermod -aG libvirt "$USER"
Note that Arch Linux defaults to consider anybody in the wheel group as a
libvirtd administrator, so add yourself to that too if you aren’t already.
Then you should add libvirt_guest to the hosts: line in /etc/nsswitch.conf
so you can always resolve the names of guests. It should usually appear just
before dns. For example, here is mine:
hosts: mymachines resolve [!UNAVAIL=return] files myhostname libvirt_guest dns
Furthermore, I configure the virt0 interface of the default NAT-enabled
network to have a specific IP address (10.10.11.1) and range (note: needs to
be run after starting/restarting libvirtd, and after configuring Docker; if
you look closely, you’ll notice that this network configuration makes sure
that the dnsmasq service generated and spawned by libvirtd additionally
binds to the docker0 network interface, which is an added convenience that
enables Docker containers in the default network to use this dnsmasq instance
to resolve DNS, as opposed to having to manage a separate/manual dnsmasq
instance for Docker):
export UUID=$(uuidgen)
cat <<EOF > "/tmp/net-default.xml"
<network xmlns:dnsmasq="http://libvirt.org/schemas/network/dnsmasq/1.0">
<name>default</name>
<uuid>$UUID</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virt0' stp='off' delay='0'/>
<ip address='10.10.11.1' netmask='255.255.255.0'>
<dhcp>
<range start='10.10.11.2' end='10.10.11.254'/>
</dhcp>
</ip>
<dnsmasq:options>
<dnsmasq:option value="interface=docker0"/>
</dnsmasq:options>
</network>
EOF
virsh net-destroy default
virsh net-undefine default
virsh net-define /tmp/net-default.xml
virsh net-autostart default
virsh net-start default
rm -qf /tmp/net-default.xml
I did run into an issue connecting with older VPN environments related to OpenSSL 3.x disabling various legacy encapsulation and connection modes by default. The error you would see in such a case is:
Jul 31 20:26:38 FRAME openvpn[58956]: OpenSSL: error:11800071:PKCS12 routines::mac verify failure
Jul 31 20:26:38 FRAME openvpn[58956]: OpenSSL: error:0308010C:digital envelope routines::unsupported
Jul 31 20:26:38 FRAME openvpn[58956]: Decoding PKCS12 failed. Probably wrong password or unsupported/legacy encryption
Furthermore, when you are behind corporate proxies, you might also have
difficulties passing through the corporate proxy without the settings
UnsafeLegacyRenegotiation and UnsafeLegacyServerConnect (which were allowed
by default on OpenSSL 1.x).
To work-around these issues, I place a custom /etc/ssl/openssl.cnf:
cp -n "/etc/ssl/openssl.cnf" "/etc/ssl/openssl.cnf.orig"
cat <<EOF > "/etc/ssl/openssl.cnf"
HOME = .
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
ssl_conf = ssl_sect
[provider_sect]
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
[ssl_sect]
system_default = system_default_sect
[system_default_sect]
Options = UnsafeLegacyRenegotiation,UnsafeLegacyServerConnect
EOF
Note that I would only do the above if you need to interact with some old legacy VPN stuff, or if you’re behind moron-grade SSL-terminating proxies.
Enable nfsv4 with:
systemctl enable --now nfsv4-server.service
Quick note: the above start may fail if you updated the linux package but did
not reboot yet, you’ll see an error about a dependency failure.
I use NFS only on internal interfaces, specifically the virt0 interface of
the default network (remember that ip address 10.10.11.1?). This allows me
to work with shared storage on other operating systems that I fool around with
on Qemu/KVM (Note that you have much better options for modern Linux systems -
there you can use enable shared memory and a virtiofs device to essentially
loop-mount a memory block device which is a directory on the host).
Since we’re only doing NFSv4, and we’re not interested in user/group ID mapping, let’s stop and mask a couple of RPC services first:
systemctl stop rpcbind.service
systemctl mask rpcbind.service
systemctl stop nfs-blkmap
systemctl mask nfs-blkmap
systemctl stop nfs-idmapd
systemctl mask nfs-idmapd
systemctl stop nfs-mountd
systemctl mask nfs-mountd
To make NFSv4 only listen on a specific interface, and to disable version 3 of
the protocol explicitly, we patch /etc/nfs.conf (use patch or add the
host=, vers3= and vers4= elements by hand under [nfsd]:
--- nfs.conf.orig 2023-07-31 21:16:20.438028044 +0300
+++ nfs.conf 2023-08-03 09:01:05.586457300 +0300
@@ -67,13 +67,14 @@
# debug=0
# threads=8
-# host=
+host=10.10.11.1
# port=0
# grace-time=90
# lease-time=90
# udp=n
# tcp=y
-# vers3=y
-# vers4=y
+vers3=n
+vers4=y
# vers4.0=y
# vers4.1=y
# vers4.2=y
Create an exports for /home:
cp -n "/etc/exports.d/home.exports" "/etc/exports.d/home.exports.orig"
cat <<EOF > "/etc/exports.d/home.exports"
/home 10.10.11.0/24(rw,sync,crossmnt,no_subtree_check)
EOF
After the above changes, restart the service:
systemctl restart nfsv4-server.service
Enable smbd and nmbd with:
systemctl enable --now nmb.service smb.service
I use Samba for the same reasons as I use NFS, that is to have shared storage
on various older virtual machines (like Windows NT 4.0). Let’s create an
smb.conf file:
cat <<EOF > "/etc/samba/smb.conf"
[global]
workgroup = WORKGROUP
netbios name = $(hostname | tr 'a-z' 'A-Z' | cut -d. -f1)
server string =
server role = standalone server
server min protocol = NT1
ntlm auth = yes
lanman auth = yes
hosts allow = 10.10.11.
log file = /var/log/samba/log.smbd
max log size = 100
interfaces = 10.10.11.1/24
bind interfaces only = yes
dns proxy = yes
wins proxy = yes
wins support = yes
local master = yes
domain master = yes
preferred master = yes
os level = 33
[homes]
comment = Home Directories
acl allow execute always = True
browsable = yes
writable = yes
valid users = %U
create mask = 0644
directory mask = 0755
EOF
Finally, we are going to adjust the systemd unit files for smb and nmb
So they wait for the necessary network interface(s) to come up:
systemctl edit smb
systemctl edit nmb
You’ll be presented with a file with some comment lines above and below. Add the below verbatim:
[Unit]
After=
After=libvirtd.service
[Service]
ExecStartPre=timeout 10s bash -c 'until ping -c1 10.10.11.1 &> /dev/null; do sleep 1; done'
Note the ExecStartPre line; this bash one-liner makes the service wait for
the necessary network interfaces to be up. This is necessary because we have
configured our smb.conf to listen on a specific subnet (10.10.11.0/24 in
our case). If the interface serving that network is not up, smb and nmb
can’t bind to it and fail to start.
Also note that you can add multiple ExecStartPre lines, one for each network
interface you wish to wait for to become available.
After creating or changing smb.conf, restart the services:
systemctl restart nmb.service smb.service
Enable tlp with:
systemctl enable --now tlp.service
TLP is used to manage power-saving modes of various hardware. It is usually configured to enable power-saving when not connected to AC, and to disable it when connected to AC. It does that for all kinds of things, like Wi-Fi, USB, PCIe, Bluetooth, the CPU scheduler, etc.
I’ve made a custom TLP configuration for my Framework Laptop 13 which you can install as follows:
cat <<EOF > "/etc/tlp.d/01-custom.conf"
CPU_SCALING_GOVERNOR_ON_AC=powersave
CPU_SCALING_GOVERNOR_ON_BAT=powersave
CPU_BOOST_ON_AC=0
CPU_BOOST_ON_BAT=0
PCIE_ASPM_ON_BAT=powersupersave
PLATFORM_PROFILE_ON_AC=balanced
PLATFORM_PROFILE_ON_BAT=low-power
USB_ALLOWLIST=32ac:0002
USB_EXCLUDE_BTUSB=1
USB_EXCLUDE_PRINTER=0
WIFI_PWR_ON_AC=off
WIFI_PWR_ON_BAT=off
WOL_DISABLE=N
EOF
After the above, you need to restart the service:
systemctl restart tlp.service
Enable cups with:
systemctl enable --now cups.socket
I also don’t want cups via cups-browsed to be able to auto-add printers, so I
patch /etc/cups/cups-browsed.conf as follows:
--- cups-browsed.conf.default 2023-08-29 09:57:47.157250003 +0200
+++ cups-browsed.conf 2023-08-29 09:58:45.054108764 +0200
@@ -53,7 +53,7 @@
# BrowseLocalProtocols.
# Can use DNSSD and/or CUPS and/or LDAP, or 'none' for neither.
-# BrowseProtocols none
+BrowseProtocols none
# Only browse remote printers (via DNS-SD or CUPS browsing) from
I use cdemu and related vhba kernel module to emulate optical drives for
use with emulation stuff. If you’d like to run CDemu, make sure the required
modules are loaded at boot:
# Load modules at boot.
cat <<EOF > "/etc/modules-load.d/cdemu.conf"
sg
sr_mod
vhba
EOF
# Do it now too.
modprobe -a sg sr_mod vhba
I use the following user-level services (do as logged in user):
for u in syncthing.service wireplumber.service pipewire.socket pipewire-pulse.socket; do systemctl enable --now --user $u; done
All the hip young things are running yay these days, but I like to do it the
bare-hands way. That way I have more feeling with what’s going on with AUR
packages.
First, let’s create a custom repository source for pacman. Note that I sign
my packages using my GnuPG key, so the following assumes that. If you don’t
want to sign your own packages, you need to change the SigLevel setting in
/etc/pacman.conf for your custom repository and you need to tell makepkg
not to sign your built package.
Also note that my package build root location is specific to my needs; feel free to change it to anything you like.
# Set package build root location.
export PKG_ROOT="$HOME/Packaging/Arch"
# Create a directory structure for Arch packaging.
mkdir -p "$PKG_ROOT"
cd "$PKG_ROOT"
install -d Build Repository 'Source Packages' Sources -o $USER
# Create a repository database.
cd "$PKG_ROOT/Repository"
repo-add -s custom.db.tar.gz
# Add entry to /etc/pacman.conf.
cat <<EOF >> "/etc/pacman.conf"
[custom]
SigLevel = Required DatabaseRequired TrustedOnly
Server = file://$PKG_ROOT/Repository
EOF
# Add your public key to pacman keychain and set trust (assuming key matches $USER).
gpg --export --armor $USER > your.key
pacman-key --add your.key
pacman-key --lsign-key $USER
rm -qf your.key
# Run update for db and files, you should see custom being referenced.
pacman -Syu
pacman -Fy
# Unset variables.
unset PKG_ROOT
Now we configure makepkg defaults. Make sure you configure the PKG_ROOT,
GPG_PUBKEY and PACKAGER environment variables to your specific likings:
# Set package build root location, gpgpubkey-id and packager string.
export PKG_ROOT="$HOME/Packaging/Arch"
export GPG_PUBKEY='14B189C4E877C9CAEA7F99C7ED3BDDB83BDD2604'
export PACKAGER='Rubin Simons <me@rubin55.org>'
cat <<EOF > "$HOME/.makepkg.conf"
# ~/.makepkg.conf.
MAKEFLAGS="-j$(nproc)"
BUILDENV=(!distcc color !ccache check sign)
BUILDDIR="$PKG_ROOT/Build"
PKGDEST="$PKG_ROOT/Repository"
SRCDEST="$PKG_ROOT/Sources"
SRCPKGDEST="$PKG_ROOT/Source Packages"
GPGKEY="$GPG_PUBKEY"
PACKAGER="$PACKAGER"
EOF
# Unset variables.
unset PKG_ROOT GPG_PUBKEY PACKAGER
Here are a few example interactions with package fetching, building, repository updating and package removal to get you started:
# Set package build root location.
export PKG_ROOT="$HOME/Packaging/Arch"
# Get an AUR package.
cd "$PKG_ROOT/Build"
git clone https://aur.archlinux.org/aurutils.git
# Build an AUR package.
cd aurutils
makepkg -cCs
ls ../../Repository/aurutils*
# Show information about a built package.
cd "$PKG_ROOT/Repository"
pacman -Qpi aurutils-*-any.pkg.tar.zst
# Build a source package.
cd aurutils
makepkg -cCsS
ls ../../Source\ Packages
# Update local repository (adds new packages, removes older ones).
cd "$PKG_ROOT/Repository"
repo-add -s -n -R custom.db.tar.gz *.zst
# Remove a specific AUR package from local repository
cd "$PKG_ROOT/Repository"
repo-remove -s custom.db.tar.gz aurutils
So now to fill that $PKG_ROOT/Build directory with packages from AUR so we
can build some stuff and put it in our own repository:
# Set package build root location.
export PKG_ROOT="$HOME/Packaging"
# Git clone them all.
cd "$PKG_ROOT/Build"
export GITREPOS="adwaita-qt-git aic94xx-firmware akku alsacap alsa-hdspeconf amitools android-studio ares-emu aseprite asm-lsp ast-firmware astrojs-language-server astrojs-ts-plugin audacious-gtk3 audacious-plugins-gtk3 aurutils azahar-git battop-bin blastem-hg bluez-hcitool bottles brscan4 bundletool cartridges-git cdesktopenv-git chez-scheme claude-code clojure-lsp-bin cmake-format cmake-language-server codechecker conan cpp-jwt crush cubeb davinci-resolve debtap dev-proxy-bin diagnostic-languageserver displaylink djmount dockerfile-language-server dolphin-emu-git dosbox-x-git dotool drawio-desktop-bin dumpasn1 earthly eclipse-platform elixir-ls erlang_ls evcxr_jupyter evdi-dkms-git exercism figma-linux-bin flow-bin flutterup flycast-git fmt9 fsautocomplete-bin ghcup-hs-bin github-copilot github-desktop gnome-shell-extension-auto-accent-color gnome-shell-extension-dash-to-dock-git gnome-shell-extension-stealmyfocus-git gnome-shell-extension-tiling-shell-git godot-mono-git google-cloud-cli google-earth-pro groovy-language-server-git gtk2 helm-ls ibmcloud-cli icaclient icoextract imhex infer-bin jdk25-openj9-bin jdtls kotlin-lsp-bin kubelogin lagrange leanux lemminx lib32-gperftools lib32-gtk2 lib32-intel-gmmlib lib32-intel-media-driver lib32-libpng12 libbacktrace-git libchdr-git libpng12 librashader libretro-beetle-cygne-git libretro-beetle-lynx-git libretro-beetle-ngp-git libretro-beetle-pcfx-git libretro-beetle-saturn-git libretro-bluemsx-git libretro-dosbox-pure-git libretro-lrps2-git libretro-swanstation-git libretro-uae-git libspng-git libwireplumber-4.0-compat license-wtfpl logisim-evolution-bin m64py marksman-git marsdev-git mednaffe mei-amt-check-git metals mistral-vibe mkinitcpio-firmware mksh mongodb-bin mongosh-bin moonlight-qt-git ms-sys nand2tetris nbdkit ncurses5-compat-libs neo4j-community neovim-symlinks nestopia netcoredbg networkmanager-iwd nvidia-patch-git ocenaudio-bin omnisharp-roslyn-bin openmsx openshift-client-bin openshift-developer-bin openshift-pipelines-bin openvpn-update-systemd-resolved pandoc-bin papirus-folders passmark-performancetest-bin patool pcsx2-git pcsx-redux-git pegasus-frontend-git perlnavigator plutosvg plutovg postman-bin powercap powershell-bin powershell-editor-services pragmatapro-fonts prek prettier-plugin-xml protonplus protontricks-git ps3-disc-dumper-bin pupdate-bin pvsneslib-git pwvucontrol python-agent-client-protocol python-asgi-lifespan python-async-timeout python-backoff python-dataclasses-json python-eval-type-backport python-fvs python-httpx-sse python-m3u8 python-machine68k python-mcp python-mistralai python-opencensus python-opentelemetry python-opentype-feature-freezer python-orjson-git python-pathvalidate python-pluginbase python-pyqtdarktheme-fork python-pysdl2 python-python-ffmpeg python-setuptools-reproducible python-sse-starlette python-steamgriddb python-tree-sitter python-tree-sitter-bash python-uuid7 python-uv-dynamic-versioning qt5-gamepad qt5-webchannel qt5-webengine qt5-websockets rabtap rapidyaml rcu-bin regionset rpcs3-git rtcqs ruby-backport ruby-e2mmap ruby-jaro_winkler ruby-jekyll-include-cache ruby-jekyll-redirect-from ruby-jekyll-sitemap ruby-just-the-docs ruby-reverse_markdown ruby-solargraph ruby-yard-activesupport-concern ruby-yard-solargraph rusty-psn-bin ryujinx sameboy sbom-tool-bin scala-dotty scheme-langserver-bin sedutil shellcheck-bin sigtop-git skyscraper-git snd-hdspe-dkms-git soapui softhsm-git stc-syncthing-git sunshine-git svelte-language-server-git swift-bin systemd-suspend-modules tidal-dl-ng tla-toolbox tonearm townsemu-git ttf-b612 ungoogled-chromium-bin upd72020x-fw usbtop uxplay v4l-utils-git vacuum vala-language-server vasm visual-studio-code-bin vita3k-git vkbasalt-cli vlink vmware-keymaps vmware-workstation vtsls vulkan-memory-allocator wd719x-firmware winetricks-git witr xcursor-dmz xdg-terminal-exec-git xpadneo-dkms yaml-language-server-git y-cruncher zeal-git"
for p in $GITREPOS; do git clone https://aur.archlinux.org/$p.git; done
# And my own version of openshift-codeready-bin/crc.
git clone https://github.com/rubin55/openshift-codeready-bin.git
# Build all (I wouldn't do this, I would initially enter one-by-one and do
# git log ; makepkg -cCs manually). Will result in packages under $PKG_ROOT/Repository.
cd "$PKG_ROOT/Build"
for p in *; do cd $p; makepkg -cCs; if [[ $? -ne 0 && $? -ne 13 ]]; then echo "$p did not go well, please fix..."; break; fi; cd - > /dev/null; done
# Update custom repository.
cd "$PKG_ROOT/Repository"
repo-add -s -n -R custom.db.tar.gz *.zst
# Update pacman databases.
pacman -Syu
# List all packages pacman sees in custom repository.
pacman -Sl custom
# Install all not-installed packages from custom repository.
pacman -S --needed $(pacman -Sl custom | grep -v installed | awk '{print $2}')
I maintain these packages (all on AUR, except for openshift-codeready-bin):
These are a few open source softwares I want to create AUR packages for:
And I also want to create AUR packages for these commercial packages:
And these development kits / toolchains:
After you’ve done (most of) the above, a reboot is in order; the system should
come up cleanly, without errors or stalls.
I’ve been using this setup for the last two years and it has been consistently
great. I get good battery life, The fan almost never comes on, sleep and resume
work reliably, bluetooth works with mouse, gamepad and headphones. I’ve bought a
1TB USB SSD for one of the slots on which I installed Arch Linux; I then use the
internal NVME for /home.
Let me begin by describing the experience:
I’m streaming 4K at 60fps. I use this for remote desktop work and for gaming. I observed the above experience starting about two years ago, but I didn’t mind too much because I was still using a MacBook, and a Surface Pro X at the time.
These days I’m fully on Linux, on both my desktops at work and home and on my laptop, so the issue became unavoidable. Things I’ve tried and observed:
Initially I thought that it had to do with Wi-Fi hardware - I tested with cards from Intel, MediaTek, RealTek, even an old Atheros. No dice, stutter galore.
Any ethernet card, even an 100mbit one, would work flawlessly.
I tried different Linux distributions: Pop!_OS, Gentoo, Fedora, Arch Linux. No matter, more or less identically configured, all the same behaviour.
In dmesg you would see a message indicating that either you the client or
the AP disconnected, and you’d see a reconnection attempt. This aligned with
when the stuttering was experienced.
It turns out that NetworkManager (re)scans for APs. I’m not sure if it does that only for APs serving the same SSID as the network you’re on, or more generally to see if there are other networks available which it might want to connect to, but I suspect only the former.
In any case, to do that, it needs to drop the connection for a short while, scan and “quickly” reconnect. In practice this can take more than a second. When you are streaming 60fps video and audio, that is extremely noticable. On top of that NetworkManager does this every 20 or 40 seconds or so.
A “workaround” that floats around on the internets is to specify the BSSID field
in the wireless configuration profile within NetworkManager. In my experience
this does not actually work well. If I’d need to quantify it, instead of
experiencing interrupts every minute, it became every 3 or 4 minutes. As I
understand it, NetworkManager parameterizes wpa_supplicant in a way that is
essentially not configurable. and instructs it to disconnect, rescan and then
reconnect.
Even though I like the convenience of the GUI that NetworkManager enables, Its shortcomings with regards to stability and performance of the wireless network connection are too extreme for my use-case.
Since I’m currently on Arch Linux, which uses systemd, I opted to forego any
graphical Networking setup and use systemd-networkd as a replacement for
NetworkManager and iwd as a replacement for wpa_supplicant.
I’ve been using this setup for about a week now, and since then I have zero network connection interruption issues and can stream 4K at 60fps without issue.
iwd(systemd-networkd is a part of the systemd package).
# pacman -S iwd
wpa_supplicant# systemctl disable --now NetworkManager
# systemctl disable --now wpa_supplicant
systemd-networkd configuration for device wlan0(your device might be named differently).
# mkdir -p /etc/systemd/network
# cat <<EOF > "/etc/systemd/network/10-wireless.network"
[Match]
Name=wlan0
[Network]
DHCP=yes
IgnoreCarrierLoss=10s
EOF
iwd configuration# mkdir -p /etc/iwd
# cat <<EOF > "/etc/iwd/main.conf"
[General]
RoamThreshold=-75
RoamThreshold5G=-80
[Network]
EnableIPv6=false
NameResolvingService=systemd
[Scan]
DisablePeriodicScan=true
EOF
systemd-networkd and iwd# systemctl enable --now systemd-networkd
# systemctl enable --now iwd
(using device wlan0 - yours might be named differently).
# iwctl
[iwd]# station wlan0 scan
[iwd]# station wlan0 connect MY_NETWORK
# (fill in passphrase)
<ctrl-D>
In a previous post I reflected on what 2023 was like for us. 2023 has been a year with ups and downs (as many of them are). For 2024 I have a few hopes, plans, and ideas that I would like to write down, hence this post today.
To clarify, these things haven’t happened yet, but the idea is to explore, and if a positive outcome is anticipated, to make them happen.
Last year I started exercising with my good friend Peter in earnest. It’s been only three months, but I do notice a great improvement in my mood, focus, and general fitness + strength.
The idea is to keep that up this year and increase the intensity a little bit.
In May 2020 I joined a great software engineering team, working on a new messaging and notification platform. Around mid-2021 I became the lead engineer.
The work was a mix of software engineering and DevOps tasks, but due to the nature of the target environment, and the skill-mix of the team, the DevOps part started to dominate (I would say 25/75 in favor of DevOps work).
Now, there’s nothing wrong with DevOps work, but the way DevOps was meant to be (not a role but a way of doing things together in a team) versus what it is in practice (“Who’s the DevOps Engineer? Can you fix this Kubernetes issue?”) is just a sad state of affairs. Before you can say “repeat after me, DevOps is not a role”, you’re neck-deep into infrastructure and operational issues that take away from the software engineering part of the job.
I guess I do enjoy both aspects, i.e., the infrastructural part (performance and how you use hardware resources, make CI/CD really work nice, predictable, and fast, troubleshooting), and the software creation part (writing code, figuring out an elegant model to implement things, performance and consistency, etc), but when you’re dealing with an unstable target environment, DevOps will quickly become the majority of your work, at the expense of writing actual code (meaning: actual code for your product, implementing features, fixing bugs).
The software and infrastructure we created went live last November, and we’re now in the process of transfering to a new operations team who will be maintaining the product. This will last until about May of this year.
For my new role I will definitely look for something that brings software engineering more to the forefront, preferably in a language I get excited about (i.e., Scala, Elixir, Rust), although I do enjoy the more mainstream languages too (Java, C#, Python).
So mid-2024: new software engineering role, don’t care about lead, don’t know where yet!
Since August last year, I’ve been planning a rather huge sailing trip, together with my father-in-law, my best friend Freek and his girlfriend Jitske. This year around June/July, we’re going to sail from my home-town (Scheveningen in The Netherlands) all the way to Norway.
It will be a three-week adventure approximately, with 6 crew in total (counting ourselves and the two owners of the vessel). The whole project started as a birthday present for my father-in-law due to our many conversations about life at sea but it has become a bit more than that, maybe an exploration too of a different kind of life, what things could be.. So:
I currently have a moderately succesful software engineering company and I do software engineering projects together with my colleagues for various clients.
In a previous post I shared a bit about how I feel like I lost my enthousiasm for what I’m doing, feeling out of touch, without a real sense of purpose. Definitely not unhappy, but maybe critical of where I am and where I (think I) want to be.
In my life up til now I’ve had various companies, amongst which a record company called Grond which released records around 1999-2004 and 2014-2016, an alternative computer-hardware store called VT100, and my current software engineering company called RAAF.
Next to (hopefully) being profitable, these companies where also the culmination of ideas, executed enthousiastically; challenges met and mostly overcome; they were the background to life, a platform for experiencing things, meeting people and making friends.
My father-in-law was a captain on really large ships. When I am visiting in Bulgaria, we always talk about ships, about sailing, about teaching and certifications that are required on various types of vessels, about tourism.
This last christmas, we also played with an idea: “what if we would have a serious sailing vessel, how could we build a modest company for tourism, training and (small-scale) import/export around that?”
So this year I am doing that: Figuring out what kind of investment would be required and what the inflow + outflow of money would look like in such a company, the required aspects of it regarding certificates, maintenance, harboring, etc.
My mother’s side of the family is partly Belgian. They organise an annual family get-together which is always a happy affair that we enjoy going to.
At the last get-together, I offered to organise this years’ get-together. This will be around September of this year. I am planning to arrange a really nice eating-together at a great place that’s run by my best friend Freek’s girlfriend, Jitske. Nothing certain yet, because it’s still a while away, but that’s the plan.
I think the overall idea for this year is: stay healthy, get stronger, and explore a few avenues. Do great things with family and try to make it so that everyone is a little bit better off at the end of the year. I hope we won’t have more instability in the world at large (although I can’t really control that anyway) and in general, a bit less cynical takes.
I think many of the above subjects will receive their own blog-posts, so stay tuned (yeesh).
]]>I figured I’d write a post about this last year, maybe to crystalize thoughts I’ve been having, and to help figure some things out for the times ahead.
It’s a bit more personal than my previous writing, but I guess no less useful to share. I’ve added a table of contents to try and keep it organized:
2023 has been an eventful year for me. I effected a bunch of positive changes, but also, bad and sad things happened. I’ll go over them in a roughly chronological order.
When I was young (between around age 14 and 17 or so) I had braces. It fixed a few stubborn teeth at the time, nothing dramatic, but over the years since, they slowly reverted to their previous somewhat crooked stance.
I went to the orthodontist and started a program with Invisalign braces that I still have today. I think I will be “done” just before summer ‘24.
The results are pretty dramatic and I’m very happy so far. Just one tooth still has to come down a little and then everything is straight again.
I’m also happy that my adventures with braces this year inspired a colleague (or maybe two) at work to do the same! Yay for great dental health.
The year began with a big change on the financial front: I paid off my mortgage and my house is now mortgage-free.
I’ve been working towards this conciously for the last nine years. The idea was to minimize monthly expenses and simultaneously corner an important aspect of future security (to own a house). The effect on monthly expenses is as you’d expect: I can (much) more easily save money now, vacations are much less of a financial problem.
Before I got here (i.e., to own a house and be mortgage-free), I thought that it would impact me much more positively and I was fantasizing about how much this would help me to feel less worried about the future. I must admit though, that this effect is much less so. I’m certain that on a non-psychological level, I am much safer financially than I was before, but I don’t really feel it as much as I hoped I would..
I guess I was hoping for a relief of sorts. Don’t get me wrong, I’m super happy I achieved this, but it didn’t make me feel more secure (yet?). It might even have made me feel a bit lost, a sense of lost purpose? (more on that later).
This year we’ve made the concious choice to have vacation more often. We’ve had quite a period where we had only the minimum of vacations, focusing on work, and the regular chores and joys of raising our daughter, Eline.
Early in the year we went on wintersports, to a small place close to Innsbruck, close to the Italian border. We ski’ed! I hadn’t done so since I was about 6 so it was a lot of snow-balling downhill, but I eventually got the nack of it.
In the spring we went to both the north of Italy, at lake Como and to the eastern side of Sicily. I really loved this vacation. Lake Como was beautiful and where we were staying, it was not really busy yet. Make no mistake, the area is super touristic, but end-of-april, you’re fine.
Sicily was really super great. For me end-of-april is the best time to visit, because it’s not crazy-hot yet but nice (think 22 to 25 degrees celsius). For most tourists and other Italians, this is still cold, so the beaches are empty which I particulary appreciated. I really felt we experienced a personal Sicily.
For the summer we went to Bulgaria, where Marina, my partner comes from. We do this most years, visiting Marina’s parents. It’s great for Eline, but it was a bit of a uneventful vacation for us (which is not bad from time to time).
This year I started blogging. I didn’t write as much as I would’ve liked, but you’re reading it, I have it hosted on GitHub pages, and am using Jekyll.
I appreciate how blogging helps you reflect on things, or share things with the world. I shared my previous articles on Hacker News and really enjoyed the various opinions, good and bad, on stuff I wrote.
In September of this year I started exercising with my great friend Peter. We go to the gym two times a week to execute a regimen of horror for about 2.5 hours.
It’s now about three months on and I do feel much better, more awake. Physically it is also making more and more of a difference. The plan is to just keep at it and so far so good. It has definitely helped with feeling more positive, although I keep struggling with a sense of lost purpose (more on that later).
This year also had its share of death.
Around this summer, Mac, the partner of my mother got news that he had metastasized cancer all over the place. It was very aggressive and unexpected. Mac was 73 years old when he died last November. He opted for euthanasia.
In the last week of his life, I was there most every day. We talked about life and death. I also was there when he chose to die. I admired his bravery and resolution - he drank the cup (made a joke about Socrates) and peacefully went to the eternal hunting grounds in less than 90 seconds. He’ll be missed dearly by us. Eline was very fond of him and it was her first death that was closer to home (her great-grandfather in bulgaria died in 2022).
As I write this, Marina’s best friend is fighting a losing battle against cancer too. It is heavily advanced. She’s been fighting this demon for five years. The last 18 months have been “given” by a relatively new drug called Trodelvy - she would have been gone 18 months ago if it weren’t for this drug.
It’s a matter of hours, days at best for her now.. Just some bad luck with a specific gene that doesn’t matter from an evolutionary standpoint.. Live is really horrible and unfair sometimes.
This year a big project I’ve been working on went live. It’s the backend for a large-scale notification system that me and my team have been working on for the last three years.
I’m currently working to transition the software development and operations to a new team that will be maintaining it, which will be concluded by april of next year.
It’s a strange mix of feelings. The team I’ve been a part of the last three years is definitely one of the most balanced and positive ones I’ve had the privilege to be a part of, and I’m going to miss that. At the same time I’m happy the software is working, live, and to have a sense of conclusion there.
This article intended to give an overview of just a life (mine) in 2023, I’m not yet sure how others would experience it (negatively or positively or both) but it did feel good to write down.
Wit regards to a lost sense of purpose: I feel a bit as if I’m “flying” over all these events, as an observer. Important things happened. Bad ones, happy ones, necessary ones.. There’s a feeling of unavoidability.
I’ve been thinking a lot about the “why” of things, also about motivation, about what should be next. And I find myself unable to answer with determination - I lost a sense of purpose, a goal and I’m not sure how to (re)find it.
I wouldn’t write this down if it was just a momentary thing - it has been in the undercurrents of my thoughts for the better part of this last year..
I think “ungrounded” captures it best. I go through the motions, am happy even, but at the same time I feel detached. It’s hard to put into writing.
I suspect I will be tackling with this next year too, although I hope to find some constructive way of getting to a place where I am either at peace with where I am now or re-find my purpose.
My next blog post will be about my ideas and resolutions for 2024, which I hope to write next week somewhere.
]]>First things first. This is my first post to my newish personal website, which I’m hosting on GitHub Pages. It has all kinds of bells and whistles like LetsEncrypt for SSL/TLS, pagination, and is fully statically generated thanks to Jekyll. Big shout-out to Michael Rose for a really nice template I’m using called Minimal Mistakes! Thanks a bunch.
I used to have a personal website back in the day to share ideas and thoughts, and I figured I should pick that up again.. so here we are..
Anyways, I’ve been on a quest for a new personal computing device for a while now. I use a beefy desktop at home and at my office, but when I’m out and about I usually have a laptop with me to hack around on.
Historically I’ve used ThinkPads (T43, X220, X230, W520, T14s), Macs (PowerBook G4, Apple Cube, G5, MacBook Pro 13 2017), and even a few Surface devices (Surface Pro 4, Surface Pro X).
I’m really not happy about the slow deterioration of build quality in ThinkPads. It’s been a slow ride downwards essentially since Lenovo took over the ThinkPad line from IBM back in 2005ish.
Fast forward to today and it’s a plasticky, flimsy shadow of its former self. Next to that, configurations as stated in PSREF are not available in all regions and you have to jump through hoops to get a configuration you like/need.
My most recent ThinkPad, a T14s AMD gen3 is great feature-wise: It has 32GiB of RAM, a fast processor, 2TiB of storage and a 4K screen. But the build quality is horrible - it squeeks when you lift it from the edges, the screen has at least 5 dead pixels (within the year!) and the sound quality (which, admittedly, has historically been bad with ThinkPads) is below average.
I’ve had a couple of Macs and the experience has mostly been great. Up till about a little more than a year ago, I used a MacBook Pro 13 2017 and I was really happy with it. It was becoming a bit slow though.
I absolutely adore Apple build quality. It’s really another dimension compared to other manufacturers. Next to that, recent developments with regards to the introduction of the M1 and M2 processors are astoundingly great too. My only gripe with Apple is the slowly-but-surely dumbing-down of macOS, the in-my-opinion-uneccessary removal of 32-bit support (which Mojave still had) and a general feeling of uneasiness I have with the App Store being pushed more and more as the only “safe” way of installing software (in general, a feeling of being vendor-locked in).
I have been following Asahi Linux with much interest. I’m amazed how far the project has come in such a short time! I don’t think it is fully ready yet for daily-driving, but as soon as it is, I would definitely hop aboard.
I really love the 2-in-1 setup of the Surface Pro product line. I read a lot, usually digitally, and the fact that you can use one device as a tablet and as a computer is really nice.
Last year I’ve been using a Surface Pro X and it really is a cool little device. Most applications nowadays have Windows-on-ARM native binaries, like JetBrains, Python, Java, Node.js, etc, so, while not super-fast, it has been fast enough. At night I use it to read books, comics and magazines.
The problem with Microsoft is not so much build quality as a whole, but component quality. The build quality of Microsoft Surface devices is really nice, no argument there. But they can’t stand the test of time. After about 18 months issues start to appear, which turn out to be really common. I had the following issues on both my Surface devices:
The first issue is arguably understandable. Issues two and three are really design and quality control issues. It is totally unacceptable for a tablet device to develop screen pressure damage from simply holding the device. And before you go and think this must be me, go do a search and see how many people are suffering from this issue.
I’ve had three (3!) type covers in 2 years time, both broke in the same way (the fold corner contains wires that go to the magnetic connector, which break eventually due to wear-and-tear).
Ever since I’ve first heard of Framework, I wanted to get one. First they didn’t sell in the Netherlands, where I’m at, and initially there were quite a few growing pains, bugs, and little issues especially when running Linux (according to brave early-adopters in the Framework forums at least). Nowadays most of these issues are fixed and for common grievances fixes and workarounds seem to be readily available.
Framework has recently opened pre-order for their 3rd generation devices and so I bit the bullet and ordered an Intel 13th gen variant with 64Gib RAM and an 8TiB NVME (ordered seperately).
Actually, as I’m typing this, I just got a message in the mail telling me they are preparing my batch!
By the way, you might be asking yourself why not the Ryzen variant? I love AMD, their Linux support is super good, especially amdgpu in the Linux kernel is very good. But since the last generation, AMD has built in support for the Microsoft Pluton platform, which I find a bit too much customer-as-adversary for my tastes. Pluton is woefully under-documented, but the best source for understanding it is a talk from Tony Chen about Xbox One security, which is the predecessor of Pluton.
So I guess the biggest reason for me to go with Framework is the openness of the platform, consequent repairability, and overal positive reviews with regards to build quality. I think this might just be the ultimate Linux device for me!
I’ll be running Arch Linux on mine. In a future post, I’ll share how the experience has been so far.
]]>