Fli
10-19-2020, 07:54 PM
What you will learn there:
- how to migrate from Windows to Linux (Arch based Manjaro (https://manjaro.org/) - but things may be partially applied on other systems too)
- have fully encrypted system and boot partition (MBR will be left readable)
- setup VPN/Wireguard/Shadowsocks + firewall killswitch
- setup RAM based intelligent compressed SWAP (zswap)
I hope my days on Windows are numbered and i am finally migrating to Linux for good. Currently i am finishing the migration and i came to the point where nearly everything is working on Linux. So i want to share whole guide.
Here are the tips and things to note before you do migration from Windows to Arch Linux like Manajaro is. I have selected Manjaro, because it is ranked among the top of user friendly, latest software, good number of packages in repos, good support community, rolling release distribution without need to reinstall system.
Windows to Manjaro migration notes:
Backups: Save settings of the popular apps - ideally all apps, space is cheap and time restoring manually is expensive: (C:\Users\user\AppData\Roaming ; C:\Users\user\AppData\Local ; Documents, Images, Downloads, Music.., Program Files folder etc.)
Set e-mail client offline and export its data to Linux supported format (.eml, mbox ?) and quit client
sync/backup all data to external drive (unless you will be installing Linux on different drive than current Windows system drive)
Copy ovpn and wg files to usb stick (if you are using VPN service)
Bootable installation disk: Use full Manjaro installation image to minimise the downtime. https://manjaro.org/download/ Make bootable USB stick using Windows software called "Ventoy" (by installing it and simply copying the .iso(s) to the drive or using software "Yumi" (i used it), some people recommend Rufus.
When ready to reinstall (having backup of the drive, or ideally install on different drive), try to boot from Manjaro USB disk. Maybe you will need to hit F12 old Fn+F12 to select boot source. Or F2, Fn+F2, Del keys to access BIOS and play with EUFI/Legacy, disable secure boot or change boot order.
When booting up live Manjaro system from USB, you can play with it and then click Install. To secure data i ticked encryption. If adventurous, one can use custom partitioning, create new partition table MBR, /boot ext2 partition with boot flag 500MB, and then remaing space for example btrfs partition with / mountpoint and "root" flag. + tick encryption on both (i have not tested this, though btrfs has some advantages over default ext4 - if i install it, i would make sure to check mount parameters -o ssd , enable defrag, noatime instead relatime, space_cache by def.) (https://www.thegeekdiary.com/how-to-tune-btrfs-filesystem-for-better-performance/). Regarding swap some people rather recommend not to create swap partition and later create swap file https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#With_suspend-to-disk_support
After finished, maybe it will not boot from drive, maybe you will need to change boot order in BIOS or such settings.
If selected encryption, then it will accept passphrase. Make sure to enable num lock and using right keymap (y/z) etc. After submitting password by Enter key, it can take a minute or so for it to do something.
Now you have booted into the newly installed Manjaro system.
Have laptop, but using external monitor? Prevent closed laptop lid to turn off external monitor:
sed -i "s|#IgnoreLid=true|IgnoreLid=true|g" /etc/UPower/UPower.conf;sed -i "s|IgnoreLid=false|IgnoreLid=true|g" /etc/UPower/UPower.conf;sudo systemctl restart upower.service
Randomize MAC on each network connection?
right click Network manager icon in tray (icon that manages net. connections), Edit connections, your connection, Ethernet, Cloned MAC address: random
In my case i setup VPN first to secure and anonymize internet activity:
1 - WIREGUARD:
Using NetworkManager (GUI) tray icon disable OpenVPN connection if active and disable it from main network interface also using NM GUI. Following single pacman command may not be needed or bad idea if wireguard is already included in kernel (modprobe wireguard;modinfo wireguard).
sudo pacman -S wireguard-tools
cd /path/to/wg_conf_and_ovpn_client_files
cp -p wg-client.conf wg0.conf
nmcli connection import type wireguard file wg0.conf
sudo wg;ip r;nmcli connection;for ip in $(curl -L http://cpanel.net/showip.shtml 2>/dev/null);do echo $ip && whois $ip|grep -i netname;done
systemctl enable [email protected];systemctl status [email protected] (if fails, list units and use correct name: systemctl ) - https://wiki.archlinux.org/index.php/WireGuard#NetworkManager
Not working? https://snapcraft.io/install/wireguard-ammp/manjaro
2 - OPENVPN:
NetworkManager has new connection import entry to import .ovpn file.
3 - SHADOWSOCKS (not recommended, outdated qt5 app, use v2ray instead which is right below):
sudo pacman -S shadowsocks-libev shadowsocks-qt5
From Manjaro menu, type shadow and run the SS gui app and add your connection configs in it. Make the app to start at boot and set one connection to autoconnect.
4 - V2Ray:
V2RAY proxy CLIENT setup on new Linux Manjaro & config files:
https://forum.manjaro.org/t/v2ray-package-how-to-actually-setup-the-proxy-client-on-manjaro-and-the-server/48312/4
in short:
pacman -S v2ray
/etc/v2ray/config.json <- https://guide.v2fly.org/en_US/basics/shadowsocks.html#client-side-configuration
systemctl enable v2ray && systemctl start v2ray
_
V2RAY SERVER setup on CentOS 6:
wget https://raw.githubusercontent.com/hijkpw/scripts/master/goV2.sh -O -|bash
Config: /etc/v2ray/config.json
Then setup the service:
wget https://raw.githubusercontent.com/slrslr/Miscellaneous-bash-scripts/master/etc_init.d_v2ray -O v2ray;sudo mv v2ray /etc/init.d/;sudo chmod +x /etc/init.d/v2ray;sudo chkconfig v2ray on;sudo service v2ray start
sudo service v2ray restart
Switch between the two v2ray servers on Linux client:
all done on client:
mkdir -p /home/$(whoami)/scripts/;wget https://raw.githubusercontent.com/slrslr/Miscellaneous-bash-scripts/master/v2rayswitch -O /home/$(whoami)/scripts/v2rayswitch
update your server config file names in the script file:
nano /home/$(whoami)/scripts/v2rayswitch
Ctrl+X; Y; Enter
chmod +x /home/$(whoami)/scripts/v2rayswitch;nano ~/.bashrc
prepend new line:
alias v2rswitch=‘sudo /bin/bash /home/YOURUSERNAME/scripts/v2rayswitch’
on logout/login/restart computer, you can use commands like following to switch to different v2ray server:
$ v2rswitch
(it will ask to which server to switch)
$ v2rswitch serv1
(it will switch to server 1)
---------
VPN KILLSWITCH (prevent leaking unsecured traffic when VPN/WG is off):
ufw status
ufw was disabled, i used iptables killswitch rules from https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/
Though that page shows also rules for ufw. or try:
1. https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/
2. https://www.ivpn.net/knowledgebase/222/Kill-switch-using-the-Uncomplicated-Firewall-UFW.html
3. https://www.ivpn.net/knowledgebase/238/WireGuard-Kill-switch.html
and once traffic works, saved iptables (Arch/manjaro) + enabled iptables:
iptables-save > /etc/iptables/iptables.rules;systemctl enable iptables
UFW backup files are btw. in ls /etc/default/ufw/ ?
// End of securing network activity
Setting up SWAP file + zswap (i am not using partition, but if you already use swap and want zswap, possibly first disable existing swap: swapon & swapoff path & rm path & remove from fstab):
sudo pamac install systemd-swap;sudo systemctl enable systemd-swap.service;mkdir -p /etc/systemd/swap.conf.d/;echo -e "zswap_enabled=1\nzram_enabled=0\nswapfc_enabled=1" > /etc/systemd/swap.conf.d/myswap.conf
sudo sed -i "s/zswap_max_pool_percent=25/zswap_max_pool_percent=30/g" /usr/share/systemd-swap/swap-default.conf
Installing additional SW: (use only sw you need)
1. Official repo:
sudo pamac install wine-staging winetricks wine-mono wine_gecko qbittorrent transmission-gtk transmission-remote-gtk transmission-cli amule mldonkey nicotine+ whois veracrypt keepassxc clementine featherpad dolphin dolphin-plugins konsole packagekit-qt5 qt5-tools kdialog filezilla putty gsmartcontrol glances sysstat dstat mtr nmap gnu-netcat dnsutils traceroute recode appimagelauncher torbrowser-launcher wireguard-tools shadowsocks-libev shadowsocks-qt5 manjaro-printer baobab fdupes macchanger grsync deja-dup backintime openttd* gdb base-devel cmake ninja libtorrent-rasterbar openssl boost geoip qt5-base qt5-svg qt5-tools zlib hunspell-en_US handbrake stardict nomacs
2. Arch User contributed Repo - AUR:
pamac build stardict-cz stardict-en-cz hunspell-cs fsearch-gitv freefilesync losslesscut xnviewmp doublecmd-gtk2 angrysearch drill-search-gtk flashpoint-bin exiftool gtk-gnutella eiskaltdcpp-qt wondershaper-git
3. SNAP:
sudo pacman -S snapd;sudo systemctl enable --now snapd.socket;sudo ln -s /var/lib/snapd/snap /snap;sudo snap install jdownloader2;
Install Ungoogled-Chromium browser from un-official repo on Arch/Manjaro:
1. sudo su
2. pacman-key --keyserver hkps://keys.openpgp.org -r 3DEA62513C8035383A245A12E5786B42E8E5D565;pacman-key --lsign-key 3DEA62513C8035383A245A12E5786B42E8E5D565;echo -e "[jk-aur]\nServer = https://repo.vin.ovh/arch/\$arch" >> /etc/pacman.conf;pacman -Sy ungoogled-chromium pepper-flash;sed -i "/jk-aur/d" /etc/pacman.conf;sed -i "/repo.vin.ovh/d" /etc/pacman.conf;pacman -Sy;exit
Try to update time and let it be synchronized:
timedatectl set-ntp true
systemctl enable --now systemd-timesyncd.service
Some txt files from Windows had non-standard encoding and Linux shown malformed characters. Solution? 1. install "recode" utility (sudo pacman -S recode), 2. in terminal go to directory with a wrong text file and backup it, 3. run command "recode ms-ee *.srt" (in this case it should fix encoding in all .srt files in that directory). Or read "man recode".
---------
Transmission torrent client configuration migration Windows to Linux:
On Manjaro (based on Arch): pacman -S transmission-gtk transmission-remote-gtk
I ran it and then quit.
Then
cd;cd .config/transmission
cp /path/to/windowsbackup/c/users/me/appdata/local/transmission/* .
rmdir Torrents Resume;mv torrents Torrents;mv resume Resume
Now the paths was wrong. I can sort by path in Transmission Remote app. and possibly do bulk change in torrent location.
Transmission, better web UI:
sudo su
wget https://github.com/ronggang/transmission-web-control/raw/master/release/install-tr-control.sh --no-check-certificate;bash install-tr-control.sh
Select option 1.
-------
Filezilla FTP client configuration migration from Windows 10 to Linux worked:
1. Backup Windows: C:\Users\user\AppData\Roaming\FileZilla
2. install Filezilla on Linux: sudo apt install filezilla 2>/dev/null||sudo pacman -S filezilla 2>/dev/null||yum install filezilla 2>/dev/null
3. open FIlezilla in Linux, close it
4. copy Windows folder content to Linux folder: /home/user/.config/filezilla/
-------
PuTTY SSH client configuration migration Windows to Linux:
Following is not restoring saved usernames and passwords, only list of hostnames/ips
sudo pacman -S putty
Either run installed app and save first connection or first copy the configuration files to /home/user/.putty/sessions (small letter case, not Sessions)
cd /home/user/.putty/sessions
WIndows KiTTY or PuTTY put backslashes in connection config files and Linux not:
sed -i 's/\\/=/' /home/user/.putty/sessions/*
sed -i 's/\\//' /home/user/.putty/sessions/*
--------
Replace Thunar file manager by Dolphin as a Linux file manager on Linux with XFCE, run command: xdg-mime default org.kde.dolphin.desktop inode/directory;exo-preferred-applications
Enable video thumbnails: sudo pacman -S ffmpegthumbs qt5-imageformats kimageformats taglib raw-thumbnailer;cd;sed -i "s|Plugins=|Plugins=ffmpegthumbs,|g" .config/dolphinrc
--------
Prepend new aliases to file for example command: cd;nano .bashrc
--------
If having low disk space on system drive, reduce usage by journal logs inside /etc/systemd/journald.conf changing SystemMaxUse= to lets say 100M.
newsize=100M; echo "current size: $(sudo journalctl --disk-usage)"; sudo journalctl --vacuum-size=$newsize # decrease the size
sudo mkdir -p /etc/systemd/journald.conf.d && echo 'SystemMaxUse=$newsize' | sudo tee /etc/systemd/journald.conf.d/journald-limit-journal-size.conf 1>/dev/null # set the limit
sudo systemctl restart systemd-journald.service; echo "current size: $(sudo journalctl --disk-usage)"
Increase limit of open files:
sudo mkdir -p /etc/security/limits.d && echo -e "# set high limits of open files\n* soft nofile 100000\n* hard nofile 10000"|sudo tee /etc/security/limits.d/81-openfileslimit.conf
# allow user with username "user" to run certain apps/services without the need to enter password / sudo:
sudo mkdir -p /etc/sudoers.d/ && echo -e "# Custom user privilege specification\nuser ALL=(ALL:ALL) /usr/bin/systemctl\nuser ALL=(ALL:ALL) /usr/sbin/zpool\nuser ALL=(ALL:ALL) /usr/sbin/zfs\nuser ALL=(ALL:ALL) /usr/bin/backintime" | sudo tee /etc/sudoers.d/custom-user-privilege-specification.conf && sudo visudo -c
--------
Exclude big folders from baloo index? balooctl config add excludeFolders /home/you/Desktop/abc;balooctl status;balooctl
--------
WINE (windows apps on Linux): You may try cmd: wine control ; install new apps from within Winetricks
Later if there are 32bit/64bit - x86 x64 problems, one may need to create 32bit prefix in winetricks: https://linuxconfig.org/install-wine-on-manjaro
--------
A) Keep running certain apps/services (http://raw.githubusercontent.com/slrslr/ManjaroLinux-scripts/main/keeprunningapps)
B) alternative approach that may not work: Install cronjob to monitor and keep running selected apps on Linux (needs sudo):
crontab -l > crontab;echo -e '* * * * * export DISPLAY=":0.0" && for app in "eiskaltdcpp-qt" "transmission-gtk" "nicotine";do ps aux|grep -v grep|grep "$app";done||"$app" &' >> crontab;crontab crontab
--------
BACKUP setup (backup at least main user home directory to external drive/location):
a) backintime (I THINK THE BEST: backups are readable as normal files and can be placed to any location): $pamac install backintime
b) DeJa Dup: $ pamac install deja-dup
c) Timeshift: if you schedule your system backups, make sure to exclude mountpoints of the external drives in Timeshift settings.
--------
Installing local Mail sending/receiving function:
pamac install postfix;touch /var/spool/mail/$(whoami);sudo mkfifo /var/spool/postfix/public/pickup;systemctl enable postfix;systemctl start postfix;sudo newaliases;echo "Message here"|mail -s Subject $(whoami);echo "Done"
-----------
Tuning USB awake, disk powersaving try pamac build powertop;sudo powertop
or maybe setting USB_AUTOSUSPEND in /etc/tlp.conf to 0.
---------
Make sure that USB peripherals (keyboard, mouse) are not power suspended to allow awaking computer from sleep/suspend state:
pamac install tlpui;tlpui;
Switch to USB tab in gui oppened using tlpui command and there in blacklist section list your keyboard, mouse and root hubs (possibly).
---------
I2PD install (needed for MuWire and RetroShare P2P apps)
pamac install i2pd
systemctl enable i2pd;systemctl start i2pd;systemctl status i2pd
To edit configuration and enable I2CP protocol needed for MuWire, Retroshare (and possibly other apps that needs I2P) open configuration file:
nano /etc/i2pd/i2pd.conf
(if nano not found, use vi or other editor)
inside that .conf file find i2cp section where you un-comment two lines, set enabled variable to true: "enabled = true" and "port = 7654" (removing "# " from both lines)
restart i2p daemon: systemctl restart i2pd
----------
MuWire install:
pacman -S pamac;pamac build muwire-git
If it fail, showing numerous messages "unable to resolve class java.", you may try switching to different Java version. Manjaro has a tool for that:
$ archlinux-java status
Available Java environments:
java-11-openjdk
java-15-openjdk
java-8-openjdk (default)
$ sudo archlinux-java set java-11-openjdk
$ pamac build muwire-git
completed OK. If still fails with java errors, try installing java11: pamac install jdk11-openjdk
switch to that as shown above and repeat "pamac build muwire-git"
If still fails, report your Linux details and build errors to https://github.com/zlatinb/muwire/issues
If ok, try to run MuWire from your apps menu or from within command line
-------------
Install x2go rdp/remote desktop app:
ON CLIENT:
pamac install x2goclient
ON SERVER:
pamac install x2goserver
sudo systemctl start x2goserver.service;sudo systemctl enable x2goserver.service;
sudo sed -i “s|#X11Forwarding no|X11Forwarding yes|g” /etc/ssh/sshd_config;
sudo systemctl reload sshd
sudo x2godbadmin --createdb
ON CLIENT:
open client x2go gui and in new session use Session type X2Go/X11 Desktop sharing. To exit session, remember well the keyboard shortcut Ctrl+Alt+T.
--------
Limitting traffic on the interface of choice ($ip addr):
pamac install wondershaper* || pamac build wondershaper-git
wondershaper -h
Add 50Mbps DL and UL limit: sudo wondershaper -a enp3s0 -d 50000 -u 50000
Remove limits: sudo wondershaper -a enp3s0 -d 50000 -u 50000 -c
--------
App to record and replay mouse and keyboard actions: https://github.com/RMPR/atbswp/tree/v0.2
--------
Set static IP to Linux Arch/Manjaro computer:
gwip=192.168.0.1/24 && thisip=192.168.0.20/24 && nic=$(ip -o -4 route show to default | awk '{print $5}');sudo rm -f /etc/systemd/network/${nic}.network;echo -e "[Match]\nName=${nic}\n\n[Network]\nAddress=$thisip\nGateway=$gwip\nDNS=1.1.1.1\nDNS =8.8.8.8"|sudo tee /etc/systemd/network/${nic}.network >/dev/null;sudo systemctl restart --now systemd-networkd.service
--------
Low RAM & SWAP and upgrading nto an option, try to reduce zswap (if you installed it previously) and if not helps:
Install process terminator/killed to prevent OOM freeze/hang:
pamac install earlyoom systembus-notify;
nano /etc/default/earlyoom (possibly exclude from killing processes like "firefox")
systemctl enable earlyoom && systemctl start earlyoom
--------
Using NTFS and feeling adventurous?
Install non-standard ntfs driver: https://wiki.archlinux.org/index.php/Ufsd#Installation
try?: pamac build ufsd-module-dkms ?
pamac search -a package (search packages also in AUR)
--------
Managing software with pacman(official repo) and pamac(unofficial Arch User Repository AUR)
Package search:
a) official sudo pacman -Ss packagename
b) official+AUR: pamac search -a packagename
Package setup:
a) official: sudo pacman -S packagename (or "pamac install packagename" - this one is better because suggests optional child packages)
b) AUR: pamac build packagename
Package removal:
a) official: sudo pacman -R packagename
b) AUR: pamac remove packagename
IN SHORT: use pamac to find/install/remove in official and user contributed repos: pamac search -a; pamac install (or pamac build for AUR package); pamac remove
Update/Upgrade:
pacman -Syyu
pamac upgrade -a (this one upgrades also AUR packages, or use: pamac upgrade -a --devel --ignore ungoogled-chromium)
next things: setup automatic backups to external drive or cloud. (Syncthing?, mega.nz?)
- how to migrate from Windows to Linux (Arch based Manjaro (https://manjaro.org/) - but things may be partially applied on other systems too)
- have fully encrypted system and boot partition (MBR will be left readable)
- setup VPN/Wireguard/Shadowsocks + firewall killswitch
- setup RAM based intelligent compressed SWAP (zswap)
I hope my days on Windows are numbered and i am finally migrating to Linux for good. Currently i am finishing the migration and i came to the point where nearly everything is working on Linux. So i want to share whole guide.
Here are the tips and things to note before you do migration from Windows to Arch Linux like Manajaro is. I have selected Manjaro, because it is ranked among the top of user friendly, latest software, good number of packages in repos, good support community, rolling release distribution without need to reinstall system.
Windows to Manjaro migration notes:
Backups: Save settings of the popular apps - ideally all apps, space is cheap and time restoring manually is expensive: (C:\Users\user\AppData\Roaming ; C:\Users\user\AppData\Local ; Documents, Images, Downloads, Music.., Program Files folder etc.)
Set e-mail client offline and export its data to Linux supported format (.eml, mbox ?) and quit client
sync/backup all data to external drive (unless you will be installing Linux on different drive than current Windows system drive)
Copy ovpn and wg files to usb stick (if you are using VPN service)
Bootable installation disk: Use full Manjaro installation image to minimise the downtime. https://manjaro.org/download/ Make bootable USB stick using Windows software called "Ventoy" (by installing it and simply copying the .iso(s) to the drive or using software "Yumi" (i used it), some people recommend Rufus.
When ready to reinstall (having backup of the drive, or ideally install on different drive), try to boot from Manjaro USB disk. Maybe you will need to hit F12 old Fn+F12 to select boot source. Or F2, Fn+F2, Del keys to access BIOS and play with EUFI/Legacy, disable secure boot or change boot order.
When booting up live Manjaro system from USB, you can play with it and then click Install. To secure data i ticked encryption. If adventurous, one can use custom partitioning, create new partition table MBR, /boot ext2 partition with boot flag 500MB, and then remaing space for example btrfs partition with / mountpoint and "root" flag. + tick encryption on both (i have not tested this, though btrfs has some advantages over default ext4 - if i install it, i would make sure to check mount parameters -o ssd , enable defrag, noatime instead relatime, space_cache by def.) (https://www.thegeekdiary.com/how-to-tune-btrfs-filesystem-for-better-performance/). Regarding swap some people rather recommend not to create swap partition and later create swap file https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#With_suspend-to-disk_support
After finished, maybe it will not boot from drive, maybe you will need to change boot order in BIOS or such settings.
If selected encryption, then it will accept passphrase. Make sure to enable num lock and using right keymap (y/z) etc. After submitting password by Enter key, it can take a minute or so for it to do something.
Now you have booted into the newly installed Manjaro system.
Have laptop, but using external monitor? Prevent closed laptop lid to turn off external monitor:
sed -i "s|#IgnoreLid=true|IgnoreLid=true|g" /etc/UPower/UPower.conf;sed -i "s|IgnoreLid=false|IgnoreLid=true|g" /etc/UPower/UPower.conf;sudo systemctl restart upower.service
Randomize MAC on each network connection?
right click Network manager icon in tray (icon that manages net. connections), Edit connections, your connection, Ethernet, Cloned MAC address: random
In my case i setup VPN first to secure and anonymize internet activity:
1 - WIREGUARD:
Using NetworkManager (GUI) tray icon disable OpenVPN connection if active and disable it from main network interface also using NM GUI. Following single pacman command may not be needed or bad idea if wireguard is already included in kernel (modprobe wireguard;modinfo wireguard).
sudo pacman -S wireguard-tools
cd /path/to/wg_conf_and_ovpn_client_files
cp -p wg-client.conf wg0.conf
nmcli connection import type wireguard file wg0.conf
sudo wg;ip r;nmcli connection;for ip in $(curl -L http://cpanel.net/showip.shtml 2>/dev/null);do echo $ip && whois $ip|grep -i netname;done
systemctl enable [email protected];systemctl status [email protected] (if fails, list units and use correct name: systemctl ) - https://wiki.archlinux.org/index.php/WireGuard#NetworkManager
Not working? https://snapcraft.io/install/wireguard-ammp/manjaro
2 - OPENVPN:
NetworkManager has new connection import entry to import .ovpn file.
3 - SHADOWSOCKS (not recommended, outdated qt5 app, use v2ray instead which is right below):
sudo pacman -S shadowsocks-libev shadowsocks-qt5
From Manjaro menu, type shadow and run the SS gui app and add your connection configs in it. Make the app to start at boot and set one connection to autoconnect.
4 - V2Ray:
V2RAY proxy CLIENT setup on new Linux Manjaro & config files:
https://forum.manjaro.org/t/v2ray-package-how-to-actually-setup-the-proxy-client-on-manjaro-and-the-server/48312/4
in short:
pacman -S v2ray
/etc/v2ray/config.json <- https://guide.v2fly.org/en_US/basics/shadowsocks.html#client-side-configuration
systemctl enable v2ray && systemctl start v2ray
_
V2RAY SERVER setup on CentOS 6:
wget https://raw.githubusercontent.com/hijkpw/scripts/master/goV2.sh -O -|bash
Config: /etc/v2ray/config.json
Then setup the service:
wget https://raw.githubusercontent.com/slrslr/Miscellaneous-bash-scripts/master/etc_init.d_v2ray -O v2ray;sudo mv v2ray /etc/init.d/;sudo chmod +x /etc/init.d/v2ray;sudo chkconfig v2ray on;sudo service v2ray start
sudo service v2ray restart
Switch between the two v2ray servers on Linux client:
all done on client:
mkdir -p /home/$(whoami)/scripts/;wget https://raw.githubusercontent.com/slrslr/Miscellaneous-bash-scripts/master/v2rayswitch -O /home/$(whoami)/scripts/v2rayswitch
update your server config file names in the script file:
nano /home/$(whoami)/scripts/v2rayswitch
Ctrl+X; Y; Enter
chmod +x /home/$(whoami)/scripts/v2rayswitch;nano ~/.bashrc
prepend new line:
alias v2rswitch=‘sudo /bin/bash /home/YOURUSERNAME/scripts/v2rayswitch’
on logout/login/restart computer, you can use commands like following to switch to different v2ray server:
$ v2rswitch
(it will ask to which server to switch)
$ v2rswitch serv1
(it will switch to server 1)
---------
VPN KILLSWITCH (prevent leaking unsecured traffic when VPN/WG is off):
ufw status
ufw was disabled, i used iptables killswitch rules from https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/
Though that page shows also rules for ufw. or try:
1. https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/
2. https://www.ivpn.net/knowledgebase/222/Kill-switch-using-the-Uncomplicated-Firewall-UFW.html
3. https://www.ivpn.net/knowledgebase/238/WireGuard-Kill-switch.html
and once traffic works, saved iptables (Arch/manjaro) + enabled iptables:
iptables-save > /etc/iptables/iptables.rules;systemctl enable iptables
UFW backup files are btw. in ls /etc/default/ufw/ ?
// End of securing network activity
Setting up SWAP file + zswap (i am not using partition, but if you already use swap and want zswap, possibly first disable existing swap: swapon & swapoff path & rm path & remove from fstab):
sudo pamac install systemd-swap;sudo systemctl enable systemd-swap.service;mkdir -p /etc/systemd/swap.conf.d/;echo -e "zswap_enabled=1\nzram_enabled=0\nswapfc_enabled=1" > /etc/systemd/swap.conf.d/myswap.conf
sudo sed -i "s/zswap_max_pool_percent=25/zswap_max_pool_percent=30/g" /usr/share/systemd-swap/swap-default.conf
Installing additional SW: (use only sw you need)
1. Official repo:
sudo pamac install wine-staging winetricks wine-mono wine_gecko qbittorrent transmission-gtk transmission-remote-gtk transmission-cli amule mldonkey nicotine+ whois veracrypt keepassxc clementine featherpad dolphin dolphin-plugins konsole packagekit-qt5 qt5-tools kdialog filezilla putty gsmartcontrol glances sysstat dstat mtr nmap gnu-netcat dnsutils traceroute recode appimagelauncher torbrowser-launcher wireguard-tools shadowsocks-libev shadowsocks-qt5 manjaro-printer baobab fdupes macchanger grsync deja-dup backintime openttd* gdb base-devel cmake ninja libtorrent-rasterbar openssl boost geoip qt5-base qt5-svg qt5-tools zlib hunspell-en_US handbrake stardict nomacs
2. Arch User contributed Repo - AUR:
pamac build stardict-cz stardict-en-cz hunspell-cs fsearch-gitv freefilesync losslesscut xnviewmp doublecmd-gtk2 angrysearch drill-search-gtk flashpoint-bin exiftool gtk-gnutella eiskaltdcpp-qt wondershaper-git
3. SNAP:
sudo pacman -S snapd;sudo systemctl enable --now snapd.socket;sudo ln -s /var/lib/snapd/snap /snap;sudo snap install jdownloader2;
Install Ungoogled-Chromium browser from un-official repo on Arch/Manjaro:
1. sudo su
2. pacman-key --keyserver hkps://keys.openpgp.org -r 3DEA62513C8035383A245A12E5786B42E8E5D565;pacman-key --lsign-key 3DEA62513C8035383A245A12E5786B42E8E5D565;echo -e "[jk-aur]\nServer = https://repo.vin.ovh/arch/\$arch" >> /etc/pacman.conf;pacman -Sy ungoogled-chromium pepper-flash;sed -i "/jk-aur/d" /etc/pacman.conf;sed -i "/repo.vin.ovh/d" /etc/pacman.conf;pacman -Sy;exit
Try to update time and let it be synchronized:
timedatectl set-ntp true
systemctl enable --now systemd-timesyncd.service
Some txt files from Windows had non-standard encoding and Linux shown malformed characters. Solution? 1. install "recode" utility (sudo pacman -S recode), 2. in terminal go to directory with a wrong text file and backup it, 3. run command "recode ms-ee *.srt" (in this case it should fix encoding in all .srt files in that directory). Or read "man recode".
---------
Transmission torrent client configuration migration Windows to Linux:
On Manjaro (based on Arch): pacman -S transmission-gtk transmission-remote-gtk
I ran it and then quit.
Then
cd;cd .config/transmission
cp /path/to/windowsbackup/c/users/me/appdata/local/transmission/* .
rmdir Torrents Resume;mv torrents Torrents;mv resume Resume
Now the paths was wrong. I can sort by path in Transmission Remote app. and possibly do bulk change in torrent location.
Transmission, better web UI:
sudo su
wget https://github.com/ronggang/transmission-web-control/raw/master/release/install-tr-control.sh --no-check-certificate;bash install-tr-control.sh
Select option 1.
-------
Filezilla FTP client configuration migration from Windows 10 to Linux worked:
1. Backup Windows: C:\Users\user\AppData\Roaming\FileZilla
2. install Filezilla on Linux: sudo apt install filezilla 2>/dev/null||sudo pacman -S filezilla 2>/dev/null||yum install filezilla 2>/dev/null
3. open FIlezilla in Linux, close it
4. copy Windows folder content to Linux folder: /home/user/.config/filezilla/
-------
PuTTY SSH client configuration migration Windows to Linux:
Following is not restoring saved usernames and passwords, only list of hostnames/ips
sudo pacman -S putty
Either run installed app and save first connection or first copy the configuration files to /home/user/.putty/sessions (small letter case, not Sessions)
cd /home/user/.putty/sessions
WIndows KiTTY or PuTTY put backslashes in connection config files and Linux not:
sed -i 's/\\/=/' /home/user/.putty/sessions/*
sed -i 's/\\//' /home/user/.putty/sessions/*
--------
Replace Thunar file manager by Dolphin as a Linux file manager on Linux with XFCE, run command: xdg-mime default org.kde.dolphin.desktop inode/directory;exo-preferred-applications
Enable video thumbnails: sudo pacman -S ffmpegthumbs qt5-imageformats kimageformats taglib raw-thumbnailer;cd;sed -i "s|Plugins=|Plugins=ffmpegthumbs,|g" .config/dolphinrc
--------
Prepend new aliases to file for example command: cd;nano .bashrc
--------
If having low disk space on system drive, reduce usage by journal logs inside /etc/systemd/journald.conf changing SystemMaxUse= to lets say 100M.
newsize=100M; echo "current size: $(sudo journalctl --disk-usage)"; sudo journalctl --vacuum-size=$newsize # decrease the size
sudo mkdir -p /etc/systemd/journald.conf.d && echo 'SystemMaxUse=$newsize' | sudo tee /etc/systemd/journald.conf.d/journald-limit-journal-size.conf 1>/dev/null # set the limit
sudo systemctl restart systemd-journald.service; echo "current size: $(sudo journalctl --disk-usage)"
Increase limit of open files:
sudo mkdir -p /etc/security/limits.d && echo -e "# set high limits of open files\n* soft nofile 100000\n* hard nofile 10000"|sudo tee /etc/security/limits.d/81-openfileslimit.conf
# allow user with username "user" to run certain apps/services without the need to enter password / sudo:
sudo mkdir -p /etc/sudoers.d/ && echo -e "# Custom user privilege specification\nuser ALL=(ALL:ALL) /usr/bin/systemctl\nuser ALL=(ALL:ALL) /usr/sbin/zpool\nuser ALL=(ALL:ALL) /usr/sbin/zfs\nuser ALL=(ALL:ALL) /usr/bin/backintime" | sudo tee /etc/sudoers.d/custom-user-privilege-specification.conf && sudo visudo -c
--------
Exclude big folders from baloo index? balooctl config add excludeFolders /home/you/Desktop/abc;balooctl status;balooctl
--------
WINE (windows apps on Linux): You may try cmd: wine control ; install new apps from within Winetricks
Later if there are 32bit/64bit - x86 x64 problems, one may need to create 32bit prefix in winetricks: https://linuxconfig.org/install-wine-on-manjaro
--------
A) Keep running certain apps/services (http://raw.githubusercontent.com/slrslr/ManjaroLinux-scripts/main/keeprunningapps)
B) alternative approach that may not work: Install cronjob to monitor and keep running selected apps on Linux (needs sudo):
crontab -l > crontab;echo -e '* * * * * export DISPLAY=":0.0" && for app in "eiskaltdcpp-qt" "transmission-gtk" "nicotine";do ps aux|grep -v grep|grep "$app";done||"$app" &' >> crontab;crontab crontab
--------
BACKUP setup (backup at least main user home directory to external drive/location):
a) backintime (I THINK THE BEST: backups are readable as normal files and can be placed to any location): $pamac install backintime
b) DeJa Dup: $ pamac install deja-dup
c) Timeshift: if you schedule your system backups, make sure to exclude mountpoints of the external drives in Timeshift settings.
--------
Installing local Mail sending/receiving function:
pamac install postfix;touch /var/spool/mail/$(whoami);sudo mkfifo /var/spool/postfix/public/pickup;systemctl enable postfix;systemctl start postfix;sudo newaliases;echo "Message here"|mail -s Subject $(whoami);echo "Done"
-----------
Tuning USB awake, disk powersaving try pamac build powertop;sudo powertop
or maybe setting USB_AUTOSUSPEND in /etc/tlp.conf to 0.
---------
Make sure that USB peripherals (keyboard, mouse) are not power suspended to allow awaking computer from sleep/suspend state:
pamac install tlpui;tlpui;
Switch to USB tab in gui oppened using tlpui command and there in blacklist section list your keyboard, mouse and root hubs (possibly).
---------
I2PD install (needed for MuWire and RetroShare P2P apps)
pamac install i2pd
systemctl enable i2pd;systemctl start i2pd;systemctl status i2pd
To edit configuration and enable I2CP protocol needed for MuWire, Retroshare (and possibly other apps that needs I2P) open configuration file:
nano /etc/i2pd/i2pd.conf
(if nano not found, use vi or other editor)
inside that .conf file find i2cp section where you un-comment two lines, set enabled variable to true: "enabled = true" and "port = 7654" (removing "# " from both lines)
restart i2p daemon: systemctl restart i2pd
----------
MuWire install:
pacman -S pamac;pamac build muwire-git
If it fail, showing numerous messages "unable to resolve class java.", you may try switching to different Java version. Manjaro has a tool for that:
$ archlinux-java status
Available Java environments:
java-11-openjdk
java-15-openjdk
java-8-openjdk (default)
$ sudo archlinux-java set java-11-openjdk
$ pamac build muwire-git
completed OK. If still fails with java errors, try installing java11: pamac install jdk11-openjdk
switch to that as shown above and repeat "pamac build muwire-git"
If still fails, report your Linux details and build errors to https://github.com/zlatinb/muwire/issues
If ok, try to run MuWire from your apps menu or from within command line
-------------
Install x2go rdp/remote desktop app:
ON CLIENT:
pamac install x2goclient
ON SERVER:
pamac install x2goserver
sudo systemctl start x2goserver.service;sudo systemctl enable x2goserver.service;
sudo sed -i “s|#X11Forwarding no|X11Forwarding yes|g” /etc/ssh/sshd_config;
sudo systemctl reload sshd
sudo x2godbadmin --createdb
ON CLIENT:
open client x2go gui and in new session use Session type X2Go/X11 Desktop sharing. To exit session, remember well the keyboard shortcut Ctrl+Alt+T.
--------
Limitting traffic on the interface of choice ($ip addr):
pamac install wondershaper* || pamac build wondershaper-git
wondershaper -h
Add 50Mbps DL and UL limit: sudo wondershaper -a enp3s0 -d 50000 -u 50000
Remove limits: sudo wondershaper -a enp3s0 -d 50000 -u 50000 -c
--------
App to record and replay mouse and keyboard actions: https://github.com/RMPR/atbswp/tree/v0.2
--------
Set static IP to Linux Arch/Manjaro computer:
gwip=192.168.0.1/24 && thisip=192.168.0.20/24 && nic=$(ip -o -4 route show to default | awk '{print $5}');sudo rm -f /etc/systemd/network/${nic}.network;echo -e "[Match]\nName=${nic}\n\n[Network]\nAddress=$thisip\nGateway=$gwip\nDNS=1.1.1.1\nDNS =8.8.8.8"|sudo tee /etc/systemd/network/${nic}.network >/dev/null;sudo systemctl restart --now systemd-networkd.service
--------
Low RAM & SWAP and upgrading nto an option, try to reduce zswap (if you installed it previously) and if not helps:
Install process terminator/killed to prevent OOM freeze/hang:
pamac install earlyoom systembus-notify;
nano /etc/default/earlyoom (possibly exclude from killing processes like "firefox")
systemctl enable earlyoom && systemctl start earlyoom
--------
Using NTFS and feeling adventurous?
Install non-standard ntfs driver: https://wiki.archlinux.org/index.php/Ufsd#Installation
try?: pamac build ufsd-module-dkms ?
pamac search -a package (search packages also in AUR)
--------
Managing software with pacman(official repo) and pamac(unofficial Arch User Repository AUR)
Package search:
a) official sudo pacman -Ss packagename
b) official+AUR: pamac search -a packagename
Package setup:
a) official: sudo pacman -S packagename (or "pamac install packagename" - this one is better because suggests optional child packages)
b) AUR: pamac build packagename
Package removal:
a) official: sudo pacman -R packagename
b) AUR: pamac remove packagename
IN SHORT: use pamac to find/install/remove in official and user contributed repos: pamac search -a; pamac install (or pamac build for AUR package); pamac remove
Update/Upgrade:
pacman -Syyu
pamac upgrade -a (this one upgrades also AUR packages, or use: pamac upgrade -a --devel --ignore ungoogled-chromium)
next things: setup automatic backups to external drive or cloud. (Syncthing?, mega.nz?)