What you will learn there:
- how to migrate from Windows to Linux (Arch based Manjaro - but things may be partially applied on other systems too)
- have fully encrypted system and boot partition (MBR will be left readable)
- setup VPN/Wireguard/Shadowsocks + firewall killswitch
- setup RAM based intelligent compressed SWAP (zswap)


I hope my days on Windows are numbered and i am finally migrating to Linux for good. Currently i am finishing the migration and i came to the point where nearly everything is working on Linux. So i want to share whole guide.

Here are the tips and things to note before you do migration from Windows to Arch Linux like Manajaro is. I have selected Manjaro, because it is ranked among the top of user friendly, latest software, good number of packages in repos, good support community, rolling release distribution without need to reinstall system.

Windows to Manjaro migration notes:

Backups:
Save settings of the popular apps - ideally all apps, space is cheap and time restoring manually is expensive: (C:\Users\user\AppData\Roaming ; C:\Users\user\AppData\Local ; Documents, Images, Downloads, Music.., Program Files folder etc.)

Set e-mail client offline and export its data to Linux supported format (.eml, mbox ?) and quit client

sync/backup all data to external drive (unless you will be installing Linux on different drive than current Windows system drive)

Copy ovpn and wg files to usb stick (if you are using VPN service)

Bootable installation disk: Use full Manjaro installation image to minimise the downtime. https://manjaro.org/download/ Make bootable USB stick using Windows software called "Ventoy" (by installing it and simply copying the .iso(s) to the drive or using software "Yumi" (i used it), some people recommend Rufus.

When ready to reinstall (having backup of the drive, or ideally install on different drive), try to boot from Manjaro USB disk. Maybe you will need to hit F12 old Fn+F12 to select boot source. Or F2, Fn+F2, Del keys to access BIOS and play with EUFI/Legacy, disable secure boot or change boot order.

When booting up live Manjaro system from USB, you can play with it and then click Install. To secure data i ticked encryption. If adventurous, one can use custom partitioning, create new partition table MBR, /boot ext2 partition with boot flag 500MB, and then remaing space for example btrfs partition with / mountpoint and "root" flag. + tick encryption on both (i have not tested this, though btrfs has some advantages over default ext4 - if i install it, i would make sure to check mount parameters -o ssd , enable defrag, noatime instead relatime, space_cache by def.). Regarding swap some people rather recommend not to create swap partition and later create swap file https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#With_suspend-to-disk_support

After finished, maybe it will not boot from drive, maybe you will need to change boot order in BIOS or such settings.

If selected encryption, then it will accept passphrase. Make sure to enable num lock and using right keymap (y/z) etc. After submitting password by Enter key, it can take a minute or so for it to do something.

Now you have booted into the newly installed Manjaro system.

Have laptop, but using external monitor? Prevent closed laptop lid to turn off external monitor:
sed -i "s|#IgnoreLid=true|IgnoreLid=true|g" /etc/UPower/UPower.conf;sed -i "s|IgnoreLid=false|IgnoreLid=true|g" /etc/UPower/UPower.conf;sudo systemctl restart upower.service

In my case i setup VPN first to secure and anonymize internet activity:

1 - WIREGUARD:
Using NetworkManager (GUI) tray icon disable OpenVPN connection if active and disable it from main network interface also using NM GUI.
sudo pacman -S wireguard-tools
cd /path/to/wg_conf_and_ovpn_client_files
cp -p wg-client.conf wg0.conf
nmcli connection import type wireguard file wg0.conf
sudo wg;ip r;nmcli connection;for ip in $(curl -L http://cpanel.net/showip.shtml 2>/dev/null);do echo $ip && whois $ip|grep -i netname;done
systemctl enable [email protected]e;systemctl status [email protected]e (if fails, list units and use correct name: systemctl ) - https://wiki.archlinux.org/index.php/WireGuard#NetworkManager
Not working? https://snapcraft.io/install/wireguard-ammp/manjaro

2 - OPENVPN:
NetworkManager has new connection import entry to import .ovpn file.

3 - SHADOWSOCKS:
sudo pacman -S shadowsocks-libev shadowsocks-qt5
From Manjaro menu, type shadow and run the SS gui app and add your connection configs in it. Make the app to start at boot and set one connection to autoconnect.

VPN KILLSWITCH (prevent leaking unsecured traffic when VPN/WG is off):
ufw status
ufw was disabled, i used iptables killswitch rules from https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/
Though that page shows also rules for ufw. or try:
1. https://internetlifeforum.com/security/8687-how-setup-linux-firewall-iptables-ufw-prevent-leaking-non-vpn-connections/
2. https://www.ivpn.net/knowledgebase/222/Kill-switch-using-the-Uncomplicated-Firewall-UFW.html
3. https://www.ivpn.net/knowledgebase/238/WireGuard-Kill-switch.html
and once traffic works, saved iptables (Arch/manjaro) + enabled iptables:
iptables-save > /etc/iptables/iptables.rules;systemctl enable iptables
UFW backup files are btw. in ls /etc/default/ufw/ ?

// End of securing network activity

Setting up SWAP file + zswap (i am not using partition, but if you already use swap and want zswap, possibly first disable existing swap: swapon & swapoff path & rm path & remove from fstab):
sudo pamac install systemd-swap;sudo systemctl enable systemd-swap.service;mkdir -p /etc/systemd/swap.conf.d/;echo -e "zswap_enabled=1\nzram_enabled=0\nswapfc_enabled=1 " > /etc/systemd/swap.conf.d/myswap.conf
sudo sed -i "s/zswap_max_pool_percent=25/zswap_max_pool_percent=70/g" /usr/share/systemd-swap/swap-default.conf

Installing additional SW: (use only sw you need)
1. Official repo:
sudo pamac install wine-staging winetricks wine-mono wine_gecko qbittorrent transmission-gtk transmission-remote-gtk transmission-cli amule mldonkey nicotine+ whois veracrypt keepassxc clementine featherpad dolphin dolphin-plugins konsole packagekit-qt5 qt5-tools kdialog filezilla putty gsmartcontrol glances sysstat dstat mtr nmap gnu-netcat dnsutils traceroute recode appimagelauncher torbrowser-launcher wireguard-tools shadowsocks-libev shadowsocks-qt5 manjaro-printer baobab fdupes macchanger grsync deja-dup backintime openttd* gdb base-devel cmake ninja libtorrent-rasterbar openssl boost geoip qt5-base qt5-svg qt5-tools zlib hunspell-en_US handbrake stardict nomacs
2. Arch User contributed Repo - AUR:
pamac build stardict-cz stardict-en-cz hunspell-cs fsearch-gitv freefilesync losslesscut xnviewmp doublecmd-gtk2 angrysearch drill-search-gtk flashpoint-bin exiftool gtk-gnutella eiskaltdcpp-qt wondershaper-git
3. SNAP:
sudo pacman -S snapd;sudo systemctl enable --now snapd.socket;sudo ln -s /var/lib/snapd/snap /snap;sudo snap install jdownloader2;

Install Ungoogled-Chromium browser from un-official repo on Arch/Manjaro:
1. sudo su
2. pacman-key --keyserver hkps://keys.openpgp.org -r 3DEA62513C8035383A245A12E5786B42E8E5D565;pacman-key --lsign-key 3DEA62513C8035383A245A12E5786B42E8E5D565;echo -e "[jk-aur]\nServer = https://repo.vin.ovh/arch/\$arch" >> /etc/pacman.conf;pacman -Sy ungoogled-chromium pepper-flash;sed -i "/jk-aur/d" /etc/pacman.conf;sed -i "/repo.vin.ovh/d" /etc/pacman.conf;pacman -Sy;exit

Try to update time and let it be synchronized:
timedatectl set-ntp true
systemctl enable --now systemd-timesyncd.service

Some txt files from Windows had non-standard encoding and Linux shown malformed characters. Solution? 1. install "recode" utility (sudo pacman -S recode), 2. in terminal go to directory with a wrong text file and backup it, 3. run command "recode ms-ee *.srt" (in this case it should fix encoding in all .srt files in that directory). Or read "man recode".

---------

Transmission torrent client configuration migration Windows to Linux:
On Manjaro (based on Arch): pacman -S transmission-gtk transmission-remote-gtk
I ran it and then quit.
Then
cd;cd .config/transmission
cp /path/to/windowsbackup/c/users/me/appdata/local/transmission/* .
rmdir Torrents Resume;mv torrents Torrents;mv resume Resume
Now the paths was wrong. I can sort by path in Transmission Remote app. and possibly do bulk change in torrent location.

Transmission, better web UI:
sudo su
wget https://github.com/ronggang/transmission-web-control/raw/master/release/install-tr-control.sh --no-check-certificate;bash install-tr-control.sh
Select option 1.

-------

Filezilla FTP client configuration migration from Windows 10 to Linux worked:
1. Backup Windows: C:\Users\user\AppData\Roaming\FileZilla
2. install Filezilla on Linux: sudo apt install filezilla 2>/dev/null||sudo pacman -S filezilla 2>/dev/null||yum install filezilla 2>/dev/null
3. open FIlezilla in Linux, close it
4. copy Windows folder content to Linux folder: /home/user/.config/filezilla/

-------

PuTTY SSH client configuration migration Windows to Linux:
Following is not restoring saved usernames and passwords, only list of hostnames/ips
sudo pacman -S putty
Either run installed app and save first connection or first copy the configuration files to /home/user/.putty/sessions (small letter case, not Sessions)
cd /home/user/.putty/sessions
WIndows KiTTY or PuTTY put backslashes in connection config files and Linux not:
sed -i 's/\\/=/' /home/user/.putty/sessions/*
sed -i 's/\\//' /home/user/.putty/sessions/*

--------

Replace Thunar file manager by Dolphin as a Linux file manager on Linux with XFCE, run command: xdg-mime default org.kde.dolphin.desktop inode/directory;exo-preferred-applications
Enable video thumbnails: sudo pacman -S ffmpegthumbs qt5-imageformats kimageformats taglib raw-thumbnailer;cd;sed -i "s|Plugins=|Plugins=ffmpegthumbs,|g" .config/dolphinrc

--------

Prepend new aliases to file for example command: cd;nano .bashrc

--------

Decrease /var/log/journal log size:
journalctl --disk-usage
sudo sed -i "s|#SystemMaxUse=|SystemMaxUse=50M|g" /etc/systemd/journald.conf
sudo systemctl kill --kill-who=main --signal=SIGUSR2 systemd-journald.service;sudo systemctl restart systemd-journald.service

--------

Exclude big folders from baloo index? balooctl config add excludeFolders /home/you/Desktop/abc;balooctl status;balooctl

--------

WINE (windows apps on Linux): You may try cmd: wine control ; install new apps from within Winetricks
Later if there are 32bit/64bit - x86 x64 problems, one may need to create 32bit prefix in winetricks: https://linuxconfig.org/install-wine-on-manjaro

--------

A) Keep running certain apps/services
B) alternative approach that may not work: Install cronjob to monitor and keep running selected apps on Linux (needs sudo):
crontab -l > crontab;echo -e '* * * * * export DISPLAY=":0.0" && for app in "eiskaltdcpp-qt" "transmission-gtk" "nicotine";do ps aux|grep -v grep|grep "$app";done||"$app" &' >> crontab;crontab crontab


--------

BACKUP setup (backup at least main user home directory to external drive/location):
a) backintime (I THINK THE BEST: backups are readable as normal files and can be placed to any location): $pamac install backintime
b) DeJa Dup: $ pamac install deja-dup
c) Timeshift: if you schedule your system backups, make sure to exclude mountpoints of the external drives in Timeshift settings.

--------

Tuning USB awake, disk powersaving try pamac build powertop;sudo powertop
or maybe setting USB_AUTOSUSPEND in /etc/tlp.conf to 0.

--------
Install x2go rdp/remote desktop app:

ON CLIENT:
pamac install x2goclient

ON SERVER:

pamac install x2goserver
sudo systemctl start x2goserver.service;sudo systemctl enable x2goserver.service;
sudo sed -i “s|#X11Forwarding no|X11Forwarding yes|g” /etc/ssh/sshd_config;
sudo systemctl reload sshd
sudo x2godbadmin --createdb

ON CLIENT:
open client x2go gui and in new session use Session type X2Go/X11 Desktop sharing. To exit session, remember well the keyboard shortcut Ctrl+Alt+T.
--------

Limitting traffic on the interface of choice ($ip addr):
pamac install wondershaper* || pamac build wondershaper-git
wondershaper -h
Add 50Mbps DL and UL limit: sudo wondershaper -a enp3s0 -d 50000 -u 50000
Remove limits: sudo wondershaper -a enp3s0 -d 50000 -u 50000 -c

--------
App to record and replay mouse and keyboard actions: https://github.com/RMPR/atbswp/tree/v0.2
--------
Set static IP to Linux Arch/Manjaro computer:

gwip=192.168.0.1/24 && thisip=192.168.0.20/24 && nic=$(ip -o -4 route show to default | awk '{print $5}');sudo rm -f /etc/systemd/network/${nic}.network;echo -e "[Match]\nName=${nic}\n\n[Network]\nAddress=$thisip\nGateway=$gwip\nDNS=1.1.1.1\nDNS =8.8.8.8"|sudo tee /etc/systemd/network/${nic}.network >/dev/null;sudo systemctl restart --now systemd-networkd.service

--------

Using NTFS and feeling adventurous?
Install non-standard ntfs driver: https://wiki.archlinux.org/index.php/Ufsd#Installation
try?: pamac build ufsd-module-dkms ?
pamac search -a package (search packages also in AUR)

--------

Managing software with pacman(official repo) and pamac(unofficial Arch User Repository AUR)

Package search:
a) official sudo pacman -Ss packagename
b) official+AUR: pamac search -a packagename
Package setup:
a) official: sudo pacman -S packagename (or "pamac install packagename" - this one is better because suggests optional child packages)
b) AUR: pamac build packagename
Package removal:
a) official: sudo pacman -R packagename
b) AUR: pamac remove packagename
IN SHORT: use pamac to find/install/remove in official and user contributed repos: pamac search -a; pamac install (or pamac build for AUR package); pamac remove
Update/Upgrade:
pacman -Syyu
pamac upgrade -a (this one upgrades also AUR packages, or use: pamac upgrade -a --devel --ignore ungoogled-chromium)

next things: setup automatic backups to external drive or cloud. (Syncthing?, mega.nz?)