ArchLinux + Cinnamon + More

Single Encrypted SSD Install

' Create a boot partition (sda1) (set boot flag) 100MB, data partition (sda2).
$ gdisk /dev/sda
$ mkfs -t ext4 /dev/sda1

' Encryption stuff
$ cryptsetup -y -v luksFormat /dev/sda2
$ cryptsetup open /dev/sda2 cryptroot
$ mkfs -t ext4 /dev/mapper/cryptroot

' Mount the partitions to our future chroot
$ mount -t ext4 /dev/mapper/cryptroot /mnt
$ mkdir /mnt/boot
$ mount -t ext4 /dev/sda1 /mnt/boot

We can now install the base packages and a few other things

' Install base packages
$ pacstrap /mnt base base-devel syslinux gdisk

' Generate our base fstab file
$ genfstab -p /mnt >> /mnt/etc/fstab

' Change into new root directory
$ arch-chroot /mnt

Now we can setup the system before the first reboot without the live cd/usb

' Set the hostname
$ echo computer_name > /etc/hostname

' Set the time zone
$ ln -s /usr/share/zoneinfo/zone/subzone /etc/localtime

' Edit the locale file and uncomment relevant locales
$ nano /etc/locale.gen

' Generate the uncommented locales from above
$ locale-gen

' Set your locale preference
$ echo LANG=your_locale > /etc/locale.conf

' Add encrypt hook to mkinitcpio: HOOKS="... encrypt ... filesystems ..."
$ nano /etc/mkinitcpio.conf

' Generate the initial RAM disk
$ mkinitcpio -p linux

' Set the root password
$ passwd

' Install some more packages
$ pacman -S networkmanager zip unzip unrar patch make openssh gcc fuse nvidia nvidia-utils

' Enable NetworkManager in systemd
$ systemctl enable NetworkManager

' Install the boot loader
$ syslinux-install_update -i -a -m

' Edit the syslinux boot loader (fix root stuff, set noop io scheduler)
' APPEND elevator=noop cryptdevice=/dev/sda2:cryptroot:allow-discards root=/dev/mapper/cryptroot rw
$ nano /boot/syslinux/syslinux.cfg

' Edit the fstab file, change root mount to use noatime and discard options
' Setup /tmp on tempfs add line: tmpfs   /tmp         tmpfs   nodev,nosuid,size=2G          0  0
$ nano /etc/fstab

' Reboot the machine
$ reboot

After a clean reboot you should get the Syslinux Boot Loader and then booted into Archlinux, asking for the encryption key

' Login as root

' Check networking
$ ip addr
$ ping

' Edit pacman configuration uncomment multilib repo
$ nano /etc/pacman.conf

' Update pacman databases
$ pacman -Syu

' Lets get more packages and cinnamon now
$ pacman -S cinnamon playonlinux firefox xorg-xinit vim gvfs gvfs-smb wget lib32-libldap gnome-terminal gnome-keyring

' Edit some files to fix a few things and setup environment
' fuse.conf uncomment only two configuration values
$ nano /etc/fuse.conf

' Edit which users/groups can sudo
$ visudo

' Create a local non-root user
$ useradd -g users -G disk lp wheel games dbus network video audio optical floppy storage power -m zharvek

' Set a password for that user
$ passwd zharvek

Lets reboot again and login as our new user, you probably don’t have to reboot here but I do

' Login as non-root user

' Copy xinitrc to profile
$ cp /etc/X11/xinit/xinitrc ~/.xinitrc

' Edit .xinitrc file to set cinnamon as desktop environment: exec cinnamon-session
$ nano ~/.xinitrc

' I like to change the font engines and stuff before I load the desktop first
$ cd /tmp
$ wget
$ wget
$ wget

' Lets extract these packages
$ tar zxf freetype2-ubuntu.tar.gz
$ tar zxf fontconfig-ubuntu.tar.gz
$ tar zxf ttf-ms-fonts.tar.gz

' Lets build these packages
$ cd freetype2-ubuntu
$ makepkg
$ sudo pacman -U freetype2-ubuntu...filename
$ cd ../fontconfig-ubuntu
$ makepkg
$ sudo pacman -U fontconfig-ubuntu...filename
$ cd ../ttf-ms-fonts
$ makepkg
$ sudo pacman -U ttf-ms-fonts...filename

' Change back to home
$ cd ~

' Start the desktop environment cinnamon
$ startx

We can then get some games going for instance

' Create a games folder, I like putting it in a root area to be clean and easy
$ sudo mkdir /games

' We need to give file permissions to the folder
$ sudo chmod 775 /games
$ sudo chown root:games /games

' You should be able to write to that folder now (your in the games group right?)
' Copy WoW to the games folder

' Lets setup a wine prefix for WoW
$ playonlinux

' Download latest version of wine and wine-staging both x64 ( bombs on staging, game runs best on staging)
' Error: "This application failed to start because it could not find or load the Qt platform plugin "windows"."
' You will get this error if your wine prefixes are NOT Windows XP.
' You will get this error if your running the "" prefix with a -staging version of WINE!
' Wine bug confirmed:

' Create two new prefixes, "" and "Warcraft"
' Run winecfg on the "Warcraft" prefix
' Set CSMT enabled on "Warcraft" prefix
' Disable the d3d11 library on "Warcraft" prefix
' Run winecfg on "" prefix
' Disable the dbghelp library on "" prefix (answer yes to important question)

' Run 'World of Warcraft Launcher.exe' in the "" prefix to allow updates and such
' Run 'Wow-64.exe' in the "Warcraft" prefix to play game with CSMT enabled.
' Setup scripts to do this for both programs. Using WINEARCH=win64 and WINEPREFIX= to prefixes

--- Game Start Script ---
WINEDEBUG=-all WINEARCH=win64 force_s3tc_enable=true __GL_THREADED_OPTIMIZATIONS=1 WINEPREFIX=~/.PlayOnLinux/wineprefix/Warcraft /home/zharvek/.PlayOnLinux/wine/linux-amd64/-staging/bin/wine /games/World\ of\ Warcraft/Wow-64.exe
--- Game End Script ---

--- Start Script ---
WINEDEBUG=-all WINEARCH=win64 WINEPREFIX=~/.PlayOnLinux/wineprefix/ /home/zharvek/.PlayOnLinux/wine/linux-amd64//bin/wine /games/World\ of\ Warcraft/World\ of\ Warcraft\ Launcher.exe
--- End Script ---

I install a few more applications

' Text editor, archive manager, stuff...
$ sudo pacman -S gedit file-roller ttf-liberation quodlibet gimp redshift freerdp remmina gtk-engine-murrine gtk-theme-arc

Tweak some settings

' Firefox first

' Open options from menu button, click Content on left.
' Default Font: Times New Roman; 16
' Proportional: Serif; 16
' Serif: Times New Roman
' Sans-serif: Arial
' Monospace: Courier New; 13

' Add your own addons, uBlock Origin, signin to Sync if you use, config custom sync server if you use

' Tweak the console
' I prefer gray text on black background, size around 100x40.

' Edit bash profile to create tmpfs firefox profile directory
$ nano ~/.bash_profile

' Add line: mkdir -p /tmp/profile
' Make a symbolic link to tmpfs profile directory from current profile
$ cd ~/.cache/mozilla/firefox
$ ln -s /tmp/profile ulw90aed.default (use profile folder)

' Install CK Kernel
' Install CK Repo
' Use information
$ sudo nano /etc/pacman.conf

' Update pacman cache
$ sudo pacman -Syy

' Check your board type and install (also choose nvidia driver)
$ sudo pacman -S ck-ivybridge

' Update syslinux (boot loader)
' LABEL arch-ck
'    MENU LABEL Arch Linux CK
'    LINUX ../vmlinuz-linux-ck
'    APPEND elevator=bfq cryptdevice=/dev/sda2:cryptroot:allow-discards root=/dev/mapper/cryptroot rw
'    INITRD ../initramfs-linux-ck.img

' Check default kernel
' DEFAULT arch-ck

Remove non-CK kernel

' Remove old kernel to save space on /boot
$ sudo pacman -R linux nvidia

Routing Issues

Looks like my host is having some routing issues with the IP block that is dedicated to the BBS server. I have tickets in and hopefully will be solved soon. Not everyone may be affected, but somewhere they are dropping packets to a specific IP block, but not all my blocks.

C# DOOR32.SYS BBSLink Client

If you have heard of or came across and wanted to add the services door games to your BBS but find that they only offer a javascript file for Synchronet BBSes then this might help you out.

I recently joined and not having a Synchronet BBS I had to make my own client to work with their service. As promised I am also releasing the source.

It is written in C# against .NET 2.0 and *might* work in mono on linux. You will have to test.

Local Binary: BBSLink Door Binaries
Local Source: BBSLink Door Source Code

Update: I made a small change to the dropped carrier handling and disconnections. The door should now handle dropped carrier and exit correctly. Let me know if you have issues.

Update: Removed Github links.

Updated BBS Connection Page

I have removed the flash versions of the telnet client on the website and replaced with an HTML5 HTTPS Websockets only applet. All connections to the BBS from this website are 100% encrypted. Downloading and uploading files works as well through the applet, which was the only reason I was keeping the flash version around. If you are connecting via telnet client instead of the applet, your connections are not encrypted. Just a heads up.

Updating Kolab 3.1 or 3.2 to 3.3

I have recently updated my Kolab Groupware install from version 3.2 to version 3.3, there are not a ton of new features but I wanted to see if this would be a huge process or go fairly quickly.

First of all, take a backup. Really take a backup. You never know what your going to blow up with Kolab updates. Sometime they work great, and they are getting better. Just do it. At the very least backup your IMAP store. If you are like me at all and have your IMAP mounted over NFS, stop the Cyrus service and unmount the IMAP store.

Also, I am using CentOS 6 this guide will be based on that, the fixes at the end might apply though if you are not running CentOS 6.

Here is what I did, also I will list a few things I did to fix some issues.

Backup the server. I use VMWare ESX so I made a snapshot.

Stop the Cyrus Server.
service cyrus-imapd stop

I unmounted the IMAP store since I use NFS.
umount /var/spool/imap

Follow this guide (I will copy it’s content below, possibly with some differences).

Update your CentOS Installation

# cd /etc/yum.repos.d/
# rm Kolab*.repo
# wget
# wget
# yum update

FILE TO EDIT: /etc/kolab/kolab.conf
Replace with your LDAP and installation primary domain name.

sharedfolder_acl_entry_attribute = acl
modifytimestamp_format = %Y%m%d%H%M%SZ

delegate_sender_header = True
alias_sender_header = True
sender_header = True
xsender_header = True
cache_uri = 

modules = resources, invitationpolicy, footer
kolab_invitation_policy =, ACT_MANUAL

If you’re planning to make use of wallace please make sure wallace is enabled to start using chkconfig on RHEL/Centos or /etc/default/wallace on debian.

# service kolab-server restart
# service wallace restart

FILE TO EDIT: /etc/kolab-freebusy/config.ini
Instead of editing the configuration by hand it’s easier to just recreate the configuration using the setup-kolab tool. Your choice.
This step did not work for me, but I do not use freebusy!

# cp /etc/kolab-freebusy/config.ini.rpmnew /etc/kolab-freebusy/config.ini
# setup-kolab freebusy

FILE TO EDIT: /etc/roundcubemail/
The plugins where correct on my server excepting adding the new ones, kolab_notes and kolab_tags.

Change the plugin load order the follwing way:

    move kolab_auth to the top position
    move kolab_config after kolab_addressbook
    add kolab_notes after kolab_folders
    add kolab_tags after kolab_notes
$config['use_secure_urls'] = true;
$config['assets_path'] = '/roundcubemail/assets/';

FILE TO EDIT: /etc/roundcubemail/
Change the password driver from ldap to ldap_simple.

$config['password_driver'] = 'ldap_simple';

FILE TO EDIT: /etc/roundcubemail/
Update the kolab_files_url to /chwala/ to be protocol independent.
This would not work for me, I kept my old setup.

$config['kolab_files_url'] = '/chwala/';

FILE TO EDIT: /etc/iRony/
The iRony configuration doesn’t have anything special configurations. You might want to consider just to take the new default config file or change it based on the differences between the previous version.
For me, nothing changed from 3.2 to 3.3 but you should check.

# cp /etc/iRony/ /etc/iRony/

FILE TO EDIT: /etc/postfix/ldap/
To fix the handling of resource invitations you’ve to adjust your existing virtual alias maps, otherwise you end up with non-delivery-reports.
I just had to add the last part.
query_filter = (&(|(mail=%s)(alias=%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail))

FILE TO EDIT: /etc/postfix/
This will put wallace as the next content-filter after the mail has been returned from amavis to postfix. If you’re don’t want to make use of iTip processing or resource management you can skip this section.

[...]     inet        n       -       n       -       100     smtpd
    -o cleanup_service_name=cleanup_internal
    -o content_filter=smtp-wallace:[]:10026
    -o local_recipient_maps=

Restart Postfix

# service postfix restart

Update MySQL Database
Connect to MySQL, use the password you use for SQL on that server.

# mysql -u root -p -D kolab
-- Table structure for table `ou_types`

/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `ou_types` (
  `key` text NOT NULL,
  `name` varchar(256) NOT NULL,
  `description` text NOT NULL,
  `attributes` longtext NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
/*!40101 SET character_set_client = @saved_cs_client */;

-- Dumping data for table `ou_types`

/*!40000 ALTER TABLE `ou_types` DISABLE KEYS */;
INSERT INTO `ou_types` VALUES (1,'unit','Standard Organizational Unit','A standard organizational unit definition','{\"auto_form_fields\":[],\"fields\":{\"objectclass\":[\"top\",\"organizationalunit\"]},\"form_fields\":{\"ou\":[],\"description\":[],\"aci\":{\"optional\":true,\"type\":\"aci\"}}}');
/*!40000 ALTER TABLE `ou_types` ENABLE KEYS */;

-- Table structure for table `sharedfolder_types`

DROP TABLE IF EXISTS `sharedfolder_types`;
/*!40101 SET @saved_cs_client     = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `sharedfolder_types` (
  `key` text NOT NULL,
  `name` varchar(256) NOT NULL,
  `description` text NOT NULL,
  `attributes` longtext NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `name` (`name`)
/*!40101 SET character_set_client = @saved_cs_client */;

-- Dumping data for table `sharedfolder_types`

LOCK TABLES `sharedfolder_types` WRITE;
/*!40000 ALTER TABLE `sharedfolder_types` DISABLE KEYS */;
INSERT INTO `sharedfolder_types` VALUES (1,'addressbook','Shared Address Book','A shared address book','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"contact\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(2,'calendar','Shared Calendar','A shared calendar','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"event\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(3,'journal','Shared Journal','A shared journal','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"journal\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(4,'task','Shared Tasks','A shared tasks folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"task\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(5,'note','Shared Notes','A shared Notes folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"note\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(6,'file','Shared Files','A shared Files folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"file\"],\"objectclass\":[\"top\",\"kolabsharedfolder\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[]}}'),(7,'mail','Shared Mail Folder','A shared mail folder','{\"auto_form_fields\":[],\"fields\":{\"kolabfoldertype\":[\"mail\"],\"objectclass\":[\"top\",\"kolabsharedfolder\",\"mailrecipient\"]},\"form_fields\":{\"acl\":{\"type\":\"imap_acl\",\"optional\":true,\"default\":\"anyone, lrs\"},\"cn\":[],\"alias\":{\"type\":\"list\",\"optional\":true},\"kolabdelegate\":{\"type\":\"list\",\"autocomplete\":true,\"optional\":true},\"kolaballowsmtprecipient\":{\"type\":\"list\",\"optional\":true},\"kolaballowsmtpsender\":{\"type\":\"list\",\"optional\":true},\"kolabtargetfolder\":[],\"mail\":[]}}');
/*!40000 ALTER TABLE `sharedfolder_types` ENABLE KEYS */;

Go ahead and restart the server now to load stuff, you don’t really have to I suppose.

Stuff I fixed/updated/changed to make stuff work….

The assets will not load, images, css and such on roundcube web interface:

Edit /etc/roundcubemail/ and change

$config['assets_path'] = '/roundcubemail/assets/';


$config['assets_path'] = '/assets/';

Still no assets, using SSL? No images and stuff? Let’s check your Apache configuration. I had to add an Include line in the ssl.conf

Edit /etc/httpd/conf.d/ssl.conf
I just added the Include line below, your setup may be different as some people use a VHOST some use SSL some use mod_ssl (like me) some use other SSL setups. Some people need to include the roundcubemail.conf and some won’t.

#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/

Include conf.d/roundcubemail.conf

#   SSL Engine Options:

Okay, I also use a custom port number with my setup to access the web, it’s SSL but it’s not on port 443. You need to turn off secure_urls and change a PHP variable.
Edit /etc/roundcubemail/

$config['use_secure_urls'] = false;

Edit /usr/share/roundcubemail/program/include/rcmail_output_html.php
Line ~187. You can see I changed the $_SERVER line to be HTTP_HOST this will catch the custom port.

                $base = implode('/', $_base);

            $path = (rcube_utils::https_check() ? 'https' : 'http') . '://'
                . $_SERVER['HTTP_HOST'] . $base . '/' . $path;

        $this->assets_path = $path;
        $this->set_env('assets_path', $path);

Do you use the files portion of Kolab and it’s not working? Lets check our configuration for Chwala.

Edit /usr/share/roundcubemail/config/
Here is my file, check the top lines, the URL fields. I at one point needed to specify HTTPS, maybe you do. I no longer need to.

Have an android device or other Exchange client that you know supports sub-folders and user created folders and they never show up? Do the emails all clump together in the inbox? Try this.

Edit /usr/share/kolab-syncroton/lib/kolab_sync_data_email.php
Line ~108. Change the windowsoutlook15 to android

    public function __construct(Syncroton_Model_IDevice $device, DateTime $syncTimeStamp)
        parent::__construct($device, $syncTimeStamp);

        $this->storage = rcube::get_instance()->get_storage();

        // Outlook 2013 support multi-folder
        //$this->ext_devices[] = 'windowsoutlook15';
        $this->ext_devices[] = 'android';

        if ($this->asversion >= 14) {
            $this->tag_categories = true;

Make sure you go into roundcube settings, and then folders. Check the new folders are checked. Then settings and ActiveSync and under your device check the new folders as well.

After everything was good, I was still getting some odd errors with the notes portion. I could make a new Noteboot in Roundcube and add notes there, but I could not add or move notes into the primary notebook ‘Notes’ I kept getting an error. My androids could not add or read notes from it either. Very odd. After poking around I figured it’s probably something with the IMAP storage portion. I was right for my issue, and this is what I did.

Login to kolab server using SSH or console as root and then change user to cyrus.

su - cyrus

If you get an error with that command, then you need to probably check the login shell for cyrus. I changed the users login shell to bash.

usermod -s /bin/bash cyrus

Once you are running as Cyrus we need to reconstruct the IMAP mailbox.

cd /usr/lib/cyrus-imapd
./reconstruct -r user/test.user

For me the user/test.user was user/

While here I also ran

./cyr_expire -E 3 -D 3 -X 3

To remove some deleted crap and clear out stuff.