Arch Linux Setup and Configuration

This is my collection of Arch Linux configurations and commands that I use to maintain and optimize my system.

Battery Management#

Charge Control Thresholds#

To extend battery lifespan, you can configure charge thresholds that prevent the battery from charging to 100% when plugged in constantly:

echo 45 | sudo tee /sys/class/power_supply/BAT0/charge_control_start_threshold
echo 55 | sudo tee /sys/class/power_supply/BAT0/charge_control_end_threshold

This configuration starts charging at 45% and stops at 55%, ideal for a laptop that stays plugged in most of the time.

Check Power Status#

To check if your laptop is currently plugged in or running on battery:

cat /sys/class/power_supply/AC/online

Returns:

• 1 = plugged in
• 0 = on battery

System Maintenance#

Package Cache Cleanup#

Regular cleanup of package caches helps free up disk space:

yay -Sc && sudo pacman -Sc

This removes old and uninstalled packages from both AUR (yay) and official repository (pacman) caches.

VPN Configuration#

Wireguard VPN Setup#

Wireguard is a fast, modern VPN protocol. Here’s how to set it up on Arch:

Installation:

sudo pacman -S wireguard-tools openresolv

Configuration:

sudo cp ~/Documents/VPN-Andrey-Laptop.conf /etc/wireguard/vpn.conf
sudo chmod 600 /etc/wireguard/vpn.conf

Usage:

# Start VPN
sudo wg-quick up vpn

# Check connection status
sudo wg show

# Stop VPN
sudo wg-quick down vpn

Optional DNS resolution update:

sudo resolvconf -u

Xray VLESS+Reality Setup#

Xray is a powerful proxy tool that creates an encrypted tunnel to your VPS server, useful for bypassing censorship and improving privacy.

What is Xray?#

• Client that connects to your VPS server via encrypted tunnel
• Creates local proxy: 127.0.0.1:10808 (SOCKS5) and 10809 (HTTP)
• Traffic flow: Your apps → Local Xray → Encrypted to VPS → Internet

Installation#

yay -S xray
sudo mkdir -p /etc/xray
sudo nvim /etc/xray/config.json

Configuration Requirements#

Information needed from your server:

• Server IP/domain
• Port (usually 443)
• UUID
• Reality: public key, short ID, SNI domain

Key configuration sections:

• Inbounds: Local SOCKS5 (10808) + HTTP (10809)
• Outbounds: VLESS+Reality to your server + “freedom” for direct
• Routing: Which traffic goes where

Configuration Template#

Create /etc/xray/config.json with the following template:

{
  "log": {
    "loglevel": "warning"
  },
  "inbounds": [
    {
      "port": 10808,
      "listen": "127.0.0.1",
      "protocol": "socks",
      "settings": {
        "udp": true
      },
      "tag": "socks-in"
    },
    {
      "port": 10809,
      "listen": "127.0.0.1",
      "protocol": "http",
      "tag": "http-in"
    }
  ],
  "outbounds": [
    {
      "protocol": "vless",
      "settings": {
        "vnext": [
          {
            "address": "YOUR_SERVER_IP_OR_DOMAIN",
            "port": 443,
            "users": [
              {
                "id": "YOUR_UUID",
                "encryption": "none",
                "flow": "xtls-rprx-vision"
              }
            ]
          }
        ]
      },
      "streamSettings": {
        "network": "tcp",
        "security": "reality",
        "realitySettings": {
          "show": false,
          "fingerprint": "chrome",
          "serverName": "www.microsoft.com",
          "publicKey": "YOUR_REALITY_PUBLIC_KEY",
          "shortId": "YOUR_SHORT_ID",
          "spiderX": ""
        }
      },
      "tag": "proxy"
    },
    {
      "protocol": "freedom",
      "tag": "direct"
    }
  ],
  "routing": {
    "rules": [
      {
        "type": "field",
        "outboundTag": "direct",
        "domain": ["geosite:private"]
      },
      {
        "type": "field",
        "outboundTag": "proxy",
        "network": "tcp,udp"
      }
    ]
  }
}

Starting the Service#

# Test configuration first
sudo xray run -c /etc/xray/config.json

# If it works, enable as service
sudo systemctl enable xray@config
sudo systemctl start xray@config

# Check status
sudo systemctl status xray@config

# View logs
sudo journalctl -u xray@config -f

Usage Options#

1. Browser only (recommended):

• Firefox/LibreWolf → Manual proxy → 127.0.0.1:10808 SOCKS5

2. System-wide:

• GNOME/KDE Network Settings → Manual proxy

3. Per-app:

proxychains <command>

4. Terminal sessions:

export all_proxy="socks5://127.0.0.1:10808"

Recommended Browser: LibreWolf#

LibreWolf is a privacy-focused Firefox fork that’s perfect for use with proxies:

sudo pacman -S librewolf

Configuration:

• Settings → Network → Manual proxy → SOCKS5 127.0.0.1:10808
• Enable “Proxy DNS when using SOCKS v5”
• Disable WebRTC: about:config → media.peerconnection.enabled = false

Testing Your Setup#

# Check your real IP
curl ifconfig.me

# Check IP through proxy (should show VPS IP)
curl --socks5 127.0.0.1:10808 ifconfig.me

Security Verification#

Test for leaks at:

• https://browserleaks.com
• https://ipleak.net

Technical Notes#

• Traffic is TLS 1.3 encrypted
• Reality protocol makes traffic appear as HTTPS to legitimate sites
• Datacenter IPs may still trigger some “VPN detected” warnings - this is normal behavior

Last updated: December 8, 2025