RoadwarriorArch

#----------------------------------------------------------------------------------
#  __________                 ._____      __                    .__              
#  \______   \ _________    __| _/  \    /  \____ ______________|__| ___________ 
#   |       _//  _ \__  \  / __ |\   \/\/   |__  \\_  __ \_  __ \  |/  _ \_  __ \
#   |    |   (  <_> ) __ \/ /_/ | \        / / __ \|  | \/|  | \/  (  <_> )  | \/
#   |____|_  /\____(____  |____ |  \__/\  / (____  /__|   |__|  |__|\____/|__|   
#          \/           \/     \/       \/       \/                              
#----------------------------------------------------------------------------------

This repository contains a collection of scripts that will install Arch and include all of the relevant features for a laptop user (i.e. a roadwarrior; RoadwarriorArch). All installation scripts feature extensive comments and references to where each command was taken from. At the same time, they were made to be customizable, so you can fork this repository and customize it for yourself.

I use this script as is to setup my computers. It installs all the packages I need.

Features include:

• Tweaks
  • Both linux and linux-lts kernels installed
  • Microcode installed
  • Cron, bluetooth, networking, audio drivers, printing services
  • Silent Boot (UEFI logo retained until KDE lockscreen; no logs)
  • Make flags set for CPU cores
  • Parallel downloading for pacman
  • yay install
  • Passwordless sudo
  • Customizable locale/timezone
  • TLP install for power management
  • By default KDE with SDDM installed, one line change for something different
• Security
  • Full Hard Drive Encryption with LUKS2 (including /boot)
  • TPM2 support for passwordless login (measured boot) that supports kernel updates
  • Kernel Updates protected by booting using a signed EFI stub and Secure Boot
  • Secure Boot support with key generation and signing handled
  • Automatic installation/signing of KeyTool and certs in EFI partition.
    • Painless install of keys in UEFI after install without USB stick.
  • Fully Functional unlocked and signed GRUB2 that can mount encrypted /boot for troubleshooting (password required; secure boot supported).
  • Custom image for GRUB2 that supports LUKS2 mounting and bundles all boot modules.
• btrfs filesystem
  • Snapper support for both system directory and home directory with separate subvolumes
  • Sane snapper default configuration for both /home and system /
  • User inherits snapper volume management rights
  • Hibernation Support with encrypted swap file in btrfs
  • Script that generates btrfs alignment value for kernel resume cmd is built-in
  • Recovery script that can re-mount partitions from Arch installation media.
• Hybrid BIOS/UEFI support
  • Unsigned GRUB2 executable installed on both BIOS partition and EFI partition
  • Boot on any computer by entering your disk encryption password
  • Enter password only on GRUB, special initramfs image with keyfile and kernel cmd handle unlocking volume the second time.
  • Commands provided to add EFI images to UEFI
• Proper Intel Integrated Graphics packages installed
  • Just modify your Chrome shortcut for video hardware acceleration
  • No tearing (kwin with OpenGL 3.1)
• Separate script for most user space programs, which includes mine (2-software.sh)
  • Research programs: LaTeX, Zotero, Xournalpp, Libre Office
  • Photography/Design: wacom support, DarkTable, Rapid Photo Downloader, GIMP
  • Fonts, Emoji, Dictionaries, etc
  • yay install
  • Some AUR programs that are installed with yay (sbupdate for secure boot efi, tlp UI)

What this script doesn't provide is dual boot support. It is expected that you provide one full drive to Arch. In my opinion, it's too risky to do dual boot on the same drive manually. If you use two drives, you can use a UEFI entry to boot into Windows.

Install Instructions

:warning: Unplug all other drives other than boot or disable them in UEFI before proceeding to running this script to avoid mistakes.

VirtualBox Testing

There's 0% chance this script will work as is or be fit to your requirements. Therefore, before installing it on your computer you should try it on a Virtual Machine. Start by installing VirtualBox and creating an Arch VM with a thin (lazy allocated) 50GB disk. Arch/Manjaro commands:

yay -S virtualbox
sudo vboxreload

Clone/Fork this repository and open it with your favorite editor (such as VSCode):

git clone https://github.com/antheas/RoadwarriorArch
code RoadwarriorArch

Mount the git directory as a read only Shared Folder in the Arch VM under /root/rw.

Mount the Arch Installation ISO (https://archlinux.org/download/) as the VM boot drive and launch the VM.

Follow the installation instructions below. Be sure to test the script using both BIOS and UEFI virtualbox modes. Secure Boot is not available, so testing that will have to be done using your laptop.

Optional SSH connection

Typing within the boot VM is tiring. I'd recommend enabling SSH for the boot iso and connecting into it using your favorite terminal. To do this:

• Create a host-only network and add it as a secondary one to the VM.
• Restart the VM and set a password for root using passwd
• Use ip address to grab the VM IP
• Connect to your VM by typing ssh root@<ip> (sshd is enabled by default in Arch ISO)
• You will be prompted to accept the fingerprint and connect.
• If restarting and getting the same ip, the fingerprint will be different so you will be denied access. Use ssh-keygen -R <ip> to clear the fingerprint for that IP.
• You can now use your riced terminal to install Arch!

Installation Steps after Boot

After booting into your virtualbox, the command ls ~/rw will return the following

0-preinstall.sh  1-setup.sh  2-software.sh  3-dotfiles.sh  install.example.conf  
LICENSE  physical.c  README.md  rw-install.sh  rw-rescue.sh  sbupdate.conf  snapper_sample.conf

cd into ~/rw and create your install.conf file.

cd ~/rw
cp install.example.conf install.conf
nano install.conf

Afterwards, run ./rw-install.sh

bash rw-install.sh

You will be asked a couple of format related question and Arch will be installed.

Installation details

This repository is made up of the following scripts:

• 0-preinstall.sh: formats the drive using LUKS2 and bootstraps Arch using install media
• 1-setup.sh: runs within arch-chroot and installs the desktop environment and configures the main OS (can be run multiple times to refresh system)
• System is bootable after running those two scripts
• 2-software.sh: installs yay, sbupdate (installs efi executables), and a lot of large programs, skip for testing. Runs using created user, non-root
• 3-dotfiles.sh: is empty, use it to install user configuration
• rw-install.sh: runs 0-preinstall.sh, 1-setup.sh, 2-software.sh, 3-dotfiles.sh in order. It prompts before running 2-software.sh, 3-dotfiles.sh, so you can skip those for testing.
• rw-rescue.sh: unlocks and remounts a drive that was created using 0-preinstall.sh into /mnt, so you can continue installation after restarting or diagnose the system.

Look through them and customize them to taste.

rw-install.sh, 0-preinstall.sh can be run multiple times without restarting and will clean the drive each time, so if something fails you can just re-run them until it works.

1-setup.sh does not damage an already installed system and can be re-run after changing to update that system, after mounting with rw-rescue.sh.

Installing into your Laptop

It's recommended you have access to a secondary computer during this setup. Connecting through the working computer to your laptop using ssh will allow copy, pasting commands and make looking at documentation easier.

Boot ISO into USB

Install the Arch installation media into a USB drive. You can try Ventoy. If on Linux, I found gnome-disk-utility to be the best for formatting USB drives, even if using KDE. If on Windows, try Etcher.

Connecting to WIFI

Use iwctl to connect to WIFI

iwctl
> device list
> station [name] scan
> station [name] get-networks
> station [name] connect [ssid]

# Or if you're feeling lucky after rebooting 20 times
iwctl station [name] connect [ssid]
# will work on its own 50% of the time
# you might need to run first:
iwctl station [name] scan

# Test
ping google.com

Connecting over SSH

Find your ip address and set a root password:

ip address
passwd

Over at your other computer (same private network) type:

ssh root@<ip>

Follow the VirtualBox SSH guide for details.

Transfering Roadwarrior files

You don't have the customized Roadwarrior instance on the laptop yet, so copy it using scp

scp -r ../RoadwarriorArch root@<ip>:rw

Or, copy over to a USB and mount it in Arch ISO using:

# Identify usb drive name
lsblk
# Mount on ~/usb
mkdir ~/usb
mount /dev/<usb> ~/usb
cd ~/usb/RoadwarriorArch

Installation

cd into the code directory and run ./rw-install.sh

bash rw-install.sh

You will be prompted for which disk to format, whether to install EFI bios entries and whether to continue with 2-software.sh, 3-dotfiles.sh. First time, do a base install and skip the rest. After verifying the system boots properly, execute the whole setup.

Secure Boot and TPM

You now have a working system! Which boots with GRUB2/EFI stubs and asks for a password. Next step is to enable UEFI Secure boot and add your keys to it.

Read 1-setup.sh for detailed instructions.

The signing happens using a package from AUR that's named sbupdate, so if you haven't run 2-software.sh you won't have the signed executables yet. Run it first.

Using the built-in K