This repository contains scripts that will install ArchLinux on laptop with full disk encryption and Secure Boot enabled.
Installation scripts assume following configuration:
- Laptop has Skylake Intel GPU (or newer) with >1080p display
- One NVMe drive that will be fully used for ArchLinux
- BIOS is capable of UEFI Secure Boot
- systemd-boot will be used as bootloader
- NVMe drive will be using full disk encryption for root and swap partitions
- Root partition will use zstd compressed btrfs with separate subvolumes for
/,/home,/var/logand/var/cache/pacman/pkg - Setup will use wifi device for network connection
- systemd-networkd, systemd-resolved and iwd will be used for network after installation
- NVMe trim will be enabled as a systemd timer
- Enable larger font for console
- One non-root user with access to sudo with bash shell and auto-login on boot
- Password for root user will be disabled
- powertop autotune will be enabled on boot
- Various extra tweaks
-
BIOS preparation.
- delete default Secure Boot keys / disable Secure Boot
- set up BIOS password
- boot from ArchLinux live USB stick
-
Connect to wifi.
wifi-menu -
Update system clock.
timedatectl set-ntp true -
Download contents of this repository.
curl -sfL https://github.com/mmozeiko/arch-setup/archive/master.tar.gz | tar zxf - cd arch-setup-master -
Edit the
setup.shandsetup-chroot.shfiles to specify parameters at top of the file. -
Run
setup.sh.# during the installation it will ask two passwords # first is FDE password (two times for setup, once for using) # second one is user login password ./setup.sh -
Reboot & remove live USB stick.
reboot
- After running manual
mkinitcpio -p linuxyou need to runsudo /boot/sign-kernel.shto prepare & sign new kernel image - On shutdown you'll see harmless error when unmounting
/var/logsubvolume
This will:
- generate ssh key
- set up dotfiles alias
- install yay AUR helper
- install kernel-modules-hook for keeping kernel modules after kernel upgrade
- enable plymouth for splashscreen during the boot
-
Connect to wifi.
iwctl # station wlp3s0 scan # station wlp3s0 get-networks # station wlp3s0 connect SSID # quit -
Generate ed25519 ssh private key.
ssh-keygen -t ed25519 -
Add
~/.ssh/id_ed25519.pubto github account, setup dotfiles (create your own repo).rm ~/.bashrc git clone --bare [email protected]:mmozeiko/dotfiles.git ${HOME}/.dotfiles git --git-dir=${HOME}/.dotfiles --work-tree=${HOME} checkout git --git-dir=${HOME}/.dotfiles --work-tree=${HOME} config --local status.showUntrackedFiles no -
Logout and login again to use new
~/.bashrcfile. -
Install yay AUR helper.
curl -sfL https://aur.archlinux.org/cgit/aur.git/snapshot/yay-bin.tar.gz | tar xzf - cd yay-bin && makepkg -si && cd .. && rm -rf yay-bin -
Install kernel-modules-hook.
yay -S kernel-modules-hook sudo systemctl daemon-reload sudo systemctl enable linux-modules-cleanup -
Install plymouth.
yay -S plymouth ttf-dejavu sudo sed -i 's/ udev / udev plymouth /' /etc/mkinitcpio.conf sudo sed -i 's/ encrypt / plymouth-encrypt /' /etc/mkinitcpio.conf sudo sed -i 's/ quiet / quiet splash /' /boot/cmdline.txt cat << EOF | sudo tee /etc/plymouth/plymouthd.conf [Daemon] Theme=spinfinity ShowDelay=0 EOF sudo mkinitcpio -p linux sudo /boot/sign-kernel.sh -
(optional) Get UEFI shell.
yay -S uefi-shell-git sudo sbsign --key /boot/keys/db.key --cert /boot/keys/db.crt --output /boot/esp/shellx64.efi /usr/share/uefi-shell/shellx64_v2.efi
-
Install sway - a Wayland compositor, i3blocks status bar and rofi for application menu.
yay -S --needed wlroots-git sway-git i3blocks rofi rofi-dmenu j4-dmenu-desktop qt5-wayland -
Install termite for terminal and mako for notifications.
yay -S termite mako -
Install fonts. Enable LCD subpixel fontconfig configuration for RGB pixel alignment.
yay -S --needed ttf-bitstream-vera ttf-dejavu ttf-liberation ttf-inconsolata adobe-source-han-{sans,serif}-otc-fonts ttf-font-icons sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d/ sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-light.conf /etc/fonts/conf.d/ -
Install vulkan.
yay -S vulkan-icd-loader vulkan-intel -
Install VA-API driver for hardware accelerated video playback.
yay -S libva-intel-driver libva-utils # check if it is working vainfo -
Install opencl for Intel CPU and Intel GPU.
yay -S ocl-icd intel-opencl-runtime compute-runtime-bin # check if it is working yay -S clinfo clinfo -
Install avahi for resolving *.local hostnames.
yay -S --needed avahi nss-mdns sudo systemctl enable --now avahi-daemon sudo sed -i 's/ resolve / mdns_minimal [NOTFOUND=return] resolve /' /etc/nsswitch.conf -
Install udiskie for automounting removable drives (to /media) & extra filesystems
yay -S udiskie ntfs-3g exfat-utils f2fs-tools echo 'ENV{ID_FS_USAGE}=="filesystem|other|crypto", ENV{UDISKS_FILESYSTEM_SHARED}="1"' | sudo tee /etc/udev/rules.d/99-udisks2.rules echo 'D /media 0755 root root 0 -' | sudo tee /etc/tmpfiles.d/media.conf -
Install Sublime Text and Sublime Merge.
curl -sfO https://download.sublimetext.com/sublimehq-pub.gpg sudo pacman-key --add sublimehq-pub.gpg sudo pacman-key --lsign-key 8A8F901A rm sublimehq-pub.gpg echo -e "\n[sublime-text]\nServer = https://download.sublimetext.com/arch/stable/x86_64" | sudo tee -a /etc/pacman.conf yay -Syu sublime-text sublime-merge -
Install extra packages.
# misc utilities yay -S --needed tar cpio bzip2 gzip lrzip lz4 zstd lzip lzop xz p7zip unrar zip unzip yay -S --needed bc acpi sysstat lsof strace jq fzf ripgrep light nvme-cli # terminal software yay -S htop ncdu mosh tmux weechat micro-bin # FAR manager yay -S far2l-git # PulseAudio yay -S pulseaudio pulseaudio-alsa pulseaudio-bluetooth ponymix pavucontrol-qt # media software yay -S mpv youtube-dl ffmpeg-libfdk_aac mkvtoolnix-cli mkclean gpac sox # network software yay -S --needed rsync rclone tcpdump nmap socat openbsd-netcat # Wireguard VPN yay -S wireguard-dkms wireguard-tools # Wireshark yay -S wireshark-qt sudo gpasswd -a ${USER} wireshark # Docker yay -S docker docker-compose sudo gpasswd -a ${USER} docker sudo systemctl enable --now docker # Google Chrome yay -S google-chrome # Zathura pdf/djvu reader yay -S zathura zathura-pdf-mupdf zathura-djvu # VCS yay -S --needed git git-lfs tig subversion subversion mercurial # development tools yay -S --needed cmake ninja meson clang llvm gdb nemiver nasm yay -S --needed valgrind perf python-pip python-virtualenv yay -S --needed intel-gpu-tools renderdoc apitrace vulkan-devel opencl-headers # MinGW yay -S mingw-w64-binutils mingw-w64-headers mingw-w64-headers-bootstrap mingw-w64-gcc-base mingw-w64-crt yay -S mingw-w64-winpthreads sudo libtool --finish /usr/x86_64-w64-mingw32/lib yay -S mingw-w64-gcc mingw-w64-clang # QEMU yay -S qemu qemu-arch-extra qemu-user-static-bin # Android stuff yay -S android-udev android-tools android-bash-completion # Unity3D & Visual Studio Code yay -S unity-editor visual-studio-code-bin dotnet-runtime dotnet-sdk msbuild-stable mono # Other software yay -S pinta gimp dia inkscape calibre yay -S tor-browser # TODO: lm_sensors bc # TODO: imv grim wlstream cmus ufw libreoffice-fresh # TODO: steam wine