User:TheLurps

From Gentoo Wiki
Jump to:navigation Jump to:search

My Gentoo setup

Alongside Windows 11 a fully encrypted Gentoo should be installed utilizing dual boot on one disk.

Install Windows 11

  • install Windows 11 normally, Bitlocker can be activated
  • boot Gentoo LiveGUI
  • resize EFI partition created by Windows to at least 1GB

Prepare block devices

  • boot Gentoo LiveGUI
  • create partition
root #lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
loop0         7:0    0   3.3G  1 loop /mnt/livecd
sda           8:0    1 115.5G  0 disk 
├─sda1        8:1    1 115.4G  0 part 
│ └─ventoy  253:0    0   3.4G  1 dm   /mnt/cdrom
└─sda2        8:2    1    32M  0 part 
nvme0n1     259:0    0 476.9G  0 disk 
├─nvme0n1p1 259:1    0   1.1G  0 part 
├─nvme0n1p2 259:2    0    16M  0 part 
├─nvme0n1p3 259:3    0 199.2G  0 part 
├─nvme0n1p4 259:4    0   775M  0 part 
└─nvme0n1p5 259:5    0 275.8G  0 part
root #parted -a optimal /dev/nvme0n1p5
GNU Parted 3.1
... additional output suppressed ...
(parted) unit s
(parted) print free
... additional output suppressed ...
Number  Start      End         Size        File system  Name                          Flags
... additional output suppressed ...
        AAAs       BBBs        CCCs        Free Space

(parted) mkpart primary AAAs BBBs
(parted) quit
  • encrypt partition
root #cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool luksFormat /dev/nvme0n1p5
  • mount encrypted device
root #cryptsetup luksOpen /dev/nvme0n1p5 encrypted
  • create btrfs root
root #mkfs.btrfs -L BTROOT /dev/mapper/encrypted

Create filesystem

  • mount btrfs root
root #mkdir -vp /mnt/btroot
root #mount -v -t btrfs -o defaults,noatime,compress=lzo,autodefrag /dev/mapper/encrypted /mnt/btroot
  • create subvolumes
root #btrfs subvol create /mnt/btroot/root
root #btrfs subvol create /mnt/btroot/home
root #btrfs subvol create /mnt/btroot/var
root #btrfs subvol create /mnt/btroot/swap
  • mount subvolumes
root #mkdir -vp /mnt/gentoo
root #mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=root /dev/mapper/encrypted /mnt/gentoo
root #mkdir -vp /mnt/gentoo/home
root #mkdir -vp /mnt/gentoo/var
root #mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=home /dev/mapper/encrypted /mnt/gentoo/home
root #mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=var /dev/mapper/encrypted /mnt/gentoo/var
  • create swap
root #chattr +C /mnt/btroot/swap
root #fallocate -l 24G /mnt/btroot/swap/swapfile
root #chmod 600 /mnt/btroot/swap/swapfile
root #mkswap /mnt/btroot/swap/swapfile
root #swapon /mnt/btroot/swap/swapfile

Install stage 3

  • sync time
root #chronyd -q
  • download and extract current stage3
root #sha256sum --check stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.sha256
root #gpg --import /usr/share/openpgp-keys/gentoo-release.asc
root #gpg --verify stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.asc
root #gpg --verify stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.DIGEST
root #gpg --verify stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.sha256
root #tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner

Configure initial make.conf and activate binhosts

FILE /mnt/gentoo/etc/portage/make.conf
COMMON_FLAGS="-march=native -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
LC_MESSAGES=C.utf8

# Overrides the profile's ACCEPT_LICENSE default value
ACCEPT_LICENSE="-* @FREE @BINARY-REDISTRIBUTABLE"

# Appending getbinpkg to the list of values within the FEATURES variable
FEATURES="${FEATURES} getbinpkg"

# Require signatures
FEATURES="${FEATURES} binpkg-request-signature"

# Use distribution kernel
USE="${USE} dist-kernel"

# Use wayland
USE="${USE} wayland"

# Use NetworkManager
USE="${USE} networkmanager"

# Defining localization values
L10N="en en-US"

VIDEO_CARDS="intel"

INPUT_DEVICES="libinput synaptics wacom"

GENTOO_MIRRORS="http://ftp.agdsn.de/gentoo \
    https://ftp.agdsn.de/gentoo \
    rsync://ftp.agdsn.de/gentoo \
    https://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ \
    http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ \
    rsync://ftp.spline.inf.fu-berlin.de/gentoo-distfiles/ \
    https://ftp.gwdg.de/pub/linux/gentoo/ \
    http://ftp.gwdg.de/pub/linux/gentoo/ \
    ftp://ftp.gwdg.de/pub/linux/gentoo/ \
    rsync://ftp.gwdg.de/gentoo/ \
    https://ftp.uni-hannover.de/gentoo/ \
    http://ftp.uni-hannover.de/gentoo/ \
    ftp://ftp.uni-hannover.de/gentoo/ \
    https://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ \
    http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ \
    ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ \
    rsync://linux.rz.ruhr-uni-bochum.de/gentoo \
    https://ftp.halifax.rwth-aachen.de/gentoo/ \
    http://ftp.halifax.rwth-aachen.de/gentoo/ \
    ftp://ftp.halifax.rwth-aachen.de/gentoo/ \
    rsync://ftp.halifax.rwth-aachen.de/gentoo/ \
    https://ftp.tu-ilmenau.de/mirror/gentoo/ \
    http://ftp.tu-ilmenau.de/mirror/gentoo/ \
    rsync://ftp.tu-ilmenau.de/gentoo/ \
    https://ftp.fau.de/gentoo \
    http://ftp.fau.de/gentoo \
    ftp://ftp.fau.de/gentoo \
    rsync://ftp.fau.de/gentoo \
    https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ \
    http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ \
    ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ \
    rsync://ftp-stud.hs-esslingen.de/gentoo/ \
    https://ftp.uni-stuttgart.de/gentoo-distfiles/ \
    http://ftp.uni-stuttgart.de/gentoo-distfiles/ \
    ftp://ftp.uni-stuttgart.de/gentoo-distfiles/"


FILE /mnt/gentoo/etc/portage/binrepos.conf/gentoobinhost.conf
[gentoo-binhost]
priority = 1
sync-uri = https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64-v3/

[ruhr-uni-bochum-binhost]
priority = 8999
sync-uri = https://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/releases/amd64/binpackages/23.0/x86-64-v3/

[fau-binhost]
priority = 8998
sync-uri = https://ftp.fau.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[agdsn-binhost]
priority = 8997
sync-uri = https://ftp.agdsn.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[hs-esslingen-binhost]
priority = 8996
sync-uri = https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[rwth-aachen-binhost]
priority = 8995
sync-uri = https://ftp.halifax.rwth-aachen.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[gwdg-binhost]
priority = 8994
sync-uri = https://ftp.gwdg.de/pub/linux/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[tu-ilmenau-binhost]
priority = 8993
sync-uri = https://ftp.tu-ilmenau.de/mirror/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[uni-hannover-binhost]
priority = 8992
sync-uri = https://ftp.uni-hannover.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/

[uni-stuttgart-binhost]
priority = 8991
sync-uri = https://ftp.uni-stuttgart.de/gentoo-distfiles/releases/amd64/binpackages/23.0/x86-64-v3/

[fu-berlin]
priority = 8990
sync-uri = https://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
root #touch /etc/portage/package.{accept_keywords,use,mask,unmask}/zzz_via_autounmask

Chroot into stage 3

  • copy DNS info
root #cp --dereference /etc/resolv.conf /mnt/gentoo/etc/
  • mount devices
root #mount --types proc /proc /mnt/gentoo/proc
root #mount --rbind /sys /mnt/gentoo/sys
root #mount --make-rslave /mnt/gentoo/sys
root #mount --rbind /dev /mnt/gentoo/dev
root #mount --make-rslave /mnt/gentoo/dev
root #mount --bind /run /mnt/gentoo/run
root #mount --make-slave /mnt/gentoo/run
  • enter environment
root #chroot /mnt/gentoo /bin/bash
root #source /etc/profile
root #export PS1="(chroot) ${PS1}"

Configure portage

  • update with webrsync
root #emerge-webrsync
  • install and run mirrorselect
root #emerge -av1 app-portage/mirrorselect
root #mirrorselect -i -o >> /etc/portage/make.conf
  • update ebuild repository
root #emerge --sync
  • select profile
root #eselect profile set "default/linux/amd64/23.0/desktop/systemd"
  • update GPG keys
root #getuto
  • install neovim
root #emerge -av app-editors/neovim
root #eselect editor set "/usr/bin/nvim"
  • set CPU flags
root #emerge -av1 app-portage/cpuid2cpuflags
root #echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags
  • update @world
root #emerge -avuDU @world

Locales and timezone

  • set timezone
root #ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
  • configure locale
FILE /etc/locale.gen
en_US ISO-8859-1
en_US.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE.UTF-8 UTF-8
  • generate and select locales
root #locale-gen
root #eselect locale set "en_US.utf8"
  • reload environment
root #env-update && source /etc/profile && export PS1="(chroot) ${PS1}"

Install firmware and microcode

root #emerge -av sys-kernel/linux-firmware
root #emerge -av sys-firmware/intel-microcode

Install kernel and initramfs

  • set dracut flag for installkernel
root #echo "sys-kernel/installkernel dracut systemd-boot" > /etc/portage/package.use/installkernel
root #echo "sys-apps/systemd boot cryptsetup" > /etc/portage/package.use/systemd
  • install btrfs-progs
root #emerge -av sys-fs/btrfs-progs
  • configure dracut (get UUIDs with blkid)
root #mkdir -vp /etc/dracut.conf.d
FILE /etc/dracut.conf.d/localhost.conf
hostonly="yes"

kernel_cmdline="rd.luks.uuid=3993bc45-30c5-4293-ad0d-c803d6b43450 rd.luks.allow-discards=3993bc45-30c5-4293-ad0d-c803d6b43450 rootfstype=btrfs root=UUID=0528276b-c1f2-4196-b775-7d0be924abbf rootflags=defaults,noatime,compress=lzo,autodefrag,ssd,subvolid=256,subvol=root"

add_dracutmodules+=" btrfs crypt usrmount "
omit_dracutmodules+=" systemd systemd-initrd dracut-system i18n systemd-udevd"
root #echo "/usr" > /etc/initramfs.mounts
  • install binary distribution kernel
root #emerge -av sys-kernel/gentoo-kernel-bin
  • update @world
root #emerge -avuDU @world

Install bootloader

  • mount EFI partition
root #mkdir -vp /efi
root #mount -v /dev/nvme0n1p1 /efi
  • reconfigure kernel
root #emerge --config gentoo-kernel-bin
  • install bootloader
root #bootctl install

fstab

FILE /etc/fstab
PARTUUID="26edf43f-0eba-4eaf-9282-1ef9fb24c288" /efi vfat umask=0077 0 2
LABEL=BTROOT / btrfs default,noatime,compress=lzo,autodefrag,subvol=root,ssd 0 0
LABEL=BTROOT /var btrfs default,noatime,compress=lzo,autodefrag,subvol=var,ssd 0 0
LABEL=BTROOT /home btrfs default,noatime,compress=lzo,autodefrag,subvol=home,ssd 0 0

Networking information

  • set hostname
root #echo "korhal" > /etc/hostname
  • install and enable DHCP
root #emerge -av net-misc/dhcpcd
root #systemctl enable dhcpcd
  • configure hosts file
FILE /etc/hosts
127.0.0.1 korhal localhost
::1 korhal localhost
  • allow DHCP with systemd-networkd
FILE /etc/systemd/network/50-dhcp.network
[Match]
Name=en*
 
[Network]
DHCP=yes
root #systemctl enable --now systemd-networkd.service
  • write /etc/resolv.conf with systemd-resolved
root #ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
root #systemctl enable --now systemd-resolved.service

System information

root #systemd-machine-id-setup
  • set root password
  • reboot

Installing tools

  • run systemd firstboot prompt
root #systemd-firstboot --prompt
  • install indexer
root #emerge --ask sys-apps/mlocate
  • install bash completion for gentoo
root #emerge --ask app-shells/bash-completion
  • enable NTP client
root #systemctl enable systemd-timesyncd.service
  • install filesystem tools
root #emerge --ask sys-block/io-scheduler-udev-rules
root #emerge --ask sys-fs/btrfs-progs
  • install wifi tools
root #emerge --ask net-wireless/iw net-wireless/wpa_supplicant
  • install misc. tools
root #emerge -a app-misc/tmux app-misc/fastfetch sys-process/btop app-portage/eix app-portage/gentoolkit

Setup unprivileged user account

  • create user
root #useradd -m -G audio,cdrom,portage,plugdev,usb,users,video,wheel -s /bin/bash lurps
  • set password
root #passwd lurps
  • install sudo
root #emerge --ask app-admin/sudo
  • grant group or user permissions
root #visudo

Clean disk

root #rm -v /stage3-*.tar.*

Install Sway

  • install sway and basic tools
root #emerge -avuDNU @world
root #emerge --ask gui-wm/sway
root #emerge --ask gui-apps/foot gui-apps/wmenu gui-apps/waybar gui-apps/mako gui-apps/swaylock gui-apps/swayidle
  • install sddm and enable it
root #emerge --ask x11-misc/sddm
root #usermod -a -G video sddm
root #systemctl enable sddm.service
  • reboot and login as user

Prepare working environment

  • install flatpak and add flathub
root #emerge --ask sys-apps/flatpak
user $flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
  • install some flatpaks
user $flatpak install com.github.tchx84.Flatseal
user $flatpak install flathub com.brave.Browser
user $flatpak install flathub md.obsidian.Obsidian
user $flatpak install flathub org.zotero.Zotero
user $flatpak install flathub org.mozilla.Thunderbird
  • install more software with portage
root #echo "app-admin/rcm ~amd64" > /etc/portage/package.accept_keywords/rcm
root #echo "net-misc/nextcloud-client nautilus" > /etc/portage/package.use/nextcloud-client
root #emerge --ask \
    app-admin/pass \
    app-admin/pydf \
    app-admin/rcm \
    app-backup/snapper \
    app-misc/ranger \
    app-shells/fzf \
    dev-vcs/git \
    gnome-base/nautilus \
    sys-apps/bat \
    sys-apps/etckeeper \
    sys-apps/pciutils \
    sys-apps/usbutils \
    sys-process/lsof
  • configure eix
FILE /etc/eix-sync.conf
# Sync all ebuild repositories with layman -S
*

# Regenerate ebuild repository metadata
@emerge --regen || true
  • add timer for eix-update
FILE /etc/systemd/system/eix-update.timer
[Unit]
Description=update the eix database 15min after boot

[Timer]
OnBootSec=15min
OnUnitActiveSec=1d

[Install]
WantedBy=timers.target
FILE /etc/systemd/system/eix-update.service
[Unit]
Description=update the eix database 15min after boot and every day if system is running

[Service]
Type=oneshot
ExecStart=/usr/bin/eix-update
User=portage
Group=systemd-journal
root #systemctl daemon-reload
root #systemctl enable eix-update.timer
  • generate SSH keypair and upload to GitHub
user $ssh-keygen -C "$(id -nu)@$(hostname)_$(date '+%Y%m%d')"
  • clone dotfiles
user $git clone git@github.com:TheLurps/dotfiles.git ~/.dotfiles
  • clone password-store
user $git clone git@github.com:TheLurps/password-store.git ~/.password-store
  • copy old .rcrc from dotfiles, edit and add to host config
user $mkrc -B korhal ~/.rcrc
  • copy configs from dotfiles
user $rcup -v
  • import GPG keys

References