diff --git a/docs/gentoo-desktop-setup/installation.md b/docs/gentoo-desktop-setup/installation.md index 9364e04..d8124b5 100644 --- a/docs/gentoo-desktop-setup/installation.md +++ b/docs/gentoo-desktop-setup/installation.md @@ -2,14 +2,14 @@ Now is the time to actually install Gentoo. First import the pool again: -``` shell +``` shell-session root # zpool import -N -R /mnt rpool root # zfs load-key -L file:///tmp/rpool.key rpool ``` Then mount the datasets and the ESP on `/mnt`: -``` shell +``` shell-session root # mount -t zfs rpool/root/gentoo /mnt root # mkdir /mnt/var root # mount -t zfs rpool/root/gentoo/var /mnt/var @@ -19,7 +19,7 @@ root # mount -t vfat /dev/disk/by-label/esp /mnt/efi Now we're going to fetch a stage3 tarball for on the root of the system. Replace the `` with the latest tarball release. -``` shell +``` shell-session root # cd /mnt root # wget https://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64-musl-hardened/stage3-amd64-musl-hardened-.tar.xz ``` @@ -30,13 +30,13 @@ This should have placed a tarball at `/mnt/stage3-amd64-musl-hardened-*-.tar.xz` Unpack it in the new root: -``` shell +``` shell-session root # tar xpvf stage3-*.tar.xz --numeric-owner -C /mnt ``` Then before finally chrooting into the system simply copy over the `resolv.conf` for internet connection inside the chroot. -``` shell +``` shell-session root # cp /etc/resolv.conf /mnt/etc/. root # cp /tmp/rpool.key /mnt/tmp root # for i in dev proc sys run; do mount --rbind --make-rslave /$i /mnt/$i; done @@ -99,7 +99,7 @@ MODULES_SIGN_HASH="sha512" Now finally sync the repositories and try installing a package like `vim`. -``` shell +``` shell-session root # emaint sync ... Action: sync for repo: gentoo, returned code = 0 @@ -127,7 +127,7 @@ proc /proc proc nodev,nosuid,noexec,hidepid=2 Musl does not come with timezone's installed by default. Install `timezone-data` with: -``` shell +``` shell-session root # emerge -av sys-libs/timezone-data ``` @@ -137,15 +137,15 @@ Select the correct timezone with: TZ="/usr/share/zoneinfo//" ``` -Update the environment of your shell: +Update the environment of your shell-session: -``` shell +``` shell-session root # env-update && source /etc/profile ``` To sync your system's time with a server set up a *Network Time Protocol daemon*. It's recommended to use OpenBSD's `openntpd` which aims to be as secure and minimal as possible: -``` shell +``` shell-session root # emerge -av net-misc/openntpd root # rc-update add ntpd default root # rc-service ntpd start @@ -155,7 +155,7 @@ root # rc-service ntpd start Musl also does not support locales out of the box. They aren't necessary but some programms rely on them to set the language of their application. To be able to use locales install the `musl-locales` package: -``` shell +``` shell-session root # emerge -av sys-apps/musl-locales ``` @@ -167,7 +167,7 @@ MUSL_LOCPATH="/usr/share/i18n/locales/musl" There are a multiple locales to choose from. In most situations choosing `en_US` is the standard but selecting a diverent one should not break the system. Choose the desired locale with $n \in \mathbb{N}$: -``` shell +``` shell-session root # eselect locale list root # eselect locale set root # env-update && source /etc/profile @@ -177,7 +177,7 @@ root # env-update && source /etc/profile The system's hostname is the name given to the machine. Other systems on a network will also be able to see this name. To set it replace with the desired name: -``` shell +``` shell-session root # echo "" > /etc/hostname ``` @@ -191,13 +191,13 @@ net-misc/networkmanager dhcpcd -wext -modemmanager -ppp Also make sure the `networkmanager` USE flag is enabled in your `make.conf`. Then emerge `networkmananger`: -``` shell +``` shell-session root # emerge -av net-misc/networkmanager ``` Then disable any other network services before enabling the `NetworkManager`service: -``` shell +``` shell-session root # rc-update add NetworkManager default * service NetworkManager added to runlevel default ``` @@ -206,7 +206,7 @@ root # rc-update add NetworkManager default GURU is an extra repository which contains packages not available in the main Gentoo repository. Although the packages it contains might not be as well tested as in the main repo they are still necessary for some setups. Add Guru with: -``` shell +``` shell-session root # emerge -av app-eselect/eselect-repository root # eselect repository enable guru root # emaint sync --repo guru @@ -224,7 +224,7 @@ To allow unstable packages from GURU set the `~amd64` keyword for it: `sbctl` is a simple tool which allows for the management of Secureboot settings on a system. It can create, deploy and sign keys with ease. First off install `sbctl`: -``` shell +``` shell-session root # emerge -av sbctl ``` @@ -232,7 +232,7 @@ root # emerge -av sbctl Then create and enroll keys into the system. -``` shell +``` shell-session root # sbctl create-keys Created Owner UUID abcde.... Creating secure boot keys...✔ @@ -249,7 +249,7 @@ Use the `--microsoft` flag if the system is unable to use custom keys or when du `zlevis` is able to unlock an encrypted ZFS root pool with keys saved in a TPM, currently it's only available in the `portage-ample` repository and also has some dependencies in the `guru` repository. Add the `portage-ample` repository with: -``` shell +``` shell-session root # eselect repository add portage-ample git https://git.bijl.us/lnorg/portage-ample root # emaint sync -r portage-ample ``` @@ -262,13 +262,13 @@ app-crypt/zlevis dracut Then simply install it: -``` shell +``` shell-session root # emerge -av app-crypt/zlevis ``` Now add `zlevis` to the pool with -``` shell +``` shell-session root # zfs set tpm:jwe=$(zlevis-encrypt '{}' < /tmp/rpool.key) rpool ``` @@ -320,7 +320,7 @@ rw root=ZFS=rpool/root/gentoo quiet splash Then finally install the packages mentioned which are required for a running system: -``` shell +``` shell-session root # emerge -av sbsigntools systemd-utils linux-firmware gentoo-kernel-bin zfs-kmod ``` @@ -330,7 +330,7 @@ It should have done this without throwing any errors. Because Gentoo generates UKI's for all the kernels installed on a system it would be nice to be able to choose upon boot which one. For a nice boot interface install `systemd-boot` on the ESP: -``` shell +``` shell-session root # bootctl install Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed" to "/efi/EFI/systemd/systemd-bootx64.efi". Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed" to "/efi/EFI/BOOT/BOOTX64.EFI". @@ -340,14 +340,14 @@ Created EFI boot entry "Linux Boot Manager". The last thing to do is adding a few ZFS services on boot: -``` shell +``` shell-session root # rc-update add zfs-import sysinit root # rc-update add zfs-mount sysinit ``` Now exit the chroot and unmount the filesystem with: -``` shell +``` shell-session root # umount -lf /mnt ``` diff --git a/docs/gentoo-desktop-setup/provisioning.md b/docs/gentoo-desktop-setup/provisioning.md index 67817cb..3262c87 100644 --- a/docs/gentoo-desktop-setup/provisioning.md +++ b/docs/gentoo-desktop-setup/provisioning.md @@ -4,7 +4,7 @@ After booting the Alpine Linux extended ISO, partition the disks. For this actio To set it up `setup-interfaces` and `setup-apkrepos` will be used. -``` shell +``` shell-session root # setup-interfaces -ar root # setup-apkrepos -c1 ``` @@ -13,19 +13,19 @@ root # setup-apkrepos -c1 A few packages will have to be installed first, -``` shell +``` shell-session root # apk add zfs lsblk sgdisk wipefs dosfstools ``` and load the ZFS kernel module -``` shell +``` shell-session root # modprobe zfs ``` Wipe the existing disk partitions -``` shell +``` shell-session root # zpool labelclear -f /dev/ root # wipefs -a /dev/ root # sgdisk --zap-all /dev/ @@ -33,20 +33,20 @@ root # sgdisk --zap-all /dev/ Create on the disk an `EFI system` partition (ESP) and a `Linux filesystem` partition -``` shell +``` shell-session root # sgdisk -n 1:1m:+512m -t 1:ef00 /dev/ root # sgdisk -n 2:0:-10m -t 2:8300 /dev/ ``` Reload the device nodes -``` shell +``` shell-session root # mdev -s ``` Then, format the ESP with a FAT32 filesystem -``` shell +``` shell-session root # mkfs.fat -F 32 -n esp /dev/1 ``` @@ -54,7 +54,7 @@ root # mkfs.fat -F 32 -n esp /dev/1 The ZFS system pool is going to be encrypted. First generate an encryption key and save it temporarily to the file `/tmp/rpool.key` with: -``` shell +``` shell-session root # cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/rpool.key && cat /tmp/rpool.key ``` @@ -62,7 +62,7 @@ root # cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 20 | head -n 1 > /tmp/rpo Create the system pool: -``` shell +``` shell-session root # zpool create -f \ -o ashift=12 \ -O compression=lz4 \ @@ -78,7 +78,7 @@ root # zpool create -f \ Then create the system datasets: -``` shell +``` shell-session root # zfs create -o mountpoint=none rpool/root root # zfs create -o mountpoint=legacy -o quota=48g rpool/root/gentoo root # zfs create -o mountpoint=legacy -o quota=32g rpool/root/gentoo/var