# A Void Linux desktop install (Unfinished)

This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86-64 glibc/musl install. In this install gummiboot is used as bootloader and the root partition will be encrypted.

## Provisioning

First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition.

It should look something like this:

| Number of partition | Size | Type |
|:-----:|:-----:|:-----:            |
| 1     |  1 to 2 GB | EFI System        |
| 2     |  Rest of the drive | Linux filesystem  |

Then to create the filesystem of the efi partition.

```
# mkfs.fat -F 32 -n efi /dev/<disk1>
```

And the encrypted filesystem of the root partition.

```
# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> root
# mkfs.ext4 -L root /dev/mapper/root
```

## Installation

The encrypted partition and the efi partition have to be mounted to the main system.

```
# mount /dev/mapper/root /mnt
# mkdir /mnt/boot
# mount /dev/<disk1> /mnt/boot
# for dir in dev proc sys run; do
> mkdir /mnt/$dir
> mount --rbind --make-rslave /$dir /mnt/$dir
> done
```

The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup.

* For glibc:

```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```

* For musl:

```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```

To get internet inside the chroot whilst installing the system, copy over the `resolve.conf`.

```
# cp /etc/resolve.conf /mnt/etc/resolve.conf
```

Entering the chroot and configuring the system.

```
# chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo <hostname> > /etc/hostname
```

Adding the `uuid` of the root partition to `crypttab`, by first creating `/etc/crypttab`:

```
# touch /etc/crypttab
```

Then the `uuid` can be obtained by:

```
# lsblk -f |grep luks >> /etc/crypttab
```

Now edit `/etc/crypttab` and insert:

```
root /dev/disk/by-uuid/<uuid> none:
```

We can configure the `fstab` by editing `/etc/fstab` and inserting:

```
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/disk/by-label/root / ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot vfat defaults 0 2
```

Create `/etc/dracut.conf.d/30.conf` to configure dracut.

```
hostonly="yes"
use_fstab="yes"
install_items+=" /etc/crypttab "
add_drivers+=" vfat nls_cp437 nls_iso8859_1 "
```

Create a symbolic link from `/etc/fstab.sys` to `/etc/fstab` to indicate that dracut should mount all the file systems listed. 

```
# ln -s /etc/fstab /etc/fstab.sys
```

Then, to omit mounting them again in runit stage 1, disable the corresponding core service.

```
# mv /etc/runit/core-services/03-filesystems.sh{,.bak}
```

Edit `/etc/xbps.d/xbps.conf` to prevent the service from being added back by an update to runit-void.

```
noextract=/etc/runit/core-services/03-filesystems.sh
```

Now mount `efivarfs` to `/sys/firmware/efi/efivars`.

```
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
```

And install gummiboot.

```
# gummiboot install
```

Create `/boot/loader/void-options.conf` to configure gummiboot.

```
# touch /boot/loader/void-options.conf
```

The `uuid` is needed again and can be obtained by:

```
# lsblk -f |grep luks >> /boot/loader/void-options.conf
```

Now edit `/boot/loader/void-options.conf` and insert:

```
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor
```

To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.

```
timeout 4
```

Then to configure the locales:

* For glibc: edit `/etc/default/libc-locales` and uncomment.

```
en_US.UTF-8 UTF-8
```

* For musl:

```
```

Then reconfigure the locales.

* For glibc:

```
# xbps-reconfigure -f glibc-locales
```

* For musl:

```
```

To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting:

```
APPARMOR=enforce
```

To set the internal network edit `/etc/hosts` and insert.

```
127.0.1.1 <hostname>
```

Finally reconfigure Linux.

```
# xbps-reconfigure -f linux{version}
```

Exit the chroot.

```
# exit
```

Do not forget to umount. (I always do).

```
# umount -r /mnt
```

And reboot.

```
# shutdown -r now
```

## Post install