Void Linux Glibc += (Encryption + Gummiboot)

Provisioning:
{
    # fdisk:
    {
        No.	Size	Type
        1	1G	    EFI System
        2	rest	Linux filesystem
    }
    # mkfs.fat -F 32 -n efi /dev/<disk1>
    # cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
    # cryptsetup open --type luks /dev/<disk2> root
    # mkfs.ext4 -L root /dev/mapper/root
}
Installation:
{
    # mount /dev/mapper/root /mnt
    # mkdir /mnt/boot
    # mount /dev/<disk1> /mnt/boot
    # for dir in dev proc sys run; do
    > mkdir /mnt/$dir
    > mount --rbind --make-rslave /$dir /mnt/$dir
    > done
    
    # xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor (NetworkManager)
    # chroot /mnt
    # chown root:root /
    # chmod 755 /
    # passwd root
    # echo <hostname> > /etc/hostname
    # vim /etc/crypttab:
    {
        > root /dev/disk/by-uuid none:
    }
    # lsblk -f |grep luks >> /etc/crypttab
    # vim /etc/crypttab:
    {  
        > root /dev/disk/by-uuid/** none:
    }
    # vim /etc/fstab:
    {
        > tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
        > efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
        > /dev/disk/by-label/root / ext4 defaults,noatime 0 1
        > /dev/disk/by-label/efi /boot vfat defaults 0 2
    }
    # vim /etc/dracut.conf.d/30.conf:
    {
        > hostonly="yes"
        > use_fstab="yes"
        > install_items+=" /etc/crypttab "
        > add_drivers+=" vfat nls_cp437 nls_iso8859_1 "
    }
    # ln -s /etc/fstab /etc/fstab.sys
    # mv /etc/runit/core-services/03-filesystems.sh{,.bak}
    # vim /etc/xbps.d/xbps.conf:
    {
        > noextract=/etc/runit/core-services/03-filesystems.sh
    }
    # mount -t efivarfs efivarfs /sys/firmware/efi/efivars
    # gummiboot install
    # vim /boot/loader/void-options.conf:
    {
        > rw rd.luks.name=
    }
    # lsblk -f |grep luks >> /boot/loader/void-options.conf
    vim /boot/loader/void-options.conf:
    {
        > rw rd.luks.name=**=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor
    }
    vim /etc/default/glibc-locales:
    {
        > en_US....
    }
    # xbps-reconfigure -f glibc-locales
    # vim /etc/default/appamor:
    {
        > enforce
    }
    # xbps-reconfigure -f linux5.15
    # (runit services)
    # exit
    # umount -r /mnt
    # reboot
}
Post install:
{
    Users:
    {
        # usermod -aG wheel,audio,video,kvm,tty,input(,bluetooth,_seatd) <user>
        # vim /etc/xbps.d/nosudo.conf:
        {
            > ignorepkg=sudo
        }
        # xbps-remove -y sudo
        # xbps-install -y opendoas 
        # ln -s /bin/doas /bin/sudo
        # vim /etc/doas.conf:
        {
            > permit persist :wheel as root
        }
    }
    Network:
    {
        # vim /etc/rc.local:
        {
            > ip link set dev (network) up
            > ip addr add (ip) brd + dev (network)
            > ip route add default via (iprouter)
        }
        (dhcpcd)
        # ln -s /etc/sv/(dhcpcd) /var/service/
        (NetworkManager)
        # ln -s /etc/sv/NetworkManager /var/service
        # ln -s /etc/sv/dbus /var/service
        # vim /etc/NetworkManager/conf.d/rand_mac.conf:
        {
            [device-mac-randomization]
            > wifi.scan-rand-mac-address=yes
            [connection-mac-randomization]
            > ethernet.cloned-mac-address=random
            > wifi.cloned-mac-address=random
        }
    }
    Localtime:
    {
        # vim /etc/rc.conf:
        {
            > HARDWARECLOCK="localtime"
            > TIMEZONE=("Europe/Amsterdam")
        }
    }
    Swapfile:
    {
        # dd if=/dev/zero of=/swapfile bs=8M count=1024
        # chmod 600 /swapfile
        # mkswap /swapfile
        # swapon /swapfile
        // $ swapon --show
        # vim /etc/fstab:
        {
            > /swapfile none swap defaults 0 0
        }
    }
    Repos:
    {
        # xbps-install -Sy void-repo-multilib void-repo-nonfree void-repo-multilib-nonfree xtools git
        $ git clone https://github.com/void-linux/void-packages.git
        $ voidpackages/./xbps-src binary-bootstrap -j(N-threads)
        $ echo XBPS_ALLOW_RESTRICTED=yes >> etc/conf
        $ voidpackages/./xbps-src pkg <package_name> -j(N-threads)
        # xi <package_name>

        : update
        $ cd void-packages
        $ git pull
        $ ./xbp-src update-sys -j(N-threads)
    }
    AMD Firmware (cpu+gpu):
    {
        # xbps-install -Sy linux-firmware-amd vulkan-loader mesa-vulkan-radeon amdvlk xf86-video-amdgpu mesa-vaapi mesa-vdpau mesa-dri
    }
    Samba-mount:
    {
        # xbps-install cifs-utils
        $ vim $HOME/.smbpasswd:
        {
            > username=<username>
            > password=<password>
            > domain=<domain>
        }
        # chmod 644 $HOME/.smbpasswd
        # vim /etc/fstab:
        {
            > //<domain>/<homefolder> $HOME/<smbfolder> cifs credentials=$HOME/.smbpasswd,_netdev,uid=<uid> 0 0
        }
        # mount -a
    }
    Misc:
    {
        foot-openssh:
        {
            $ TERM=xterm-256color
        }
    }
}