# A Void Linux install (Unfinished) This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86_64 glibc/musl install on uefi. In this install gummiboot is used as bootloader and the root partition will be encrypted. ## Provisioning First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition. It should look something like this: | Number of partition | Size | Type | |:-----:|:-----:|:-----: | | 1 | 1 to 2 GB or more | EFI System | | 2 | Rest of the drive | Linux filesystem | Then to create the filesystem of the efi partition. ``` # mkfs.fat -F 32 -n efi /dev/ ``` And the encrypted filesystem of the root partition. ``` # cryptsetup luksFormat /dev/ --type luks2 --label luks # cryptsetup open --type luks /dev/ root # mkfs.ext4 -L root /dev/mapper/root ``` Other filesystems can also be used but `ext4` is the standard for most linux distobutions. ## Installation To install the Void Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system. ``` # mount /dev/mapper/root /mnt # mkdir /mnt/boot # mount /dev/ /mnt/boot # for dir in dev proc sys run; do > mkdir /mnt/$dir > mount --rbind --make-rslave /$dir /mnt/$dir > done ``` The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup. * For glibc: ``` # xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git ``` * For musl: ``` # xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git ``` To get internet inside the chroot whilst installing the system, copy over the `resolv.conf`. ``` # cp /etc/resolv.conf /mnt/etc/resolv.conf ``` Entering the chroot and configuring the system. ``` # chroot /mnt # chown root:root / # chmod 755 / # passwd root # echo > /etc/hostname ``` Adding the `uuid` of the root partition to `crypttab`, by first creating `/etc/crypttab`: ``` # touch /etc/crypttab ``` Then the `uuid` can be obtained by: ``` # lsblk -f |grep luks >> /etc/crypttab ``` Now edit `/etc/crypttab` and insert: ``` root /dev/disk/by-uuid/ none: ``` We can configure the `fstab` by editing `/etc/fstab` and inserting: ``` tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0 efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0 /dev/disk/by-label/root / ext4 defaults,noatime 0 1 /dev/disk/by-label/efi /boot vfat defaults 0 2 ``` Create `/etc/dracut.conf.d/30.conf` to configure dracut. ``` hostonly="yes" use_fstab="yes" install_items+=" /etc/crypttab " add_drivers+=" vfat nls_cp437 nls_iso8859_1 " ``` Create a symbolic link from `/etc/fstab.sys` to `/etc/fstab` to indicate that dracut should mount all the file systems listed. ``` # ln -s /etc/fstab /etc/fstab.sys ``` Then, to omit mounting them again in runit stage 1, disable the corresponding core service. ``` # mv /etc/runit/core-services/03-filesystems.sh{,.bak} ``` Edit `/etc/xbps.d/xbps.conf` to prevent the service from being added back by an update to runit-void. ``` noextract=/etc/runit/core-services/03-filesystems.sh ``` Now mount `efivarfs` to `/sys/firmware/efi/efivars`. ``` # mount -t efivarfs efivarfs /sys/firmware/efi/efivars ``` And install gummiboot. ``` # gummiboot install ``` Create `/boot/loader/void-options.conf` to configure gummiboot. ``` # touch /boot/loader/void-options.conf ``` The `uuid` is needed again and can be obtained by: ``` # lsblk -f |grep luks >> /boot/loader/void-options.conf ``` Now edit `/boot/loader/void-options.conf` and insert: ``` rw rd.luks.name==root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1 ``` To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`. ``` timeout 4 ``` If running `glibc` the locales have to be configured, to configure the locales edit `/etc/default/libc-locales` and uncomment. ``` en_US.UTF-8 UTF-8 ``` And reconfigure the locales. ``` # xbps-reconfigure -f glibc-locales ``` To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting: ``` APPARMOR=enforce ``` To set the internal network edit `/etc/hosts` and insert. ``` 127.0.1.1 ``` Finally reconfigure Linux. ``` # xbps-reconfigure -f linux ``` Exit the chroot. ``` # exit ``` Do not forget to umount. (I always do). ``` # umount -r /mnt ``` And reboot. ``` # shutdown -r now ``` ## Post install In the post install section the installation and configuration of certain applications are elaborated. With the use of the config-files in this repository. To obtain these config-files the void-desktop repository may be cloned with the `git` command. ``` $ git clone https://git.bijl.us/luc/void-desktop.git ``` ### Network NetworkManager will be used as Network daemon due to its versatility. The package was already installed with the installation, thereby it only needs to be symlinked to `/var/service` to function. ``` # ln -s /etc/sv/NetworkManager /var/service ``` NetworkManager needs the `dbus` daemon to function, in general most other applications that will be discussed in the Post install section need `dbus`. To symlink `dbus` to `/var/service`: ``` # ln -s /etc/sv/dbus /var/service ``` Then, NetworkManager may be configured to enhance the security of the system. This is especially useful for laptops etc. To do this edit `/etc/NetworkManager/NetworkManager.conf`. ``` [device-mac-randomization] wifi.scan-rand-mac-address=yes [connection-mac-randomization] ethernet.cloned-mac-address=random wifi.cloned-mac-address=random ``` ### Users A user should be added to improve security of the system. ``` # useradd ``` The user may be added to certain groups, to give it some rights. ``` # usermod -aG wheel,audio,video,kvm,tty,input,storage(,bluetooth,_seatd) ``` The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit `/etc/xbps.d/xbps.conf` and insert: ``` ignorepkg=sudo ``` Then remove `sudo`. ``` # xbps-remove -y sudo ``` The `sudo` package will be replaced by `opendoas`. To install it: ``` # xbps-install -Sy opendoas ``` Symlink it to `/bin/sudo` so that applications which require root can still be granted by the user. ``` # ln -s /bin/doas /bin/sudo ``` And edit `/etc/doas.conf` to give users in the `wheel` group access to the `doas` command. ``` permit persist :wheel as root ``` To finalize this section, the `.bashrc` and `.bash_profile` configuration files will be copied to the home space of the user. ``` $ cp void-desktop/config-files/bash/.bashrc .bashrc $ cp void-desktop/config-files/bash/.bash_profile .bash_profile ``` ### Linux-lts It might be desirable to install an LTS kernel for better stability. This can be done by: ``` # xbps-install -Sy linux-lts linux-lts-headers ``` To uninstall the non-lts kernel, ignore the package through `/etc/xbps.d/xbps.conf` by adding: ``` ignorepkg=linux ``` And then removing the `linux` meta package and its dependecies: ``` # xbps-remove -Ry linux ``` ### Localtime A "Network Time Protocol Daemon" (nptd for short) can sync the system clock with internet standard time servers. The `chrony` daemon is used as ntpd. Install it by: ``` # xbps-install -Sy chrony ``` Then to active its service: ``` ln -s /etc/sv/chronyd /var/service ``` To configure the timezone to your own edit the `/etc/rc.conf` file and set these lines: ``` HARDWARECLOCK="localtime" TIMEZONE=("Europe/Amsterdam") ``` ### Using Swap Swap can be utilised by the system to free up space in RAM. For most use cases it is recommend to create a swapfile that is one and a half times the size of your RAM. To create a swapfile of 8 GB use: ``` # dd if=/dev/zero of=/swapfile bs=8M count=1024 status=progress ``` To create a different size of swapfile, change the `count=` amount to a desirable size. Then to actually add the swap space to your system issue these commands: ``` # chmod 600 /swapfile # mkswap /swapfile # swapon /swapfile ``` To mount the swap to the system at boot, add the swapfile to your `/etc/fstab`: ``` /swapfile none swap defaults 0 0 ``` And do not forget to reconfigure the kernel after updating`/etc/fstab`: ``` # xbps-reconfigure -f linux ``` ### Network filesystems Network filesystems may be used for enhanced workflow between multiple devices and persistance of storage. #### Samba Samba is such a Network filesystem protocol that may be used between different platforms. To use it install. ``` # xbps-install -Sy cifs-utils ``` Next, a credentials file will be created that is, `$HOME/.smbpasswd`. Edit the file and insert: ``` username= password= domain= ``` Concerning security considerations, the permissions may be enhanced. ``` # chmod 600 $HOME/.smbpasswd ``` Then edit `/etc/fstab` and insert: ``` /// $HOME/ cifs credentials=$HOME/.smbpasswd,_netdev,uid= 0 0 ``` Finally mount the network filesystem. ``` # mount -a ``` ### Logging Logging may be benificial to spot certain misbehaviours or errors in the system. The `socklog-void` package will be used as logging daemon. ``` # xbps-install -Sy socklog-void # ln -s /etc/sv/socklog-unix /var/service/ # ln -s /etc/sv/nanoklogd /var/service/ ``` To read the logs use: ``` # svlogtail ``` Or go to `/var/log/socklog`. ### Repositories To install the official Void Linux 32-bit and nonfree repositories simply install their respective packages: * For glibc ``` # xbps-install -Sy void-repo-multilib void-repo-nonfree void-repo-multilib-nonfree ``` * For musl ``` # xbps-install -Sy void-repo-nonfree ``` And update the repositories: ``` # xbps-install -S ``` There is also our unnofficial extra repository for some additional packages and some packages which are needed for the graphical installation. To use those add them to `/etc/xbps.d/00-repository-ample.conf`, * For glibc: ``` repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/nonfree ``` * For musl ``` repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/musl ``` And refresh the repositories: ``` # xbps-install -S ``` ### Firmware and drivers #### GPU drivers It is necessary for a graphical enviroment to install GPU drivers. To install the drivers for your GPU use one of the following commands: * For Intel ``` # xbps-install -Sy linux-firmware-intel mesa mesa-dri vulkan-loader mesa-vulkan-intel intel-video-accel ``` * For AMD ``` # xbps-install -Sy linux-firmware-amd vulkan-loader mesa-vulkan-radeon amdvlk xf86-video-amdgpu mesa-vaapi mesa-vdpau mesa-dri ``` * For Nvidia (*glibc only*) ``` # xbps-install -Sy nvidia nvidia-opencl ``` ##### 32-bit drivers (Only applicable to glibc as Void Linux musl only supports 64-bit) To run 32-bit applications like some videogames it will also be necessary to install the 32-bit drivers: * For Intel ``` # xbps-install -Sy mesa-32bit mesa-dri-32bit mesa-vulkan-intel-32bit vulkan-loader-32bit ``` * For AMD ``` # xbps-install -Sy vulkan-loader-32bit amdvlk-32bit mesa-32bit mesa-dri-32bit ``` * For Nvidia ``` # xbps-install -Sy nvidia-libs-32bit ``` #### CPU firmware To keep the firmware of your CPU up to date it is necessary to install the correct microcode: * For Intel (The Intel microcode requires that you are using the nonfree repository) ``` # xbps-install -Sy intel-ucode ``` And regenerate the initramfs: ``` # xbps-reconfigure -f linux ``` * For AMD ``` # xbps-install -Sy linux-firmware-amd ``` ### Secure-boot #### Linux Windows dual boot ``` # xbps-install -Sy sbctl # sbctl create-keys # sbctl enroll-keys --microsoft # sbctl sign -s /boot/EFI/Boot/BOOTX64.EFI # sbctl sign -s /boot/EFI/gummiboot/gummibootx64.efi # sbctl sign -s /boot/vmlinuz- # sbctl verify ``` ### Laptop-management ``` # xbps-install -Sy tlp tlpui ``` ``` # ln -s /etc/sv/tlp /var/service # ln -s /etc/sv/acpid /var/service ``` Edit `/etc/tlp.d/00-template.conf` ``` CPU_ENERGY_PERF_POLICY_ON_AC=performance CPU_ENERGY_PERF_POLICY_ON_BAT=power ``` ## Graphical session ### Session manager To use a graphical enviroment it is necessary to start a seat and session manager. For a minimal install it is recommended to use `seatd`, `dumb_runtime_dir` and `polkit`. To install those run: ``` # xbps-install -Sy seatd dumb_runtime_dir polkit ``` Then to enable them: ``` # ln -s /etc/sv/seatd /var/service # ln -s /etc/sv/polkitd /var/service ``` And for `dumb_runtime_dir` to function, configure `/etc/pam.d/system-login` by uncommenting: ``` session optional pam_dumb_runtime_dir.so ``` For some sane polkit rules add these lines to `/etc/polkit-1/rules.d/00-polkit.rules`: ``` polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/shutdown" && subject.isInGroup("wheel")) return polkit.Result.YES; }); polkit.addRule(function(action, subject) { if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/zzz" && subject.isInGroup("wheel")) return polkit.Result.YES; }); polkit.addRule(function(action, subject) { if (action.id.startsWith("org.freedesktop.udisks2.") && subject.isInGroup("storage")) return polkit.Result.YES; }); ``` Or for the more lazy under us copy `void-desktop/config-files/polkit/00-polkit.rules` to `/etc/polkit-1/rules.d/`. ``` # cp -r void-desktop/config-files/polkit/00-polkit.rules /etc/polkit-1/rules.d/ ``` ### Login manager To make it easier to log into the system, set up a login manager. For a minimal and wayland-compatible login manager use `greetd` with `gtkgreet`. Install them with: ``` # xbps-install -Sy greetd gtkgreet ``` ### Window manager There are many different window managers and desktop enviroments which can provide a decent experience. Wayfire is a functional, relativily lightweight and good looking wayland window manager and will be used for this install. ### Audio ### Essential applications ### Auto-mounting ### Printing ### Bluetooth ## Misc ### Virt-manager ### Wine ### Steam