# A Void Linux install (Unfinished)

This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86_64 glibc/musl install on uefi. In this install gummiboot is used as bootloader and the root partition will be encrypted.

## Provisioning

First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition.

It should look something like this:

| Number of partition | Size | Type |
|:-----:|:-----:|:-----:            |
| 1     |  1 to 2 GB or more | EFI System        |
| 2     |  Rest of the drive | Linux filesystem  |

Then to create the filesystem of the efi partition.

```
# mkfs.fat -F 32 -n efi /dev/<disk1>
```

And the encrypted filesystem of the root partition.

```
# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> root
# mkfs.ext4 -L root /dev/mapper/root
```

Other filesystems can also be used but `ext4` is the standard for most linux distobutions.

## Installation

To install the Void Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.

```
# mount /dev/mapper/root /mnt
# mkdir /mnt/boot
# mount /dev/<disk1> /mnt/boot
# for dir in dev proc sys run; do
> mkdir /mnt/$dir
> mount --rbind --make-rslave /$dir /mnt/$dir
> done
```

The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup.

* For glibc:

```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```

* For musl:

```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```

To get internet inside the chroot whilst installing the system, copy over the `resolv.conf`.

```
# cp /etc/resolv.conf /mnt/etc/resolv.conf
```

Entering the chroot and configuring the system.

```
# chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo <hostname> > /etc/hostname
```

Adding the `uuid` of the root partition to `crypttab`, by first creating `/etc/crypttab`:

```
# touch /etc/crypttab
```

Then the `uuid` can be obtained by:

```
# lsblk -f |grep luks >> /etc/crypttab
```

Now edit `/etc/crypttab` and insert:

```
root /dev/disk/by-uuid/<uuid> none:
```

We can configure the `fstab` by editing `/etc/fstab` and inserting:

```
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/disk/by-label/root / ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot vfat defaults 0 2
```

Create `/etc/dracut.conf.d/30.conf` to configure dracut.

```
hostonly="yes"
use_fstab="yes"
install_items+=" /etc/crypttab "
add_drivers+=" vfat nls_cp437 nls_iso8859_1 "
```

Create a symbolic link from `/etc/fstab.sys` to `/etc/fstab` to indicate that dracut should mount all the file systems listed. 

```
# ln -s /etc/fstab /etc/fstab.sys
```

Then, to omit mounting them again in runit stage 1, disable the corresponding core service.

```
# mv /etc/runit/core-services/03-filesystems.sh{,.bak}
```

Edit `/etc/xbps.d/xbps.conf` to prevent the service from being added back by an update to runit-void.

```
noextract=/etc/runit/core-services/03-filesystems.sh
```

Now mount `efivarfs` to `/sys/firmware/efi/efivars`.

```
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
```

And install gummiboot.

```
# gummiboot install
```

Create `/boot/loader/void-options.conf` to configure gummiboot.

```
# touch /boot/loader/void-options.conf
```

The `uuid` is needed again and can be obtained by:

```
# lsblk -f |grep luks >> /boot/loader/void-options.conf
```

Now edit `/boot/loader/void-options.conf` and insert:

```
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1
```

To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.

```
timeout 4
```

If running `glibc` the locales have to be configured, to configure the locales edit `/etc/default/libc-locales` and uncomment.

```
en_US.UTF-8 UTF-8
```

And reconfigure the locales.

```
 # xbps-reconfigure -f glibc-locales
```


To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting:

```
APPARMOR=enforce
```

To set the internal network edit `/etc/hosts` and insert.

```
127.0.1.1 <hostname>
```

Finally reconfigure Linux.

```
# xbps-reconfigure -f linux<version>
```

Exit the chroot.

```
# exit
```

Do not forget to umount. (I always do).

```
# umount -r /mnt
```

And reboot.

```
# shutdown -r now
```

## Post install

In the post install section the installation and configuration of certain applications are elaborated. With the use of the config-files in this repository.

To obtain these config-files the void-desktop repository may be cloned with the `git` command.

```
$ git clone https://git.bijl.us/luc/void-desktop.git
```

### Network

NetworkManager will be used as Network daemon due to its versatility. The package was already installed with the installation, thereby it only needs to be symlinked to `/var/service` to function. 

```
# ln -s /etc/sv/NetworkManager /var/service
```

NetworkManager needs the `dbus` daemon to function, in general most other applications that will be discussed in the Post install section need `dbus`. To symlink `dbus` to `/var/service`:

```
# ln -s /etc/sv/dbus /var/service
```

Then, NetworkManager may be configured to enhance the security of the system. This is especially useful for laptops etc. To do this edit `/etc/NetworkManager/NetworkManager.conf`.

```
[device-mac-randomization]
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```

### Users

A user should be added to improve security of the system. 

```
# useradd <user>
```

The user may be added to certain groups, to give it some rights.

```
# usermod -aG wheel,audio,video,kvm,tty,input,storage(,bluetooth,_seatd) <user>
```

The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit `/etc/xbps.d/xbps.conf` and insert:


```
ignorepkg=sudo
```

Then remove `sudo`.

```
# xbps-remove -y sudo
```

The `sudo` package will be replaced by `opendoas`. To install it:

```
# xbps-install -Sy opendoas 
```

Symlink it to `/bin/sudo` so that applications which require root can still be granted by the user.

```
# ln -s /bin/doas /bin/sudo
```

And edit `/etc/doas.conf` to give users in the `wheel` group access to the `doas` command.

```
permit persist :wheel as root
```

To finalize this section, the `.bashrc` and `.bash_profile` configuration files will be copied to the home space of the user.

```
$ cp void-desktop/config-files/bash/.bashrc .bashrc
$ cp void-desktop/config-files/bash/.bash_profile .bash_profile
```

### Linux-lts

It might be desirable to install an LTS kernel for better stability. This can be done by:

```
# xbps-install -Sy linux-lts linux-lts-headers
```

To uninstall the non-lts kernel, ignore the package through `/etc/xbps.d/xbps.conf` by adding:

```
ignorepkg=linux
```

And then removing the `linux` meta package and its dependecies:

```
# xbps-remove -Ry linux
```

### Localtime

A "Network Time Protocol Daemon" (nptd for short) can sync the system clock with internet standard time servers. The `chrony` daemon is used as ntpd. Install it by:

```
# xbps-install -Sy chrony
```

Then to active its service:

```
ln -s /etc/sv/chronyd /var/service
```

To configure the timezone to your own edit the `/etc/rc.conf` file and set these lines:

```
HARDWARECLOCK="localtime"
TIMEZONE=("Europe/Amsterdam")
```

### Using Swap

Swap can be utilised by the system to free up space in RAM. For most use cases it is recommend to create a swapfile that is one and a half times the size of your RAM.

To create a swapfile of 8 GB use:

```
# dd if=/dev/zero of=/swapfile bs=8M count=1024 status=progress
```

To create a different size of swapfile, change the `count=` amount to a desirable size.

Then to actually add the swap space to your system issue these commands:

```
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
```

To mount the swap to the system at boot, add the swapfile to your `/etc/fstab`:

```
/swapfile none swap defaults 0 0
```

And do not forget to reconfigure the kernel after updating`/etc/fstab`:

```
# xbps-reconfigure -f linux<version>
```

### Network filesystems

Network filesystems may be used for enhanced workflow between multiple devices and persistance of storage.

#### Samba

Samba is such a Network filesystem protocol that may be used between different platforms. To use it install.

```
# xbps-install -Sy cifs-utils
```

Next, a credentials file will be created that is, `$HOME/.smbpasswd`. Edit the file and insert:

```
username=<username>
password=<password>
domain=<domain>
```

Concerning security considerations, the permissions may be enhanced.

```
# chmod 600 $HOME/.smbpasswd
```

Then edit `/etc/fstab` and insert:

```
//<domain>/<homefolder> $HOME/<smbfolder> cifs credentials=$HOME/.smbpasswd,_netdev,uid=<uid> 0 0
```

Finally mount the network filesystem.

```
# mount -a
```

### Logging

Logging may be benificial to spot certain misbehaviours or errors in the system. The `socklog-void` package will be used as logging daemon. 

```
# xbps-install -Sy socklog-void
# ln -s /etc/sv/socklog-unix /var/service/
# ln -s /etc/sv/nanoklogd /var/service/
```

To read the logs use:

```
# svlogtail
```

Or go to `/var/log/socklog`.

### Repositories

To install the official Void Linux 32-bit and nonfree repositories simply install their respective packages:

* For glibc

```
# xbps-install -Sy void-repo-multilib void-repo-nonfree void-repo-multilib-nonfree
```

* For musl

```
# xbps-install -Sy void-repo-nonfree
```

And update the repositories:

```
# xbps-install -S
```

There is also our unnofficial extra repository for some additional packages and some packages which are needed for the graphical installation. To use those add them to `/etc/xbps.d/00-repository-ample.conf`,

* For glibc:

```
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/nonfree
```

* For musl

```
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/musl
```

And refresh the repositories:

```
# xbps-install -S
```

### Firmware and drivers

#### GPU drivers

It is necessary for a graphical enviroment to install GPU drivers. To install the drivers for your GPU use one of the following commands:

* For Intel

```
# xbps-install -Sy linux-firmware-intel mesa mesa-dri vulkan-loader mesa-vulkan-intel intel-video-accel 
```

* For AMD

```
# xbps-install -Sy linux-firmware-amd vulkan-loader mesa-vulkan-radeon amdvlk xf86-video-amdgpu mesa-vaapi mesa-vdpau mesa-dri
```

* For Nvidia (*glibc only*)

```
# xbps-install -Sy nvidia nvidia-opencl
```

##### 32-bit drivers

(Only applicable to glibc as Void Linux musl only supports 64-bit)

To run 32-bit applications like some videogames it will also be necessary to install the 32-bit drivers:

* For Intel

```
# xbps-install -Sy mesa-32bit mesa-dri-32bit mesa-vulkan-intel-32bit vulkan-loader-32bit
```

* For AMD

```
# xbps-install -Sy vulkan-loader-32bit amdvlk-32bit mesa-32bit mesa-dri-32bit
```

* For Nvidia

```
# xbps-install -Sy nvidia-libs-32bit
```

#### CPU firmware

To keep the firmware of your CPU up to date it is necessary to install the correct microcode:

* For Intel

(The Intel microcode requires that you are using the nonfree repository)

```
# xbps-install -Sy intel-ucode
```

And regenerate the initramfs:

```
# xbps-reconfigure -f linux<version>
```



* For AMD

```
# xbps-install -Sy linux-firmware-amd
```

### Secure-boot

#### Linux Windows dual boot

```
# xbps-install -Sy sbctl
# sbctl create-keys
# sbctl enroll-keys --microsoft
# sbctl sign -s /boot/EFI/Boot/BOOTX64.EFI
# sbctl sign -s /boot/EFI/gummiboot/gummibootx64.efi
# sbctl sign -s /boot/vmlinuz-<version>
# sbctl verify
```

### Laptop-management

```
# xbps-install -Sy tlp tlpui
```

```
# ln -s /etc/sv/tlp /var/service
# ln -s /etc/sv/acpid /var/service
```

Edit `/etc/tlp.d/00-template.conf`

```
CPU_ENERGY_PERF_POLICY_ON_AC=performance
CPU_ENERGY_PERF_POLICY_ON_BAT=power
```

## Graphical session

### Session manager

To use a graphical enviroment it is necessary to start a seat and session manager. For a minimal install it is recommended to use `seatd`, `dumb_runtime_dir` and `polkit`. To install those run:

```
# xbps-install -Sy seatd dumb_runtime_dir polkit
```

Then to enable them:

```
# ln -s /etc/sv/seatd /var/service
# ln -s /etc/sv/polkitd /var/service
```

And for `dumb_runtime_dir` to function, configure `/etc/pam.d/system-login` by uncommenting:

```
session optional pam_dumb_runtime_dir.so
```

For some sane polkit rules add these lines to `/etc/polkit-1/rules.d/00-polkit.rules`:

```
polkit.addRule(function(action, subject) 
{
	if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/shutdown" && subject.isInGroup("wheel"))
		return polkit.Result.YES;
});

polkit.addRule(function(action, subject)
{
	if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/zzz" && subject.isInGroup("wheel"))
		return polkit.Result.YES;
});

polkit.addRule(function(action, subject)
{
	if (action.id.startsWith("org.freedesktop.udisks2.") && subject.isInGroup("storage"))
		return polkit.Result.YES;
});
```

Or for the more lazy under us copy `void-desktop/config-files/polkit/00-polkit.rules` to `/etc/polkit-1/rules.d/`.

```
# cp -r void-desktop/config-files/polkit/00-polkit.rules /etc/polkit-1/rules.d/
```

### Login manager

To make it easier to log into the system, set up a login manager. For a minimal and wayland-compatible login manager use `greetd` with `gtkgreet`. Install them with:

```
# xbps-install -Sy greetd gtkgreet
```



### Window manager

There are many different window managers and desktop enviroments which can provide a decent experience. Wayfire is a functional, relativily lightweight and good looking wayland window manager and will be used for this install. 

### Audio

### Essential applications

### Auto-mounting

### Printing

### Bluetooth

## Misc

### Virt-manager

### Wine

### Steam