luc/void-desktop
1
1
Fork 0
Code Issues Pull requests Wiki Activity
void-desktop/void-desktop-install.md

660 lines
No EOL
14 KiB
Markdown
Raw Blame History

# A Void Linux install (Unfinished)
This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86_64 glibc/musl install on uefi. In this install gummiboot is used as bootloader and the root partition will be encrypted.
## Provisioning
First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition.
It should look something like this:
| Number of partition | Size | Type |
|:-----:|:-----:|:-----: |
| 1 | 1 to 2 GB or more | EFI System |
| 2 | Rest of the drive | Linux filesystem |
Then to create the filesystem of the efi partition.
```
# mkfs.fat -F 32 -n efi /dev/<disk1>
```
And the encrypted filesystem of the root partition.
```
# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> root
# mkfs.ext4 -L root /dev/mapper/root
```
Other filesystems can also be used but `ext4` is the standard for most linux distobutions.
## Installation
To install the Void Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.
```
# mount /dev/mapper/root /mnt
# mkdir /mnt/boot
# mount /dev/<disk1> /mnt/boot
# for dir in dev proc sys run; do
> mkdir /mnt/$dir
> mount --rbind --make-rslave /$dir /mnt/$dir
> done
```
The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup.
* For glibc:
```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```
* For musl:
```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```
To get internet inside the chroot whilst installing the system, copy over the `resolv.conf`.
```
# cp /etc/resolv.conf /mnt/etc/resolv.conf
```
Entering the chroot and configuring the system.
```
# chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo <hostname> > /etc/hostname
```
Adding the `uuid` of the root partition to `crypttab`, by first creating `/etc/crypttab`:
```
# touch /etc/crypttab
```
Then the `uuid` can be obtained by:
```
# lsblk -f |grep luks >> /etc/crypttab
```
Now edit `/etc/crypttab` and insert:
```
root /dev/disk/by-uuid/<uuid> none:
```
We can configure the `fstab` by editing `/etc/fstab` and inserting:
```
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/disk/by-label/root / ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot vfat defaults 0 2
```
Create `/etc/dracut.conf.d/30.conf` to configure dracut.
```
hostonly="yes"
use_fstab="yes"
install_items+=" /etc/crypttab "
add_drivers+=" vfat nls_cp437 nls_iso8859_1 "
```
Create a symbolic link from `/etc/fstab.sys` to `/etc/fstab` to indicate that dracut should mount all the file systems listed.
```
# ln -s /etc/fstab /etc/fstab.sys
```
Then, to omit mounting them again in runit stage 1, disable the corresponding core service.
```
# mv /etc/runit/core-services/03-filesystems.sh{,.bak}
```
Edit `/etc/xbps.d/xbps.conf` to prevent the service from being added back by an update to runit-void.
```
noextract=/etc/runit/core-services/03-filesystems.sh
```
Now mount `efivarfs` to `/sys/firmware/efi/efivars`.
```
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
```
And install gummiboot.
```
# gummiboot install
```
Create `/boot/loader/void-options.conf` to configure gummiboot.
```
# touch /boot/loader/void-options.conf
```
The `uuid` is needed again and can be obtained by:
```
# lsblk -f |grep luks >> /boot/loader/void-options.conf
```
Now edit `/boot/loader/void-options.conf` and insert:
```
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1
```
To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.
```
timeout 4
```
If running `glibc` the locales have to be configured, to configure the locales edit `/etc/default/libc-locales` and uncomment.
```
en_US.UTF-8 UTF-8
```
And reconfigure the locales.
```
# xbps-reconfigure -f glibc-locales
```
To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting:
```
APPARMOR=enforce
```
To set the internal network edit `/etc/hosts` and insert.
```
127.0.1.1 <hostname>
```
Finally reconfigure Linux.
```
# xbps-reconfigure -f linux<version>
```
Exit the chroot.
```
# exit
```
Do not forget to umount. (I always do).
```
# umount -r /mnt
```
And reboot.
```
# shutdown -r now
```
## Post install
In the post install section the installation and configuration of certain applications are elaborated. With the use of the config-files in this repository.
To obtain these config-files the void-desktop repository may be cloned with the `git` command.
```
$ git clone https://git.bijl.us/luc/void-desktop.git
```
### Network
NetworkManager will be used as Network daemon due to its versatility. The package was already installed with the installation, thereby it only needs to be symlinked to `/var/service` to function.
```
# ln -s /etc/sv/NetworkManager /var/service
```
NetworkManager needs the `dbus` daemon to function, in general most other applications that will be discussed in the Post install section need `dbus`. To symlink `dbus` to `/var/service`:
```
# ln -s /etc/sv/dbus /var/service
```
Then, NetworkManager may be configured to enhance the security of the system. This is especially useful for laptops etc. To do this edit `/etc/NetworkManager/NetworkManager.conf`.
```
[device-mac-randomization]
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```
### Users
A user should be added to improve security of the system.
```
# useradd <user>
```
The user may be added to certain groups, to give it some rights.
```
# usermod -aG wheel,audio,video,kvm,tty,input,storage(,bluetooth,_seatd) <user>
```
The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit `/etc/xbps.d/xbps.conf` and insert:
```
ignorepkg=sudo
```
Then remove `sudo`.
```
# xbps-remove -y sudo
```
The `sudo` package will be replaced by `opendoas`. To install it:
```
# xbps-install -Sy opendoas
```
Symlink it to `/bin/sudo` so that applications which require root can still be granted by the user.
```
# ln -s /bin/doas /bin/sudo
```
And edit `/etc/doas.conf` to give users in the `wheel` group access to the `doas` command.
```
permit persist :wheel as root
```
To finalize this section, the `.bashrc` and `.bash_profile` configuration files will be copied to the home space of the user.
```
$ cp void-desktop/config-files/bash/.bashrc .bashrc
$ cp void-desktop/config-files/bash/.bash_profile .bash_profile
```
### Linux-lts
It might be desirable to install an LTS kernel for better stability. This can be done by:
```
# xbps-install -Sy linux-lts linux-lts-headers
```
To uninstall the non-lts kernel, ignore the package through `/etc/xbps.d/xbps.conf` by adding:
```
ignorepkg=linux
```
And then removing the `linux` meta package and its dependecies:
```
# xbps-remove -Ry linux
```
### Localtime
A "Network Time Protocol Daemon" (nptd for short) can sync the system clock with internet standard time servers. The `chrony` daemon is used as ntpd. Install it by:
```
# xbps-install -Sy chrony
```
Then to active its service:
```
ln -s /etc/sv/chronyd /var/service
```
To configure the timezone to your own edit the `/etc/rc.conf` file and set these lines:
```
HARDWARECLOCK="localtime"
TIMEZONE=("Europe/Amsterdam")
```
### Using Swap
Swap can be utilised by the system to free up space in RAM. For most use cases it is recommend to create a swapfile that is one and a half times the size of your RAM.
To create a swapfile of 8 GB use:
```
# dd if=/dev/zero of=/swapfile bs=8M count=1024 status=progress
```
To create a different size of swapfile, change the `count=` amount to a desirable size.
Then to actually add the swap space to your system issue these commands:
```
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
```
To mount the swap to the system at boot, add the swapfile to your `/etc/fstab`:
```
/swapfile none swap defaults 0 0
```
And do not forget to reconfigure the kernel after updating`/etc/fstab`:
```
# xbps-reconfigure -f linux<version>
```
### Network filesystems
Network filesystems may be used for enhanced workflow between multiple devices and persistance of storage.
#### Samba
Samba is such a Network filesystem protocol that may be used between different platforms. To use it install.
```
# xbps-install -Sy cifs-utils
```
Next, a credentials file will be created that is, `$HOME/.smbpasswd`. Edit the file and insert:
```
username=<username>
password=<password>
domain=<domain>
```
Concerning security considerations, the permissions may be enhanced.
```
# chmod 600 $HOME/.smbpasswd
```
Then edit `/etc/fstab` and insert:
```
//<domain>/<homefolder> $HOME/<smbfolder> cifs credentials=$HOME/.smbpasswd,_netdev,uid=<uid> 0 0
```
Finally mount the network filesystem.
```
# mount -a
```
### Logging
Logging may be benificial to spot certain misbehaviours or errors in the system. The `socklog-void` package will be used as logging daemon.
```
# xbps-install -Sy socklog-void
# ln -s /etc/sv/socklog-unix /var/service/
# ln -s /etc/sv/nanoklogd /var/service/
```
To read the logs use:
```
# svlogtail
```
Or go to `/var/log/socklog`.
### Repositories
To install the official Void Linux 32-bit and nonfree repositories simply install their respective packages:
* For glibc
```
# xbps-install -Sy void-repo-multilib void-repo-nonfree void-repo-multilib-nonfree
```
* For musl
```
# xbps-install -Sy void-repo-nonfree
```
And update the repositories:
```
# xbps-install -S
```
There is also our unnofficial extra repository for some additional packages and some packages which are needed for the graphical installation. To use those add them to `/etc/xbps.d/00-repository-ample.conf`,
* For glibc:
```
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/nonfree
```
* For musl
```
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/musl
```
And refresh the repositories:
```
# xbps-install -S
```
### Firmware and drivers
#### GPU drivers
It is necessary for a graphical enviroment to install GPU drivers. To install the drivers for your GPU use one of the following commands:
* For Intel
```
# xbps-install -Sy linux-firmware-intel mesa mesa-dri vulkan-loader mesa-vulkan-intel intel-video-accel
```
* For AMD
```
# xbps-install -Sy linux-firmware-amd vulkan-loader mesa-vulkan-radeon amdvlk xf86-video-amdgpu mesa-vaapi mesa-vdpau mesa-dri
```
* For Nvidia (*glibc only*)
```
# xbps-install -Sy nvidia nvidia-opencl
```
##### 32-bit drivers
(Only applicable to glibc as Void Linux musl only supports 64-bit)
To run 32-bit applications like some videogames it will also be necessary to install the 32-bit drivers:
* For Intel
```
# xbps-install -Sy mesa-32bit mesa-dri-32bit mesa-vulkan-intel-32bit vulkan-loader-32bit
```
* For AMD
```
# xbps-install -Sy vulkan-loader-32bit amdvlk-32bit mesa-32bit mesa-dri-32bit
```
* For Nvidia
```
# xbps-install -Sy nvidia-libs-32bit
```
#### CPU firmware
To keep the firmware of your CPU up to date it is necessary to install the correct microcode:
* For Intel
(The Intel microcode requires that you are using the nonfree repository)
```
# xbps-install -Sy intel-ucode
```
And regenerate the initramfs:
```
# xbps-reconfigure -f linux<version>
```
* For AMD
```
# xbps-install -Sy linux-firmware-amd
```
### Secure-boot
#### Linux Windows dual boot
```
# xbps-install -Sy sbctl
# sbctl create-keys
# sbctl enroll-keys --microsoft
# sbctl sign -s /boot/EFI/Boot/BOOTX64.EFI
# sbctl sign -s /boot/EFI/gummiboot/gummibootx64.efi
# sbctl sign -s /boot/vmlinuz-<version>
# sbctl verify
```
### Laptop-management
```
# xbps-install -Sy tlp tlpui
```
```
# ln -s /etc/sv/tlp /var/service
# ln -s /etc/sv/acpid /var/service
```
Edit `/etc/tlp.d/00-template.conf`
```
CPU_ENERGY_PERF_POLICY_ON_AC=performance
CPU_ENERGY_PERF_POLICY_ON_BAT=power
```
## Graphical session
### Session manager
To use a graphical enviroment it is necessary to start a seat and session manager. For a minimal install it is recommended to use `seatd`, `dumb_runtime_dir` and `polkit`. To install those run:
```
# xbps-install -Sy seatd dumb_runtime_dir polkit
```
Then to enable them:
```
# ln -s /etc/sv/seatd /var/service
# ln -s /etc/sv/polkitd /var/service
```
And for `dumb_runtime_dir` to function, configure `/etc/pam.d/system-login` by uncommenting:
```
session optional pam_dumb_runtime_dir.so
```
For some sane polkit rules add these lines to `/etc/polkit-1/rules.d/00-polkit.rules`:
```
polkit.addRule(function(action, subject)
{
if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/shutdown" && subject.isInGroup("wheel"))
return polkit.Result.YES;
});
polkit.addRule(function(action, subject)
{
if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/zzz" && subject.isInGroup("wheel"))
return polkit.Result.YES;
});
polkit.addRule(function(action, subject)
{
if (action.id.startsWith("org.freedesktop.udisks2.") && subject.isInGroup("storage"))
return polkit.Result.YES;
});
```
Or for the more lazy under us copy `void-desktop/config-files/polkit/00-polkit.rules` to `/etc/polkit-1/rules.d/`.
```
# cp -r void-desktop/config-files/polkit/00-polkit.rules /etc/polkit-1/rules.d/
```
### Login manager
To make it easier to log into the system, set up a login manager. For a minimal and wayland-compatible login manager use `greetd` with `gtkgreet`. Install them with:
```
# xbps-install -Sy greetd gtkgreet
```
### Window manager
There are many different window managers and desktop enviroments which can provide a decent experience. Wayfire is a functional, relativily lightweight and good looking wayland window manager and will be used for this install.
### Audio
### Essential applications
### Auto-mounting
### Printing
### Bluetooth
## Misc
### Virt-manager
### Wine
### Steam
Reference in a new issue View git blame Copy permalink