How to setup the Gentoo 2022 OS from scratch ... on a Dell Optiplex 790

Dell Optiplex 790 is a cheap low-power (<100W) PC that has a crappy UEFI Class 1 making UEFI unusable from Linux point-of-view; this one remains firmly as a legacy master-boot record (MBR) boot sequence.

Optiplex 790 BIOS does not support ACPI 2.0 nor UEFI 2.3.1; save yourself further headache, use only the MBR approach.

This would be extremely useful for a home gateway (whose requirement is not entailing MySQL database nor JavaScript-based web browsing or easily hijacked using a `LD_PRELOAD` environment variable.)

Hardware Gotcha

There are a couple of hardware gotcha that has made installation of Linux OS into a struggle with the Dell Optiplex 790:

1. USB mouse gets randomly jumpy during BIOS setup; use a PS/2 mouse or try the USB mouse on each and every USB port until it this stops. I used the upper right corner USB port on front-panel before mouse got steady enough to be usable.

2. Any extra PCI-based video adapter will turns off the Intel HD VGA components on its motherboard. This may result in tiny (and hard-to-read) fonts during bootup sequence.

3. UEFI is not supported by Linux here. Dell 790 BIOS do not support UEFI 2.3.1 (they are stuck on UEFI Class 1 mode). Do not bother. Stick with the good old legacy master boot record (MBR) approach here.

4. Intel VT-d is NOT SUPPORTED on this 790 motherboard. While that Intel i7-2600 does support VT-d option, it is the Intel Q65 PCI Express Chipset LPC Controller that is NOT ABLE to support VT-d thereby rendering entire motherboard as non-VT-d capable. This is not too bad as you still can host virtual machines; just that you cannot leverage motherboard/PCI adapter card directly from these VMs.

Install on Optiplex 790

Download ISO

Visit Gentoo and click on "Get Gentoo" button at top-row navigation panel.

Under amd64, stage archives, select the desired ISO image.

Of the several variants of Stage 3, I chose "OpenRC" because systemd PID 1 has too much network access privilege which IMHO is ripe for a file-less backdoor malware. OpenRC PID 1 has no such network privilege (same as original ATT SysV initrc/init.d`, which sets my security mind at ease.

Identify the hard drive

Within the newly booted minimal Gentoo, identify the hard drive used to hold our filesystems.

Note: It should be /dev/sda (or /dev/vda, if in QEMU/virtual machine).

NAME   MAJOR:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda      253:0    0    80G  0 disk

Drive Format

Optiplex 790 still mandates the use of legacy MBR. No need to touch UEFI here (not supported, despite BIOS settings).

The above partition scheme encompasses:

• four(4) physical partitions
• two(2) LVM volume groups (`vg_os` and `vg_log`)
• seven(7) LVM volume partitions

Purging any physical partitions

Use `fdisk` to continue to stay with the 'dos' (MS-DOS/MBR) disktype.

Delete all partitions. Write and exit fdisk.

WARNING: If any error message appears saying that OS is still using it, then reboot the machine and go back into `fdisk` command again before continuing here.

Do not use GNU parted; GPT is not supported in 790 BIOS.

Create physical partitions

• Partition 1 - 250MB - /boot (should be 1G if doing some heavy kernel tweaking)
• Partition 2 - 2GB - swap (should be twice your total 'physical' memory)
• Partition 3 - 50GB of hard media - ROOT label - / directory
• Partition 4 - remainder of hard media - LVM partition (MBR type 0x8E)

Changing physical partition type

Change partitions to:

• Partition 1 - Type 0x83 Linux
• Partition 2 - Type 0x82 Linux swap
• Partition 3 - Type 0x83 Linux
• Partition 4 - Type 0x8E LVM partition

Write out the entire partition table and quit.

Make /boot bootable

Do not forget to toggle the partition 1 as "bootable". In the fstab, enter in option a and select partition 1.

Creating LVM partitions

Create the logical partitions by doing pvcreate, vgcreate, and lvcreate commands:

#!/bin/bash

PHYSICAL_PARTITION_LOG="/dev/sda5"
PHYSICAL_PARTITION_OS="/dev/sda6"
VG_NAME_OS="vg_os"
VG_NAME_LOG="vg_log"
LV_NAME_USR="lv_usr"
LV_NAME_TMP="lv_tmp"
LV_NAME_VAR="lv_var"
LV_NAME_HOME="lv_home"
LV_NAME_VAR_TMP="lv_var_tmp"
LV_NAME_VAR_LOG="lv_var_log"
LV_NAME_VAR_LOG_AUDIT="lv_var_log_audit"

pvcreate ${PHYSICAL_PARTITION_LOG}
pvcreate ${PHYSICAL_PARTITION_OS}

vgcreate ${VG_NAME_OS}  ${PHYSICAL_PARTITION_OS}
vgcreate ${VG_NAME_LOPG} ${PHYSICAL_PARTITION_LOG}

lvcreate -L24G -n${LV_NAME_TMP} ${VG_NAME_OS}
lvcreate -L80G -n${LV_NAME_VAR} ${VG_NAME_OS}
lvcreate -L256G -n${LV_NAME_USR} ${VG_NAME_OS}
lvcreate -L50G -n${LV_NAME_VAR_TMP} ${VG_NAME_OS}
vgdisplay  # note remaining "Free PE" space and plug into next command
lvcreate -L100%FREE -n${LV_NAME_HOME} ${VG_NAME_OS}

lvcreate -L10G -n${LV_NAME_VAR_LOG_AUDIT} ${VG_NAME_LOG}
lvcreate -L100%FREE -n${LV_NAME_VAR_LOG} ${VG_NAME_LOG}

Format physical partitions

Format the physical partitions:

#!/bin/bash

FS_TYPE_BOOT="ext4"
FS_TYPE_ALL="ext4"
echo "Formatting all partitions ..."
echo "Press ENTER to continue (or Ctrl-C to quit)"
read JUNK

mkfs -t ${FS_TYPE_BOOT} -LBOOT /dev/sda1
mkswap /dev/sda2
mkfs -t ${FS_TYPE_ALL} -LROOT /dev/sda3
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_usr
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_tmp
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_var
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_home
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_var_tmp
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_var_log
mkfs -t ${FS_TYPE_ALL} /dev/mapper/vg_os-lv_var_log_audit

echo "Done."

Now onward to set up the root filesystem to hold our initial Gentoo CD installation.

Create mountpoint directories then mountings

Create the parent root file path for our new Gentoo OS:

Rescue Reboot (Resumption Point)

NOTE: If your kernel boot up fails (after finishing all this page), this is your starting point to resume setup.

Enable Swapper

Partition mountings

I typically create a bash script to store in /mnt/gentoo so that it would cut down on my typing time during my kernel config tweaking/reduction effort.

Store following bash script as /mnt/gentoo/myinstall0.sh, set its file permission to 0750.

mount /dev/sda3 /mnt/gentoo
mkdir -p /mnt/gentoo/boot
mkdir -p /mnt/gentoo/home
mkdir -p /mnt/gentoo/usr
mkdir -p /mnt/gentoo/tmp
mkdir -p /mnt/gentoo/var
mount /dev/sda1 /mnt/gentoo/boot
mount /dev/mapper/vg_os-lv_usr /mnt/gentoo/usr
mount /dev/mapper/vg_os-lv_tmp /mnt/gentoo/tmp
mount /dev/mapper/vg_os-lv_home /mnt/gentoo/home
mount /dev/mapper/vg_os-lv_var /mnt/gentoo/var
mkdir -p /mnt/gentoo/var/tmp
mkdir -p /mnt/gentoo/var/log
mount /dev/mapper/vg_log-lv_var_log /mnt/gentoo/var/log
mkdir -p /mnt/gentoo/var/log/audit
mount /dev/mapper/vg_log-lv_var_log_audit /mnt/gentoo/var/log/audit

Mount the root (/) partition

This above command is the only thing you need to memorize when coming back here after a failed kernel boot. This is assuming that you have made the myinstall0.sh scripts to do recreate the following steps.

Mount /usr (and additional) partitions (optional)

I often break out /usr into a separate partition as I do the recommended CISecurity partitioning scheme:

Creating /etc/fstab

The goal is to have the following filesystem partitions:

Go mount them all using above script or use snippet of following:

mkdir -p /mnt/gentoo/boot
mkdir -p /mnt/gentoo/home
mkdir -p /mnt/gentoo/usr
mkdir -p /mnt/gentoo/tmp
mkdir -p /mnt/gentoo/var
mount /dev/sda1 /mnt/gentoo/boot
mount /dev/mapper/vg_os-lv_usr /mnt/gentoo/usr
mount /dev/mapper/vg_os-lv_tmp /mnt/gentoo/tmp
mount /dev/mapper/vg_os-lv_home /mnt/gentoo/home
mount /dev/mapper/vg_os-lv_var /mnt/gentoo/var
mkdir -p /mnt/gentoo/var/tmp
mkdir -p /mnt/gentoo/var/log
mount /dev/mapper/vg_log-lv_var_log /mnt/gentoo/var/log
mkdir -p /mnt/gentoo/var/log/audit
mount /dev/mapper/vg_log-lv_var_log_audit /mnt/gentoo/var/log/audit

Edit the /mnt/gentoo/etc/fstab to contain:

type 

Check the DateTimestamp

To ensure accurate recording of files being created on, check the date:

Network connectivity

I use the Gentoo net-setup to get the Internet up and running ... fast.

Use the 'manual configuration' option in net-setup, if you got some esoteric but exotic network setup.

Selection of Gentoo Installers

Since we are booting within a QEMU environment, we only need the following installer features:

• OpenRC (no systemd due to uncontrolable network-access within PID 1)
• libmusl (no glibc, no `LD_PRELOAD` support; comparison chart (external link)
• no-multilib (x86-64 only, no x86-32 support)
• no-desktop
• hardened (oops, make that no-hardened; announcement, discontinued.

From the terminal prompt, enter in:

Go down to 'Downloads' link and hit enter.

Go down to 'Advance choices and other architectures' section (past the 'amd64 aka x86-64, x64, Intel 64' section).

Select `amd64` link.

Go slightly past just the 'Musl stage archives' section.

Select and download `Stage 3 musl | openrc 2022-XX-XX XXXMB`.

Make a note of the filename that you just saved. My resultant filename is stage3-amd64-musl-20220720T2237212.tar.xz.

A tiny bit further down the screen to just before the BIG 'amd64' section, move to on the 'All stages' link and press enter.

Select the 20220720T2237212Z subdirectory.

Go down to that filename you just saved.

Go down two more lines to the stage3-amd64-musl-20220720T2237212.tar.DIGESTS.gz file. Download and save that file.

Integrity of Download

Obtain PGP Keys of Gentoo Organization

If not done already, save the PGP keys of the entire Gentoo organization:

Verify Gentoo Organization PGP keys

Validate Stage3 File

stage3-amd64-musl-20220720T2237212.tar.xz: OK
WARNING: 14 lines are improperly formatted

NOTE: WARNING is because I've opted to read a DIGEST file that has GnuPG headers and footers wrapped around the checksum values; we are only interested in the `OK` part of the `sha512sum` output.

Content of root filesystem

Unpack the stage 3 tarball file that contains the initial root filesystem:

Clone network setup

Save the resolver into the future

Clone system filesystems

Create another script:

mount --types proc /proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --make-rslave /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --make-rslave /mnt/gentoo/dev
mount --bind /run /mnt/gentoo/run
mount --make-slave /mnt/gentoo/run 
chroot /mnt/gentoo /bin/bash
source /etc/profile
export PS1="(chroot) ${PS1}"

Build setup

If you know how many CPU processors you have, then you can increase the make build tool with all those processors by leveraging `--job=` options of the make utility. For two CPUs, execute:

Selecting Remote Sources

Required packages

Create a local repository for Gentoo portage packages:

CHROOT

Network Interfaces

Identify available network interface to use:

In our case, we have `enp1s0` for the name of our network interface.

Now we create a startup script for `enp1s0` called `net.enp1s0`:

Edit /etc/conf.d/net :

{{{1}}}

Portage

Syncing

Perusing Latest News

Choose The Right Profile

Get a list of System Models.

Choosing from a List of System Models

1. 36 is default/linux/amd64/17.0/musl (exp)

Those index numbers can change weekly, so check for the correct index number to this 'amd64 musl' or your desire profile.

Relocating Portage TMPDIR

Since /var/tmp cannot support execution of code, we must relocate the tmpdir for Portage:

We will make this permanent by updating /etc/portage/make.conf in the next section using PORTAGE_TMPDIR envvar.

Configuring USE

Add the following to /etc/portage/make.conf

PORTAGE_TMPDIR="/var/portage"

# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C

ACCEPT_LICENSE="*"

MICROCODE_SIGNATURES="-S"

# hardware
USE="bios firmware split-ucode x86_64"
# OS
USE="${USE} -alsa -bpf caps -ebpf initramfs pam"
# network
USE="${USE} ipv4 ipv6"
# filesystems
USE="${USE} acl cdr dvd filecaps mount split-usr -tmpfiles usbredir"
# services
USE="${USE} audit ncurses openrc -systemd -udev"
# windows
USE="${USE} -kde -gnome -gtk -qt5 -X"
# apps
USE="${USE} curl -emacs readline vim vim-syntax"

# VIDEO_CARDS="radeon radeoni"

Updating Entire World

Within the given Gentoo stage 3 that we chose and installed, update the entire thing with the latest and greatest repositories:

Required packages for basic QEMU of Linux kernel, OpenRC, portage, modules

Linux Kernel

Installing Kernel Tools

This has to be done AFTER kernel source has been e-selected.

SECURITY: I do not install SSH server. If this VM needs network access, the VM itself can do the SSH or RSYNC protocol as a client.

Defaulting Kernel Configuration

If no kernel (`.config`) configuration file exist, create one with all of its default settings:

Note: If `.config` exist, then it shall have any and all newer Kconfig settings added at default setting (using `oldconfig` make option).

Note: If `.config` does not exist, then default settings are used.

If you are gung-ho about a minimalistic Linux kernel size, execute:

Of course, this would only bring you one step closer.

If you are hell-bent on a super-minimalistic sized Linux kernel, execute:

but then you would have to painstakenly enable all the things that you actually need. This would be the very last kernel "upgrade" step after doing the aboves firstly.

Kernel configuration

Kconfig for Dell Optiplex 790

The following settings for Linux kernel (Kconfig) config for Dell Optiplex 790 are:

# Intel CPU
CONFIG_HAVE_INTEL_TXT=n
CONFIG_CRYPTO_CRC32C_INTEL=y
CONFIG_X86_MSR=y
CONFIG_X86_MCE=y
CONFIG_X86_MCE_INTEL=y
CONFIG_X86_TSE=y
CONFIG_X86_MCE=y
CONFIG_MTRR=y
CONFIG_X86_TSC=y
CONFIG_X86_VMX_FEATURE_NAMES=y
CONFIG_X86_X2APIC=y
CONFIG_X86_CMOV=y
CONFIG_X86_PAT=y
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
CONFIG_MICROCODE_AMD=n
CONFIG_CPU_IBRS_ENTRY=y
CONFIG_CPU_IBPB_ENTRY=y

# i7-2600
CONFIG_CRYPTO_CRC32_PCLMUL=y
CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y
CONFIG_CRYPTO_AES_NI_INTEL=y

# ACPI
CONFIG_ACPI_HOTPLUG_CPU=n
CONFIG_ACPI_HOTPLUG_MEMORY=n
CONFIG_ACPI_HOTPLUG_IOAPIC=n

CONFIG_EDAC=n
CONFIG_EDAC_LEGACY_SYSFS=n

# NVRAM/CMOS
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=y
CONFIG_EEPROM_AT24=y

# Onboard Intel E1000e Ethernet interface
CONFIG_ETHERNET=y
CONFIG_NET_VENDOR_INTEL=y
CONFIG_E1000=y
CONFIG_E1000E=y
CONFIG_E1000E_HWTS=y

CONFIG_USB_HID=y
# CONFIG_HID_PID is not set
# CONFIG_USB_HIDDEV is not set

# LPC Bridge function for Intel ICH chipsets
CONFIG_LPC_ICH=y
CONFIG_LPC_SCH=n

# Intel Management Engine Interface
CONFIG_INTEL_MEI=n
CONFIG_INTEL_MEI_ME=n
CONFIG_INTEL_MEI_TXE=n
CONFIG_INTEL_MEI_HDCP=n

# Dell PCIe Port Bus
CONFIG_PCIEPORTBUS=y
CONFIG_HOTPLUG_PCI_PCIE=n
CONFIG_PCIEAER=y
CONFIG_PCIEAER_INJECT=n
CONFIG_PCIE_ECRC=y
CONFIG_PCIEASPM=y
CONFIG_PCIEASPM_DEFAULT=y
# CONFIG_PCIEASPM_POWERSAVE is not set
# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set
# CONFIG_PCIEASPM_PERFORMANCE is not set
CONFIG_PCIE_PME=y
CONFIG_PCIE_DPC=y
CONFIG_PCIE_PTM=y
# CONFIG_PCIE_EDR is not set

# Radeon graphic card
#
CONFIG_IOMEM=y
CONFIG_DRM=y
CONFIG_PCI=y
CONFIG_MMU=y
CONFIG_RADEON=y

CONFIG_AMDGPU=n

# Dell Optiplex 790 motherboard has an onboard Intel HD Graphics 4000 chipset
CONFIG_DRM_I915=y

# Controllers with non-SFF native interface
CONFIG_SATA_AHCI=y
CONFIG_SATA_MOBILE_LPM_POLICY=3
CONFIG_SATA_AHCI_PLATFORM=y
# CONFIG_SATA_INIC162X is not set
# CONFIG_SATA_ACARD_AHCI is not set
# CONFIG_SATA_SIL24 is not set
# CONFIG_ATA_SFF is not set

# Hardware I/O ports
CONFIG_SERIO=y
CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y
CONFIG_SERIO_I8042=y
CONFIG_SERIO_SERPORT=y
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PARKBD is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_RAW is not set
# CONFIG_SERIO_ALTERA_PS2 is not set
# CONFIG_SERIO_PS2MULT is not set
# CONFIG_SERIO_ARC_PS2 is not set
# CONFIG_SERIO_GPIO_PS2 is not set
# CONFIG_USERIO is not set

CONFIG_USB_EHCI_PCI=y

# i2c
CONFIG_I2C=y
CONFIG_I2C_BOARDINFO=y
CONFIG_I2C_COMPAT=y
CONFIG_I2C_CHARDEV=y
CONFIG_I2C_MUX=y
CONFIG_I2C_ALGOBIT=y

# i2c SMBus
CONFIG_I2C_I801=y

# Disk
CONFIG_SCSI_MOD=n
CONFIG_SCSI_COMMON=y
CONFIG_SCSI=y
CONFIG_SCSI_ENCLOSURE=n

# USB Hard drive
CONFIG_BLK_DEV_SD=y

# CD-ROM/DVD
CONFIG_BLK_DEV_SR=y
CONFIG_CDROM=y
CONFIG_ISO9660_FS=y
CONFIG_JOLIET=y
CONFIG_ZISOFS=y
CONFIG_UDF_FS=n

# Sound - Realtek ALC269Q – High Definition
CONFIG_SND_HWDEP=y
CONFIG_SND_PCM=y
CONFIG_SND_TIMER=y

# PC Speaker
CONFIG_INPUT_PCSPKR=y

CONFIG_MOUSE_PS2=y

CONFIG_PRINTER=y

To merge the above settings into the .config file, execute:

To ensure that we did not miss any new Kconfig settings for VirtIO (and other but related kernel settings, bring .config up to date with newest (but defaulted) settings:

The output of make listnewconfig should be empty (no new config undefined).

CPU-specific

For my Intel Core i7-2600 CPU processor, the kernel config settings are also set:

CONFIG_NUMA=n
CONFIG_AMD=n
CONFIG_AMD_PMC=n
CONFIG_AMD_IOMMU=n
CONFIG_AMD_MEM_ENCRYPT=n
CONFIG_AMD_NB=n

There are kernel tools that allows for multiple .config (in form of config.XXXXX filename).

Configuring Kernel

Optionally, tweak "boot cmdline" in /etc/default/grub. This becomes a required step if not using UUID for device identifier within GRUB2.

GRUB_DISABLE_LINUX_UUID=true
GRUB_CMDLINE_LINUX="root=/dev/sda3 nofb vga=current"
GRUB_DISABLE_OS_PROBER=true
GRUB_TIMEOUT=5
GRUB_DISABLE_UUID=true

Note: nofb in GRUB_CMDLINE_LINUX is mandatory if a graphic card has been inserted into the PCI slot thus overriding Intel HD graphic card. d

Note: "vga=current" in GRUB_CMDLINE_LINUX compensates for any tiny, flakey or mis-configured graphic hardware settings.

Details of above GRUB2 settings can be found in here (external link).

Genkernel

Firmware Required for Genkernel

We must accept a bit more latitude and flexibility for firmware used on Linux OS. This is required for building using the `genkernel` tool.

Append the following text into `/etc/portage/package.license`:

# Accepting both licenses for linux-firmware
sys-kernel/linux-firmware linux-fw-redistributable no-source-code

# Accepting any license that permits redistribution
sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE

Automated Kernel Build

Install the genkernel tool:

Ensure that /boot is mounted for genkernel to fill in:

If resultant output is empty, go mount the /boot:

Instructing InitRamFS to mount multiple disk partitions/volumes at boot.

and put in something like what I use for CISecurity partitionings:

/usr
/tmp
/var
/var/tmp
/var/log
/var/log/audit
/home
#
# If you had some need of these:
#/usr/local
#/opt

Build kernel

Complete kernel build including all modules as denoted by make defconfig or after your kernel customization.

#!/bin/bash
echo "$0 started."
echo

if [ ! -d /boot/lost+found ]; then
  echo "Partition /boot not mounted; aborted"
  exit 9
fi
DATE="$(date +%F-%H-%M)"

cd /usr/src/linux
cp .config /boot/config-${DATE}

genkernel \
    --loglevel=5 \
    --color \
    --save-config \
    --kernel-append-localversion=-gateway-${DATE} \
    --microcode=intel \
    --microcode-initramfs \
    --menuconfig \
    --bootloader=grub2 \
    --lvm \
    all
RETSTS=$?
if [ $RETSTS -ne 0 ]; then
  echo "genkernel failed; exit code $RETSTS"
  exit $RETSTS
fi

grub-install /dev/sda
RETSTS=$?
if [ $RETSTS -ne 0 ]; then
  echo "grub-install failed; exit code $RETSTS"
  exit $RETSTS
fi

grub-mkconfig -o /boot/grub/grub.cfg
RETSTS=$?
if [ $RETSTS -ne 0 ]; then
  echo "grub-mkconfig failed; exit code $RETSTS"
  exit $RETSTS
fi</pre>

Rebuild Modules & Libraries

If tweaking kernel config on the second (or nth) pass, modules need to be rebuilt

System Install

Host and Domain Information

Password Quality

To bastardize the password quality to that those of 1980-style:

Edit the line to reflect in the /etc/security/passwdqc.conf file:

min-default=8,8,8,7
match=0

Now you can use any 8-char simple password or longer.

System Clock Timezone

Edit the timezone to your desire setting (I use UTC) in /etc/conf.d/hwclock file:

clock="UTC"

Tools

Syslog

Install the smallest syslog daemon possible, `sysklogd` and activate them at bootup:

Remote Access (SSH)

Activate SSH server daemon (I don't do this here, but most people do):

Maybe allow root to log in (for the short-term during setup) by adding:

PermitRootLogin=yes

Serial Console

On OpenRC, ensure that the serial console section in /etc/inittab are commented out (prepend with `#`) in `/etc/inittab` file:

# SERIAL CONSOLES
#s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100
#s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100

Time Synchronization

Install chronyd and activate it:

Filesystem Tools

Install filesystem tools:

Network Tools

DHCP Client

We are using ISC DHCP client on one side of the network, and our ISP DHCP server is on the other side; add some editor syntax coloring:

Bootloader

Selecting Bootloader Package

To select a Grub2 bootloader:

Install GRUB2 Bootloader

Configuring GRUB2

Rebooting

Exit and then reboot