User:TheLurps
From Gentoo Wiki
My Gentoo setup
Alongside Windows 11 a fully encrypted Gentoo should be installed utilizing dual boot on one disk.
Install Windows 11
- install Windows 11 normally, Bitlocker can be activated
- boot Gentoo LiveGUI
- resize EFI partition created by Windows to at least 1GB
Prepare block devices
- boot Gentoo LiveGUI
- create partition
root #lsblkNAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS loop0 7:0 0 3.3G 1 loop /mnt/livecd sda 8:0 1 115.5G 0 disk ├─sda1 8:1 1 115.4G 0 part │ └─ventoy 253:0 0 3.4G 1 dm /mnt/cdrom └─sda2 8:2 1 32M 0 part nvme0n1 259:0 0 476.9G 0 disk ├─nvme0n1p1 259:1 0 1.1G 0 part ├─nvme0n1p2 259:2 0 16M 0 part ├─nvme0n1p3 259:3 0 199.2G 0 part ├─nvme0n1p4 259:4 0 775M 0 part └─nvme0n1p5 259:5 0 275.8G 0 part
root #parted -a optimal /dev/nvme0n1p5GNU Parted 3.1
... additional output suppressed ...
(parted) unit s
(parted) print free
... additional output suppressed ...
Number Start End Size File system Name Flags
... additional output suppressed ...
AAAs BBBs CCCs Free Space
(parted) mkpart primary AAAs BBBs
(parted) quit
- encrypt partition
root #cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool luksFormat /dev/nvme0n1p5- mount encrypted device
root #cryptsetup luksOpen /dev/nvme0n1p5 encrypted- create btrfs root
root #mkfs.btrfs -L BTROOT /dev/mapper/encryptedCreate filesystem
- mount btrfs root
root #mkdir -vp /mnt/btrootroot #mount -v -t btrfs -o defaults,noatime,compress=lzo,autodefrag /dev/mapper/encrypted /mnt/btroot- create subvolumes
root #btrfs subvol create /mnt/btroot/rootroot #btrfs subvol create /mnt/btroot/homeroot #btrfs subvol create /mnt/btroot/varroot #btrfs subvol create /mnt/btroot/swap- mount subvolumes
root #mkdir -vp /mnt/gentooroot #mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=root /dev/mapper/encrypted /mnt/gentooroot #mkdir -vp /mnt/gentoo/homeroot #mkdir -vp /mnt/gentoo/varroot #mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=home /dev/mapper/encrypted /mnt/gentoo/homeroot #mount -t btrfs -o defaults,noatime,compress=lzo,autodefrag,subvol=var /dev/mapper/encrypted /mnt/gentoo/var- create swap
root #chattr +C /mnt/btroot/swaproot #fallocate -l 24G /mnt/btroot/swap/swapfileroot #chmod 600 /mnt/btroot/swap/swapfileroot #mkswap /mnt/btroot/swap/swapfileroot #swapon /mnt/btroot/swap/swapfileInstall stage 3
- sync time
root #chronyd -q- download and extract current stage3
root #sha256sum --check stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.sha256root #gpg --import /usr/share/openpgp-keys/gentoo-release.ascroot #gpg --verify stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.ascroot #gpg --verify stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.DIGESTroot #gpg --verify stage3-amd64-desktop-systemd-20240623T164908Z.tar.xz.sha256root #tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-ownerConfigure initial make.conf and activate binhosts
FILE
/mnt/gentoo/etc/portage/make.confCOMMON_FLAGS="-march=native -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
LC_MESSAGES=C.utf8
# Overrides the profile's ACCEPT_LICENSE default value
ACCEPT_LICENSE="-* @FREE @BINARY-REDISTRIBUTABLE"
# Appending getbinpkg to the list of values within the FEATURES variable
FEATURES="${FEATURES} getbinpkg"
# Require signatures
FEATURES="${FEATURES} binpkg-request-signature"
# Use distribution kernel
USE="${USE} dist-kernel"
# Use wayland
USE="${USE} wayland"
# Use NetworkManager
USE="${USE} networkmanager"
# Defining localization values
L10N="en en-US"
VIDEO_CARDS="intel"
INPUT_DEVICES="libinput synaptics wacom"
GENTOO_MIRRORS="http://ftp.agdsn.de/gentoo \
https://ftp.agdsn.de/gentoo \
rsync://ftp.agdsn.de/gentoo \
https://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ \
http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ \
rsync://ftp.spline.inf.fu-berlin.de/gentoo-distfiles/ \
https://ftp.gwdg.de/pub/linux/gentoo/ \
http://ftp.gwdg.de/pub/linux/gentoo/ \
ftp://ftp.gwdg.de/pub/linux/gentoo/ \
rsync://ftp.gwdg.de/gentoo/ \
https://ftp.uni-hannover.de/gentoo/ \
http://ftp.uni-hannover.de/gentoo/ \
ftp://ftp.uni-hannover.de/gentoo/ \
https://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ \
http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ \
ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ \
rsync://linux.rz.ruhr-uni-bochum.de/gentoo \
https://ftp.halifax.rwth-aachen.de/gentoo/ \
http://ftp.halifax.rwth-aachen.de/gentoo/ \
ftp://ftp.halifax.rwth-aachen.de/gentoo/ \
rsync://ftp.halifax.rwth-aachen.de/gentoo/ \
https://ftp.tu-ilmenau.de/mirror/gentoo/ \
http://ftp.tu-ilmenau.de/mirror/gentoo/ \
rsync://ftp.tu-ilmenau.de/gentoo/ \
https://ftp.fau.de/gentoo \
http://ftp.fau.de/gentoo \
ftp://ftp.fau.de/gentoo \
rsync://ftp.fau.de/gentoo \
https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ \
http://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ \
ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ \
rsync://ftp-stud.hs-esslingen.de/gentoo/ \
https://ftp.uni-stuttgart.de/gentoo-distfiles/ \
http://ftp.uni-stuttgart.de/gentoo-distfiles/ \
ftp://ftp.uni-stuttgart.de/gentoo-distfiles/"
FILE
/mnt/gentoo/etc/portage/binrepos.conf/gentoobinhost.conf[gentoo-binhost]
priority = 1
sync-uri = https://distfiles.gentoo.org/releases/amd64/binpackages/23.0/x86-64-v3/
[ruhr-uni-bochum-binhost]
priority = 8999
sync-uri = https://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/releases/amd64/binpackages/23.0/x86-64-v3/
[fau-binhost]
priority = 8998
sync-uri = https://ftp.fau.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[agdsn-binhost]
priority = 8997
sync-uri = https://ftp.agdsn.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[hs-esslingen-binhost]
priority = 8996
sync-uri = https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[rwth-aachen-binhost]
priority = 8995
sync-uri = https://ftp.halifax.rwth-aachen.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[gwdg-binhost]
priority = 8994
sync-uri = https://ftp.gwdg.de/pub/linux/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[tu-ilmenau-binhost]
priority = 8993
sync-uri = https://ftp.tu-ilmenau.de/mirror/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[uni-hannover-binhost]
priority = 8992
sync-uri = https://ftp.uni-hannover.de/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
[uni-stuttgart-binhost]
priority = 8991
sync-uri = https://ftp.uni-stuttgart.de/gentoo-distfiles/releases/amd64/binpackages/23.0/x86-64-v3/
[fu-berlin]
priority = 8990
sync-uri = https://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/releases/amd64/binpackages/23.0/x86-64-v3/
root #touch /etc/portage/package.{accept_keywords,use,mask,unmask}/zzz_via_autounmaskChroot into stage 3
- copy DNS info
root #cp --dereference /etc/resolv.conf /mnt/gentoo/etc/- mount devices
root #mount --types proc /proc /mnt/gentoo/procroot #mount --rbind /sys /mnt/gentoo/sysroot #mount --make-rslave /mnt/gentoo/sysroot #mount --rbind /dev /mnt/gentoo/devroot #mount --make-rslave /mnt/gentoo/devroot #mount --bind /run /mnt/gentoo/runroot #mount --make-slave /mnt/gentoo/run- enter environment
root #chroot /mnt/gentoo /bin/bashroot #source /etc/profileroot #export PS1="(chroot) ${PS1}"Configure portage
- update with webrsync
root #emerge-webrsync- install and run mirrorselect
root #emerge -av1 app-portage/mirrorselectroot #mirrorselect -i -o >> /etc/portage/make.conf- update ebuild repository
root #emerge --sync- select profile
root #eselect profile set "default/linux/amd64/23.0/desktop/systemd"- update GPG keys
root #getuto- install neovim
root #emerge -av app-editors/neovimroot #eselect editor set "/usr/bin/nvim"- set CPU flags
root #emerge -av1 app-portage/cpuid2cpuflagsroot #echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags- update @world
root #emerge -avuDU @worldLocales and timezone
- set timezone
root #ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime- configure locale
FILE
/etc/locale.genen_US ISO-8859-1
en_US.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE.UTF-8 UTF-8
- generate and select locales
root #locale-genroot #eselect locale set "en_US.utf8"- reload environment
root #env-update && source /etc/profile && export PS1="(chroot) ${PS1}"Install firmware and microcode
root #emerge -av sys-kernel/linux-firmwareroot #emerge -av sys-firmware/intel-microcodeInstall kernel and initramfs
- set dracut flag for installkernel
root #echo "sys-kernel/installkernel dracut systemd-boot" > /etc/portage/package.use/installkernelroot #echo "sys-apps/systemd boot cryptsetup" > /etc/portage/package.use/systemd- install btrfs-progs
root #emerge -av sys-fs/btrfs-progs- configure dracut (get UUIDs with blkid)
root #mkdir -vp /etc/dracut.conf.dFILE
/etc/dracut.conf.d/localhost.confhostonly="yes"
kernel_cmdline="rd.luks.uuid=3993bc45-30c5-4293-ad0d-c803d6b43450 rd.luks.allow-discards=3993bc45-30c5-4293-ad0d-c803d6b43450 rootfstype=btrfs root=UUID=0528276b-c1f2-4196-b775-7d0be924abbf rootflags=defaults,noatime,compress=lzo,autodefrag,ssd,subvolid=256,subvol=root"
add_dracutmodules+=" btrfs crypt usrmount "
omit_dracutmodules+=" systemd systemd-initrd dracut-system i18n systemd-udevd"
root #echo "/usr" > /etc/initramfs.mounts- install binary distribution kernel
root #emerge -av sys-kernel/gentoo-kernel-bin- update @world
root #emerge -avuDU @worldInstall bootloader
- mount EFI partition
root #mkdir -vp /efiroot #mount -v /dev/nvme0n1p1 /efi- reconfigure kernel
root #emerge --config gentoo-kernel-bin- install bootloader
root #bootctl installfstab
FILE
/etc/fstabPARTUUID="26edf43f-0eba-4eaf-9282-1ef9fb24c288" /efi vfat umask=0077 0 2
LABEL=BTROOT / btrfs default,noatime,compress=lzo,autodefrag,subvol=root,ssd 0 0
LABEL=BTROOT /var btrfs default,noatime,compress=lzo,autodefrag,subvol=var,ssd 0 0
LABEL=BTROOT /home btrfs default,noatime,compress=lzo,autodefrag,subvol=home,ssd 0 0
Networking information
- set hostname
root #echo "korhal" > /etc/hostname- install and enable DHCP
root #emerge -av net-misc/dhcpcdroot #systemctl enable dhcpcd- configure hosts file
FILE
/etc/hosts127.0.0.1 korhal localhost
::1 korhal localhost
- allow DHCP with systemd-networkd
FILE
/etc/systemd/network/50-dhcp.network[Match]
Name=en*
[Network]
DHCP=yes
root #systemctl enable --now systemd-networkd.service- write /etc/resolv.conf with systemd-resolved
root #ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
root #systemctl enable --now systemd-resolved.service
System information
root #systemd-machine-id-setup- set root password
- reboot
Installing tools
- run systemd firstboot prompt
root #systemd-firstboot --prompt- install indexer
root #emerge --ask sys-apps/mlocate- install bash completion for gentoo
root #emerge --ask app-shells/bash-completion- enable NTP client
root #systemctl enable systemd-timesyncd.service- install filesystem tools
root #emerge --ask sys-block/io-scheduler-udev-rulesroot #emerge --ask sys-fs/btrfs-progs- install wifi tools
root #emerge --ask net-wireless/iw net-wireless/wpa_supplicant- install misc. tools
root #emerge -a app-misc/tmux app-misc/fastfetch sys-process/btop app-portage/eix app-portage/gentoolkitSetup unprivileged user account
- create user
root #useradd -m -G audio,cdrom,portage,plugdev,usb,users,video,wheel -s /bin/bash lurps- set password
root #passwd lurps- install sudo
root #emerge --ask app-admin/sudo- grant group or user permissions
root #visudoClean disk
root #rm -v /stage3-*.tar.*Install Sway
- install sway and basic tools
root #emerge -avuDNU @worldroot #emerge --ask gui-wm/swayroot #emerge --ask gui-apps/foot gui-apps/wmenu gui-apps/waybar gui-apps/mako gui-apps/swaylock gui-apps/swayidle- install sddm and enable it
root #emerge --ask x11-misc/sddmroot #usermod -a -G video sddmroot #systemctl enable sddm.service- reboot and login as user
Prepare working environment
- install flatpak and add flathub
root #emerge --ask sys-apps/flatpakuser $flatpak remote-add --user --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo- install some flatpaks
user $flatpak install com.github.tchx84.Flatsealuser $flatpak install flathub com.brave.Browseruser $flatpak install flathub md.obsidian.Obsidianuser $flatpak install flathub org.zotero.Zoterouser $flatpak install flathub org.mozilla.Thunderbird- install more software with portage
root #echo "app-admin/rcm ~amd64" > /etc/portage/package.accept_keywords/rcmroot #echo "net-misc/nextcloud-client nautilus" > /etc/portage/package.use/nextcloud-clientroot #emerge --ask \ app-admin/pass \
app-admin/pydf \
app-admin/rcm \
app-backup/snapper \
app-misc/ranger \
app-shells/fzf \
dev-vcs/git \
gnome-base/nautilus \
sys-apps/bat \
sys-apps/etckeeper \
sys-apps/pciutils \
sys-apps/usbutils \
sys-process/lsof
- configure eix
FILE
/etc/eix-sync.conf# Sync all ebuild repositories with layman -S
*
# Regenerate ebuild repository metadata
@emerge --regen || true
- add timer for eix-update
FILE
/etc/systemd/system/eix-update.timer[Unit]
Description=update the eix database 15min after boot
[Timer]
OnBootSec=15min
OnUnitActiveSec=1d
[Install]
WantedBy=timers.target
FILE
/etc/systemd/system/eix-update.service[Unit]
Description=update the eix database 15min after boot and every day if system is running
[Service]
Type=oneshot
ExecStart=/usr/bin/eix-update
User=portage
Group=systemd-journal
root #systemctl daemon-reloadroot #systemctl enable eix-update.timer- generate SSH keypair and upload to GitHub
user $ssh-keygen -C "$(id -nu)@$(hostname)_$(date '+%Y%m%d')"- clone dotfiles
user $git clone git@github.com:TheLurps/dotfiles.git ~/.dotfiles- clone password-store
user $git clone git@github.com:TheLurps/password-store.git ~/.password-store- copy old .rcrc from dotfiles, edit and add to host config
user $mkrc -B korhal ~/.rcrc- copy configs from dotfiles
user $rcup -v- import GPG keys
References
- Btrfs/Encrypted_Btrfs_System_Root_Guide
- Btrfs
- Dm-crypt_full_disk_encryption
- Fastfetch
- Full_Disk_Encryption_From_Scratch
- Full_Encrypted_Btrfs/Native_System_Root_Guide
- Gentoo_Binary_Host_Quickstart
- Handbook:AMD64/Full/Installation
- Neovim
- Project:Distribution_Kernel
- Recommended_tools
- Sudo
- Swap
- Sway
- Systemd/systemd-boot
- Systemd
- User:Sakaki/Sakaki's_EFI_Install_Guide
- Wayland