luc/void-desktop
1
0
Fork 0
Code Issues Pull requests Activity

merged void-laptop and updated void-desktop-install.md

Browse source
This commit is contained in:
Luc Bijl 2023-04-09 16:06:50 +02:00
parent 0cff788e38
commit bf022064d7
9 changed files with 982 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

480
void-desktop-install.md
View file

@ -1,6 +1,6 @@
# A Void Linux desktop install (Unfinished)
# A Void Linux install (Unfinished)
This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86-64 glibc/musl install. In this install gummiboot is used as bootloader and the root partition will be encrypted.
This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86_64 glibc/musl install on uefi. In this install gummiboot is used as bootloader and the root partition will be encrypted.
## Provisioning
@ -10,7 +10,7 @@ It should look something like this:
| Number of partition | Size | Type |
|:-----:|:-----:|:-----: |
| 1 | 1 to 2 GB | EFI System |
| 1 | 1 to 2 GB or more | EFI System |
| 2 | Rest of the drive | Linux filesystem |
Then to create the filesystem of the efi partition.
@ -27,9 +27,11 @@ And the encrypted filesystem of the root partition.
# mkfs.ext4 -L root /dev/mapper/root
```
Other filesystems can also be used but `ext4` is the standard for most linux distobutions.
## Installation
The encrypted partition and the efi partition have to be mounted to the main system.
To install the Void Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.
```
# mount /dev/mapper/root /mnt
@ -152,7 +154,7 @@ The `uuid` is needed again and can be obtained by:
Now edit `/boot/loader/void-options.conf` and insert:
```
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1
```
To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.
@ -161,31 +163,18 @@ To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.
timeout 4
```
Then to configure the locales:
* For glibc: edit `/etc/default/libc-locales` and uncomment.
If running `glibc` the locales have to be configured, to configure the locales edit `/etc/default/libc-locales` and uncomment.
```
en_US.UTF-8 UTF-8
```
* For musl:
And reconfigure the locales.
```
# xbps-reconfigure -f glibc-locales
```
Then reconfigure the locales.
* For glibc:
```
# xbps-reconfigure -f glibc-locales
```
* For musl:
```
```
To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting:
@ -202,7 +191,7 @@ To set the internal network edit `/etc/hosts` and insert.
Finally reconfigure Linux.
```
# xbps-reconfigure -f linux{version}
# xbps-reconfigure -f linux<version>
```
Exit the chroot.
@ -223,4 +212,449 @@ And reboot.
# shutdown -r now
```
## Post install
## Post install
In the post install section the installation and configuration of certain applications are elaborated. With the use of the config-files in this repository.
To obtain these config-files the void-desktop repository may be cloned with the `git` command.
```
$ git clone https://git.bijl.us/luc/void-desktop.git
```
### Network
NetworkManager will be used as Network daemon due to its versatility. The package was already installed with the installation, thereby it only needs to be symlinked to `/var/service` to function.
```
# ln -s /etc/sv/NetworkManager /var/service
```
NetworkManager needs the `dbus` daemon to function, in general most other applications that will be discussed in the Post install section need `dbus`. To symlink `dbus` to `/var/service`:
```
# ln -s /etc/sv/dbus /var/service
```
Then, NetworkManager may be configured to enhance the security of the system. This is especially useful for laptops etc. To do this edit `/etc/NetworkManager/NetworkManager.conf`.
```
[device-mac-randomization]
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
```
### Users
A user should be added to improve security of the system.
```
# useradd <user>
```
The user may be added to certain groups, to give it some rights.
```
# usermod -aG wheel,audio,video,kvm,tty,input,storage(,bluetooth,_seatd) <user>
```
The package `sudo` that is present in the `base-system` package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit `/etc/xbps.d/xbps.conf` and insert:
```
ignorepkg=sudo
```
Then remove `sudo`.
```
# xbps-remove -y sudo
```
The `sudo` package will be replaced by `opendoas`. To install it:
```
# xbps-install -Sy opendoas
```
Symlink it to `/bin/sudo` so that applications which require root can still be granted by the user.
```
# ln -s /bin/doas /bin/sudo
```
And edit `/etc/doas.conf` to give users in the `wheel` group access to the `doas` command.
```
permit persist :wheel as root
```
To finalize this section, the `.bashrc` and `.bash_profile` configuration files will be copied to the home space of the user.
```
$ cp void-desktop/config-files/bash/.bashrc .bashrc
$ cp void-desktop/config-files/bash/.bash_profile .bash_profile
```
### Linux-lts
It might be desirable to install an LTS kernel for better stability. This can be done by:
```
# xbps-install -Sy linux-lts linux-lts-headers
```
To uninstall the non-lts kernel, ignore the package through `/etc/xbps.d/xbps.conf` by adding:
```
ignorepkg=linux
```
And then removing the `linux` meta package and its dependecies:
```
# xbps-remove -Ry linux
```
### Localtime
A "Network Time Protocol Daemon" (nptd for short) can sync the system clock with internet standard time servers. The `chrony` daemon is used as ntpd. Install it by:
```
# xbps-install -Sy chrony
```
Then to active its service:
```
ln -s /etc/sv/chronyd /var/service
```
To configure the timezone to your own edit the `/etc/rc.conf` file and set these lines:
```
HARDWARECLOCK="localtime"
TIMEZONE=("Europe/Amsterdam")
```
### Using Swap
Swap can be utilised by the system to free up space in RAM. For most use cases it is recommend to create a swapfile that is one and a half times the size of your RAM.
To create a swapfile of 8 GB use:
```
# dd if=/dev/zero of=/swapfile bs=8M count=1024 status=progress
```
To create a different size of swapfile, change the `count=` amount to a desirable size.
Then to actually add the swap space to your system issue these commands:
```
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
```
To mount the swap to the system at boot, add the swapfile to your `/etc/fstab`:
```
/swapfile none swap defaults 0 0
```
And do not forget to reconfigure the kernel after updating`/etc/fstab`:
```
# xbps-reconfigure -f linux<version>
```
### Network filesystems
Network filesystems may be used for enhanced workflow between multiple devices and persistance of storage.
#### Samba
Samba is such a Network filesystem protocol that may be used between different platforms. To use it install.
```
# xbps-install -Sy cifs-utils
```
Next, a credentials file will be created that is, `$HOME/.smbpasswd`. Edit the file and insert:
```
username=<username>
password=<password>
domain=<domain>
```
Concerning security considerations, the permissions may be enhanced.
```
# chmod 600 $HOME/.smbpasswd
```
Then edit `/etc/fstab` and insert:
```
//<domain>/<homefolder> $HOME/<smbfolder> cifs credentials=$HOME/.smbpasswd,_netdev,uid=<uid> 0 0
```
Finally mount the network filesystem.
```
# mount -a
```
### Logging
Logging may be benificial to spot certain misbehaviours or errors in the system. The `socklog-void` package will be used as logging daemon.
```
# xbps-install -Sy socklog-void
# ln -s /etc/sv/socklog-unix /var/service/
# ln -s /etc/sv/nanoklogd /var/service/
```
To read the logs use:
```
# svlogtail
```
Or go to `/var/log/socklog`.
### Repositories
To install the official Void Linux 32-bit and nonfree repositories simply install their respective packages:
* For glibc
```
# xbps-install -Sy void-repo-multilib void-repo-nonfree void-repo-multilib-nonfree
```
* For musl
```
# xbps-install -Sy void-repo-nonfree
```
And update the repositories:
```
# xbps-install -S
```
There is also our unnofficial extra repository for some additional packages and some packages which are needed for the graphical installation. To use those add them to `/etc/xbps.d/00-repository-ample.conf`,
* For glibc:
```
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/nonfree
```
* For musl
```
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/musl
```
And refresh the repositories:
```
# xbps-install -S
```
### Firmware and drivers
#### GPU drivers
It is necessary for a graphical enviroment to install GPU drivers. To install the drivers for your GPU use one of the following commands:
* For Intel
```
# xbps-install -Sy linux-firmware-intel mesa mesa-dri vulkan-loader mesa-vulkan-intel intel-video-accel
```
* For AMD
```
# xbps-install -Sy linux-firmware-amd vulkan-loader mesa-vulkan-radeon amdvlk xf86-video-amdgpu mesa-vaapi mesa-vdpau mesa-dri
```
* For Nvidia (*glibc only*)
```
# xbps-install -Sy nvidia nvidia-opencl
```
##### 32-bit drivers
(Only applicable to glibc as Void Linux musl only supports 64-bit)
To run 32-bit applications like some videogames it will also be necessary to install the 32-bit drivers:
* For Intel
```
# xbps-install -Sy mesa-32bit mesa-dri-32bit mesa-vulkan-intel-32bit vulkan-loader-32bit
```
* For AMD
```
# xbps-install -Sy vulkan-loader-32bit amdvlk-32bit mesa-32bit mesa-dri-32bit
```
* For Nvidia
```
# xbps-install -Sy nvidia-libs-32bit
```
#### CPU firmware
To keep the firmware of your CPU up to date it is necessary to install the correct microcode:
* For Intel
(The Intel microcode requires that you are using the nonfree repository)
```
# xbps-install -Sy intel-ucode
```
And regenerate the initramfs:
```
# xbps-reconfigure -f linux<version>
```
* For AMD
```
# xbps-install -Sy linux-firmware-amd
```
### Secure-boot
#### Linux Windows dual boot
```
# xbps-install -Sy sbctl
# sbctl create-keys
# sbctl enroll-keys --microsoft
# sbctl sign -s /boot/EFI/Boot/BOOTX64.EFI
# sbctl sign -s /boot/EFI/gummiboot/gummibootx64.efi
# sbctl sign -s /boot/vmlinuz-<version>
# sbctl verify
```
### Laptop-management
```
# xbps-install -Sy tlp tlpui
```
```
# ln -s /etc/sv/tlp /var/service
# ln -s /etc/sv/acpid /var/service
```
Edit `/etc/tlp.d/00-template.conf`
```
CPU_ENERGY_PERF_POLICY_ON_AC=performance
CPU_ENERGY_PERF_POLICY_ON_BAT=power
```
## Graphical session
### Session manager
To use a graphical enviroment it is necessary to start a seat and session manager. For a minimal install it is recommended to use `seatd`, `dumb_runtime_dir` and `polkit`. To install those run:
```
# xbps-install -Sy seatd dumb_runtime_dir polkit
```
Then to enable them:
```
# ln -s /etc/sv/seatd /var/service
# ln -s /etc/sv/polkitd /var/service
```
And for `dumb_runtime_dir` to function, configure `/etc/pam.d/system-login` by uncommenting:
```
session optional pam_dumb_runtime_dir.so
```
For some sane polkit rules add these lines to `/etc/polkit-1/rules.d/00-polkit.rules`:
```
polkit.addRule(function(action, subject)
{
if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/shutdown" && subject.isInGroup("wheel"))
return polkit.Result.YES;
});
polkit.addRule(function(action, subject)
{
if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/zzz" && subject.isInGroup("wheel"))
return polkit.Result.YES;
});
polkit.addRule(function(action, subject)
{
if (action.id.startsWith("org.freedesktop.udisks2.") && subject.isInGroup("storage"))
return polkit.Result.YES;
});
```
Or for the more lazy under us copy `void-desktop/config-files/polkit/00-polkit.rules` to `/etc/polkit-1/rules.d/`.
```
# cp -r void-desktop/config-files/polkit/00-polkit.rules /etc/polkit-1/rules.d/
```
### Login manager
To make it easier to log into the system, set up a login manager. For a minimal and wayland-compatible login manager use `greetd` with `gtkgreet`. Install them with:
```
# xbps-install -Sy greetd gtkgreet
```
### Window manager
There are many different window managers and desktop enviroments which can provide a decent experience. Wayfire is a functional, relativily lightweight and good looking wayland window manager and will be used for this install.
### Audio
### Essential applications
### Auto-mounting
### Printing
### Bluetooth
## Misc
### Virt-manager
### Wine
### Steam