Rinsmiles guide to the void Mark Feller's setup script
- Figure out the correct permissions for SSH folders
- Add setup for snapper
- Add how to configure audio properly for my wonky machine
- Fix the lack of secure boot configuration (and unencrypted boot stuff)
- Should I adjust swappiness?
- add
awkin the hibernation part - see if
bcstatement can be terser - Make SSD discards work; some documentation is provided by Void Linux Handbook
- Add a paragraph on how to change X config directory
- Read up on the keyfile part of device encryption page
- Read up on configuring the kernel and add that to this place
The angle brackets used in the guide refer to some values that were mentioned before; they do not have any meaning in the shell
As per this page, wipe the hard drive by clearing it with dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress (substitute the X in /dev/sdX with the relevant disk).
Through fdisk add an EFI partition (+260M) and the root partition with the remaining the free space.
Encrypt the /dev/sda2 partition and open it (--type=luks is necessary till GRUB 2.06 is released)
cryptsetup luksFormat --type=luks1 /dev/sda2
cryptsetup open /dev/sda2 femboyFormat the two partitions
mkfs.fat -n BOOT -F 32 /dev/sda1
mkfs.btrfs -L SYSTEM /dev/mapper/femboyCreate the btrfs subvolumes
mount -o rw,noatime,ssd,compress=zstd,commit=120 /dev/mapper/femboy /mnt
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@snapshots
btrfs subvolume create /mnt/@homeMount those directories
umount /mnt
mount -o rw,noatime,ssd,compress=zstd,commit=120,subvol=@ /dev/mapper/femboy /mnt
mkdir -p /mnt/{home,var/cache/,boot/efi,.snapshots}
mount -o rw,noatime,ssd,compress=zstd,commit=120,subvol=@home /dev/mapper/femboy /mnt/home
mount -o rw,noatime,ssd,compress=zstd,commit=120,subvol=@snapshots /dev/mapper/femboy /mnt.snapshots
mount -o rw,noatime /dev/sda1 /mnt/boot/efi
btrfs subvolume create /mnt/.swap
btrfs subvolume create /mnt/var/cache/xbps
btrfs subvolume create /mnt/var/tmpInstall the base system with musl
export XBPS_ARCH=x86_64-musl
xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current/musl -r /mnt base-system btrfs-progs cryptsetup grub-x86_64-efi curl gcc bcMount some important pseudo filesystem, chroot into /mnt and set root's password
mount -t proc proc /mnt/proc
mount -t sysfs sys /mnt/sys
mount -o bind /dev /mnt/dev
mount -t devpts pts /mnt/dev/pts
cp -L /etc/resolv.conf /mnt/etc/
cd /mnt
chroot /mnt /bin/bash
passwd root
chown root:root /
chmod 755 /Set the hostname and configure rc.conf
echo <hostname> > /etc/hostname
mv /etc/rc.conf /etc/rc.conf.bak
cat <<EOF > /etc/rc.conf
# /etc/rc.conf - system configuration for Void Linux
HOSTNAME="<hostname>"
HARDWARECLOCK="UTC"
TIMEZONE="Europe/Rome"
KEYMAP="uk"
EOFSetup the swapfile
cd /.swap
truncate -s 0 swapfile
dd if=/dev/urandom/ of=swapfile bs=1M count=8192
chattr +C swapfile
lsattr swapfile
mkswap swapfile && chown root swapfile && chmod 600 swapfile
mv /etc/crypttab /etc/crypttab.bak
cat <<EOF > /etc/crypttab
swap /.swap/swapfile /dev/urandom swap
EOF
cd ..Configure the fstab
mv /etc/fstab /etc/fstab.bak
cat <<EOF > /etc/fstab
LABEL=SYSTEM / btrfs rw,noatime,autodefrag,compress=zstd,commit=120,subvol=@ /dev/mapper/femboy 0 0
LABEL=SYSTEM /home btrfs rw,noatime,autodefrag,compress=zstd,commit=120,subvol=@home 0 0
LABEL=SYSTEM /.snapshots btrfs rw,noatime,autodefrag,compress=zstd,commit=120,subvol=@snapshots 0 0
LABEL=BOOT /boot/efi vfat defaults,noatime 0 2
/.swap/swapfile none swap defaults 0 0
EOFNote: fsck parameter doesn't do anything for btrfs subvolumes except output 8 if the device doesn't exists; for filesystem checks, one should use btrfs-check.
Note: swapfiles are referred to by their path in the root filesystem, that's just how it is.
TODO: not sure how good is autodefrag, although most of what I've read seems to convey that it's a good idea; gotta check out the actual reasoning behind it
To make the hibernation possible, we gotta do
mkdir test && cd test
curl -fsSL https://raw.githubusercontent.com/osandov/osandov-linux/master/scripts/btrfs_map_physical.c > btrfs_map_physical.c && gcc -O2 -o btrfs_map_physical btrfs_map_physical.c
sudo ./btrfs_map_physical /.swap/swapfile | head -n2
echo "<PHYSICAL-OFFSET>/$(getconf PAGESIZE)" | bc >> /etc/default/grub
cd .. && rm -rf testThe resulting value is the <resume_offset> value; let's edit the line in /etc/default/grub to (instead of just having the value waggling in there)
GRUB_CMDLINE_LINUX_DEFAULT="resume/dev/mapper/femboy resume_offset=<resume_offset>"
To tell GRUB that root is on the LUKS partition, add the GRUB_CMDLINE_LINUX="rd.luks.uuid=<$(blkid /dev/sdXN)> i915.modeset=1" (wherever your LUKS partition is) and GRUB_ENABLE_CRYPTODISK="y" to /etc/default/grub.
Note: The difference is that GRUB_CMDLINE_LINUX works in recovery mood too, while GRUB_CMDLINE_DEFAULT doesn't. Why did I put them in different places? I'm not sure actually :/
Note: i915.modeset=1 turns on KMS: it allows Intel graphic drivers to load earlier in the boot process, perhaps speeding it up
Next, we will create a keyfile to avoid entering the password twice on boot
dd bs=512 count=4 if=/dev/urandom of=/boot/volume.key
cryptsetup luksAddKey /dev/sda2 /boot/volume.key
chmod 000 /boot/volume.key
chmod -R g-rwx,o-rwx /boot
cat <<EOF >> /etc/crypttab
swap /.swap/swapfile /dev/urandom swap
femboy /dev/sda2 /boot/volume.key luks
EOF
cat <<EOF > /etc/dracut.conf.d/10-crypt.conf
install_items+=" /boot/volume.key /etc/crypttab "Configure dracut for the initramfs
echo 'add_dracutmodules+=" crypt btrfs resume "' >> /etc/dracut.conf
echo 'tmpdir=/tmp' >> /etc/dracut.conf
dracut --force --hostonly --kver <kernel-version>Note: check your /lib/modules folder for the <kernel-version>
Finish GRUB configuration with
mkdir /boot/grub
grub-mkconfig -o /boot/grub/grub.cfg
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id="void" --boot-directory=/boot --recheckUpdate Intel's microcode for security (it was proprietary all along anyway)
xbps-install -S void-repo-nonfree
xbps-install -Su
xbps-install intel-ucode
echo 'early_microcode="yes"' >> /etc/dracut.conf.d/intel_ucode.confI'm gonna refer to this thread, although as of now I don't clearly understand its assumptions.
First and foremost, we install a few packages, and then add support for advanced power states and frame bufffer compression to the kernel loading:
sudo xbps-install -S mesa-intel-dri libva-intel-driver intel-gmmlib sysfsutils
sudo cat <<EOF > /etc/modprobe.d/intel-graphics.conf
options i915 enable_dc=2 enable_fbc=1
EOF
sudo xbps-reconfigure linux$(uname -r | sed 's/\.[0-9]*_[0-9]*//')Run xbps-reconfigure -fa to ensure that all packages are configured properly: this will make dracut generate an initramfs and will make GRUB generate a working configuration
Let's end with the installation of some QoL software (perhaps this could've been done previously, whatever)
xbps-install -S fish-shell kitty kakouneCreate the user account and assign it to wheel; later edit the /etc/sudoers file to allow usage of sudo from wheel group
useradd -m -G wheel,input,audio,video,users -s $(which fish) <username>
passwd <username>
visudo Remember to set the permissions correctly after installing SSH and generating the key pair
bash -c 'for file in $(ls /etc/ssh/ | grep -v .pub); do chmod u=rw,go= /etc/ssh/$file; done'
chmod u=rwx,go= $HOME/.ssh
chmod u=rw,go= $HOME/.ssh/id_rsa
chmod a=r,u+w $HOME/.ssh/id_rsa.pubDownload the plugins
curl -Ls https://raw.githubusercontent.com/jarun/nnn/master/plugins/getplugs | sh
- This article describes how to mount your partition in case you misstype the password
Arch's wiki, duh
tobi-wan-kenobi Void Linux installation
qbrlsnchs Void Linux installation
passcod's Arch full-disk encryption with btrfs, swap and hibernation
cryptsetup FAQ
Void Linux Handbook - Full Disk Encryption
Void Linux Handbook - Installation via chroot