Rewrote the whole website to get rid on a heavy theme

content/docs/_index.md

@@ -0,0 +1,10 @@
+---
+title: "Docs"
+menu:
+  main:
+    weight: 1
+---
+
+This is the Docs section of this website. It is an heritage of the old wiki I maintained, with information that does not really fit in a blog format.
+
+The information is organised in the following sections :

content/docs/about-me/_index.md

@@ -0,0 +1,33 @@
+---
+title: "About me"
+description: Information about the author of this website
+---
+
+## Who am I?
+
+Hello, and thanks for asking! My name is Julien Dessaux, and I am a 34 years old guy working in IT. Adyxax is the nickname I use on IRC, github, etc.
+
+## Online presence
+
+You won't find me on social networking websites. I have a Linkedin account that I don't use and that's it. I tried to make social networking work when I installed a pleroma instance
+for my own use but I ended up trashing it. I just don't get this aspect of modern society. I hang out with my friends and we catch up : we talk about our lives, what happened to us. We share photos and
+stories while having a drink... and that's it!
+
+## Professional Career
+
+I'm currently employed as a System and Network Architect at an awesome company named AlterWay, 3 years and counting. Before that I worked for 7 years at another awesome company named Intersec where I lead the IT team.
+
+### Intersec
+
+When I joined Intersec in September 2009 as the first full time system administrator we were just about 15 people. When I left in 2016 it had grown up to more than 160 people with
+branch offices in three countries, and I am glad I was along for the ride. I have been the head of IT for about four years, participating in Intersec's growth by scaling the
+infrastructure, deploying new services (Remote access, self hosted email, backups, monitoring, etc.), and recruiting my teammates. I left Intersec looking for new challenges and
+for a new life away from the capital. Paris is one of the best cities on earth, but I needed a change and left for Lyon.
+
+### AlterWay
+
+I joined Alterway in October 2016 for a more technical role and a bit of a career shift towards networking. It has been a great experience.
+
+## How to get in touch
+
+You can write me an email at julien -DOT- dessaux -AT- adyxax -DOT- org, I will answer.

content/docs/adyxax.org/_index.md

@@ -0,0 +1,22 @@
+---
+title: "adyxax.org"
+description: a set of pages about the computer infrastructure powering this website and other services
+---
+
+## What is adyxax.org?
+
+adyxax.org is very much like a small personnal cloud of inexpensive servers hosted here and there. I am using my experience as a
+sysadmin to make it all work and provide various services that are useful to me and people that are close to me. As a good sysadmin, I am trying to be lazy and build the most self
+maintainable solution, with as little maintenance overhead as possible.
+
+It used to rely on mostly gentoo (and some optional openbsd) servers interconnected with point to point openvpn links. Services ran inside lxd on alpine linux containers. Communications between all those services work
+thanks to dynamic routing with bird and ospf along those openvpn links. I made extensive use of ansible to orchestrate all that, deploy the containers and manage them.
+
+Even though it worked really well for years, I do not plan to blog a lot about this setup... but that can change if someone interested writes me at julien -DOT- dessaux -AT- adyxax -DOT- org. On this new documentation site I plan to focus on how I am migrating some of it on kubernetes, because even if it has always worked well it still is a rather unusual infrastructure. Even if I am proud of it, it is stable and easy and comfortable... It is not good for me to not look deeper into new technologies. Gentoo, OpenBSD and LXD is not the most popular combination out there. I will not abandon it completely, but working on more employable skills will do me good.
+
+## Why write about it?
+
+As a system and network administrator I believe I have a deep understanding of linux and other unix like operating systems, networking and storage, and even with all that knowledge and experience getting on kubernetes is hard. Deploying kubernetes itself is not hard, but there are so so many choices that you make each steps of the way that will define how hard it is going to be to maintain and debug. Choosing what kubernetes flavor to deploy is one tough choice, choosing how to deploy it is another. Then choosing your network provider is a juicy one, so many subtle differences come into play!
+
+I believe there are way too many blogs that focus on the hello world aspects and quick and dirty deployments... and those come out way too often in google search results. Writing about the choices I made will also help me reflect on them as this infrastructure evolves and grows.
+

content/docs/adyxax.org/services/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Services"
+linkTitle: "Services"
+weight: 1
+description: >
+  Here are the services provided by adyxax.org
+---
+

content/docs/adyxax.org/services/checkmk.md

@@ -0,0 +1,16 @@
+---
+title: "checkmk"
+linkTitle: "checkmk"
+weight: 1
+description: >
+  checkmk
+---
+
+TODO
+
+## Updating
+
+- Download latest raw edition package from http://mathias-kettner.com/check_mk_download_version.php?HTML=yes&version=1.2.8p15&edition=cre and install it.
+- `run omd backup adyxax adyxax.bak`
+- `run omd update adyxax`
+- If all went well, apt purge the previous check_mk version to free space.

content/docs/adyxax.org/services/git.md

@@ -0,0 +1,42 @@
+---
+title: "git"
+weight: 1
+description: >
+  adyxax.org git server
+---
+
+git.adyxax.org is a gitea instance. For about 10 years I used a gitolite installation but I finally went for a gui instead in order to host repositories for non tech people.
+
+## Preparing the postgresql database
+
+I am currently hosting this gitea instance on an OpenBSD server. Obviously postgresql is packaged on this system so the installation is as simple as :
+{{< highlight sh >}}
+pkg_add postgresql-server
+su - __postgresql
+mkdir /var/postgresql/data
+initdb -D /var/postgresql/data -U postgres -A scram-sha-256 -E UTF8 -W
+rcctl enable postgresql
+rcctl start postgresql
+su - ___postgresql
+psql -U postgresql
+CREATE ROLE gitea WITH LOGIN PASSWORD 'XXXXX';
+CREATE DATABASE gitea WITH OWNER gitea TEMPLATE template0 ENCODING UTF8 LC_COLLATE 'en_US.UTF-8' LC_CTYPE 'en_US.UTF-8';
+{{< /highlight >}}
+
+Since it is OpenBSD the defaults are secure for a local usage, therefore no other configuration is necessary.
+
+## Installing gitea
+
+Gitea is packaged on OpenBSD so the installation is as simple as :
+{{< highlight sh >}}
+pkg_add gitea
+nvim /etc/gitea/app.ini
+rcctl enable gitea
+rcctl start gitea
+{{< /highlight >}}
+
+## TODO Serving the website
+
+{{< highlight sh >}}
+nvim /etc/h2o/h2o.conf
+{{< /highlight >}}

content/docs/adyxax.org/services/nethack.md

@@ -0,0 +1,56 @@
+---
+title: "nethack"
+linkTitle: "nethack"
+weight: 1
+description: >
+  nethack
+---
+
+## dgamelaunch
+
+TODO
+
+{{< highlight sh >}}
+groupadd -r games
+useradd -r -g games nethack
+git clone 
+{{< /highlight >}}
+
+## nethack
+
+TODO
+
+{{< highlight sh >}}
+{{< /highlight >}}
+
+## scores script
+
+TODO
+
+{{< highlight sh >}}
+{{< /highlight >}}
+
+## copying shared libraries
+
+{{< highlight sh >}}
+cd /opt/nethack
+for i in `ls bin`; do for l in `ldd bin/$i | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done; done
+for l in `ldd dgamelaunch | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
+for l in `ldd nethack-3.7.0-r1/games/nethack | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
+{{< /highlight >}}
+
+## making device nodes
+
+TODO! For now I mount all of /dev in the chroot :
+{{< highlight sh >}}
+#mknod -m 666 dev/ptmx c 5 2
+mount -R /dev /opt/nethack/dev
+{{< /highlight >}}
+
+## debugging
+
+{{< highlight sh >}}
+gdb chroot
+run --userspec=nethack:games /opt/nethack/ /dgamelaunch
+{{< /highlight >}}
+

content/docs/adyxax.org/services/www.md

@@ -0,0 +1,47 @@
+---
+title: "www"
+linkTitle: "www"
+weight: 1
+description: >
+  adyxax.org main entry website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
+---
+
+This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). This article details how I
+installed hugo, how I initialised this website and how I manage it. I often refer to it as wiki.adyxax.org because I hosted a unique dokuwiki for a long
+time as my main website (and a pmwiki before that), but with hugo it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
+
+For a log of how I made the initial setup, see [this blog article.]({{< relref "/blog/miscellaneous/switching-to-hugo.md" >}})
+
+## Installing hugo
+
+I am currently hosting this website on an OpenBSD server. Hugo is packaged on this system so the installation is as simple as :
+{{< highlight sh >}}
+pkg_add hugo--extended
+{{< / highlight >}}
+
+## Bootstraping this site
+
+The website is on my gitea :
+{{< highlight sh >}}
+cd /var/www/htdocs
+git clone --recurse-submodules _gitea@git.adyxax.org:adyxax/www.git
+cd www
+{{< / highlight >}}
+
+The docsy theme requires two nodejs programs to run :
+{{< highlight sh >}}
+npm install -D --save autoprefixer
+npm install -D --save postcss-cli
+{{< / highlight >}}
+
+## hugo commands
+
+To publish the website in the `public` folder :
+{{< highlight sh >}}
+hugo --minify
+{{< / highlight >}}
+
+## TODO
+
+TODO deploy on push to git.adyxax.org
+TODO web server config

content/docs/gentoo/_index.md

@@ -0,0 +1,8 @@
+---
+title: "Gentoo"
+linkTitle: "Gentoo"
+weight: 1
+description: >
+  Gentoo related articles
+---
+

content/docs/gentoo/installation.md

@@ -0,0 +1,231 @@
+---
+title: "Installation"
+linkTitle: "installation"
+weight: 1
+description: >
+  Installation of a gentoo system
+---
+
+## Installation media
+
+You can get a bootable iso or liveusb from https://www.gentoo.org/downloads/. I recommend the minimal one. To create a bootable usb drive juste use `dd` to copy the image on it. Then boot on this brand new installation media.
+
+Once you boot on the installation media, you can start sshd and set a temporary password and proceed with the installation more confortably from another machine :
+
+{{< highlight sh >}}
+/etc/init.d/sshd start
+passwd
+{{< /highlight >}}
+
+## Partitionning
+
+There are several options depending on wether you need soft raid, full disk encryption or a simple root device with no additional complications. It will also differ if you are using a virtual machine or a physical one.
+
+{{< highlight sh >}}
+fdisk /dev/sda
+g
+n
+1
+2048
++2M
+t
+1
+4
+
+n
+2
+6144
++512M
+t
+2
+1
+
+n
+3
+1054720
+
+w
+mkfs.ext4 /dev/sda3
+mkfs.fat -F 32 -n efi-boot /dev/sda2
+mount /dev/sda3 /mnt/gentoo
+{{< /highlight >}}
+
+## Get the stage3 and chroot into it
+
+Get the stage 3 installation file from https://www.gentoo.org/downloads/. I personnaly use the non-multilib one from the advanced choices, since I am no longer using and 32bits software except steam, and I use steam from a multilib chroot.
+
+Put the archive on the server in /mnt/gentoo (you can simply wget it from there), then extract it :
+{{< highlight sh >}}
+tar xpf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
+mount /dev/sda2 boot
+mount -t proc none proc
+mount -t sysfs none sys
+mount -o rbind /dev dev
+cp /etc/resolv.conf etc/
+chroot .
+{{< /highlight >}}
+
+## Initial configuration
+
+We prepare the local language of the system :
+{{< highlight sh >}}
+env-update && source /etc/profile
+echo 'LANG="en_US.utf8"' > /etc/env.d/02locale
+sed '/#en_US.UTF-8/s/#//' -i /etc/locale.gen
+locale-gen
+source /etc/profile
+{{< /highlight >}}
+
+We set a loop device to hold the portage tree. It will be formatted with optimisation for the many small files that compose it :
+{{< highlight sh >}}
+mkdir -p /srv/gentoo-distfiles
+truncate -s 10G /portage.img
+mke2fs  -b 1024 -i 2048 -m 0 -O "dir_index" -F /portage.img
+tune2fs -c 0 -i 0 /portage.img
+mkdir /usr/portage
+mount -o loop,noatime,nodev /portage.img /usr/portage/
+{{< /highlight >}}
+
+We set default compilation options and flags. If you are not me and cannot rsync this location, you can browse it from https://packages.adyxax.org/x86-64/etc/portage/ :
+{{< highlight sh >}}
+rsync -a --delete packages.adyxax.org:/srv/gentoo-builder/x86-64/etc/portage/ /etc/portage/
+sed -i /etc/portage/make.conf -e s/buildpkg/getbinpkg/
+echo 'PORTAGE_BINHOST="https://packages.adyxax.org/x86-64/packages/"' >> /etc/portage/make.conf
+{{< /highlight >}}
+
+We get the portage tree and sync the timezone
+{{< highlight sh >}}
+emerge --sync
+{{< /highlight >}}
+
+## Set hostname and timezone
+
+{{< highlight sh >}}
+export HOSTNAME=XXXXX
+sed -i /etc/conf.d/hostname -e /hostname=/s/=.*/=\"${HOSTNAME}\"/
+echo "Europe/Paris" > /etc/timezone
+emerge --config sys-libs/timezone-data
+{{< /highlight >}}
+
+## Check cpu flags and compatibility
+
+TODO
+{{< highlight sh >}}
+emerge cpuid2cpuflags -1q
+cpuid2cpuflags
+gcc -### -march=native /usr/include/stdlib.h
+{{< /highlight >}}
+
+## Rebuild the system
+
+{{< highlight sh >}}
+emerge --quiet -e @world
+emerge --quiet dosfstools app-admin/logrotate app-admin/syslog-ng app-portage/gentoolkit dev-vcs/git bird openvpn htop net-analyzer/tcpdump net-misc/bridge-utils sys-apps/i2c-tools sys-apps/pciutils sys-apps/usbutils sys-boot/grub sys-fs/ncdu sys-process/lsof
+{{< /highlight >}}
+
+## Grab a working kernel
+
+Next we need to Grab a working kernel from our build server along with its modules. If you don't have one already, you have some work to do!
+
+Check the necessary hardware support with :
+{{< highlight sh >}}
+i2cdetect -l
+lspci -nnk
+lsusb
+{{< /highlight >}}
+
+TODO specific page with details on how to build required modules like the nas for example.
+{{< highlight sh >}}
+emerge gentoo-sources genkernel -q
+...
+{{< /highlight >}}
+
+## Final configuration steps
+
+### fstab
+
+{{< highlight sh >}}
+# /etc/fstab: static file system information.
+#
+#<fs>         <mountpoint>  <type>  <opts>              <dump/pass>
+/dev/vda3     /             ext4    noatime             0  1
+/dev/vda2     /boot         vfat    noatime             1  2
+/portage.img  /usr/portage  ext2    noatime,nodev,loop  0  0
+{{< /highlight >}}
+
+### networking
+{{< highlight sh >}}
+echo 'hostname="phoenix"' > /etc/conf.d/hostname
+echo 'dns_domain_lo="adyxax.org"
+config_eth0="192.168.1.3 netmask 255.255.255.0"
+routes_eth0="default via 192.168.1.1"' > /etc/conf.d/net
+cd /etc/init.d
+ln -s net.lo net.eth0
+rc-update add net.eth0 boot
+{{< /highlight >}}
+
+### Grub
+
+TODO especially the conf in /etc/default/grub when using an encrypted /
+{{< highlight sh >}}
+{{< /highlight >}}
+
+### /etc/hosts
+
+{{< highlight sh >}}
+scp root@collab-jde.nexen.net:/etc/hosts /etc/
+{{< /highlight >}}
+
+### root account access
+
+{{< highlight sh >}}
+mkdir -p /root/.ssh
+echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN1ha6PFKgxF3MSWUlDaruVVpj3UzoiN4IJEvDrCnDbIW8xu+TclbeGJSRXXBbqRKeUfhX0GDA7cvSUIAz2U7AGK7wq5tbzJKagVYtxcSHBSi6dZR9KGb3eoshnrCeFzem1jWXG02PZJGvjB+ml3QhUguyAqm9q0n/NL6zzKhGoKiELO+tQghGIY8jafRv4rE4yyXZnwuCu8JI9P8ldGhKgOPeOdKIVTIVezUmKILWgAF+Hg7O72rQqUua9sdoK1mEYme/wgu0bQbvN26owGgBAgS3uc2nngLD01TZToG/wC1wH9A3KxT6+3akjRlPfLOY0BuK4OBGEGm6e0KZrIMhUr8fHQ8nmTmBqw7puI0gIXYB2EjhpsQ7TijYVqLYXbyxaXYyqisgY0QRWC7Te5Io6TSgorfXzi7zrcQGgWByHkhxTylf36LYSKWEheIQIRqytOdGqeXagFMz2ptLFKk4dA61LS5fPXIJucdghvnmLPml8cO9/9VHQ7gq7DxQu7sIwt/W13yTTUyI9DSHwxeHUwECzxAb5pOVL6pRjTMH8q1/eAMl35TFSh6s5tGvvHGz9+gMlE9A2Pv8CyXDBmXV6srrwxTSlglnmgdq6c9w3VtBKu572/z0cS6vqZMgEno4rIiwyhqNWdjbMXYw/U0q/w5XC9zCcSuluxvaY14qqQ== adyxax
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMdBAFjENiPMTtq90GT3+NZ68nfGxQiRExaYYnLzm1ecmulCvsuA4AOpeLY6f+FWe+ludiw7nhrXzssDdsKBy0QL+XQyvjjjW4X+k9MYhP1gAWXEOGJnjJ/1ovEsMt++6fLyNKLUTA46kErbEehDs22r+rIiEKatrn0BNrJcRI94H44oEL1/ImzVam0cSBL0tPiaJxe60sBs7M76zfyFtVdMGkeuBpS7ee+FLA58fsS3/sEZmkas8MT0QdvZz1y/66MknXYbIaqDSOUACXGF4yVKpogLRRJ1SgNo1Ujo/U3VOR1O4CiQczsZOcbSdjgl0x3fJb7BaIxrZy9iW2I7G/L/chfTvRws+x1s1y5FNZOOiXMCdZjhgLaRwb6p5gMsMVn9sJbhDjmejcAkBKQDkzbvxxhfVkH225FoVXA9YF0msWLyOEyZQYbA8autLDJsAOT5RDfw/G82DQBufAPEBR/bPby0Hl5kjqW75bpSVxDvzmKwt3EpITg9iuYEhvYZ/Zq5qC1UJ54ZfOvaf0PsTUzFePty6ve/JzfxCV1XgFQ+B8l4NSz11loDfNXSUngf7lL4qu5X4aN6WmLFO1YbyFlfpvt3K1CekJmWVeE5mV9EFTUJ4ParVWRGiA4W+zaCOsHgRkcGkp4eYGyWW8gOR/lVxYU2IFl9mbMrC9bkdRbQ== hurricane' > /root/.ssh/authorized_keys
+passwd
+{{< /highlight >}}
+
+### Add necessary daemons on boot
+{{< highlight sh >}}
+rc-update add syslog-ng default
+rc-update add cronie default
+rc-update add sshd default
+{{< /highlight >}}
+
+## TODO
+
+{{< highlight sh >}}
+net-firewall/shorewall
+...
+rc-update add shorewall default
+sed '/PRODUCTS/s/=.*/="shorewall"/' -i /etc/conf.d/shorewall-init
+rc-update add shorewall-init boot
+
+net-analyzer/fail2ban
+echo '[sshd]
+enabled  = true
+filter = sshd
+ignoreip = 127.0.0.1/8  10.1.0.0/24  37.187.103.36  137.74.173.247  90.85.207.113
+bantime  = 3600
+banaction = shorewall
+logpath = /var/log/messages
+maxretry = 3' > /etc/fail2ban/jail.d/sshd.conf
+rc-update add fail2ban default
+
+app-emulation/docker
+/etc/docker/daemon.json
+{ "iptables": false }
+rc-update add docker default
+
+app-emulation/lxd
+rc-update add lxd default
+{{< /highlight >}}
+
+## References
+
+- http://blog.siphos.be/2013/04/gentoo-protip-using-buildpkgonly/
+- https://wiki.gentoo.org/wiki/Genkernel
+- https://wiki.gentoo.org/wiki/Kernel/Configuration
+- https://wiki.gentoo.org/wiki/Kernel
+- https://forums.gentoo.org/viewtopic-t-1076024-start-0.html
+- https://wiki.gentoo.org/wiki/Binary_package_guide#Setting_up_a_binary_package_host

content/docs/gentoo/kernel_upgrades.md

@@ -0,0 +1,45 @@
+---
+title: "Gentoo Kernel Upgrades"
+linkTitle: "Kernel Upgrades"
+weight: 1
+description: >
+  Gentoo kernel upgrades on adyxax.org
+---
+# Gentoo kernel upgrades
+
+## Building on collab-jde
+
+{{< highlight sh >}}
+PREV_VERSION=4.14.78-gentoo
+eselect kernel list
+eselect kernel set 1
+cd /usr/src/linux
+for ARCHI in `ls /srv/gentoo-builder/kernels/`; do
+    make mrproper
+    cp /srv/gentoo-builder/kernels/${ARCHI}/config-${PREV_VERSION} .config
+    echo "~~~~~~~~~~ $ARCHI ~~~~~~~~~~"
+    make oldconfig
+    make -j5
+    INSTALL_MOD_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make modules_install
+    INSTALL_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make install
+done
+{{< / highlight >}}
+
+## Deploying on each node :
+
+{{< highlight sh >}}
+export VERSION=5.4.28-gentoo-x86_64
+wget http://packages.adyxax.org/kernels/x86_64/System.map-${VERSION} -O /boot/System.map-${VERSION}
+wget http://packages.adyxax.org/kernels/x86_64/config-${VERSION} -O /boot/config-${VERSION}
+wget http://packages.adyxax.org/kernels/x86_64/vmlinuz-${VERSION} -O /boot/vmlinuz-${VERSION}
+rsync -a --delete collab-jde.nexen.net:/srv/gentoo-builder/kernels/x86_64/lib/modules/${VERSION} /lib/modules/
+eselect kernel set 1
+cd /usr/src/linux
+cp /boot/config-${VERSION} .config
+cp /boot/System.map-${VERSION} System.map
+(cd usr ; make gen_init_cpio)
+make modules_prepare
+emerge @module-rebuild
+genkernel --install initramfs --ssh-host-keys=create-from-host
+grub-mkconfig -o /boot/grub/grub.cfg
+{{< / highlight >}}

content/docs/gentoo/lxd.md

@@ -0,0 +1,38 @@
+---
+title: "LXD"
+linkTitle: "LXD"
+weight: 1
+description: >
+  How to setup a LXD server
+---
+
+{{< highlight sh >}}
+touch /etc{/subuid,/subgid}
+usermod --add-subuids 1000000-1065535 root
+usermod --add-subgids 1000000-1065535 root
+emerge -q app-emulation/lxd
+/etc/init.d/lxd start
+rc-update add lxd default
+{{< /highlight >}}
+
+{{< highlight sh >}}
+myth /etc/init.d # lxd init
+Would you like to use LXD clustering? (yes/no) [default=no]:
+Do you want to configure a new storage pool? (yes/no) [default=yes]:
+Name of the new storage pool [default=default]:
+Would you like to connect to a MAAS server? (yes/no) [default=no]:
+Would you like to create a new local network bridge? (yes/no) [default=yes]: no
+Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
+Name of the existing bridge or host interface: lxdbr0
+Would you like LXD to be available over the network? (yes/no) [default=no]: yes
+Address to bind LXD to (not including port) [default=all]: 10.1.0.247
+Port to bind LXD to [default=8443]:
+Trust password for new clients:
+Again:
+Invalid input, try again.
+
+Trust password for new clients:
+Again:
+Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
+Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
+{{< /highlight >}}

content/docs/gentoo/steam.md

@@ -0,0 +1,65 @@
+---
+title: "Steam"
+linkTitle: "Steam"
+weight: 1
+description: >
+  How to make steam work seamlessly on gentoo with a chroot
+---
+
+I am not using a multilib profile on gentoo (I use amd64 only everywhere), so when the time came to install steam I had to get a little creative. Overall I believe this is the perfect
+way to install and use steam as it self contains it cleanly while not limiting the functionalities. In particular sound works, as does the hardware acceleration in games. I tried to
+achieve that with containers but didn't quite made it work as well as this chroot setup.
+
+## Installation notes
+
+Note that there is no way to provide a "most recent stage 3" installation link. You will have to browse http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/
+and adjust the download url manually bellow :
+
+{{< highlight sh >}}
+mkdir /usr/local/steam
+cd /usr/local/steam
+wget http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20190122T214501Z.tar.xz
+tar -xvpf stage3*
+rm stage3*
+cp -L /etc/resolv.conf etc
+mkdir usr/portage
+mkdir -p srv/gentoo-distfiles
+mount -R /dev dev
+mount -R /sys sys
+mount -t proc proc proc
+mount -R /usr/portage usr/portage
+mount -R /usr/src usr/src
+mount -R /srv/gentoo-distfiles/ srv/gentoo-distfiles/
+mount -R /run run
+cp /etc/portage/make.conf etc/portage/
+sed -e '/LLVM_TARGETS/d' -e '/getbinpkg/d' -i etc/portage/make.conf
+rm -rf etc/portage/package.use
+cp /etc/portage/package.use etc/portage/
+cp /etc/portage/package.accept_keywords etc/portage/
+chroot . 
+env-update && source /etc/profile
+wget -P /etc/portage/repos.conf/ https://raw.githubusercontent.com/anyc/steam-overlay/master/steam-overlay.conf
+emaint sync --repo steam-overlay
+emerge dev-vcs/git -q
+emerge --ask games-util/steam-launcher
+useradd -m -G audio,video steam
+{{< /highlight >}}
+
+## Launch script
+
+Note that we use `su` and not `su -` since we need to preserve the environment. If you don't you won't get any sound in game. The pulseaudio socket is shared through the mount of
+/run inside the chroot :
+{{< highlight sh >}}
+su
+cd /usr/local/steam
+mount -R /dev dev
+mount -R /sys sys
+mount -t proc proc proc
+mount -R /usr/portage usr/portage
+mount -R /usr/src usr/src
+mount -R /run run
+chroot . 
+env-update && source /etc/profile
+su steam
+steam
+{{< /highlight >}}