adyxax/www
1
0
Fork 0
Code Issues Pull requests Activity Actions

Long overdue first commit with content

Browse source
This commit is contained in:
Julien Dessaux 2020-04-28 17:29:52 +02:00
parent f63ce5bdd8
commit 6cc9d8c72a
92 changed files with 2031 additions and 97 deletions
Download patch file Download diff file Expand all files Collapse all files

8
content/en/docs/_index.md
View file

@ -1,12 +1,10 @@
---
title: "Documentation"
linkTitle: "Documentation"
title: "Yet Another SysAdmin Wiki"
linkTitle: "Wiki"
weight: 20
menu:
main:
weight: 20
---
This section is where the user documentation for your project lives - all the information your users need to understand and successfully use your project.
This is the wiki section of this website. When articles are not just self contained blog post I organise the information in the sections bellow :

19
content/en/docs/about/_index.md → content/en/docs/about-me/_index.md
View file

@ -1,9 +1,9 @@
---
title: "About"
linkTitle: "About"
title: "About me"
linkTitle: "About me"
weight: 1
description: >
Information about this site and the author
Information about the author of this website
---
## Who am I?
@ -13,24 +13,23 @@ Hello, and thanks for asking! My name is Julien Dessaux, and I am a 34 years old
## Online presence
You won't find me on social networking websites. I have a Linkedin account that I don't use and that's it. I tried to make social networking work when I installed a pleroma instance
for my own use but I ended up trashing it. I just don't get this aspect
of modern society. I hang out with my friends when I want to hang out with them, and each time it's a blast : we talk about our lives, what happened to us. We share photos and
stories while having a beer and it's really great that way : I don't want to change any of that.
for my own use but I ended up trashing it. I just don't get this aspect of modern society. I hang out with my friends and we catch up : we talk about our lives, what happened to us. We share photos and
stories while having a drink... and that's it!
## Professional Career
I'm currently employed as a System and Network Architect at an awesome company named AlterWay, after 7 years at another awesome company named Intersec where I lead the IT team.
I'm currently employed as a System and Network Architect at an awesome company named AlterWay, 3 years and counting. Before that I worked for 7 years at another awesome company named Intersec where I lead the IT team.
## Intersec
### Intersec
When I joined Intersec in September 2009 as the first full time system administrator we were just about 15 people. When I left in 2016 it had grown up to more than 160 people with
branch offices in three countries, and I am glad I was along for the ride. I have been the head of IT for about four years, participating in Intersec's growth by scaling the
infrastructure, deploying new services (Remote access, self hosted email, backups, monitoring, etc.), and recruiting my teammates. I left Intersec looking for new challenges and
for a new life away from the capital. Paris is one of the best cities on earth, but I needed a change and left for Lyon.
## AlterWay
### AlterWay
I joined Alterway in October 2016 for a more technical role and a bit of a career shift towards networking. It has been and still is a great experience.
I joined Alterway in October 2016 for a more technical role and a bit of a career shift towards networking. It has been a great experience.
## How to get in touch

11
content/en/docs/adyxax.org/_index.md
View file

@ -3,18 +3,19 @@ title: "adyxax.org"
linkTitle: "adyxax.org"
weight: 1
description: >
adyxax.org is how I call my personal computer infrastructure.
adyxax.org is my personal computer infrastructure. This section details how I built it and why, and how I maintain it.
---
## What is adyxax.org?
adyxax.org is how I call my personal computer infrastructure. It is very much like a small personnal private cloud of servers hosted here and there. I am using my experience as a
sysadmin to make it all work and provide various services that are useful to me and people close to me.
adyxax.org is very much like a small personnal cloud of servers hosted here and there. I am using my experience as a
sysadmin to make it all work and provide various services that are useful to me and people that are close to me. As a good sysadmin, I am trying to be lazy and build the most self
maintainable solution, with as little maintenance overhead as possible.
It relies on gentoo and openbsd servers interconnected with point to point openvpn links. Services run inside lxd containers and communications between all those services is assured
It relies on mostly gentoo (and some optional openbsd) servers interconnected with point to point openvpn links. Services run inside lxd containers and communications between all those services work
thanks to dynamic routing with bird and ospf along those openvpn links.
## Why write about it?
It is a rather unusual infrastructure that I am proud of, and writing about it helps me to reflect on what I built. Gentoo, OpenBSD and LXD is not the most popular combination of
technologies but it allowed me to build something simple, flexible and I believe somewhat elegant and beautiful.
technologies but I leveraged it to build something simple, flexible and I believe somewhat elegant and beautiful.

8
content/en/docs/adyxax.org/services/_index.md Normal file
View file

@ -0,0 +1,8 @@
---
title: "Services"
linkTitle: "Services"
weight: 1
description: >
Here are the services provided by adyxax.org
---

16
content/en/docs/adyxax.org/services/checkmk.md Normal file
View file

@ -0,0 +1,16 @@
---
title: "checkmk"
linkTitle: "checkmk"
weight: 1
description: >
checkmk
---
TODO
## Updating
- Download latest raw edition package from http://mathias-kettner.com/check_mk_download_version.php?HTML=yes&version=1.2.8p15&edition=cre and install it.
- `run omd backup adyxax adyxax.bak`
- `run omd update adyxax`
- If all went well, apt purge the previous check_mk version to free space.

56
content/en/docs/adyxax.org/services/nethack.md Normal file
View file

@ -0,0 +1,56 @@
---
title: "nethack"
linkTitle: "nethack"
weight: 1
description: >
nethack
---
## dgamelaunch
TODO
{{< highlight sh >}}
groupadd -r games
useradd -r -g games nethack
git clone
{{< /highlight >}}
## nethack
TODO
{{< highlight sh >}}
{{< /highlight >}}
## scores script
TODO
{{< highlight sh >}}
{{< /highlight >}}
## copying shared libraries
{{< highlight sh >}}
cd /opt/nethack
for i in `ls bin`; do for l in `ldd bin/$i | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done; done
for l in `ldd dgamelaunch | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
for l in `ldd nethack-3.7.0-r1/games/nethack | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
{{< /highlight >}}
## making device nodes
TODO! For now I mount all of /dev in the chroot :
{{< highlight sh >}}
#mknod -m 666 dev/ptmx c 5 2
mount -R /dev /opt/nethack/dev
{{< /highlight >}}
## debugging
{{< highlight sh >}}
gdb chroot
run --userspec=nethack:games /opt/nethack/ /dgamelaunch
{{< /highlight >}}

60
content/en/docs/adyxax.org/services/www.md Normal file
View file

@ -0,0 +1,60 @@
---
title: "www"
linkTitle: "www"
weight: 1
description: >
adyxax.org main entry website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
---
This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). This article details how I
installed hugo, how I initialised this website and how I manage it. I often refer to it as wiki.adyxax.org because I hosted a unique dokuwiki for a long
time as my main website (and a pmwiki before that), but with hugo it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
## Installing hugo
{{< highlight sh >}}
go get github.com/gohugoio/hugo
{{< / highlight >}}
You probably won't encounter this issue but this command failed at the time I installed hugo because the master branch in one of the dependencies was
tainted. I fixed it with by using a stable tag for this project and continue installing hugo from there:
{{< highlight sh >}}
cd go/src/github.com/tdewolff/minify/
tig --all
git checkout v2.6.1
go get github.com/gohugoio/hugo
{{< / highlight >}}
This did not build me the extended version of hugo that I need for the [docsy](https://github.com/google/docsy) theme I chose, so I had to get it by doing :
{{< highlight sh >}}
cd ~/go/src/github.com/gohugoio/hugo/
go get --tags extended
go install --tags extended
{{< / highlight >}}
## Bootstraping this site
{{< highlight sh >}}
hugo new site www
cd www
git init
git submodule add https://github.com/google/docsy themes/docsy
{{< / highlight >}}
The docsy theme requires two nodejs programs to run :
{{< highlight sh >}}
npm install -D --save autoprefixer
npm install -D --save postcss-cli
{{< / highlight >}}
## hugo commands
To spin up the live server for automatic rebuilding the website when writing articles :
{{< highlight sh >}}
hugo server --bind 0.0.0.0 --minify --disableFastRender
{{< / highlight >}}
To publish the website in the `public` folder :
{{< highlight sh >}}
hugo --minify
{{< / highlight >}}

39
content/en/docs/adyxax.org/this_website.md
View file

@ -1,39 +0,0 @@
# This website
This website is a static website build using [hugo](https://github.com/gohugoio/hugo). This article details how I installed hugo, how I initialised this website and how I manage it.
## Installing hugo
{{< highlight sh >}}
go get github.com/gohugoio/hugo
{{< / highlight >}}
This failed because the master branch in one of the dependencies was tainted, I fixed it with :
{{< highlight sh >}}
cd go/src/github.com/tdewolff/minify/
tig --all
git checkout v2.6.1
go get github.com/gohugoio/hugo
{{< / highlight >}}
This didn't build me the extended version of hugo that I need for the theme I chose, so I had to do :
{{< highlight sh >}}
cd ~/go/src/github.com/gohugoio/hugo/
go get --tags extended
go install --tags extended
{{< / highlight >}}
## Bootstraping this site
{{< highlight sh >}}
hugo new site www
cd www
git init
git submodule add https://github.com/alex-shpak/hugo-book themes/book
{{< / highlight >}}
## Live server for automatic rebuilding when writing
{{< highlight sh >}}
hugo server --bind 0.0.0.0 --minify
{{< / highlight >}}

8
content/en/docs/gentoo/_index.md Normal file
View file

@ -0,0 +1,8 @@
---
title: "Gentoo"
linkTitle: "Gentoo"
weight: 1
description: >
Gentoo related articles
---

231
content/en/docs/gentoo/installation.md Normal file
View file

@ -0,0 +1,231 @@
---
title: "Installation"
linkTitle: "installation"
weight: 1
description: >
Installation of a gentoo system
---
## Installation media
You can get a bootable iso or liveusb from https://www.gentoo.org/downloads/. I recommend the minimal one. To create a bootable usb drive juste use `dd` to copy the image on it. Then boot on this brand new installation media.
Once you boot on the installation media, you can start sshd and set a temporary password and proceed with the installation more confortably from another machine :
{{< highlight sh >}}
/etc/init.d/sshd start
passwd
{{< /highlight >}}
## Partitionning
There are several options depending on wether you need soft raid, full disk encryption or a simple root device with no additional complications. It will also differ if you are using a virtual machine or a physical one.
{{< highlight sh >}}
fdisk /dev/sda
g
n
1
2048
+2M
t
1
4
n
2
6144
+512M
t
2
1
n
3
1054720
w
mkfs.ext4 /dev/sda3
mkfs.fat -F 32 -n efi-boot /dev/sda2
mount /dev/sda3 /mnt/gentoo
{{< /highlight >}}
## Get the stage3 and chroot into it
Get the stage 3 installation file from https://www.gentoo.org/downloads/. I personnaly use the non-multilib one from the advanced choices, since I am no longer using and 32bits software except steam, and I use steam from a multilib chroot.
Put the archive on the server in /mnt/gentoo (you can simply wget it from there), then extract it :
{{< highlight sh >}}
tar xpf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
mount /dev/sda2 boot
mount -t proc none proc
mount -t sysfs none sys
mount -o rbind /dev dev
cp /etc/resolv.conf etc/
chroot .
{{< /highlight >}}
## Initial configuration
We prepare the local language of the system :
{{< highlight sh >}}
env-update && source /etc/profile
echo 'LANG="en_US.utf8"' > /etc/env.d/02locale
sed '/#en_US.UTF-8/s/#//' -i /etc/locale.gen
locale-gen
source /etc/profile
{{< /highlight >}}
We set a loop device to hold the portage tree. It will be formatted with optimisation for the many small files that compose it :
{{< highlight sh >}}
mkdir -p /srv/gentoo-distfiles
truncate -s 10G /portage.img
mke2fs -b 1024 -i 2048 -m 0 -O "dir_index" -F /portage.img
tune2fs -c 0 -i 0 /portage.img
mkdir /usr/portage
mount -o loop,noatime,nodev /portage.img /usr/portage/
{{< /highlight >}}
We set default compilation options and flags. If you are not me and cannot rsync this location, you can browse it from https://packages.adyxax.org/x86-64/etc/portage/ :
{{< highlight sh >}}
rsync -a --delete packages.adyxax.org:/srv/gentoo-builder/x86-64/etc/portage/ /etc/portage/
sed -i /etc/portage/make.conf -e s/buildpkg/getbinpkg/
echo 'PORTAGE_BINHOST="https://packages.adyxax.org/x86-64/packages/"' >> /etc/portage/make.conf
{{< /highlight >}}
We get the portage tree and sync the timezone
{{< highlight sh >}}
emerge --sync
{{< /highlight >}}
## Set hostname and timezone
{{< highlight sh >}}
export HOSTNAME=XXXXX
sed -i /etc/conf.d/hostname -e /hostname=/s/=.*/=\"${HOSTNAME}\"/
echo "Europe/Paris" > /etc/timezone
emerge --config sys-libs/timezone-data
{{< /highlight >}}
## Check cpu flags and compatibility
TODO
{{< highlight sh >}}
emerge cpuid2cpuflags -1q
cpuid2cpuflags
gcc -### -march=native /usr/include/stdlib.h
{{< /highlight >}}
## Rebuild the system
{{< highlight sh >}}
emerge --quiet -e @world
emerge --quiet dosfstools app-admin/logrotate app-admin/syslog-ng app-portage/gentoolkit dev-vcs/git bird openvpn htop net-analyzer/tcpdump net-misc/bridge-utils sys-apps/i2c-tools sys-apps/pciutils sys-apps/usbutils sys-boot/grub sys-fs/ncdu sys-process/lsof
{{< /highlight >}}
## Grab a working kernel
Next we need to Grab a working kernel from our build server along with its modules. If you don't have one already, you have some work to do!
Check the necessary hardware support with :
{{< highlight sh >}}
i2cdetect -l
lspci -nnk
lsusb
{{< /highlight >}}
TODO specific page with details on how to build required modules like the nas for example.
{{< highlight sh >}}
emerge gentoo-sources genkernel -q
...
{{< /highlight >}}
## Final configuration steps
### fstab
{{< highlight sh >}}
# /etc/fstab: static file system information.
#
#<fs> <mountpoint> <type> <opts> <dump/pass>
/dev/vda3 / ext4 noatime 0 1
/dev/vda2 /boot vfat noatime 1 2
/portage.img /usr/portage ext2 noatime,nodev,loop 0 0
{{< /highlight >}}
### networking
{{< highlight sh >}}
echo 'hostname="phoenix"' > /etc/conf.d/hostname
echo 'dns_domain_lo="adyxax.org"
config_eth0="192.168.1.3 netmask 255.255.255.0"
routes_eth0="default via 192.168.1.1"' > /etc/conf.d/net
cd /etc/init.d
ln -s net.lo net.eth0
rc-update add net.eth0 boot
{{< /highlight >}}
### Grub
TODO especially the conf in /etc/default/grub when using an encrypted /
{{< highlight sh >}}
{{< /highlight >}}
### /etc/hosts
{{< highlight sh >}}
scp root@collab-jde.nexen.net:/etc/hosts /etc/
{{< /highlight >}}
### root account access
{{< highlight sh >}}
mkdir -p /root/.ssh
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN1ha6PFKgxF3MSWUlDaruVVpj3UzoiN4IJEvDrCnDbIW8xu+TclbeGJSRXXBbqRKeUfhX0GDA7cvSUIAz2U7AGK7wq5tbzJKagVYtxcSHBSi6dZR9KGb3eoshnrCeFzem1jWXG02PZJGvjB+ml3QhUguyAqm9q0n/NL6zzKhGoKiELO+tQghGIY8jafRv4rE4yyXZnwuCu8JI9P8ldGhKgOPeOdKIVTIVezUmKILWgAF+Hg7O72rQqUua9sdoK1mEYme/wgu0bQbvN26owGgBAgS3uc2nngLD01TZToG/wC1wH9A3KxT6+3akjRlPfLOY0BuK4OBGEGm6e0KZrIMhUr8fHQ8nmTmBqw7puI0gIXYB2EjhpsQ7TijYVqLYXbyxaXYyqisgY0QRWC7Te5Io6TSgorfXzi7zrcQGgWByHkhxTylf36LYSKWEheIQIRqytOdGqeXagFMz2ptLFKk4dA61LS5fPXIJucdghvnmLPml8cO9/9VHQ7gq7DxQu7sIwt/W13yTTUyI9DSHwxeHUwECzxAb5pOVL6pRjTMH8q1/eAMl35TFSh6s5tGvvHGz9+gMlE9A2Pv8CyXDBmXV6srrwxTSlglnmgdq6c9w3VtBKu572/z0cS6vqZMgEno4rIiwyhqNWdjbMXYw/U0q/w5XC9zCcSuluxvaY14qqQ== adyxax
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMdBAFjENiPMTtq90GT3+NZ68nfGxQiRExaYYnLzm1ecmulCvsuA4AOpeLY6f+FWe+ludiw7nhrXzssDdsKBy0QL+XQyvjjjW4X+k9MYhP1gAWXEOGJnjJ/1ovEsMt++6fLyNKLUTA46kErbEehDs22r+rIiEKatrn0BNrJcRI94H44oEL1/ImzVam0cSBL0tPiaJxe60sBs7M76zfyFtVdMGkeuBpS7ee+FLA58fsS3/sEZmkas8MT0QdvZz1y/66MknXYbIaqDSOUACXGF4yVKpogLRRJ1SgNo1Ujo/U3VOR1O4CiQczsZOcbSdjgl0x3fJb7BaIxrZy9iW2I7G/L/chfTvRws+x1s1y5FNZOOiXMCdZjhgLaRwb6p5gMsMVn9sJbhDjmejcAkBKQDkzbvxxhfVkH225FoVXA9YF0msWLyOEyZQYbA8autLDJsAOT5RDfw/G82DQBufAPEBR/bPby0Hl5kjqW75bpSVxDvzmKwt3EpITg9iuYEhvYZ/Zq5qC1UJ54ZfOvaf0PsTUzFePty6ve/JzfxCV1XgFQ+B8l4NSz11loDfNXSUngf7lL4qu5X4aN6WmLFO1YbyFlfpvt3K1CekJmWVeE5mV9EFTUJ4ParVWRGiA4W+zaCOsHgRkcGkp4eYGyWW8gOR/lVxYU2IFl9mbMrC9bkdRbQ== hurricane' > /root/.ssh/authorized_keys
passwd
{{< /highlight >}}
### Add necessary daemons on boot
{{< highlight sh >}}
rc-update add syslog-ng default
rc-update add cronie default
rc-update add sshd default
{{< /highlight >}}
## TODO
{{< highlight sh >}}
net-firewall/shorewall
...
rc-update add shorewall default
sed '/PRODUCTS/s/=.*/="shorewall"/' -i /etc/conf.d/shorewall-init
rc-update add shorewall-init boot
net-analyzer/fail2ban
echo '[sshd]
enabled = true
filter = sshd
ignoreip = 127.0.0.1/8 10.1.0.0/24 37.187.103.36 137.74.173.247 90.85.207.113
bantime = 3600
banaction = shorewall
logpath = /var/log/messages
maxretry = 3' > /etc/fail2ban/jail.d/sshd.conf
rc-update add fail2ban default
app-emulation/docker
/etc/docker/daemon.json
{ "iptables": false }
rc-update add docker default
app-emulation/lxd
rc-update add lxd default
{{< /highlight >}}
## References
- http://blog.siphos.be/2013/04/gentoo-protip-using-buildpkgonly/
- https://wiki.gentoo.org/wiki/Genkernel
- https://wiki.gentoo.org/wiki/Kernel/Configuration
- https://wiki.gentoo.org/wiki/Kernel
- https://forums.gentoo.org/viewtopic-t-1076024-start-0.html
- https://wiki.gentoo.org/wiki/Binary_package_guide#Setting_up_a_binary_package_host

45
content/en/docs/gentoo/kernel_upgrades.md Normal file
View file

@ -0,0 +1,45 @@
---
title: "Gentoo Kernel Upgrades"
linkTitle: "Kernel Upgrades"
weight: 1
description: >
Gentoo kernel upgrades on adyxax.org
---
# Gentoo kernel upgrades
## Building on collab-jde
{{< highlight sh >}}
PREV_VERSION=4.14.78-gentoo
eselect kernel list
eselect kernel set 1
cd /usr/src/linux
for ARCHI in `ls /srv/gentoo-builder/kernels/`; do
make mrproper
cp /srv/gentoo-builder/kernels/${ARCHI}/config-${PREV_VERSION} .config
echo "~~~~~~~~~~ $ARCHI ~~~~~~~~~~"
make oldconfig
make -j5
INSTALL_MOD_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make modules_install
INSTALL_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make install
done
{{< / highlight >}}
## Deploying on each node :
{{< highlight sh >}}
export VERSION=5.4.28-gentoo-x86_64
wget http://packages.adyxax.org/kernels/x86_64/System.map-${VERSION} -O /boot/System.map-${VERSION}
wget http://packages.adyxax.org/kernels/x86_64/config-${VERSION} -O /boot/config-${VERSION}
wget http://packages.adyxax.org/kernels/x86_64/vmlinuz-${VERSION} -O /boot/vmlinuz-${VERSION}
rsync -a --delete collab-jde.nexen.net:/srv/gentoo-builder/kernels/x86_64/lib/modules/${VERSION} /lib/modules/
eselect kernel set 1
cd /usr/src/linux
cp /boot/config-${VERSION} .config
cp /boot/System.map-${VERSION} System.map
(cd usr ; make gen_init_cpio)
make modules_prepare
emerge @module-rebuild
genkernel --install initramfs
grub-mkconfig -o /boot/grub/grub.cfg
{{< / highlight >}}

38
content/en/docs/gentoo/lxd.md Normal file
View file

@ -0,0 +1,38 @@
---
title: "LXD"
linkTitle: "LXD"
weight: 1
description: >
How to setup a LXD server
---
{{< highlight sh >}}
touch /etc{/subuid,/subgid}
usermod --add-subuids 1000000-1065535 root
usermod --add-subgids 1000000-1065535 root
emerge -q app-emulation/lxd
/etc/init.d/lxd start
rc-update add lxd default
{{< /highlight >}}
{{< highlight sh >}}
myth /etc/init.d # lxd init
Would you like to use LXD clustering? (yes/no) [default=no]:
Do you want to configure a new storage pool? (yes/no) [default=yes]:
Name of the new storage pool [default=default]:
Would you like to connect to a MAAS server? (yes/no) [default=no]:
Would you like to create a new local network bridge? (yes/no) [default=yes]: no
Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
Name of the existing bridge or host interface: lxdbr0
Would you like LXD to be available over the network? (yes/no) [default=no]: yes
Address to bind LXD to (not including port) [default=all]: 10.1.0.247
Port to bind LXD to [default=8443]:
Trust password for new clients:
Again:
Invalid input, try again.
Trust password for new clients:
Again:
Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
{{< /highlight >}}

65
content/en/docs/gentoo/steam.md Normal file
View file

@ -0,0 +1,65 @@
---
title: "Steam"
linkTitle: "Steam"
weight: 1
description: >
How to make steam work seamlessly on gentoo with a chroot
---
I am not using a multilib profile on gentoo (I use amd64 only everywhere), so when the time came to install steam I had to get a little creative. Overall I believe this is the perfect
way to install and use steam as it self contains it cleanly while not limiting the functionalities. In particular sound works, as does the hardware acceleration in games. I tried to
achieve that with containers but didn't quite made it work as well as this chroot setup.
## Installation notes
Note that there is no way to provide a "most recent stage 3" installation link. You will have to browse http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/
and adjust the download url manually bellow :
{{< highlight sh >}}
mkdir /usr/local/steam
cd /usr/local/steam
wget http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20190122T214501Z.tar.xz
tar -xvpf stage3*
rm stage3*
cp -L /etc/resolv.conf etc
mkdir usr/portage
mkdir -p srv/gentoo-distfiles
mount -R /dev dev
mount -R /sys sys
mount -t proc proc proc
mount -R /usr/portage usr/portage
mount -R /usr/src usr/src
mount -R /srv/gentoo-distfiles/ srv/gentoo-distfiles/
mount -R /run run
cp /etc/portage/make.conf etc/portage/
sed -e '/LLVM_TARGETS/d' -e '/getbinpkg/d' -i etc/portage/make.conf
rm -rf etc/portage/package.use
cp /etc/portage/package.use etc/portage/
cp /etc/portage/package.accept_keywords etc/portage/
chroot .
env-update && source /etc/profile
wget -P /etc/portage/repos.conf/ https://raw.githubusercontent.com/anyc/steam-overlay/master/steam-overlay.conf
emaint sync --repo steam-overlay
emerge dev-vcs/git -q
emerge --ask games-util/steam-launcher
useradd -m -G audio,video steam
{{< /highlight >}}
## Launch script
Note that we use `su` and not `su -` since we need to preserve the environment. If you don't you won't get any sound in game. The pulseaudio socket is shared through the mount of
/run inside the chroot :
{{< highlight sh >}}
su
cd /usr/local/steam
mount -R /dev dev
mount -R /sys sys
mount -t proc proc proc
mount -R /usr/portage usr/portage
mount -R /usr/src usr/src
mount -R /run run
chroot .
env-update && source /etc/profile
su steam
steam
{{< /highlight >}}