aboutsummaryrefslogtreecommitdiff
path: root/content/en/docs
diff options
context:
space:
mode:
authorJulien Dessaux2020-04-28 17:29:52 +0200
committerJulien Dessaux2020-04-28 17:29:52 +0200
commit6cc9d8c72a56563b6d1a12b8b441dfa9dde345e9 (patch)
tree042852f7a8a18f65c8d5191234c8ed1cb85fd8a4 /content/en/docs
parentInitial import (diff)
downloadwww-6cc9d8c72a56563b6d1a12b8b441dfa9dde345e9.tar.gz
www-6cc9d8c72a56563b6d1a12b8b441dfa9dde345e9.tar.bz2
www-6cc9d8c72a56563b6d1a12b8b441dfa9dde345e9.zip
Long overdue first commit with content
Diffstat (limited to '')
-rwxr-xr-xcontent/en/docs/_index.md8
-rw-r--r--content/en/docs/about-me/_index.md (renamed from content/en/docs/about/_index.md)19
-rw-r--r--content/en/docs/adyxax.org/_index.md11
-rw-r--r--content/en/docs/adyxax.org/services/_index.md8
-rw-r--r--content/en/docs/adyxax.org/services/checkmk.md16
-rw-r--r--content/en/docs/adyxax.org/services/nethack.md56
-rw-r--r--content/en/docs/adyxax.org/services/www.md60
-rw-r--r--content/en/docs/adyxax.org/this_website.md39
-rw-r--r--content/en/docs/gentoo/_index.md8
-rw-r--r--content/en/docs/gentoo/installation.md231
-rw-r--r--content/en/docs/gentoo/kernel_upgrades.md45
-rw-r--r--content/en/docs/gentoo/lxd.md38
-rw-r--r--content/en/docs/gentoo/steam.md65
13 files changed, 545 insertions, 59 deletions
diff --git a/content/en/docs/_index.md b/content/en/docs/_index.md
index c1a688b..acd365e 100755
--- a/content/en/docs/_index.md
+++ b/content/en/docs/_index.md
@@ -1,12 +1,10 @@
-
---
-title: "Documentation"
-linkTitle: "Documentation"
+title: "Yet Another SysAdmin Wiki"
+linkTitle: "Wiki"
weight: 20
menu:
main:
weight: 20
---
-This section is where the user documentation for your project lives - all the information your users need to understand and successfully use your project.
-
+This is the wiki section of this website. When articles are not just self contained blog post I organise the information in the sections bellow :
diff --git a/content/en/docs/about/_index.md b/content/en/docs/about-me/_index.md
index e36bb3c..cbbe3ef 100644
--- a/content/en/docs/about/_index.md
+++ b/content/en/docs/about-me/_index.md
@@ -1,9 +1,9 @@
---
-title: "About"
-linkTitle: "About"
+title: "About me"
+linkTitle: "About me"
weight: 1
description: >
- Information about this site and the author
+ Information about the author of this website
---
## Who am I?
@@ -13,24 +13,23 @@ Hello, and thanks for asking! My name is Julien Dessaux, and I am a 34 years old
## Online presence
You won't find me on social networking websites. I have a Linkedin account that I don't use and that's it. I tried to make social networking work when I installed a pleroma instance
-for my own use but I ended up trashing it. I just don't get this aspect
-of modern society. I hang out with my friends when I want to hang out with them, and each time it's a blast : we talk about our lives, what happened to us. We share photos and
-stories while having a beer and it's really great that way : I don't want to change any of that.
+for my own use but I ended up trashing it. I just don't get this aspect of modern society. I hang out with my friends and we catch up : we talk about our lives, what happened to us. We share photos and
+stories while having a drink... and that's it!
## Professional Career
-I'm currently employed as a System and Network Architect at an awesome company named AlterWay, after 7 years at another awesome company named Intersec where I lead the IT team.
+I'm currently employed as a System and Network Architect at an awesome company named AlterWay, 3 years and counting. Before that I worked for 7 years at another awesome company named Intersec where I lead the IT team.
-## Intersec
+### Intersec
When I joined Intersec in September 2009 as the first full time system administrator we were just about 15 people. When I left in 2016 it had grown up to more than 160 people with
branch offices in three countries, and I am glad I was along for the ride. I have been the head of IT for about four years, participating in Intersec's growth by scaling the
infrastructure, deploying new services (Remote access, self hosted email, backups, monitoring, etc.), and recruiting my teammates. I left Intersec looking for new challenges and
for a new life away from the capital. Paris is one of the best cities on earth, but I needed a change and left for Lyon.
-## AlterWay
+### AlterWay
-I joined Alterway in October 2016 for a more technical role and a bit of a career shift towards networking. It has been and still is a great experience.
+I joined Alterway in October 2016 for a more technical role and a bit of a career shift towards networking. It has been a great experience.
## How to get in touch
diff --git a/content/en/docs/adyxax.org/_index.md b/content/en/docs/adyxax.org/_index.md
index 3cfe834..9fbd29e 100644
--- a/content/en/docs/adyxax.org/_index.md
+++ b/content/en/docs/adyxax.org/_index.md
@@ -3,18 +3,19 @@ title: "adyxax.org"
linkTitle: "adyxax.org"
weight: 1
description: >
- adyxax.org is how I call my personal computer infrastructure.
+ adyxax.org is my personal computer infrastructure. This section details how I built it and why, and how I maintain it.
---
## What is adyxax.org?
-adyxax.org is how I call my personal computer infrastructure. It is very much like a small personnal private cloud of servers hosted here and there. I am using my experience as a
-sysadmin to make it all work and provide various services that are useful to me and people close to me.
+adyxax.org is very much like a small personnal cloud of servers hosted here and there. I am using my experience as a
+sysadmin to make it all work and provide various services that are useful to me and people that are close to me. As a good sysadmin, I am trying to be lazy and build the most self
+maintainable solution, with as little maintenance overhead as possible.
-It relies on gentoo and openbsd servers interconnected with point to point openvpn links. Services run inside lxd containers and communications between all those services is assured
+It relies on mostly gentoo (and some optional openbsd) servers interconnected with point to point openvpn links. Services run inside lxd containers and communications between all those services work
thanks to dynamic routing with bird and ospf along those openvpn links.
## Why write about it?
It is a rather unusual infrastructure that I am proud of, and writing about it helps me to reflect on what I built. Gentoo, OpenBSD and LXD is not the most popular combination of
-technologies but it allowed me to build something simple, flexible and I believe somewhat elegant and beautiful.
+technologies but I leveraged it to build something simple, flexible and I believe somewhat elegant and beautiful.
diff --git a/content/en/docs/adyxax.org/services/_index.md b/content/en/docs/adyxax.org/services/_index.md
new file mode 100644
index 0000000..405c2ca
--- /dev/null
+++ b/content/en/docs/adyxax.org/services/_index.md
@@ -0,0 +1,8 @@
+---
+title: "Services"
+linkTitle: "Services"
+weight: 1
+description: >
+ Here are the services provided by adyxax.org
+---
+
diff --git a/content/en/docs/adyxax.org/services/checkmk.md b/content/en/docs/adyxax.org/services/checkmk.md
new file mode 100644
index 0000000..f8a8bf6
--- /dev/null
+++ b/content/en/docs/adyxax.org/services/checkmk.md
@@ -0,0 +1,16 @@
+---
+title: "checkmk"
+linkTitle: "checkmk"
+weight: 1
+description: >
+ checkmk
+---
+
+TODO
+
+## Updating
+
+- Download latest raw edition package from http://mathias-kettner.com/check_mk_download_version.php?HTML=yes&version=1.2.8p15&edition=cre and install it.
+- `run omd backup adyxax adyxax.bak`
+- `run omd update adyxax`
+- If all went well, apt purge the previous check_mk version to free space.
diff --git a/content/en/docs/adyxax.org/services/nethack.md b/content/en/docs/adyxax.org/services/nethack.md
new file mode 100644
index 0000000..e9aa7a7
--- /dev/null
+++ b/content/en/docs/adyxax.org/services/nethack.md
@@ -0,0 +1,56 @@
+---
+title: "nethack"
+linkTitle: "nethack"
+weight: 1
+description: >
+ nethack
+---
+
+## dgamelaunch
+
+TODO
+
+{{< highlight sh >}}
+groupadd -r games
+useradd -r -g games nethack
+git clone
+{{< /highlight >}}
+
+## nethack
+
+TODO
+
+{{< highlight sh >}}
+{{< /highlight >}}
+
+## scores script
+
+TODO
+
+{{< highlight sh >}}
+{{< /highlight >}}
+
+## copying shared libraries
+
+{{< highlight sh >}}
+cd /opt/nethack
+for i in `ls bin`; do for l in `ldd bin/$i | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done; done
+for l in `ldd dgamelaunch | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
+for l in `ldd nethack-3.7.0-r1/games/nethack | tail -n +1 | cut -d'>' -f2 | awk '{print $1}'`; do if [ -f $l ]; then echo $l; cp $l lib64/; fi; done
+{{< /highlight >}}
+
+## making device nodes
+
+TODO! For now I mount all of /dev in the chroot :
+{{< highlight sh >}}
+#mknod -m 666 dev/ptmx c 5 2
+mount -R /dev /opt/nethack/dev
+{{< /highlight >}}
+
+## debugging
+
+{{< highlight sh >}}
+gdb chroot
+run --userspec=nethack:games /opt/nethack/ /dgamelaunch
+{{< /highlight >}}
+
diff --git a/content/en/docs/adyxax.org/services/www.md b/content/en/docs/adyxax.org/services/www.md
new file mode 100644
index 0000000..c50ffa6
--- /dev/null
+++ b/content/en/docs/adyxax.org/services/www.md
@@ -0,0 +1,60 @@
+---
+title: "www"
+linkTitle: "www"
+weight: 1
+description: >
+ adyxax.org main entry website. www.adyxax.org, wiki.adyxax.org and blog.adyxax.org all point here.
+---
+
+This is the website you are currently reading. It is a static website built using [hugo](https://github.com/gohugoio/hugo). This article details how I
+installed hugo, how I initialised this website and how I manage it. I often refer to it as wiki.adyxax.org because I hosted a unique dokuwiki for a long
+time as my main website (and a pmwiki before that), but with hugo it has become more than that. It is now a mix of wiki, blog and showcase of my work and interests.
+
+## Installing hugo
+
+{{< highlight sh >}}
+go get github.com/gohugoio/hugo
+{{< / highlight >}}
+
+You probably won't encounter this issue but this command failed at the time I installed hugo because the master branch in one of the dependencies was
+tainted. I fixed it with by using a stable tag for this project and continue installing hugo from there:
+{{< highlight sh >}}
+cd go/src/github.com/tdewolff/minify/
+tig --all
+git checkout v2.6.1
+go get github.com/gohugoio/hugo
+{{< / highlight >}}
+
+This did not build me the extended version of hugo that I need for the [docsy](https://github.com/google/docsy) theme I chose, so I had to get it by doing :
+{{< highlight sh >}}
+cd ~/go/src/github.com/gohugoio/hugo/
+go get --tags extended
+go install --tags extended
+{{< / highlight >}}
+
+## Bootstraping this site
+
+{{< highlight sh >}}
+hugo new site www
+cd www
+git init
+git submodule add https://github.com/google/docsy themes/docsy
+{{< / highlight >}}
+
+The docsy theme requires two nodejs programs to run :
+{{< highlight sh >}}
+npm install -D --save autoprefixer
+npm install -D --save postcss-cli
+{{< / highlight >}}
+
+## hugo commands
+
+To spin up the live server for automatic rebuilding the website when writing articles :
+{{< highlight sh >}}
+hugo server --bind 0.0.0.0 --minify --disableFastRender
+{{< / highlight >}}
+
+To publish the website in the `public` folder :
+{{< highlight sh >}}
+hugo --minify
+{{< / highlight >}}
diff --git a/content/en/docs/adyxax.org/this_website.md b/content/en/docs/adyxax.org/this_website.md
deleted file mode 100644
index c346534..0000000
--- a/content/en/docs/adyxax.org/this_website.md
+++ /dev/null
@@ -1,39 +0,0 @@
-# This website
-
-This website is a static website build using [hugo](https://github.com/gohugoio/hugo). This article details how I installed hugo, how I initialised this website and how I manage it.
-
-## Installing hugo
-
-{{< highlight sh >}}
-go get github.com/gohugoio/hugo
-{{< / highlight >}}
-
-This failed because the master branch in one of the dependencies was tainted, I fixed it with :
-{{< highlight sh >}}
-cd go/src/github.com/tdewolff/minify/
-tig --all
-git checkout v2.6.1
-go get github.com/gohugoio/hugo
-{{< / highlight >}}
-
-This didn't build me the extended version of hugo that I need for the theme I chose, so I had to do :
-{{< highlight sh >}}
-cd ~/go/src/github.com/gohugoio/hugo/
-go get --tags extended
-go install --tags extended
-{{< / highlight >}}
-
-## Bootstraping this site
-
-{{< highlight sh >}}
-hugo new site www
-cd www
-git init
-git submodule add https://github.com/alex-shpak/hugo-book themes/book
-{{< / highlight >}}
-
-## Live server for automatic rebuilding when writing
-
-{{< highlight sh >}}
-hugo server --bind 0.0.0.0 --minify
-{{< / highlight >}}
diff --git a/content/en/docs/gentoo/_index.md b/content/en/docs/gentoo/_index.md
new file mode 100644
index 0000000..3aa6307
--- /dev/null
+++ b/content/en/docs/gentoo/_index.md
@@ -0,0 +1,8 @@
+---
+title: "Gentoo"
+linkTitle: "Gentoo"
+weight: 1
+description: >
+ Gentoo related articles
+---
+
diff --git a/content/en/docs/gentoo/installation.md b/content/en/docs/gentoo/installation.md
new file mode 100644
index 0000000..4f3be17
--- /dev/null
+++ b/content/en/docs/gentoo/installation.md
@@ -0,0 +1,231 @@
+---
+title: "Installation"
+linkTitle: "installation"
+weight: 1
+description: >
+ Installation of a gentoo system
+---
+
+## Installation media
+
+You can get a bootable iso or liveusb from https://www.gentoo.org/downloads/. I recommend the minimal one. To create a bootable usb drive juste use `dd` to copy the image on it. Then boot on this brand new installation media.
+
+Once you boot on the installation media, you can start sshd and set a temporary password and proceed with the installation more confortably from another machine :
+
+{{< highlight sh >}}
+/etc/init.d/sshd start
+passwd
+{{< /highlight >}}
+
+## Partitionning
+
+There are several options depending on wether you need soft raid, full disk encryption or a simple root device with no additional complications. It will also differ if you are using a virtual machine or a physical one.
+
+{{< highlight sh >}}
+fdisk /dev/sda
+g
+n
+1
+2048
++2M
+t
+1
+4
+
+n
+2
+6144
++512M
+t
+2
+1
+
+n
+3
+1054720
+
+w
+mkfs.ext4 /dev/sda3
+mkfs.fat -F 32 -n efi-boot /dev/sda2
+mount /dev/sda3 /mnt/gentoo
+{{< /highlight >}}
+
+## Get the stage3 and chroot into it
+
+Get the stage 3 installation file from https://www.gentoo.org/downloads/. I personnaly use the non-multilib one from the advanced choices, since I am no longer using and 32bits software except steam, and I use steam from a multilib chroot.
+
+Put the archive on the server in /mnt/gentoo (you can simply wget it from there), then extract it :
+{{< highlight sh >}}
+tar xpf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
+mount /dev/sda2 boot
+mount -t proc none proc
+mount -t sysfs none sys
+mount -o rbind /dev dev
+cp /etc/resolv.conf etc/
+chroot .
+{{< /highlight >}}
+
+## Initial configuration
+
+We prepare the local language of the system :
+{{< highlight sh >}}
+env-update && source /etc/profile
+echo 'LANG="en_US.utf8"' > /etc/env.d/02locale
+sed '/#en_US.UTF-8/s/#//' -i /etc/locale.gen
+locale-gen
+source /etc/profile
+{{< /highlight >}}
+
+We set a loop device to hold the portage tree. It will be formatted with optimisation for the many small files that compose it :
+{{< highlight sh >}}
+mkdir -p /srv/gentoo-distfiles
+truncate -s 10G /portage.img
+mke2fs -b 1024 -i 2048 -m 0 -O "dir_index" -F /portage.img
+tune2fs -c 0 -i 0 /portage.img
+mkdir /usr/portage
+mount -o loop,noatime,nodev /portage.img /usr/portage/
+{{< /highlight >}}
+
+We set default compilation options and flags. If you are not me and cannot rsync this location, you can browse it from https://packages.adyxax.org/x86-64/etc/portage/ :
+{{< highlight sh >}}
+rsync -a --delete packages.adyxax.org:/srv/gentoo-builder/x86-64/etc/portage/ /etc/portage/
+sed -i /etc/portage/make.conf -e s/buildpkg/getbinpkg/
+echo 'PORTAGE_BINHOST="https://packages.adyxax.org/x86-64/packages/"' >> /etc/portage/make.conf
+{{< /highlight >}}
+
+We get the portage tree and sync the timezone
+{{< highlight sh >}}
+emerge --sync
+{{< /highlight >}}
+
+## Set hostname and timezone
+
+{{< highlight sh >}}
+export HOSTNAME=XXXXX
+sed -i /etc/conf.d/hostname -e /hostname=/s/=.*/=\"${HOSTNAME}\"/
+echo "Europe/Paris" > /etc/timezone
+emerge --config sys-libs/timezone-data
+{{< /highlight >}}
+
+## Check cpu flags and compatibility
+
+TODO
+{{< highlight sh >}}
+emerge cpuid2cpuflags -1q
+cpuid2cpuflags
+gcc -### -march=native /usr/include/stdlib.h
+{{< /highlight >}}
+
+## Rebuild the system
+
+{{< highlight sh >}}
+emerge --quiet -e @world
+emerge --quiet dosfstools app-admin/logrotate app-admin/syslog-ng app-portage/gentoolkit dev-vcs/git bird openvpn htop net-analyzer/tcpdump net-misc/bridge-utils sys-apps/i2c-tools sys-apps/pciutils sys-apps/usbutils sys-boot/grub sys-fs/ncdu sys-process/lsof
+{{< /highlight >}}
+
+## Grab a working kernel
+
+Next we need to Grab a working kernel from our build server along with its modules. If you don't have one already, you have some work to do!
+
+Check the necessary hardware support with :
+{{< highlight sh >}}
+i2cdetect -l
+lspci -nnk
+lsusb
+{{< /highlight >}}
+
+TODO specific page with details on how to build required modules like the nas for example.
+{{< highlight sh >}}
+emerge gentoo-sources genkernel -q
+...
+{{< /highlight >}}
+
+## Final configuration steps
+
+### fstab
+
+{{< highlight sh >}}
+# /etc/fstab: static file system information.
+#
+#<fs> <mountpoint> <type> <opts> <dump/pass>
+/dev/vda3 / ext4 noatime 0 1
+/dev/vda2 /boot vfat noatime 1 2
+/portage.img /usr/portage ext2 noatime,nodev,loop 0 0
+{{< /highlight >}}
+
+### networking
+{{< highlight sh >}}
+echo 'hostname="phoenix"' > /etc/conf.d/hostname
+echo 'dns_domain_lo="adyxax.org"
+config_eth0="192.168.1.3 netmask 255.255.255.0"
+routes_eth0="default via 192.168.1.1"' > /etc/conf.d/net
+cd /etc/init.d
+ln -s net.lo net.eth0
+rc-update add net.eth0 boot
+{{< /highlight >}}
+
+### Grub
+
+TODO especially the conf in /etc/default/grub when using an encrypted /
+{{< highlight sh >}}
+{{< /highlight >}}
+
+### /etc/hosts
+
+{{< highlight sh >}}
+scp root@collab-jde.nexen.net:/etc/hosts /etc/
+{{< /highlight >}}
+
+### root account access
+
+{{< highlight sh >}}
+mkdir -p /root/.ssh
+echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN1ha6PFKgxF3MSWUlDaruVVpj3UzoiN4IJEvDrCnDbIW8xu+TclbeGJSRXXBbqRKeUfhX0GDA7cvSUIAz2U7AGK7wq5tbzJKagVYtxcSHBSi6dZR9KGb3eoshnrCeFzem1jWXG02PZJGvjB+ml3QhUguyAqm9q0n/NL6zzKhGoKiELO+tQghGIY8jafRv4rE4yyXZnwuCu8JI9P8ldGhKgOPeOdKIVTIVezUmKILWgAF+Hg7O72rQqUua9sdoK1mEYme/wgu0bQbvN26owGgBAgS3uc2nngLD01TZToG/wC1wH9A3KxT6+3akjRlPfLOY0BuK4OBGEGm6e0KZrIMhUr8fHQ8nmTmBqw7puI0gIXYB2EjhpsQ7TijYVqLYXbyxaXYyqisgY0QRWC7Te5Io6TSgorfXzi7zrcQGgWByHkhxTylf36LYSKWEheIQIRqytOdGqeXagFMz2ptLFKk4dA61LS5fPXIJucdghvnmLPml8cO9/9VHQ7gq7DxQu7sIwt/W13yTTUyI9DSHwxeHUwECzxAb5pOVL6pRjTMH8q1/eAMl35TFSh6s5tGvvHGz9+gMlE9A2Pv8CyXDBmXV6srrwxTSlglnmgdq6c9w3VtBKu572/z0cS6vqZMgEno4rIiwyhqNWdjbMXYw/U0q/w5XC9zCcSuluxvaY14qqQ== adyxax
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMdBAFjENiPMTtq90GT3+NZ68nfGxQiRExaYYnLzm1ecmulCvsuA4AOpeLY6f+FWe+ludiw7nhrXzssDdsKBy0QL+XQyvjjjW4X+k9MYhP1gAWXEOGJnjJ/1ovEsMt++6fLyNKLUTA46kErbEehDs22r+rIiEKatrn0BNrJcRI94H44oEL1/ImzVam0cSBL0tPiaJxe60sBs7M76zfyFtVdMGkeuBpS7ee+FLA58fsS3/sEZmkas8MT0QdvZz1y/66MknXYbIaqDSOUACXGF4yVKpogLRRJ1SgNo1Ujo/U3VOR1O4CiQczsZOcbSdjgl0x3fJb7BaIxrZy9iW2I7G/L/chfTvRws+x1s1y5FNZOOiXMCdZjhgLaRwb6p5gMsMVn9sJbhDjmejcAkBKQDkzbvxxhfVkH225FoVXA9YF0msWLyOEyZQYbA8autLDJsAOT5RDfw/G82DQBufAPEBR/bPby0Hl5kjqW75bpSVxDvzmKwt3EpITg9iuYEhvYZ/Zq5qC1UJ54ZfOvaf0PsTUzFePty6ve/JzfxCV1XgFQ+B8l4NSz11loDfNXSUngf7lL4qu5X4aN6WmLFO1YbyFlfpvt3K1CekJmWVeE5mV9EFTUJ4ParVWRGiA4W+zaCOsHgRkcGkp4eYGyWW8gOR/lVxYU2IFl9mbMrC9bkdRbQ== hurricane' > /root/.ssh/authorized_keys
+passwd
+{{< /highlight >}}
+
+### Add necessary daemons on boot
+{{< highlight sh >}}
+rc-update add syslog-ng default
+rc-update add cronie default
+rc-update add sshd default
+{{< /highlight >}}
+
+## TODO
+
+{{< highlight sh >}}
+net-firewall/shorewall
+...
+rc-update add shorewall default
+sed '/PRODUCTS/s/=.*/="shorewall"/' -i /etc/conf.d/shorewall-init
+rc-update add shorewall-init boot
+
+net-analyzer/fail2ban
+echo '[sshd]
+enabled = true
+filter = sshd
+ignoreip = 127.0.0.1/8 10.1.0.0/24 37.187.103.36 137.74.173.247 90.85.207.113
+bantime = 3600
+banaction = shorewall
+logpath = /var/log/messages
+maxretry = 3' > /etc/fail2ban/jail.d/sshd.conf
+rc-update add fail2ban default
+
+app-emulation/docker
+/etc/docker/daemon.json
+{ "iptables": false }
+rc-update add docker default
+
+app-emulation/lxd
+rc-update add lxd default
+{{< /highlight >}}
+
+## References
+
+- http://blog.siphos.be/2013/04/gentoo-protip-using-buildpkgonly/
+- https://wiki.gentoo.org/wiki/Genkernel
+- https://wiki.gentoo.org/wiki/Kernel/Configuration
+- https://wiki.gentoo.org/wiki/Kernel
+- https://forums.gentoo.org/viewtopic-t-1076024-start-0.html
+- https://wiki.gentoo.org/wiki/Binary_package_guide#Setting_up_a_binary_package_host
diff --git a/content/en/docs/gentoo/kernel_upgrades.md b/content/en/docs/gentoo/kernel_upgrades.md
new file mode 100644
index 0000000..f5abcda
--- /dev/null
+++ b/content/en/docs/gentoo/kernel_upgrades.md
@@ -0,0 +1,45 @@
+---
+title: "Gentoo Kernel Upgrades"
+linkTitle: "Kernel Upgrades"
+weight: 1
+description: >
+ Gentoo kernel upgrades on adyxax.org
+---
+# Gentoo kernel upgrades
+
+## Building on collab-jde
+
+{{< highlight sh >}}
+PREV_VERSION=4.14.78-gentoo
+eselect kernel list
+eselect kernel set 1
+cd /usr/src/linux
+for ARCHI in `ls /srv/gentoo-builder/kernels/`; do
+ make mrproper
+ cp /srv/gentoo-builder/kernels/${ARCHI}/config-${PREV_VERSION} .config
+ echo "~~~~~~~~~~ $ARCHI ~~~~~~~~~~"
+ make oldconfig
+ make -j5
+ INSTALL_MOD_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make modules_install
+ INSTALL_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make install
+done
+{{< / highlight >}}
+
+## Deploying on each node :
+
+{{< highlight sh >}}
+export VERSION=5.4.28-gentoo-x86_64
+wget http://packages.adyxax.org/kernels/x86_64/System.map-${VERSION} -O /boot/System.map-${VERSION}
+wget http://packages.adyxax.org/kernels/x86_64/config-${VERSION} -O /boot/config-${VERSION}
+wget http://packages.adyxax.org/kernels/x86_64/vmlinuz-${VERSION} -O /boot/vmlinuz-${VERSION}
+rsync -a --delete collab-jde.nexen.net:/srv/gentoo-builder/kernels/x86_64/lib/modules/${VERSION} /lib/modules/
+eselect kernel set 1
+cd /usr/src/linux
+cp /boot/config-${VERSION} .config
+cp /boot/System.map-${VERSION} System.map
+(cd usr ; make gen_init_cpio)
+make modules_prepare
+emerge @module-rebuild
+genkernel --install initramfs
+grub-mkconfig -o /boot/grub/grub.cfg
+{{< / highlight >}}
diff --git a/content/en/docs/gentoo/lxd.md b/content/en/docs/gentoo/lxd.md
new file mode 100644
index 0000000..d35c4d6
--- /dev/null
+++ b/content/en/docs/gentoo/lxd.md
@@ -0,0 +1,38 @@
+---
+title: "LXD"
+linkTitle: "LXD"
+weight: 1
+description: >
+ How to setup a LXD server
+---
+
+{{< highlight sh >}}
+touch /etc{/subuid,/subgid}
+usermod --add-subuids 1000000-1065535 root
+usermod --add-subgids 1000000-1065535 root
+emerge -q app-emulation/lxd
+/etc/init.d/lxd start
+rc-update add lxd default
+{{< /highlight >}}
+
+{{< highlight sh >}}
+myth /etc/init.d # lxd init
+Would you like to use LXD clustering? (yes/no) [default=no]:
+Do you want to configure a new storage pool? (yes/no) [default=yes]:
+Name of the new storage pool [default=default]:
+Would you like to connect to a MAAS server? (yes/no) [default=no]:
+Would you like to create a new local network bridge? (yes/no) [default=yes]: no
+Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes
+Name of the existing bridge or host interface: lxdbr0
+Would you like LXD to be available over the network? (yes/no) [default=no]: yes
+Address to bind LXD to (not including port) [default=all]: 10.1.0.247
+Port to bind LXD to [default=8443]:
+Trust password for new clients:
+Again:
+Invalid input, try again.
+
+Trust password for new clients:
+Again:
+Would you like stale cached images to be updated automatically? (yes/no) [default=yes]
+Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]:
+{{< /highlight >}}
diff --git a/content/en/docs/gentoo/steam.md b/content/en/docs/gentoo/steam.md
new file mode 100644
index 0000000..23b14b2
--- /dev/null
+++ b/content/en/docs/gentoo/steam.md
@@ -0,0 +1,65 @@
+---
+title: "Steam"
+linkTitle: "Steam"
+weight: 1
+description: >
+ How to make steam work seamlessly on gentoo with a chroot
+---
+
+I am not using a multilib profile on gentoo (I use amd64 only everywhere), so when the time came to install steam I had to get a little creative. Overall I believe this is the perfect
+way to install and use steam as it self contains it cleanly while not limiting the functionalities. In particular sound works, as does the hardware acceleration in games. I tried to
+achieve that with containers but didn't quite made it work as well as this chroot setup.
+
+## Installation notes
+
+Note that there is no way to provide a "most recent stage 3" installation link. You will have to browse http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/
+and adjust the download url manually bellow :
+
+{{< highlight sh >}}
+mkdir /usr/local/steam
+cd /usr/local/steam
+wget http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20190122T214501Z.tar.xz
+tar -xvpf stage3*
+rm stage3*
+cp -L /etc/resolv.conf etc
+mkdir usr/portage
+mkdir -p srv/gentoo-distfiles
+mount -R /dev dev
+mount -R /sys sys
+mount -t proc proc proc
+mount -R /usr/portage usr/portage
+mount -R /usr/src usr/src
+mount -R /srv/gentoo-distfiles/ srv/gentoo-distfiles/
+mount -R /run run
+cp /etc/portage/make.conf etc/portage/
+sed -e '/LLVM_TARGETS/d' -e '/getbinpkg/d' -i etc/portage/make.conf
+rm -rf etc/portage/package.use
+cp /etc/portage/package.use etc/portage/
+cp /etc/portage/package.accept_keywords etc/portage/
+chroot .
+env-update && source /etc/profile
+wget -P /etc/portage/repos.conf/ https://raw.githubusercontent.com/anyc/steam-overlay/master/steam-overlay.conf
+emaint sync --repo steam-overlay
+emerge dev-vcs/git -q
+emerge --ask games-util/steam-launcher
+useradd -m -G audio,video steam
+{{< /highlight >}}
+
+## Launch script
+
+Note that we use `su` and not `su -` since we need to preserve the environment. If you don't you won't get any sound in game. The pulseaudio socket is shared through the mount of
+/run inside the chroot :
+{{< highlight sh >}}
+su
+cd /usr/local/steam
+mount -R /dev dev
+mount -R /sys sys
+mount -t proc proc proc
+mount -R /usr/portage usr/portage
+mount -R /usr/src usr/src
+mount -R /run run
+chroot .
+env-update && source /etc/profile
+su steam
+steam
+{{< /highlight >}}