From 60d3abc6ecdc21b4ab921d34a55b4af48690f55a Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Thu, 11 Mar 2021 18:53:14 +0100 Subject: Rewrote the whole website to get rid on a heavy theme --- content/docs/gentoo/_index.md | 8 ++ content/docs/gentoo/installation.md | 231 +++++++++++++++++++++++++++++++++ content/docs/gentoo/kernel_upgrades.md | 45 +++++++ content/docs/gentoo/lxd.md | 38 ++++++ content/docs/gentoo/steam.md | 65 ++++++++++ 5 files changed, 387 insertions(+) create mode 100644 content/docs/gentoo/_index.md create mode 100644 content/docs/gentoo/installation.md create mode 100644 content/docs/gentoo/kernel_upgrades.md create mode 100644 content/docs/gentoo/lxd.md create mode 100644 content/docs/gentoo/steam.md (limited to 'content/docs/gentoo') diff --git a/content/docs/gentoo/_index.md b/content/docs/gentoo/_index.md new file mode 100644 index 0000000..3aa6307 --- /dev/null +++ b/content/docs/gentoo/_index.md @@ -0,0 +1,8 @@ +--- +title: "Gentoo" +linkTitle: "Gentoo" +weight: 1 +description: > + Gentoo related articles +--- + diff --git a/content/docs/gentoo/installation.md b/content/docs/gentoo/installation.md new file mode 100644 index 0000000..4f3be17 --- /dev/null +++ b/content/docs/gentoo/installation.md @@ -0,0 +1,231 @@ +--- +title: "Installation" +linkTitle: "installation" +weight: 1 +description: > + Installation of a gentoo system +--- + +## Installation media + +You can get a bootable iso or liveusb from https://www.gentoo.org/downloads/. I recommend the minimal one. To create a bootable usb drive juste use `dd` to copy the image on it. Then boot on this brand new installation media. + +Once you boot on the installation media, you can start sshd and set a temporary password and proceed with the installation more confortably from another machine : + +{{< highlight sh >}} +/etc/init.d/sshd start +passwd +{{< /highlight >}} + +## Partitionning + +There are several options depending on wether you need soft raid, full disk encryption or a simple root device with no additional complications. It will also differ if you are using a virtual machine or a physical one. + +{{< highlight sh >}} +fdisk /dev/sda +g +n +1 +2048 ++2M +t +1 +4 + +n +2 +6144 ++512M +t +2 +1 + +n +3 +1054720 + +w +mkfs.ext4 /dev/sda3 +mkfs.fat -F 32 -n efi-boot /dev/sda2 +mount /dev/sda3 /mnt/gentoo +{{< /highlight >}} + +## Get the stage3 and chroot into it + +Get the stage 3 installation file from https://www.gentoo.org/downloads/. I personnaly use the non-multilib one from the advanced choices, since I am no longer using and 32bits software except steam, and I use steam from a multilib chroot. + +Put the archive on the server in /mnt/gentoo (you can simply wget it from there), then extract it : +{{< highlight sh >}} +tar xpf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner +mount /dev/sda2 boot +mount -t proc none proc +mount -t sysfs none sys +mount -o rbind /dev dev +cp /etc/resolv.conf etc/ +chroot . +{{< /highlight >}} + +## Initial configuration + +We prepare the local language of the system : +{{< highlight sh >}} +env-update && source /etc/profile +echo 'LANG="en_US.utf8"' > /etc/env.d/02locale +sed '/#en_US.UTF-8/s/#//' -i /etc/locale.gen +locale-gen +source /etc/profile +{{< /highlight >}} + +We set a loop device to hold the portage tree. It will be formatted with optimisation for the many small files that compose it : +{{< highlight sh >}} +mkdir -p /srv/gentoo-distfiles +truncate -s 10G /portage.img +mke2fs -b 1024 -i 2048 -m 0 -O "dir_index" -F /portage.img +tune2fs -c 0 -i 0 /portage.img +mkdir /usr/portage +mount -o loop,noatime,nodev /portage.img /usr/portage/ +{{< /highlight >}} + +We set default compilation options and flags. If you are not me and cannot rsync this location, you can browse it from https://packages.adyxax.org/x86-64/etc/portage/ : +{{< highlight sh >}} +rsync -a --delete packages.adyxax.org:/srv/gentoo-builder/x86-64/etc/portage/ /etc/portage/ +sed -i /etc/portage/make.conf -e s/buildpkg/getbinpkg/ +echo 'PORTAGE_BINHOST="https://packages.adyxax.org/x86-64/packages/"' >> /etc/portage/make.conf +{{< /highlight >}} + +We get the portage tree and sync the timezone +{{< highlight sh >}} +emerge --sync +{{< /highlight >}} + +## Set hostname and timezone + +{{< highlight sh >}} +export HOSTNAME=XXXXX +sed -i /etc/conf.d/hostname -e /hostname=/s/=.*/=\"${HOSTNAME}\"/ +echo "Europe/Paris" > /etc/timezone +emerge --config sys-libs/timezone-data +{{< /highlight >}} + +## Check cpu flags and compatibility + +TODO +{{< highlight sh >}} +emerge cpuid2cpuflags -1q +cpuid2cpuflags +gcc -### -march=native /usr/include/stdlib.h +{{< /highlight >}} + +## Rebuild the system + +{{< highlight sh >}} +emerge --quiet -e @world +emerge --quiet dosfstools app-admin/logrotate app-admin/syslog-ng app-portage/gentoolkit dev-vcs/git bird openvpn htop net-analyzer/tcpdump net-misc/bridge-utils sys-apps/i2c-tools sys-apps/pciutils sys-apps/usbutils sys-boot/grub sys-fs/ncdu sys-process/lsof +{{< /highlight >}} + +## Grab a working kernel + +Next we need to Grab a working kernel from our build server along with its modules. If you don't have one already, you have some work to do! + +Check the necessary hardware support with : +{{< highlight sh >}} +i2cdetect -l +lspci -nnk +lsusb +{{< /highlight >}} + +TODO specific page with details on how to build required modules like the nas for example. +{{< highlight sh >}} +emerge gentoo-sources genkernel -q +... +{{< /highlight >}} + +## Final configuration steps + +### fstab + +{{< highlight sh >}} +# /etc/fstab: static file system information. +# +# +/dev/vda3 / ext4 noatime 0 1 +/dev/vda2 /boot vfat noatime 1 2 +/portage.img /usr/portage ext2 noatime,nodev,loop 0 0 +{{< /highlight >}} + +### networking +{{< highlight sh >}} +echo 'hostname="phoenix"' > /etc/conf.d/hostname +echo 'dns_domain_lo="adyxax.org" +config_eth0="192.168.1.3 netmask 255.255.255.0" +routes_eth0="default via 192.168.1.1"' > /etc/conf.d/net +cd /etc/init.d +ln -s net.lo net.eth0 +rc-update add net.eth0 boot +{{< /highlight >}} + +### Grub + +TODO especially the conf in /etc/default/grub when using an encrypted / +{{< highlight sh >}} +{{< /highlight >}} + +### /etc/hosts + +{{< highlight sh >}} +scp root@collab-jde.nexen.net:/etc/hosts /etc/ +{{< /highlight >}} + +### root account access + +{{< highlight sh >}} +mkdir -p /root/.ssh +echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDN1ha6PFKgxF3MSWUlDaruVVpj3UzoiN4IJEvDrCnDbIW8xu+TclbeGJSRXXBbqRKeUfhX0GDA7cvSUIAz2U7AGK7wq5tbzJKagVYtxcSHBSi6dZR9KGb3eoshnrCeFzem1jWXG02PZJGvjB+ml3QhUguyAqm9q0n/NL6zzKhGoKiELO+tQghGIY8jafRv4rE4yyXZnwuCu8JI9P8ldGhKgOPeOdKIVTIVezUmKILWgAF+Hg7O72rQqUua9sdoK1mEYme/wgu0bQbvN26owGgBAgS3uc2nngLD01TZToG/wC1wH9A3KxT6+3akjRlPfLOY0BuK4OBGEGm6e0KZrIMhUr8fHQ8nmTmBqw7puI0gIXYB2EjhpsQ7TijYVqLYXbyxaXYyqisgY0QRWC7Te5Io6TSgorfXzi7zrcQGgWByHkhxTylf36LYSKWEheIQIRqytOdGqeXagFMz2ptLFKk4dA61LS5fPXIJucdghvnmLPml8cO9/9VHQ7gq7DxQu7sIwt/W13yTTUyI9DSHwxeHUwECzxAb5pOVL6pRjTMH8q1/eAMl35TFSh6s5tGvvHGz9+gMlE9A2Pv8CyXDBmXV6srrwxTSlglnmgdq6c9w3VtBKu572/z0cS6vqZMgEno4rIiwyhqNWdjbMXYw/U0q/w5XC9zCcSuluxvaY14qqQ== adyxax +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDMdBAFjENiPMTtq90GT3+NZ68nfGxQiRExaYYnLzm1ecmulCvsuA4AOpeLY6f+FWe+ludiw7nhrXzssDdsKBy0QL+XQyvjjjW4X+k9MYhP1gAWXEOGJnjJ/1ovEsMt++6fLyNKLUTA46kErbEehDs22r+rIiEKatrn0BNrJcRI94H44oEL1/ImzVam0cSBL0tPiaJxe60sBs7M76zfyFtVdMGkeuBpS7ee+FLA58fsS3/sEZmkas8MT0QdvZz1y/66MknXYbIaqDSOUACXGF4yVKpogLRRJ1SgNo1Ujo/U3VOR1O4CiQczsZOcbSdjgl0x3fJb7BaIxrZy9iW2I7G/L/chfTvRws+x1s1y5FNZOOiXMCdZjhgLaRwb6p5gMsMVn9sJbhDjmejcAkBKQDkzbvxxhfVkH225FoVXA9YF0msWLyOEyZQYbA8autLDJsAOT5RDfw/G82DQBufAPEBR/bPby0Hl5kjqW75bpSVxDvzmKwt3EpITg9iuYEhvYZ/Zq5qC1UJ54ZfOvaf0PsTUzFePty6ve/JzfxCV1XgFQ+B8l4NSz11loDfNXSUngf7lL4qu5X4aN6WmLFO1YbyFlfpvt3K1CekJmWVeE5mV9EFTUJ4ParVWRGiA4W+zaCOsHgRkcGkp4eYGyWW8gOR/lVxYU2IFl9mbMrC9bkdRbQ== hurricane' > /root/.ssh/authorized_keys +passwd +{{< /highlight >}} + +### Add necessary daemons on boot +{{< highlight sh >}} +rc-update add syslog-ng default +rc-update add cronie default +rc-update add sshd default +{{< /highlight >}} + +## TODO + +{{< highlight sh >}} +net-firewall/shorewall +... +rc-update add shorewall default +sed '/PRODUCTS/s/=.*/="shorewall"/' -i /etc/conf.d/shorewall-init +rc-update add shorewall-init boot + +net-analyzer/fail2ban +echo '[sshd] +enabled = true +filter = sshd +ignoreip = 127.0.0.1/8 10.1.0.0/24 37.187.103.36 137.74.173.247 90.85.207.113 +bantime = 3600 +banaction = shorewall +logpath = /var/log/messages +maxretry = 3' > /etc/fail2ban/jail.d/sshd.conf +rc-update add fail2ban default + +app-emulation/docker +/etc/docker/daemon.json +{ "iptables": false } +rc-update add docker default + +app-emulation/lxd +rc-update add lxd default +{{< /highlight >}} + +## References + +- http://blog.siphos.be/2013/04/gentoo-protip-using-buildpkgonly/ +- https://wiki.gentoo.org/wiki/Genkernel +- https://wiki.gentoo.org/wiki/Kernel/Configuration +- https://wiki.gentoo.org/wiki/Kernel +- https://forums.gentoo.org/viewtopic-t-1076024-start-0.html +- https://wiki.gentoo.org/wiki/Binary_package_guide#Setting_up_a_binary_package_host diff --git a/content/docs/gentoo/kernel_upgrades.md b/content/docs/gentoo/kernel_upgrades.md new file mode 100644 index 0000000..0a2a65c --- /dev/null +++ b/content/docs/gentoo/kernel_upgrades.md @@ -0,0 +1,45 @@ +--- +title: "Gentoo Kernel Upgrades" +linkTitle: "Kernel Upgrades" +weight: 1 +description: > + Gentoo kernel upgrades on adyxax.org +--- +# Gentoo kernel upgrades + +## Building on collab-jde + +{{< highlight sh >}} +PREV_VERSION=4.14.78-gentoo +eselect kernel list +eselect kernel set 1 +cd /usr/src/linux +for ARCHI in `ls /srv/gentoo-builder/kernels/`; do + make mrproper + cp /srv/gentoo-builder/kernels/${ARCHI}/config-${PREV_VERSION} .config + echo "~~~~~~~~~~ $ARCHI ~~~~~~~~~~" + make oldconfig + make -j5 + INSTALL_MOD_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make modules_install + INSTALL_PATH=/srv/gentoo-builder/kernels/${ARCHI}/ make install +done +{{< / highlight >}} + +## Deploying on each node : + +{{< highlight sh >}} +export VERSION=5.4.28-gentoo-x86_64 +wget http://packages.adyxax.org/kernels/x86_64/System.map-${VERSION} -O /boot/System.map-${VERSION} +wget http://packages.adyxax.org/kernels/x86_64/config-${VERSION} -O /boot/config-${VERSION} +wget http://packages.adyxax.org/kernels/x86_64/vmlinuz-${VERSION} -O /boot/vmlinuz-${VERSION} +rsync -a --delete collab-jde.nexen.net:/srv/gentoo-builder/kernels/x86_64/lib/modules/${VERSION} /lib/modules/ +eselect kernel set 1 +cd /usr/src/linux +cp /boot/config-${VERSION} .config +cp /boot/System.map-${VERSION} System.map +(cd usr ; make gen_init_cpio) +make modules_prepare +emerge @module-rebuild +genkernel --install initramfs --ssh-host-keys=create-from-host +grub-mkconfig -o /boot/grub/grub.cfg +{{< / highlight >}} diff --git a/content/docs/gentoo/lxd.md b/content/docs/gentoo/lxd.md new file mode 100644 index 0000000..d35c4d6 --- /dev/null +++ b/content/docs/gentoo/lxd.md @@ -0,0 +1,38 @@ +--- +title: "LXD" +linkTitle: "LXD" +weight: 1 +description: > + How to setup a LXD server +--- + +{{< highlight sh >}} +touch /etc{/subuid,/subgid} +usermod --add-subuids 1000000-1065535 root +usermod --add-subgids 1000000-1065535 root +emerge -q app-emulation/lxd +/etc/init.d/lxd start +rc-update add lxd default +{{< /highlight >}} + +{{< highlight sh >}} +myth /etc/init.d # lxd init +Would you like to use LXD clustering? (yes/no) [default=no]: +Do you want to configure a new storage pool? (yes/no) [default=yes]: +Name of the new storage pool [default=default]: +Would you like to connect to a MAAS server? (yes/no) [default=no]: +Would you like to create a new local network bridge? (yes/no) [default=yes]: no +Would you like to configure LXD to use an existing bridge or host interface? (yes/no) [default=no]: yes +Name of the existing bridge or host interface: lxdbr0 +Would you like LXD to be available over the network? (yes/no) [default=no]: yes +Address to bind LXD to (not including port) [default=all]: 10.1.0.247 +Port to bind LXD to [default=8443]: +Trust password for new clients: +Again: +Invalid input, try again. + +Trust password for new clients: +Again: +Would you like stale cached images to be updated automatically? (yes/no) [default=yes] +Would you like a YAML "lxd init" preseed to be printed? (yes/no) [default=no]: +{{< /highlight >}} diff --git a/content/docs/gentoo/steam.md b/content/docs/gentoo/steam.md new file mode 100644 index 0000000..23b14b2 --- /dev/null +++ b/content/docs/gentoo/steam.md @@ -0,0 +1,65 @@ +--- +title: "Steam" +linkTitle: "Steam" +weight: 1 +description: > + How to make steam work seamlessly on gentoo with a chroot +--- + +I am not using a multilib profile on gentoo (I use amd64 only everywhere), so when the time came to install steam I had to get a little creative. Overall I believe this is the perfect +way to install and use steam as it self contains it cleanly while not limiting the functionalities. In particular sound works, as does the hardware acceleration in games. I tried to +achieve that with containers but didn't quite made it work as well as this chroot setup. + +## Installation notes + +Note that there is no way to provide a "most recent stage 3" installation link. You will have to browse http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/ +and adjust the download url manually bellow : + +{{< highlight sh >}} +mkdir /usr/local/steam +cd /usr/local/steam +wget http://distfiles.gentoo.org/releases/amd64/autobuilds/current-stage3-amd64/stage3-amd64-20190122T214501Z.tar.xz +tar -xvpf stage3* +rm stage3* +cp -L /etc/resolv.conf etc +mkdir usr/portage +mkdir -p srv/gentoo-distfiles +mount -R /dev dev +mount -R /sys sys +mount -t proc proc proc +mount -R /usr/portage usr/portage +mount -R /usr/src usr/src +mount -R /srv/gentoo-distfiles/ srv/gentoo-distfiles/ +mount -R /run run +cp /etc/portage/make.conf etc/portage/ +sed -e '/LLVM_TARGETS/d' -e '/getbinpkg/d' -i etc/portage/make.conf +rm -rf etc/portage/package.use +cp /etc/portage/package.use etc/portage/ +cp /etc/portage/package.accept_keywords etc/portage/ +chroot . +env-update && source /etc/profile +wget -P /etc/portage/repos.conf/ https://raw.githubusercontent.com/anyc/steam-overlay/master/steam-overlay.conf +emaint sync --repo steam-overlay +emerge dev-vcs/git -q +emerge --ask games-util/steam-launcher +useradd -m -G audio,video steam +{{< /highlight >}} + +## Launch script + +Note that we use `su` and not `su -` since we need to preserve the environment. If you don't you won't get any sound in game. The pulseaudio socket is shared through the mount of +/run inside the chroot : +{{< highlight sh >}} +su +cd /usr/local/steam +mount -R /dev dev +mount -R /sys sys +mount -t proc proc proc +mount -R /usr/portage usr/portage +mount -R /usr/src usr/src +mount -R /run run +chroot . +env-update && source /etc/profile +su steam +steam +{{< /highlight >}} -- cgit v1.2.3