💾 Archived View for zigford.org › precision-5510---gentoo-gnulinux.gmi captured on 2023-09-28 at 15:50:08. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-03-20)
-=-=-=-=-=-=-
Sharing linux/windows scripts and tips
October 12, 2019 — Jesse Harris
This documents all configurations, apps and tweaks to get a nicely working Linux machine.
~~~
The system was built with an existing Windows EFI partition table but this weekend I converted it over to a luks/dmcrypt partition scheme. Thus the table was created is as follows:
The Linux filesystem is an aes-xts-plain64 with a 512 key size.
cryptsetup luksFormat /dev/nvme0n1p6 -c aes-xts-plain64 -s 512
After the encrypted volume is created, and opened, lvm was used to create a 444Gb partition for root and the remaining 32Gb for swap/resume. The root volume then formatted with btrfs.
mkfs.btrfs /dev/mapper/lvm-root
Mounting the btrfs root subvolume in the Gentoo Live install:
mkdir /mnt/btrfs mount /dev/mapper/lvm-root /mnt/btrfs
Create 2 subvolumes in the / root and mount @root
btrfs subvolume create /mnt/btrfs/\@root btrfs subvolume create /mnt/btrfs/\@home mount /dev/mapper/lvm-root /mnt/gentoo -o subvol=@root
The original stage3 tarball was stage3-amd64-systemd-20190823.tar.bz2
systemd was chosen so that I'm using the same init system that I need to support for my day job.
After stage 3 is extracted, mount the home subvolume and boot volume:
mount /dev/mapper/lvm-root /mnt/gentoo/home -o subvol=@home mount /dev/nvme0n1p1 /mnt/gentoo/boot
Chroot in as per the Gentoo handbook
Initial portage make.conf setup to get going should include the following:
COMMON_FLAGS="-march=skylake -O2 -pipe" VIDEO_CARDS="intel i965" MAKEOPTS="-j9 -l8" GENTOO_MIRRORS="http://ftp.swin.edu.au/gentoo" EMERGE_DEFAULT_OPTS="--jobs=8 --load-average=8" FEATURES="${FEATURES} parallel-fetch"
More settings to be discussed in Make.conf section later. This is all that is relevant for the initial install.
Kernel config can be found on my kernel-configs github repo Make it with -j8 for all cores and after installed, edit /etc/default/grub:
GRUB_CMDLINE_LINUX="dobtrfs rootfstype=btrfs"
Use genkernel-next to build an initramfs and install grub
genkernel initramfs grub-install /dev/nvme0n1
First app in vim, as it is not in Gentoo base, other handy apps for getting the system up and running:
Note Genkernel pulls in sys-kernel/linux-firmware which has the binary blobs required to get the wifi chip working on the Precision 5510.
As per the Handbook, build the world, install the kernel, grub and reboot. But! Don't forget to set the root password
After first boot systemd has everything you need to get connected to the network to get everything going. Create a file in /etc/systemd/network to setup dhcp on eth0. Enable systemd-networkd to get going until networkmanager later.
Setup sudo for quicker elevation:
vim /etc/sudoers %wheel ALL=(ALL) NOPASSWD: ALL
wheel : Allows to su to root, or use sudo
plugdev : Allows to connect to wifi as regular user and other hardware stuff
portage : Can write into portage distfiles for testing and making ebuilds
Swap file is big enough to hold most of the RAM. Grub config is updated to specify the swap partition UUID as the resume parameter
GRUB_CMDLINE_LINUX="dobtrfs rootfstype=btrfs resume=UUID=9a900eaa-0312-4796-93f8-da3245add9d4"
Suspend then hibernate delay is set to 4 hours:
vim /etc/systemd/sleep.conf [Sleep] HibernateDelaySec=240min
Lidswitch is set to suspend then hibernate
vim /etc/systemd/logind.conf [Login] HandleLidSwitch=suspend-then-hibernate HandleLidSwitchDocked=ignore
use flags for gnome added to make.conf
USE="gtk bluetooth gnome -qt gdm samba acl vim readline fuse" L10N="en" # for dictionary in evolution
Explanation:
fuse is required for gnome-gvfs (which is a dep of gnome-base/gnome-vfs). This makes paths mounted from gnome, visible at /run/user/UID/gvfs
emerge gnome-base/gnome and the following apps
Apart from emerge, I'm making use of other package managers on Gentoo to complete the environment.
Install layman
emerge -a layman layman -L layman -a snapd layman -a flatpak layman -o http://jesseharrisit.com/overlay.xml -f -a gentoo-zigford emerge -a app-emulation/snapd emerge -a app-emulation/flatpak
snap install chromium snap install teams-for-linux snap install p3xonenote snap install caprine
For virtualization, I primarily want to interface with VM's using gnome-boxes, however as it lacks the sophistication for complex VM's, I also install virt-manager.
Use flags for virtualization:
app-emulation/libvirt apparmor virt-network app-emulation/qemu doc usbredir smartcard spice app-emulation/spice smartcard net-dns/dnsmasq script net-misc/spice-gtk smartcard usbredir vala
Kernel settings to enable networking in the kernel mentioned earlier. qemu settings required for efi virtual machine
vim /etc/libvirt/qemu.conf security = "none" nvram = [ "/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd" ]
For a vm in boxes to run efi:
cp /etc/libvirt/qemu.conf ~/.config/libvirt
Group memberships:
usermod -G kvm,libvirt,qemu -a username
Tweaks to apparmor
sed -ie 's/#include <local/include <local/' usr.sbin.dnsmasq vim local/usr.sbin.dnsmasq capability mknod, /usr/libexec/libvirt_leaseshelper rix, /var/lib/libvirt/dnsmasq/*.status* rw, /run/leaseshelper.pid rwk, vim usr.sbin.libvirt capability sys_rawio,
Set libvirt images directory to no copy on write
chattr +C /var/lib/libvirt/images
Allow Gnome-Boxes to use libvirt's networking. Also requires user to be a member of qemu group
cat /etc/qemu/bridge.conf allow virbr0
Thanks to the power of btrfs, backups are facilitated easily by snapshots. Currently I have a systemd timer set to fire every hour. It fires a script which does the following:
* in the last 24 hours
* daily in the last month
* monthly until the backup drive fills to 10% free
Finally, if the drive is not attached, when it does become available the script is invoked with a parameter to just catch up on the snapshots.
The script can be found on github and the systemd timer and service look like this:
/etc/snapshots.conf
[home] LocalSnapshots=/mnt/btrfs/snapshots RemoteSnapshots=/run/media/harrisj/7cb22d51-b8a7-45ee-b1a3-2f3db51c931f SubvolumeRoot=/home [root] LocalSnapshots=/mnt/btrfs/snapshots RemoteSnapshots=/run/media/harrisj/7cb22d51-b8a7-45ee-b1a3-2f3db51c931f SubvolumeRoot=/
snapshot.service
[Unit] Description=Take a BTRFS Snapshot of all the volumes [Service] Type=simple ExecStart=/usr/local/bin/snapshot
snapshot.timer
[Unit] Description=Timer file for snapshot unit. Snapshots hourly and continually prunes [Timer] OnCalendar=*-*-* *:00:00 Persistent=true [Install] WantedBy=timers.target
backup-snapshots.service
[Unit] Description=Backup snapshots when backup drive is attached Requires=run-media-harrisj-7cb22d51\x2db8a7\x2d45ee\x2db1a3\x2d2f3db51c931f.mount After=run-media-harrisj-7cb22d51\x2db8a7\x2d45ee\x2db1a3\x2d2f3db51c931f.mount [Service] ExecStart=/usr/local/bin/snapshot -b [Install] WantedBy=run-media-harrisj-7cb22d51\x2db8a7\x2d45ee\x2db1a3\x2d2f3db51c931f.mount
Docker's default IP range conflicts with works DNS. The following file switches it to another address range.
cat /etc/docker/daemon.json { "bip": "192.168.12.5/24", "fixed-cidr": "192.168.12.5/25", "fixed-cidr-v6": "2001:db8::/64", "mtu": 1500 }
In my shed the wifi is weak. I'm on wired here, so don't need the wifi. Thankfully NetworkManager offers ability to run scripts when connections change.
cat /etc/NetworkManager/dispatcher.d/wired_only.sh #!/bin/sh IF=$1 STATUS=$2 if echo "$IF" |grep -q enp0s20f0u2u1i5 then case "$2" in up) logger -s "ethernet up killing wifi" rfkill block 1 ;; down) logger -s "ethernet down, raising wifi" rfkill unblock 1 ;; *) ;; esac fi
At home, I'm using a Targus USB 3.0 dock to connect to two monitors. It's pretty convinient but it does use a few extra joules of battery (as shown by powertop).
Instead of manually stopping and starting the dlm service. I can use systemd and udev rules to run the service only when the device is attached.
cat /etc/udev/rules.d/99-displaylink.rules ACTION=="add", ATTRS{idProduct}=="4306", ATTRS{idVendor}=="17e9", ENV{SYSTEMD_WANTS}="dlm.service"
This rule will start dlm when the usb device is detected. The following alteration to the systemd unit for dlm ensures that when the device is removed, the service is stopped.
systemctl cat dlm # /lib/systemd/system/dlm.service [Unit] Description=DisplayLink Manager Service After=display-manager.service Conflicts=getty@tty7.service [Service] ExecStartPre=/sbin/modprobe evdi ExecStart=/opt/displaylink/DisplayLinkManager Restart=always WorkingDirectory=/opt/displaylink RestartSec=5 [Install] WantedBy=graphical.target # /etc/systemd/system/dlm.service.d/override.conf [Unit] BindsTo=sys-subsystem-net-devices-enp0s20f0u2u1i5.device StopWhenUnneeded=true
Note that the alterations are configured using systemctl edit dlm
Tags:
Generated with bashblog, a single bash script to easily create blogs like this one