zigford/zigford.org
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
zigford.org/precision-5510---gentoo-gnulinux.html
Jesse Harris 7633402843 initial push
2020-07-21 06:49:32 +10:00

377 lines
15 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<link rel="stylesheet" href="main.css" type="text/css" />
<link rel="stylesheet" href="blog.css" type="text/css" />
<link rel="alternate" type="application/rss+xml" title="Subscribe to this page..." href="feed.rss" />
<title>Precision 5510 - Gentoo GNU/Linux</title>
</head><body>
<div id="divbodyholder">
<div class="headerholder"><div class="header">
<div id="title">
<h1 class="nomargin"><a class="ablack" href="http://zigford.org/index.html">zigford.org</a></h1>
<div id="description"><a href="about.html">About</a><a href="links.html"> | Links</a><a href="scripts.html"> | Scripts</a><br>Sharing linux/windows scripts and tips</br></div>
</div></div></div>
<div id="divbody"><div class="content">
<!-- entry begin -->
<h3><a class="ablack" href="precision-5510---gentoo-gnulinux.html">
Precision 5510 - Gentoo GNU/Linux
</a></h3>
<!-- bashblog_timestamp: #201910122244.07# -->
<div class="subtitle">October 12, 2019 &mdash;
Jesse Harris
</div>
<!-- text begin -->
<p>This documents all configurations, apps and tweaks to get a nicely working Linux
machine.</p>
<hr />
<h1 id="installation">Installation</h1>
<h2 id="partition">Partition</h2>
<p>The system was built with an existing Windows EFI partition table but this
weekend I converted it over to a luks/dmcrypt partition scheme. Thus the
table was created is as follows:</p>
<ol>
<li>200Mb ESP volume</li>
<li>477.8G Linux filesystem</li>
</ol>
<p>The Linux filesystem is an aes-xts-plain64 with a 512 key size.</p>
<pre><code> cryptsetup luksFormat /dev/nvme0n1p6 -c aes-xts-plain64 -s 512
</code></pre>
<p>After the encrypted volume is created, and opened, lvm was used to create a
444Gb partition for root and the remaining 32Gb for swap/resume. The root volume
then formatted with btrfs.</p>
<pre><code> mkfs.btrfs /dev/mapper/lvm-root
</code></pre>
<p>Mounting the btrfs root subvolume in the Gentoo Live install:</p>
<pre><code> mkdir /mnt/btrfs
mount /dev/mapper/lvm-root /mnt/btrfs
</code></pre>
<p>Create 2 subvolumes in the / root and mount @root</p>
<pre><code> btrfs subvolume create /mnt/btrfs/\@root
btrfs subvolume create /mnt/btrfs/\@home
mount /dev/mapper/lvm-root /mnt/gentoo -o subvol=@root
</code></pre>
<h2 id="stage3">Stage3</h2>
<p>The original stage3 tarball was <code>stage3-amd64-systemd-20190823.tar.bz2</code><br />
systemd was chosen so that I'm using the same init system that I need to support
for my day job.</p>
<p>After stage 3 is extracted, mount the home subvolume and boot volume:</p>
<pre><code> mount /dev/mapper/lvm-root /mnt/gentoo/home -o subvol=@home
mount /dev/nvme0n1p1 /mnt/gentoo/boot
</code></pre>
<p>Chroot in as per the Gentoo handbook</p>
<h2 id="portage">Portage</h2>
<p>Initial portage <code>make.conf</code> setup to get going should include the following:</p>
<pre><code> COMMON_FLAGS=&quot;-march=skylake -O2 -pipe&quot;
VIDEO_CARDS=&quot;intel i965&quot;
MAKEOPTS=&quot;-j9 -l8&quot;
GENTOO_MIRRORS=&quot;http://ftp.swin.edu.au/gentoo&quot;
EMERGE_DEFAULT_OPTS=&quot;--jobs=8 --load-average=8&quot;
FEATURES=&quot;${FEATURES} parallel-fetch&quot;
</code></pre>
<p>More settings to be discussed in <strong>Make.conf</strong> section later. This is all that
is relevant for the initial install.</p>
<h2 id="kernel">Kernel</h2>
<p>Kernel config can be found on my <a href="https://github.com/zigford/kernel-configs/tree/master/Precision%205510">kernel-configs github
repo</a>
Make it with <code>-j8</code> for all cores and after installed, edit /etc/default/grub:</p>
<pre><code> GRUB_CMDLINE_LINUX=&quot;dobtrfs rootfstype=btrfs&quot;
</code></pre>
<p>Use genkernel-next to build an initramfs and install grub</p>
<pre><code> genkernel initramfs
grub-install /dev/nvme0n1
</code></pre>
<h2 id="applications">Applications</h2>
<p>First app in vim, as it is not in Gentoo base, other handy apps for getting the
system up and running:</p>
<ul>
<li>app-editors/vim</li>
<li>app-admin/sudo</li>
<li>app-portage/eix</li>
<li>app-portage/gentoolkit</li>
<li>dev-vcs/git</li>
<li>sys-apps/usbutils</li>
<li>sys-fs/btrfsprogs</li>
<li>sys-boot/os-prober</li>
<li>sys-kernel/genkernel</li>
</ul>
<p><strong>Note</strong> Genkernel pulls in sys-kernel/linux-firmware which has the binary blobs
required to get the wifi chip working on the Precision 5510.</p>
<h2 id="world-build">World build</h2>
<p>As per the Handbook, build the world, install the kernel, grub and reboot.
But! Don't forget to set the root password</p>
<h1 id="first-setup">First setup</h1>
<p>After first boot systemd has everything you need to get connected to the network
to get everything going. Create a file in /etc/systemd/network to setup dhcp on
eth0. Enable systemd-networkd to get going until networkmanager later.</p>
<h2 id="administration">Administration</h2>
<p>Setup <code>sudo</code> for quicker elevation:</p>
<pre><code> vim /etc/sudoers
%wheel ALL=(ALL) NOPASSWD: ALL
</code></pre>
<h2 id="useful-groups">Useful groups</h2>
<p>wheel : Allows to su to root, or use sudo<br />
plugdev : Allows to connect to wifi as regular user and other hardware stuff<br />
portage : Can write into portage distfiles for testing and making ebuilds</p>
<h2 id="sleep-and-hibernate">Sleep and hibernate</h2>
<p>Swap file is big enough to hold most of the RAM. Grub config is updated to
specify the swap partition UUID as the resume parameter</p>
<pre><code> GRUB_CMDLINE_LINUX=&quot;dobtrfs rootfstype=btrfs resume=UUID=9a900eaa-0312-4796-93f8-da3245add9d4&quot;
</code></pre>
<p>Suspend then hibernate delay is set to 4 hours:</p>
<pre><code> vim /etc/systemd/sleep.conf
[Sleep]
HibernateDelaySec=240min
</code></pre>
<p>Lidswitch is set to suspend then hibernate</p>
<pre><code> vim /etc/systemd/logind.conf
[Login]
HandleLidSwitch=suspend-then-hibernate
HandleLidSwitchDocked=ignore
</code></pre>
<h1 id="xorg-and-gnome">Xorg and Gnome</h1>
<p>use flags for gnome added to <code>make.conf</code></p>
<pre><code> USE=&quot;gtk bluetooth gnome -qt gdm samba acl vim readline fuse&quot;
L10N=&quot;en&quot; # for dictionary in evolution
</code></pre>
<p>Explanation:</p>
<p><code>fuse</code> is required for <code>gnome-gvfs</code> (which is a dep of gnome-base/gnome-vfs).
This makes paths mounted from gnome, visible at /run/user/UID/gvfs</p>
<p>emerge gnome-base/gnome and the following apps</p>
<ul>
<li>gnome-base/gnome-vfs # For smb connections in nautilus</li>
<li>gnome-extra/evolution-ews # Connect evolution to exchange online</li>
<li>x11-terms/kitty # terminal with ligature font support</li>
<li>www-client/firefox-bin</li>
</ul>
<h1 id="packages-for-work">Packages for work</h1>
<ul>
<li>net-vpn/networkmanager-openconnect # vpn in networkmanager for work</li>
<li>net-misc/freerdp # Rdp to servers for work</li>
<li>net-misc/icaclient # Citrix client for work</li>
</ul>
<h1 id="extending-gentoo">Extending Gentoo</h1>
<p>Apart from emerge, I'm making use of other package managers on Gentoo to
complete the environment.</p>
<p>Install layman</p>
<pre><code> emerge -a layman
layman -L
layman -a snapd
layman -a flatpak
layman -o http://jesseharrisit.com/overlay.xml -f -a gentoo-zigford
emerge -a app-emulation/snapd
emerge -a app-emulation/flatpak
</code></pre>
<h2 id="snapd-packages">snapd packages</h2>
<pre><code> snap install chromium
snap install teams-for-linux
snap install p3xonenote
snap install caprine
</code></pre>
<h1 id="kvm-qemu">KVM - Qemu</h1>
<p>For virtualization, I primarily want to interface with VM's using <em>gnome-boxes</em>,
however as it lacks the sophistication for complex VM's, I also install
<em>virt-manager</em>.</p>
<p>Use flags for virtualization:</p>
<pre><code> app-emulation/libvirt apparmor virt-network
app-emulation/qemu doc usbredir smartcard spice
app-emulation/spice smartcard
net-dns/dnsmasq script
net-misc/spice-gtk smartcard usbredir vala
</code></pre>
<p>Kernel settings to enable networking in the kernel mentioned earlier.
qemu settings required for efi virtual machine</p>
<pre><code> vim /etc/libvirt/qemu.conf
security = &quot;none&quot;
nvram = [
&quot;/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd&quot;
]
</code></pre>
<p>For a vm in boxes to run efi:</p>
<pre><code> cp /etc/libvirt/qemu.conf ~/.config/libvirt
</code></pre>
<p>Group memberships:</p>
<pre><code> usermod -G kvm,libvirt,qemu -a username
</code></pre>
<p>Tweaks to apparmor</p>
<pre><code> sed -ie 's/#include &lt;local/include &lt;local/' usr.sbin.dnsmasq
vim local/usr.sbin.dnsmasq
capability mknod,
/usr/libexec/libvirt_leaseshelper rix,
/var/lib/libvirt/dnsmasq/*.status* rw,
/run/leaseshelper.pid rwk,
vim usr.sbin.libvirt
capability sys_rawio,
</code></pre>
<p>Set libvirt images directory to no copy on write</p>
<pre><code> chattr +C /var/lib/libvirt/images
</code></pre>
<p>Allow Gnome-Boxes to use libvirt's networking. Also requires user to be a member
of qemu group</p>
<pre><code> cat /etc/qemu/bridge.conf
allow virbr0
</code></pre>
<h1 id="backups">Backups</h1>
<p>Thanks to the power of btrfs, backups are facilitated easily by snapshots.
Currently I have a systemd timer set to fire every hour. It fires a script which
does the following:</p>
<ol>
<li><p>Mount the root btrfs volume to /mnt/btrfs (this houses 2 subvols)</p>
</li>
<li><p>Snapshot each subvol into /mnt/btrfs/snapshots/subvolname-yyyy-MM-dd-hh:mm:ss</p>
</li>
<li><p>Prune any snapshots that are not any of the following:</p>
<ul>
<li>in the last 24 hours</li>
<li>daily in the last month</li>
<li>monthly until the backup drive fills to 10% free</li>
</ul>
</li>
<li><p>If a designated backup drive is attached, transfer all snapshots</p>
</li>
<li><p>Delete all bar the last 2 transfered per subvolume</p>
</li>
</ol>
<p>Finally, if the drive is not attached, when it does become available the script
is invoked with a parameter to just catch up on the snapshots.</p>
<p>The script can be found on
<a href="https://github.com/zigford/linux-worktools/blob/master/linux/snapshot">github</a>
and the systemd timer and service look like this:</p>
<p>/etc/snapshots.conf</p>
<pre><code> [home]
LocalSnapshots=/mnt/btrfs/snapshots
RemoteSnapshots=/run/media/harrisj/7cb22d51-b8a7-45ee-b1a3-2f3db51c931f
SubvolumeRoot=/home
[root]
LocalSnapshots=/mnt/btrfs/snapshots
RemoteSnapshots=/run/media/harrisj/7cb22d51-b8a7-45ee-b1a3-2f3db51c931f
SubvolumeRoot=/
</code></pre>
<p>snapshot.service</p>
<pre><code> [Unit]
Description=Take a BTRFS Snapshot of all the volumes
[Service]
Type=simple
ExecStart=/usr/local/bin/snapshot
</code></pre>
<p>snapshot.timer</p>
<pre><code> [Unit]
Description=Timer file for snapshot unit. Snapshots hourly and continually prunes
[Timer]
OnCalendar=*-*-* *:00:00
Persistent=true
[Install]
WantedBy=timers.target
</code></pre>
<p>backup-snapshots.service</p>
<pre><code> [Unit]
Description=Backup snapshots when backup drive is attached
Requires=run-media-harrisj-7cb22d51\x2db8a7\x2d45ee\x2db1a3\x2d2f3db51c931f.mount
After=run-media-harrisj-7cb22d51\x2db8a7\x2d45ee\x2db1a3\x2d2f3db51c931f.mount
[Service]
ExecStart=/usr/local/bin/snapshot -b
[Install]
WantedBy=run-media-harrisj-7cb22d51\x2db8a7\x2d45ee\x2db1a3\x2d2f3db51c931f.mount
</code></pre>
<h1 id="docker">Docker</h1>
<p>Docker's default IP range conflicts with works DNS.
The following file switches it to another address range.</p>
<pre><code> cat /etc/docker/daemon.json
{
&quot;bip&quot;: &quot;192.168.12.5/24&quot;,
&quot;fixed-cidr&quot;: &quot;192.168.12.5/25&quot;,
&quot;fixed-cidr-v6&quot;: &quot;2001:db8::/64&quot;,
&quot;mtu&quot;: 1500
}
</code></pre>
<h1 id="wifi-off-on-ethernet">Wifi off on ethernet</h1>
<p>In my shed the wifi is weak. I'm on wired here, so don't need the wifi.
Thankfully NetworkManager offers ability to run scripts when connections change.</p>
<pre><code> cat /etc/NetworkManager/dispatcher.d/wired_only.sh
#!/bin/sh
IF=$1
STATUS=$2
if echo &quot;$IF&quot; |grep -q enp0s20f0u2u1i5
then
case &quot;$2&quot; in
up)
logger -s &quot;ethernet up killing wifi&quot;
rfkill block 1
;;
down)
logger -s &quot;ethernet down, raising wifi&quot;
rfkill unblock 1
;;
*)
;;
esac
fi
</code></pre>
<h1 id="automatically-stop-and-start-displaylink-manager">Automatically stop and start DisplayLink manager</h1>
<p>At home, I'm using a Targus USB 3.0 dock to connect to two monitors. It's pretty
convinient but it does use a few extra joules of battery (as shown by powertop).</p>
<p>Instead of manually stopping and starting the dlm service. I can use systemd and
udev rules to run the service only when the device is attached.</p>
<pre><code> cat /etc/udev/rules.d/99-displaylink.rules
ACTION==&quot;add&quot;, ATTRS{idProduct}==&quot;4306&quot;, ATTRS{idVendor}==&quot;17e9&quot;, ENV{SYSTEMD_WANTS}=&quot;dlm.service&quot;
</code></pre>
<p>This rule will start <code>dlm</code> when the usb device is detected. The following
alteration to the systemd unit for dlm ensures that when the device is removed,
the service is stopped.</p>
<pre><code> systemctl cat dlm
# /lib/systemd/system/dlm.service
[Unit]
Description=DisplayLink Manager Service
After=display-manager.service
Conflicts=getty@tty7.service
[Service]
ExecStartPre=/sbin/modprobe evdi
ExecStart=/opt/displaylink/DisplayLinkManager
Restart=always
WorkingDirectory=/opt/displaylink
RestartSec=5
[Install]
WantedBy=graphical.target
# /etc/systemd/system/dlm.service.d/override.conf
[Unit]
BindsTo=sys-subsystem-net-devices-enp0s20f0u2u1i5.device
StopWhenUnneeded=true
</code></pre>
<p><strong>Note</strong> that the alterations are configured using <code>systemctl edit dlm</code></p>
<p>Tags: <a href='tag_gentoo.html'>gentoo</a>, <a href='tag_btrfs.html'>btrfs</a>, <a href='tag_linux.html'>linux</a></p>
<!-- text end -->
<!-- entry end -->
</div>
<div id="footer">&copy <a href="http://twitter.com/zigford_org">Jesse Harris</a> &mdash; <a href="mailto:jesse&#64;zigford&#46;org">jesse&#64;zigford&#46;org</a><br/>
Generated with <a href="https://github.com/cfenollosa/bashblog">bashblog</a>, a single bash script to easily create blogs like this one</div>
</div></div>
</body></html>
Reference in New Issue View Git Blame Copy Permalink