gentoo-install/gentoo.conf.example

# vim: set ft=sh ts=4 sw=4 sts=-1 noet:
# This file will be interpreted by /bin/bash.

################################################
# Disk configuration

# Below you will see examples of how to use the provided default partitioning schemes.
# Generally these should be sufficient for most system setups.
#
# You can also create your own scheme using the functions provided in scripts/config.sh,
# if you need something tailored to your specific system. Generally supported is
# any combination of RAID0/1, luks, zfs, btrfs and the usual filesystems (ext4, fat)
# Have a look at the implementation of the default schemes, but be aware that you
# most likely don't want to implement your own scheme.
#
# Be sure to only define one layout!

function disk_configuration() {
	create_classic_single_disk_layout swap=8GiB type=efi luks=true root_fs=ext4 /dev/sdX

	# 1. create_classic_single_disk_layout
	#
	# This layout creates the most common partitioning scheme on a single disk, i.e.
	# one boot, one swap and one root partition. Swap can be disabled and the root
	# partition can be luks encrypted. This is probably the layout you are most familiar with.
	#
	# Parameters:
	#   swap=<size>           Create a swap partition with given size, or no swap
	#                         at all if set to false
	#   type=[efi|bios]       Selects the boot type. Defaults to efi if not given.
	#   luks=[true|false]     Encrypt root partition. Defaults to false if not given.
	#   root_fs=[ext4|btrfs]  Root filesystem
	#create_classic_single_disk_layout swap=8GiB type=efi luks=true root_fs=ext4 /dev/sdX

	# 2. create_raid0_luks_layout
	#
	# This layout creates the single disk layout on multiple disks and combines
	# the swap and root partitions in separate raid0 arrays. Useful if you e.g. have
	# several nvme drives and want greater speed. Only one boot partition will actually
	# be used though.
	#
	# Parameters:
	#   swap=<size>           Create a swap partition with given size for each disk,
	#                         or no swap at all if set to false
	#   type=[efi|bios]       Selects the boot type. Defaults to efi if not given.
	#   root_fs=[ext4|btrfs]  Root filesystem
	# Careful: You will get N times the swap amount, so be sure to divide beforehand.
	#create_raid0_luks_layout swap=4GiB type=efi root_fs=ext4 /dev/sd{X,Y}

	# 3. create_btrfs_centric_layout
	#
	# This layout is the same as the single_disk_layout, but uses btrfs as the root
	# filesystem and allows you to put additional disks into the btrfs device pool.
	# Only the first disk will have boot and swap partitions, the other disks will
	# directly be used in the btrfs device pool. If encryption is enabled, all disks
	# must be encrypted separately, as btrfs doesn't support encryption itself.
	# Also works with a single device.
	#
	# Parameters:
	#   swap=<size>                Create a swap partition with given size, or no swap
	#                              at all if set to false
	#   type=[efi|bios]            Selects the boot type. Defaults to efi if not given.
	#   luks=[true|false]          Encrypt root partition and btrfs devices. Defaults
	#                              to false if not given.
	#   raid_type=[raid0|raid1]    Select raid type. Defaults to raid0.
	#create_btrfs_centric_layout swap=8GiB luks=false raid_type=raid0 /dev/sd{X,Y}
	#create_btrfs_centric_layout swap=8GiB luks=true /dev/sdX
}


################################################
# LUKS configuration

# If you have selected a disk layout that uses encryption with luks,
# you need to define the encryption key. If you have not used an encrypted
# layout, you can skip this section and leave the defaults.
#
# ######## Example: Password
#
# If you want a standard password, you should do the following:
#   1. echo -n "mypassword" > /tmp/a_strong_encryption_key
#   2. Adjust the function below to return the path: echo -n "/tmp/a_strong_encryption_key"
#
# By default, the selected KEYMAP will also be applied in the initramfs.
# If you want to be sure, use a long passphrase with standard alphanumeric characters,
# so that you could also type it without your selected keymap on the default english layout.
#
# ######## Example: Keyfile
#
# If you want to generate a strong password and use it as a keyfile,
# you can do so by generating a keyfile from /dev/urandom. I would suggest piping
# it into base64 afterwards, to avoid problems with special characters in different
# initramfs implementations and to allow manual typing for rescue purposes.
#
# Be aware that the initramfs generated by this script will always ask for a passphrase.
# If you want to use the keyfile on a USB stick or want an even more advanced setup, you
# will have to make these modifications yourself. This basically means adjusting
# the initramfs cmdline, which you can do here with the following statement:
#   DISK_DRACUT_CMDLINE+=("rd.luks.keyfile=whatever")
#
# You can also adjust the boot entry manually after the installation is complete,
# as you can always use the keyfile in a live system. This might be easier if you
# are currently not sure what options you need exactly.
#
# To generate a strong keyfile, follow this procedure:
#
#   1. Generating a strong keyfile with (resulting file must be < 8MiB)
#      `head -c1024 /dev/urandom | base64 -w0 > /path/to/keyfile`
#   2. Now remember the path and also copy the keyfile somewhere safe so you can
#      unlock your machine later.
#   3. Enter path to keyfile in the function below
#
# ######## Example: GPG encrypted keyfile
#
# Same procedure as for the keyfile, but encrypt it after generation with gpg:
#   `cat /path/to/keyfile | gpg --symmetric --cipher-algo AES256 --s2k-digest-algo SHA512 --output /my/permanent/storage/luks-key.gpg`
# Unfortunately, getting GPG to work properly in the initramfs
# isn't as easy, so it's currently not part of this script, but might be later.
# Feel free to experiment though.


# This function will be called when the key for a luks device is needed.
# Theoretically you can give every encrypted partition it's own key,
# but most likely you will only have one partition.
# By default this function returns the same keyfile for all partitions.
# If you want to make this more granular, run the install script and
# select here based on the id reported in the partitioning overview.
function luks_getkeyfile() {
	case "$1" in
		#'my_luks_partition') echo -n '/path/to/my_luks_partition_keyfile' ;;
		*) echo -n "/path/to/luks-keyfile" ;;
	esac
}

################################################
# System configuration

# Enter the desired system hostname here,
# be aware that when creating mdadm raid arrays, this value will be
# recorded in metadata block. If you change it later, you should
# also update the metadata.
HOSTNAME="gentoo"

# The timezone for the new system
TIMEZONE="Europe/London"
#TIMEZONE="Europe/Berlin"

# The default keymap for the system
KEYMAP="us"
#KEYMAP="de-latin1-nodeadkeys"

# Use the same keymap in the initramfs
KEYMAP_INITRAMFS="$KEYMAP"

# A list of additional locales to generate. You should only
# add locales here if you really need them and want to localize
# your system. Otherwise, leave this list empty, and use "C.utf8" as the locale.
# Be careful that the syntax for locales is a bit different from the name of the resulting
# locale. For a list of supported locales, see the file /usr/share/i18n/SUPPORTED.
LOCALES=""
# The locale to set for the system. Be careful, the locale names deviate from the LOCALES
# list entries (e.g. .UTF-8 vs .utf8). See `locale -a` for all available locales.
LOCALE="C.utf8"
# For a german system you could use:
# LOCALES="
# de_DE.UTF-8 UTF-8
# de_DE ISO-8859-1
# de_DE@euro ISO-8859-15
# " # End of LOCALES
# LOCALE="de_DE.utf8"


################################################
# Gentoo configuration

# The selected gentoo mirror
GENTOO_MIRROR="https://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo"
#GENTOO_MIRROR="https://distfiles.gentoo.org"

# The architecture of the target system (only tested with amd64)
GENTOO_ARCH="amd64"

# The stage3 tarball to install
STAGE3_BASENAME="stage3-$GENTOO_ARCH-systemd"
#STAGE3_BASENAME="stage3-$GENTOO_ARCH-hardened+nomultilib"
#STAGE3_BASENAME="stage3-$GENTOO_ARCH-hardened-selinux+nomultilib"

# If set to true, the best best gentoo mirrors will be selected
# automatically by app-portage/mirrorselect
SELECT_MIRRORS=true

# If set to true, mirrorselect will download a large 100kb file
# from each mirror for more accurate test results. This can
# take significantly longer (~5-10min).
SELECT_MIRRORS_LARGE_FILE=false

# Set to true if the stagr3 tarball is based on systemd. In this case
# we need to use slightly different utilities to setup the base system.
SYSTEMD=true


################################################
# Additional (optional) configuration

# Array of additional packages to install
# e.g. ADDITIONAL_PACKAGES=("app-editors/neovim")
ADDITIONAL_PACKAGES=()

# Install and configure sshd (a reasonably secure config is provided, which
# only allows the use of ed25519 keys, and requires pubkey authentication)
INSTALL_SSHD=true

# Install ansible, and add a user for it. This requires INSTALL_SSHD=true
INSTALL_ANSIBLE=false
# The home directory for the ansible user
ANSIBLE_HOME="/var/lib/ansible"
# An ssh key to add to the .authorized_keys file for the ansible user.
# This variable will become the content of the .authorized_keys file,
# so you may specify one key per line.
ANSIBLE_SSH_AUTHORIZED_KEYS=""


################################################
# Prove that you have read the config

# To prove that you have read and edited the config
# properly, set the following value to true.
I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=false