# vim: set ft=sh ts=4 sw=4 sts=-1 noet: # This file will be interpreted by /bin/bash. ################################################ # Disk configuration # Below you will see examples of how to use the provided default partitioning schemes. # Generally these should be sufficient for most system setups. # # You can also create your own scheme using the functions provided in scripts/config.sh, # if you need something tailored to your specific system. Generally supported is # any combination of RAID0/1, luks, zfs, btrfs and the usual filesystems (ext4, fat) # Have a look at the implementation of the default schemes, but be aware that you # most likely don't want to implement your own scheme. # # Be sure to only define one layout! # This function will be called when a custom zfs pool type has been chosen. # $1: either 'true' or 'false' determining if the pool should be encrypted # $2: a string describing all device paths (for error messages) # $@: device paths function format_zfs_custom() { # See format_zfs_standard() function in scripts/functions.sh for an example! die "You need to implement format_zfs_custom() in your .conf file!" } function disk_configuration() { create_classic_single_disk_layout swap=8GiB type=efi luks=true root_fs=ext4 /dev/sdX # 1. create_classic_single_disk_layout # # This layout creates the most common partitioning scheme on a single disk, i.e. # one boot, one swap and one root partition. Swap can be disabled and the root # partition can be luks encrypted. This is probably the layout you are most familiar with. # # Parameters: # swap= Create a swap partition with given size, or no swap # at all if set to false # type=[efi|bios] Selects the boot type. Defaults to efi if not given. # luks=[true|false] Encrypt root partition. Defaults to false if not given. # root_fs=[ext4|btrfs] Root filesystem #create_classic_single_disk_layout swap=8GiB type=efi luks=true root_fs=ext4 /dev/sdX # 2. create_btrfs_centric_layout # # A modern disk layout designed around ZFS. This layout is the same as the # single_disk_layout, but uses ZFS as the root filesystem and optionally allows # you to put additional disks into the zfs pool (with striping or mirroring). # Only the first disk will have boot and swap partitions, the other disks will # directly be added to the zfs pool. It is also possible to use ZFS's native # encryption feature to encrypt the pool. # # Parameters: # swap= Create a swap partition with given size, or no swap # at all if set to false # type=[efi|bios] Selects the boot type. Defaults to efi if not given. # encrypt=[true|false] Encrypt the zfs pool. Defaults to false if not given. # pool_type=[mirror|stripe] Select zfs pool type. Defaults to stripe. #create_zfs_centric_layout type=efi swap=8GiB encrypt=true pool_type=raid0 /dev/nvme0n1 #create_zfs_centric_layout type=efi swap=8GiB encrypt=true pool_type=raid0 /dev/nvme0n1 /dev/nvme1n1 # 3. create_raid0_luks_layout # # This layout creates the single disk layout on multiple disks and combines # the swap and root partitions in separate raid0 arrays. Useful if you e.g. have # several nvme drives and want increased speed. Only one boot partition will actually # be used though. # # Parameters: # swap= Create a swap partition with given size for each disk, # or no swap at all if set to false # type=[efi|bios] Selects the boot type. Defaults to efi if not given. # root_fs=[ext4|btrfs] Root filesystem # Careful: You will get N times the swap amount, so be sure to divide beforehand. #create_raid0_luks_layout swap=4GiB type=efi root_fs=ext4 /dev/sd{X,Y} # 4. create_btrfs_centric_layout # # This layout is the same as the single_disk_layout, but uses btrfs as the root # filesystem and allows you to put additional disks into the btrfs device pool. # Only the first disk will have boot and swap partitions, the other disks will # directly be used in the btrfs device pool. If encryption is enabled, all disks # must be encrypted separately, as btrfs doesn't support encryption itself. # Also works with a single device. # # Parameters: # swap= Create a swap partition with given size, or no swap # at all if set to false # type=[efi|bios] Selects the boot type. Defaults to efi if not given. # luks=[true|false] Encrypt root partition and btrfs devices. Defaults # to false if not given. # raid_type=[raid0|raid1] Select raid type. Defaults to raid0. #create_btrfs_centric_layout swap=8GiB luks=false raid_type=raid0 /dev/sd{X,Y} #create_btrfs_centric_layout swap=8GiB luks=true /dev/sdX } ################################################ # LUKS/ZFS encryption configuration # If you have selected a disk layout that uses encryption with LUKS or ZFS, # you need to define an encryption key. If you have not used an encrypted # layout, you can skip this section. # # ######## Example: Password # # If you want a standard password, simply export it to the variable $GENTOO_INSTALL_ENCRYPTION_KEY, # or echo it in the function below. # 1. export GENTOO_INSTALL_ENCRYPTION_KEY="my strong passphrase" # 2. OR: Adjust the function below to return the key: echo "my strong passphrase" # # ATTENTION: DO NOT INCLUDE A NEWLINE IN YOUR PASSWORD! Use a longer passphrase instead. # It will save you a lot of trouble, because most software doesn't support reading passwords # with newlines from stdin. # # By default, the selected KEYMAP will also be applied in the initramfs. # If you want to be safe, use a long passphrase with standard alphanumeric characters, # so that you can type it without your selected keymap on the default english layout. # # ######## Example: Keyfile # # If you want to generate a strong password and use it as a keyfile, # you will have to do the necessary adjustments to the initramfs yourself. # Begin setup with a temporary passphrase and replace it later with a keyfile. # # Generate a strong keyfile from /dev/urandom. I would suggest piping # it into base64 afterwards, to avoid problems with special characters in different # initramfs implementations and to allow manual typing for rescue purposes. # # Be aware that the initramfs generated by this script will always ask for a user # supplied passphrase. If you want to use the keyfile on a USB stick or want an # even more advanced setup, you will have to make these modifications yourself. # This basically means adjusting the initramfs cmdline, which you can do here with # the following statement: # DISK_DRACUT_CMDLINE+=("rd.luks.keyfile=whatever") # # You can also adjust the boot entry manually after the installation is complete, # as you can always use the keyfile in a live system. This might be easier if you # are currently not sure what options you need exactly. # # To generate a strong keyfile, follow this procedure: # # 1. Generating a strong keyfile with (resulting file must be < 8MiB) # `head -c1024 /dev/urandom | base64 -w0 > /path/to/keyfile` # 2. Now remember the path and also copy the keyfile somewhere safe so you can # unlock your machine later. # 3. Enter path to keyfile in the function below # # ######## Example: GPG encrypted keyfile # # Same procedure as for the keyfile, but encrypt it after generation with gpg: # `cat /path/to/keyfile | gpg --symmetric --cipher-algo AES256 --s2k-digest-algo SHA512 --output /my/permanent/storage/luks-key.gpg` # Unfortunately, getting GPG to work properly in the initramfs # isn't as easy, so it's currently not part of this script, but might be later. # Feel free to experiment though. # If you don't want to write your password to your disk, simply export it # in your terminal before running ./install, like so: # `export GENTOO_INSTALL_ENCRYPTION_KEY="my strong passphrase"` # You can also just set the variable here, but this is not recommended because # depending on your current environment, this file might be stored on an actual disk, # and so your password would be written to that disk at least once. ################################################ # System configuration # Enter the desired system hostname here, # be aware that when creating mdadm raid arrays, this value will be # recorded in metadata block. If you change it later, you should # also update the metadata. HOSTNAME="gentoo" # The timezone for the new system TIMEZONE="Europe/London" #TIMEZONE="Europe/Berlin" # The default keymap for the system KEYMAP="us" #KEYMAP="de-latin1-nodeadkeys" # Use the same keymap in the initramfs KEYMAP_INITRAMFS="$KEYMAP" # A list of additional locales to generate. You should only # add locales here if you really need them and want to localize # your system. Otherwise, leave this list empty, and use "C.utf8" as the locale. # Be careful that the syntax for locales is a bit different from the name of the resulting # locale. For a list of supported locales, see the file /usr/share/i18n/SUPPORTED. LOCALES="" # The locale to set for the system. Be careful, the locale names deviate from the LOCALES # list entries (e.g. .UTF-8 vs .utf8). See `locale -a` for all available locales. LOCALE="C.utf8" # For a german system you could use: # LOCALES=" # de_DE.UTF-8 UTF-8 # de_DE ISO-8859-1 # de_DE@euro ISO-8859-15 # " # End of LOCALES # LOCALE="de_DE.utf8" ################################################ # Gentoo configuration # The selected gentoo mirror GENTOO_MIRROR="https://mirror.eu.oneandone.net/linux/distributions/gentoo/gentoo" #GENTOO_MIRROR="https://distfiles.gentoo.org" # The architecture of the target system (only tested with amd64) GENTOO_ARCH="amd64" # The stage3 tarball to install STAGE3_BASENAME="stage3-$GENTOO_ARCH-systemd" #STAGE3_BASENAME="stage3-$GENTOO_ARCH-hardened+nomultilib" #STAGE3_BASENAME="stage3-$GENTOO_ARCH-hardened-selinux+nomultilib" # If set to true, the best best gentoo mirrors will be selected # automatically by app-portage/mirrorselect SELECT_MIRRORS=true # If set to true, mirrorselect will download a large 100kb file # from each mirror for more accurate test results. This can # take significantly longer (~5-10min). SELECT_MIRRORS_LARGE_FILE=false # Set to true if the stagr3 tarball is based on systemd. In this case # we need to use slightly different utilities to setup the base system. SYSTEMD=true ################################################ # Additional (optional) configuration # Array of additional packages to install # e.g. ADDITIONAL_PACKAGES=("app-editors/neovim") ADDITIONAL_PACKAGES=() # Install and configure sshd (a reasonably secure config is provided, which # only allows the use of ed25519 keys, and requires pubkey authentication) INSTALL_SSHD=true # An ssh key to add to the authorized_keys file for the root user. # This variable will become the content of the authorized_keys file, # so you may specify one key per line (include the newlines in the variable). ROOT_SSH_AUTHORIZED_KEYS="" ################################################ # Prove that you have read the config # To prove that you have read and edited the config # properly, set the following value to true. I_HAVE_READ_AND_EDITED_THE_CONFIG_PROPERLY=false