gentoo-install/README.md

110 lines
3.5 KiB
Markdown

# Gentoo installation script
TODO clarify:
* /boot will not be mounted to efi partition, instead /boot/efi ist the mountpoint.
this prevents /boot from getting full by automated installs, and allows the kernel
script to keep exactly two versions (last working kernel), and new one.
* kernel without module loading capability for security. localyesconfig
Recommendations:
* Use umask 0077
* Edit sshd_config, change port and create a sshusers group for users which may use ssh.
* Use LUKS encryption on the disk
* Use a properly configured kernel, at best restrict even USB!
* Adjust make.conf (default parallel emerge, cpu flags, binhost?)
**TL;DR:** Installs gentoo on a new system, suited for both servers and desktops.
Optionally prepares ansible for automatic system configuration.
See [Install](#Install) for usage instructions.
---
This script will install a minimal EFI bootable gentoo system, without additional bloat.
It will stick closely to the [Gentoo AMD64 Handbook](https://wiki.gentoo.org/wiki/Handbook:AMD64)
and [Sakaki's EFI Install Guide](https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide).
What you will get:
* Minimal system configuration
* Temporary vanilla kernel (precompiled by gentoo), in my opinion you
should replace this kernel with a custom made kernel for your system.
See [Kernel](#Kernel) for details on how to achieve that with low effort.
What you can get optionally:
* LUKS
* EFI secure boot
* Initramfs (compiled into the kernel for EFIstub)
* Preconfigured sshd
* Ansible ready (packages, user, ssh)
* Additional packages of your choice (only trivial installations without use flag changes)
What you will **NOT** get: (i.e. you will have to do it yourself)
* X11 desktop environment
* A user for yourself (except `root` obviously)
* Any form of RAID
* A specialized kernel, see [Kernel](#Kernel) for details on how to get one.
Only necessary configuration is applied to provide a common baseline system.
If you need advanced features such as an initramfs or a different
partitioning scheme, you can definitely use this script but will
have to make some adjustments to it.
The main purpose of this script is to provide a universal setup
which should be suitable for most use-cases (desktop and server installations).
#### Overview of executed tasks
* Check live system
* Sync time
* Partition disks
* Format partitions
* Download stage3
* Extract stage3
* Chroot into new system
* Update portage tree
* ... TODO MISSING!
#### GPT
The script will create GPT partition tables. If your system cannot use GPT,
this script is not suited for it.
#### EFI
It is assumed that your system can (and will) be booted via EFI.
This is not a strict requirement, but otherwise you will be responsible
to make the system bootable.
This probably involves the following steps:
* Change partition type of `efi` partition to `ef02` (BIOS boot partition)
* Change partition name and filesystem name to `boot`
* Install and configure syslinux
* Adjust make.conf
Maybe there will be a convenience script for this at some point.
No promises though.
# Optional: Ansible ready
Optionally, this script can make the new system ready to be
used with ansible.
It will do the following steps for you:
* Create an ansible user
* Generate an ssh keypair (type configurable)
* Setup a secure sshd (safe ciphers, login only with keypair)
* Install ansible
# References
* [Sakaki's EFI Install Guide](https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide)
* [Gentoo AMD64 Handbook](https://wiki.gentoo.org/wiki/Handbook:AMD64)