How to install Void Linux the minimalist way

Posted on 2022-09-26

This is only one of many ways to install Void Linux. A (very) primitive install script is also available to speed up the process. Please also read the Void Linux documentation and Arch Linux wiki which contains pretty much everything you need to know.

Part 0: The preparation

Intro to partitioning

The absolute minimum you need is a boot partition and root partition (for UEFI/GPT). You can further customize to have /home or /usr as separate partition or even a separate drive. For example, boot and root on SSD and home on HDD.

Some examples for UEFI/GPT:

The HDD for /home example

SSD = /dev/sda
HDD = /dev/sdb
/dev/sda1 formatted as F32 and mounted on /boot
/dev/sda2 formatted as EXT4 and mounted on /
/dev/sdb1 formatted as EXT4 and mounted on /home

The single drive for everything example

HDD = /dev/sda
/dev/sda1 formatted as F32 and mounted on /boot
/dev/sda2 formatted as EXT4 and mounted on /

The single drive for everything but with swap example

HDD = /dev/sda
/dev/sda1 formatted as F32 and mounted on /boot
/dev/sda2 formatted as swap and mounted as swap
/dev/sda3 formatted as EXT4 and mounted on /

Some examples for BIOS/MBR:

The single drive for everything (literally) example
```
HDD = /dev/sd
/dev/sda1 formatted as EXT4 and mounted on /
```
You can also do something similar to UEFI partitioning.

Disk encryption and LVM

You should really encrypt anything that may contain sensitive information. We have the basic partitioning but we don’t have encryption. Encryption is easy on Linux but there are some rules to follow. Rule 1: Don’t encrypt the boot partition. Okay, you CAN encrypt it and some people seem to have managed to do but I have never got it to work. Rule 2: If you don’t want to type like 3 or 4 passwords on boot then create key files to auto decrypt all the other partitions or use LVM.

There are also additional security stuff you can do such as secure boot with your own signing key, AEM (anti evil maid), GRUB passwords, boot partition on removable drive, TPM and more. See this for more.

The HDD for /home example

This doesn’t use LVM.

SSD = /dev/sda
HDD = /dev/sdb
/dev/sda1 formatted as F32 and  mounted on /boot
/dev/sda2 encrypted using cryptsetup
/dev/mapper/root formatted as EXT4 and mounted on /
/dev/sdb1 encrypted using cryptsetup but with key files
/dev/mapper/home formatted as EXT4 and mounted on /home

The single drive for everything example

HDD = /dev/sda
/dev/sda1 formatted as F32 and mounted on /boot
/dev/sda2 encrypted using cryptsetup
/dev/mapper/root formatted as EXT4 and mounted on /

The single drive for everything but with swap example

HDD = /dev/sda
/dev/sda1 formatted as F32 and mounted on /boot
/dev/sda2 encrypted using cryptsetup
/dev/mapper/root format as lvm device and create pool
/dev/mapper/pool-root formatted as EXT4 and mounted on /
/dev/mapper/pool-swap formatted as swap and mounted as swap

The single drive for everything (literally) example
This is for BIOS/MBR.
```
HDD = /dev/sda
/dev/sda1 encrypted using cryptsetup (--luks1)
/dev/mapper/root formatted as EXT4 and mounted on /
```
You can also do something similar to UEFI partitioning.

Real world example

First set your keymap so that you type the correct password when encrypting your partition.

loadkeys $KEYMAP

Wipe file system of your drive.

wipefs --all /dev/$YOURDRIVE

Use cfdisk to create new partitions.

cfdisk /dev/$YOURDRIVE

Select GPT and create partitions for boot and root. Don’t forget to change the partition type of boot to EFI System. Now you should have the single drive for everything layout.

Now, encrypt your root.

cryptsetup -y -y -c aes-xts-plain64 -s 512 -h sha512 --use-random luksFormat $ROOTPARTITION

Decrypt your root partition.

cryptsetup luksOpen $ROOTPARTITION root

Create physical volume and volume group

pvcreate /dev/mapper/root
vgcreate pool /dev/mapper/root

Create 16G swap partition.

lvcreate -L 16G -n swap pool

Create root partition.

lvcreate -l 100%FREE -n root pool

Make file system.

mkfs.fat -F32 $BOOTPARTITION
mkswap /dev/mapper/pool-swap
mkfs.ext4 /dev/mapper/pool-root

Mount the root partition first.

mount /dev/mapper/pool-root /mnt

Create required directories.

mkdir /mnt/boot
mkdir /mnt/home

Mount boot.

mount $BOOTPARTITION /mnt/boot

Mount swap.

swapon /dev/mapper/pool-swap

Useful commands

wipefs

Use wipefs to wipe file system to change from GPT to MBR or vice versa.

wipefs --all  /dev/YOURDRIVE

WARNING! THIS WILL WIPE ALL DATA!

cfdisk

cfdisk allows you to partition very easily. Just type

cfdisk /dev/YOURDRIVE

Choose GPT or MBR then start create partitions. Make sure to change type of partition to EFI for boot partition if on UEFI. Also change type to swap if creating swap partition.

This command can also be used to format USB and SD cards. Very useful.

mkfs

mkfs allows you to actually format the partition to file system that you want.

For EXT4

mkfs.ext4 /dev/YOURPARTITION

For FAT32

mkfs.vfat -F32  /dev/YOURPARTITION

cryptsetup

To encrypt

cryptsetup -y -y -c aes-xts-plain64 -s 512 -h sha512 --use-random luksFormat /dev/YOURPARTITION

Or the simpler version

cryptsetup luksFormat /dev/YOURPARTITION

Key file encryption example

cryptsetup -y -y -c aes-xts-plain64 -s 512 -h sha512 --use-random --key-file key luksFormat $ROOTPARTITION

To decrypt

cryptsetup luksOpen /dev/YOURPARTITION YOURMAPPEDNAME

Key file decryption

cryptsetup --key-file key luksOpen $ROOTPARTITION root

Create key file using dd command.

dd

Use dd to create key file, create bootable USB and many others.

Use this to create key file

dd if=/dev/urandom of=key bs=1024 count=20

LVM stuff

To create physical volume

pvcreate /dev/mapper/YOURMAPPEDNAME

Create volume group

vgcreate pool /dev/mapper/YOURMAPPEDNAME

Create logical volume

lvcreate -l 50G -n root pool

Create logical volume with all remaining space

lvcreate -L 100%FREE -n root pool

Use something like home or root or pool for NAME

Part 1: Base system installation

Install base system

This will install all the required files and packages to mnt. You can change the repository URL and probably should change some packages. Also add /musl to end of URL for musl version (https://alpha.de.repo.voidlinux.org/current/musl).

See this to decide which packages to install.

xbps-install -S -y --repository=https://alpha.de.repo.voidlinux.org/current -r /mnt base-minimal lvm2 cryptsetup grub-x86_64-efi neovim NetworkManager elogind eudev e2fsprogs usbutils pciutils mdocml linux kbd iputils iproute2 ncurses bash oksh dbus-elogind dbus-elogind-libs dbus-elogind-x11 polkit git opendoas

Miscellaneous things to do

Change umask for better security (From Arch Linux wiki).

sed -i 's/022/077/g' /mnt/etc/profile

If you are using keyfiles then copy the key file to somewhere in /mnt.

mkdir /mnt/var/local
cp key /mnt/var/local/

If you are using keyfiles then also add an entry to crypttab to auto decrypt your partition using key file. home is name of the partition, the part after UUID= is a function to get UUID of the partition and the last part is the path to key file.

echo "home UUID=$(blkid -s UUID -o value $HOMEPARTITION) /var/local/key" > /mnt/etc/crypttab

Mount the additional stuff

Mount some devices and stuff that’s required.

for dir in dev proc sys run; do mkdir -p /mnt/$dir ; mount --rbind /$dir /mnt/$dir ; mount --make-rslave /mnt/$dir ; done

Chroot

chroot /mnt /bin/bash

Part 2: Basic system setup

In this section, we will setup the system and make it bootable.

Change root password and set permissions

Change root password.

passwd root

Set ownership of /. The first root is the user root and second root is the group root.

chown root:root /

Set permission.

chmod 755 /

Create user

Add a new user.

useradd -m -s /bin/oksh -U -G wheel,users,audio,video,input $USERNAME

Set password for new user.

passwd $USERNAME

Setup locale, time zone, network services etc

Set locale. Make sure to change if different.

en_US.UTF-8 UTF-8" >> /etc/default/libc-locales

If using glibc instead of musl then set glibc-locales as well.

xbps-reconfigure -f glibc-locales

Set timezone.

ln -s /usr/share/zoneinfo/$TIMEZONE > /etc/localtime

Sync the hardware/bios clock.

hwclock --systohc --utc

Set host name.

echo $HOSTNAME > /etc/hostname

If you want to auto decrypt on boot then add an entry in dracut.

echo 'install_items+=" /var/local/key /etc/crypttab "' > /etc/dracut.conf.d/10-crypt.conf

Make sure to use this to enable only the features needed for your PC.

echo 'hostonly=yes' > /etc/dracut.conf.d/hostonly.conf

Add some services that you want like NetworkManager.

ln -s /etc/sv/NetworkManager /var/service/
ln -s /etc/sv/dbus /var/service/
ln -s /etc/sv/polkitd /var/service/
ln -s /etc/sv/elogind /var/service/

Add the user to network so that user can use nmtui without root permission.

gpasswd -a "$USERNAME" network

I also setup doas so that when I boot into the system, I can use doas.

echo "permit persist keepenv :wheel" > /etc/doas.conf
echo "permit nopass keepenv root" >> /etc/doas.conf
echo "permit nopass keepenv :wheel cmd reboot" >> /etc/doas.conf
echo "permit nopass keepenv :wheel cmd poweroff" >> /etc/doas.conf
echo "permit nopass keepenv :wheel cmd zzz" >> /etc/doas.conf
echo "permit nopass keepenv :wheel cmd ZZZ" >> /etc/doas.conf

Setup fstab

Note: fstab is pronounced fs tab (for file system table). Not f stab :).

Here just change the variable to the partition that will be mounted on startup.

echo "UUID=$(blkid -s UUID -o value $HOMEPARTITION) /home   ext4    defaults                0       0" > /etc/fstab
echo "UUID=$(blkid -s UUID -o value $ROOTPARTITION) /   ext4    defaults                    0       0" >> /etc/fstab
echo "UUID=$(blkid -s UUID -o value $SWAPPARTITION) none   swap    defaults                    0       0" >> /etc/fstab
echo "UUID=$(blkid -s UUID -o value $BOOTPARTITION) /boot   vfat    defaults                    0       0" >> /etc/fstab

For example, in this case, $BOOTPARTITION should be something like /dev/sda1, $ROOTPARTITION is /dev/mapper/pool-root, $SWAPARTITION is /dev/mapper/pool-swap.

If using key file for home or other partition then make sure to use the one that is going to be mounted. For example, /dev/mapper/home if not using LVM and /dev/mapper/pool-home if using LVM.

Setup boot loader

Note: This section can be improved so that it is easier.

Add this to allow decryption of encrypted partition.

echo "GRUB_ENABLE_CRYPTODISK=y" >> /etc/default/grub

Add this to specify the encrypted partition.

echo "rd.auto=1 cryptdevice=UUID= quiet" >> /etc/default/grub

Now, copy the UUID of the encrypted partition. In this case it is /dev/sda2.

echo "UUID=$(blkid -s UUID -o value $ROOTPARTITIONORG)" >> /etc/default/grub

Edit the grub config.

vim /etc/default/grub

Make sure to combine them so that it is like this.

GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4 rd.auto=1 cryptdevice=UUID=$YOURUUID:lvm quiet"

The :lvm is needed if you are using LVM. If not then you can omit this part.

Now, install and configure bootloader.

grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id="Void Linux" --recheck
grub-mkconfig -o /boot/grub/grub.cfg

Most bios are buggy and they assume the directory and file names to boot from. To solve this, copy the necessary stuff to the directory that windows use. And rename them to the one that windows use.

mkdir /boot/EFI/BOOT
cp "/boot/EFI/Void Linux/grubx64.efi" /boot/EFI/BOOT/bootx64.efi
rm -rf "/boot/EFI/Void Linux"

Reconfigure kernel

Reconfigure kernel to build all the modules, firmwares and set dracut etc.

xbps-reconfigure -fa

Reboot

Just do

reboot

to reboot into your new system.

Part 3: Ricing

In this section, we will install some additional software, remove unnecessary services and setup more services and dotfiles.

Install software

This section lists some packages that I use. Some of the packages are there just so people can choose it as an option.

Install additional repo
```
xbps-install -S -y void-repo-nonfree
```

Media packages

Leave out bluetooth if you don’t use them. Install stuff for alsa and jack if you use them.

xbps-install -S -y pipewire libspa-bluetooth mpv yt-dlp ffmpeg pipe-viewer pulsemixer ncmpcpp mpd cmus mpc newsboat sxiv

Graphics drivers

Includes Intel and amd. You should only need one of them.

xbps-install -S -y mesa mesa-dri vulkan-loader mesa-vaapi mesa-vdpa vdpauinfo libva-utils libva-vdpau-driver xf86-video-amdgpu mesa-vulkan-radeon intel-video-accel mesa-vulkan-intel xf86-video-intel

Browsers

Don’t install tor browser if on musl. Use flatpak instead.

xbps-install -S -y firefox chromium netsurf w3m lynx torbrowser-launcher

Android

xbps-install -S -y android-tools simple-mtpfs android-udev-rules

Printer

xbps-install -S -y cups cups-filters sane gutenprint

Japanese/Chinese/Korean input method.

xbps-install -S -y fcitx fcitx-mozc fcitx-configtool libfcitx-gtk3 libfcitx-gtk libfcitx

Hostname resolution
Don’t install nss-mdns if on musl. (To be updated)
```
xbps-install -S -y avahi avahi-utils nss-mdns nsss mDNSResponder
```
Bluetooth
```
xbps-install -S -y bluez
```

Things needed to compile suckless tools.

xbps-install -S -y  pkg-config libX11-devel libXft-devel libXinerama-devel libXrandr-devel make tcc gcc libgcc-devel musl musl-devel glib glib-devel

Fonts

xbps-install -S -y noto-fonts-cjk noto-fonts-emoji noto-fonts-ttf noto-fonts-ttf-extra font-awesome

Office

xbps-install -S -y libreoffice texlive-bin

Image editors
```
xbps-install -S -y gimp inkskape krita
```

Virtual Machine

xbps-install -S -y virt-manager virt-manager-tools libvirt qemu

xorg
```
xbps-install -S -y xorg-minimal
```

Text editors

xbps-install -S -y emacs-gtk3 neovim sam

Password managers
```
xbps-install -S -y keepassxc pass
```

Misc

xbps-install -S -y htop calcurse wget curl cmatrix neofetch dunst dosfstools libnotify exfat-utils ntfs-3g maim xclip socklog-void ntp  snooze xset xsetroot man-db setxkbmap xdg-user-dirs xrandr xss-lock unzip unrar intel-ucode ufw arandr xdpyinfo redshift man-pages man-pages-posix xdotool xrdb tmux xwallpaper unclutter-xfixes atool picom aria2 python3-pip libinput less openssh flatpak xdg-user-dirs-gtk xdg-desktop-portal xdg-desktop-portal-gtk python3-distro python3-magic libcaca python3-dbus libinput-gestures tlp-rdw smartmontools acpilight

Flatpak

flatpak --user remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

Flatpak apps

flatpak --user install flathub com.microsoft.Teams
flatpak --user install flathub org.kde.kdenlive
flatpak --user install flathub com.valvesoftware.Steam
flatpak --user install flathub com.bitwarden.desktop
flatpak --user install flathub com.github.micahflee.torbrowser-launcher

Remove unnecessary services

Remove unless you need them.

rm /var/service/agetty-tty6
rm /var/service/agetty-tty5
rm /var/service/agetty-tty4
rm /var/service/agetty-tty3

touch /etc/sv/agetty-tty6/down
touch /etc/sv/agetty-tty5/down
touch /etc/sv/agetty-tty4/down
touch /etc/sv/agetty-tty3/down

Setup services, dotfiles etc

Enable firewall

xbps-reconfigure ufw
ufw enable

Enable some services on startup.

ln -s /etc/sv/ufw /var/service/
ln -s /etc/sv/socklog-unix /var/service/
ln -s /etc/sv/nanoklogd /var/service/
ln -s /etc/sv/avahi-daemon /var/service/
ln -s /etc/sv/cupsd /var/service/
ln -s /etc/sv/isc-ntpd /var/service/
ln -s /etc/sv/libvirtd /var/service/
ln -s /etc/sv/virtlockd /var/service/
ln -s /etc/sv/virtlogd /var/service/
ln -s /etc/sv/bluetoothd /var/service/
ln -s /etc/sv/tlp /var/service/

Add user to group so you can use virtual machines and bluetooth.

gpasswd -a "$USER" libvirt
gpasswd -a "$USER" bluetooth
gpasswd -a "$USER" kvm

Enable hostname resolution in avahi.

echo "passwd:         files" > /etc/nsswitch.conf
echo "group:          files" >> /etc/nsswitch.conf
echo "shadow:         files" >> /etc/nsswitch.conf
echo "hosts:          files mdns mdns4_minimal mdns4 myhostname mdns_minimal [NOTFOUND=return] dns" >> /etc/nsswitch.conf
echo "networks:       files" >> /etc/nsswitch.conf
echo "protocols:      files" >> /etc/nsswitch.conf
echo "services:       files" >> /etc/nsswitch.conf
echo "ethers:         files" >> /etc/nsswitch.conf
echo "rpc:            files" >> /etc/nsswitch.conf

Lock before suspend

echo "#!/bin/sh" > /etc/zzz.d/suspend/lockbefore
echo "xset s activate" >> /etc/zzz.d/suspend/lockbefore
echo "sleep 1" >> /etc/zzz.d/suspend/lockbefore
chmod +x /etc/zzz.d/suspend/lockbefore

Rootless xorg for security.

sed -i 's/yes/no/g' /etc/X11/Xwrapper.config

Lock down boot for security.

chmod 700 /boot

Lock down root account.

doas passwd --lock root

Create directories and files so that they do not get created in $HOME

mkdir -p .config/mpd/playlists .local/bin .local/share/bash .local/share/calcurse/notes .local/share/gnupg .local/share/newsboat .local/share/pass .local/share/python .config/git .local/share/games

touch .local/share/python/python_history
touch .config/git/config
touch .config/git/credentials

Install dwm, st, dmenu, dwmblocks, slock and copy dotfiles to the appropriate directories.

# Create directory for all these stuffs.
mkdir -p /home/$USER/.local/share/gitstuff
cd /home/$USER/.local/share/gitstuff # Change directory to new directory.

# Clone and install my dwm configuration.
git clone https://gitlab.com/zagyarakushi/mydwm
cd mydwm
make
doas make install
cd /home/$USER/.local/share/gitstuff

# Clone and install my st configuration.
git clone https://gitlab.com/zagyarakushi/myst
cd myst
make
doas make install
cd /home/$USER/.local/share/gitstuff

# Clone and install my dmenu configuraiton.
git clone https://gitlab.com/zagyarakushi/mydmenu
cd mydmenu
make
doas make install
cd /home/$USER/.local/share/gitstuff

# Clone and install my dwmblocks configuration.
git clone https://gitlab.com/zagyarakushi/mydwmblocks
cd mydwmblocks
make
doas make install
cd /home/$USER/.local/share/gitstuff

# Clone and install my slock configuration.
git clone https://gitlab.com/zagyarakushi/myslock
cd myslock
make
doas make install
cd /home/$USER/.local/share/gitstuff

# Clone and setup my dotfiles.
git clone https://gitlab.com/zagyarakushi/myrice
cd myrice
#cp -r .bashrc .profile .config .local .themes .icons /home/$USER/

ln -sv .bashrc ~/.bashrc
ln -sv .profile ~/.profile
ln -sv .config ~/.config
ln -sv .local ~/.local
ln -sv .themes ~/.themes
ln -sv .icons ~/.icons

Part 4: The scripts

You can automate the installation, setup and ricing by using scripts.

See this repo for more information

Conclusion

This is just how I install Void Linux. The installation method is very similar for other distribution such as Arch Linux, Gentoo and others. Some differences are in packages names, different services and configuration files.

You should be able to install any linux distribution (and maybe even BSDs!) now. You also should be able to setup anything that a person could expect from Ubuntu or Windows to work out of the box.

If you have created your own script then next time you setup your machine, all you have to do is input passwords, do tiny amount of manual configuration and it will be setup just the way you want it.

Want to help?

You can share it! This website disallow all bots from crawling and indexing so without your help, no one would discover this website.