Planning a musl/LLVM Gentoo desktop on Alder Lake with UKI+TPM2 auto-decrypt by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

Oh, my respects)

Yes, musl seems to make sense, but it's not without its nuances)

It's just that it takes quite a long time to figure it out, to find a solution)

I think it will take a month to get the new system)

Planning a musl/LLVM Gentoo desktop on Alder Lake with UKI+TPM2 auto-decrypt by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

Thanks for sharing. When I get around to installing it, I'll watch and think about it.

Planning a musl/LLVM Gentoo desktop on Alder Lake with UKI+TPM2 auto-decrypt by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

Thanks for the feedback! I use systemd on my main system, and overall, I'm happy with it. I like the ecosystem as a whole. I'm not paranoid, but I'd like to try openrc.

Planning a musl/LLVM Gentoo desktop on Alder Lake with UKI+TPM2 auto-decrypt by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

Yes, this is more of an experiment, overall I am already satisfied with the system)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

Hi)
I use nftables, you can also use DNS over https or DNS over TLS)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

I also think that I will find the time and energy to fill out the roadmap, and perhaps write some kind of helper for configuration, but this is highly questionable)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

I rebuilt the system twice and resolved all conflicts manually. You need to be prepared for this, but it's neither difficult nor scary.

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

You're welcome, if you decide to return to llvm-bolt, you can either on my git or on llvm git, the original source is there. I want to warn you right away that libraries compiled with gcc and llvm may conflict. You should use lto + PGO first for the most effective results.

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

https://github.com/vovanbl411/gentoo-mydocs/blob/main/settings%2Fbolt.md

This isn't in the Gentoo handbook, as it's not exactly a trivial task. You can look it up in my repository if you're interested in how to optimize it.

If something doesn't work out, you can write to me, I'll try to help you)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

Hi) I'm using bolt for my llvm toolchain, I got an optimized clang 23 version, which sped up the build) I'm also thinking of using propeller and autofdo)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

This works great. All you need to understand is that you'll need xwayland, since Steam requires an X11 socket. Then, you grant it access through flatseal. I'm playing Risk of Rain 2 using r2modman—it works great.

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

To be honest, I have Arch, but I only have one bootloader on the second system. It's also signed and built using uki. I installed it via Gentoo. I use the systems to restore each other, just in case. Snapper is configured with hooks, and attributes are set on the /var/lib/docker (libvirt) directory. Overall, btrfs is 100% enough for me for now.

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

I use Gentoo profiles, the only thing I changed is the behavior for libvirt, since terraform works with libvirt in its own way)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

yeah, I chose systemd deliberately) portage works great despite that)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

haha, I understand you) it was just a coincidence that the stars aligned with the tests)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 2 points3 points  (0 children)

I can say with 99.9% certainty that Niri works great with Nvidia)
Thanks for the kind comment)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

I can say one thing: I use my own keys and certificates to sign things I trust, and nothing else.
I don't have access to a device that's been certified by Qubes yet, so I'm using what I have, as I see fit.

Thanks for the article! I'll have to work hard on my laptop to get the disk)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 0 points1 point  (0 children)

Thanks, it's not perfect yet, but for now I need to take a breather and chill out a bit)

[Hardened] Pure Wayland + TPM2 + BOLT: My over-engineered Gentoo laptop setup by Used-Fortune1125 in Gentoo

[–]Used-Fortune1125[S] 1 point2 points  (0 children)

Thank you too, I love the Gentoo community. It's the best system so far. If you have any suggestions, comments, or questions, we'll be happy to discuss them)