void linux - setup

user(s)

skip this section if you installed with void-installer. the intricasies of useradd aren’t really important for a single-user system, but I think it’d be good to briefly go over them anyway

there are two important files related to adding users: /etc/default/useradd.conf and /etc/login.defs. I’ve never changed anything in either of those two files, but the options in them are pretty self explanatory. unless you’re running an actual mail server, I don’t think you should make a mail spool for users. whatever

the /etc/skel directory is a “skeleton” of a new user’s home directory. all directories and files inside of it are copied to the /home/USER directory whenever a user is created. for a one-user system, there’s no real need to change anything in here

make sure you’re in a root shell. add your user with useradd user_name. if you left the config files alone, a new user should be created with a home directory and part of a group of the same name (check with groups user_name). now you need to add said user to some groups. refer to the manual to see what groups are for what, but my setup puts me in these groups:

# usermod -G user_name,wheel,floppy,audio,video,cdrom,optical,kvm,input,plugdev,xbuilder user_name

these are the same groups you are given when setting up a user with the void-installer script and choosing wheel. whether some of these groups are unnecessary, bad practice, or I am missing some that might be useful, should be directed to my email or the void linux devs

anyway, with groups configured, change the password for yourself with passwd user_name. your user is now setup and you don’t necessarily need to be in a root shell anymore, but you probably should stay in one for the remainder of this setup

time

timekeeping is important! luckily, other people also recognize this and have developed cool stuff like “ntp” for keeping time effectively check your current time with date -u. this will output the date and time in UTC. make sure it’s “close enough” (within a minute or so) to the UTC time. if not, set it with date -u -s "YYYY-MM-DD HH:MM:SS". again, it doesn’t have to be perfect, within a minute or so is good enough for now. obviously the closer the better.

I like to use openntpd for my ntp daemon. I cannot speak for any other daemon. install it and link the service:

# xbps-install openntpd
...
Creating 'ntpd' alternatives group symlink: ntpd -> /usr/bin/openntpd
Creating 'ntpd' alternatives group symlink: ntpd.8 -> /usr/share/man/man8/openntpd.8
Creating 'ntpd' alternatives group symlink: ntpd -> /etc/sv/openntpd
...
# ln -s /etc/sv/ntpd /var/service

you might want to change the config in /etc/ntpd.conf for various reasons (commenting out google, cloudflare if that’s something you want, more regional ntp servers, etc., but for most people the defaults should suffice. just make sure you sv restart ntpd after changing it :)

finally, to keep the hwclock continuously synced to the system clock, add the following to /etc/rc.shutdown:

# Default rc.shutdown for void; add your custom commands here.
#
# This is run by runit in stage 3 after the services are stopped
# (see /etc/runit/3).
hwclock \--systohc

now your hardware clock will sync with your system clock on shutdown, and your system clock will slowly sync and stay around towards “true” time while powered on

internet

internet sounds like one of those things that would be a paid to setup, and when it comes to specific networks with weird setups, it can get annoying, but it’s mostly really easy

if you use ethernet and your router doesn’t have weird 2nd-phase authentication, then you can 99% of the time just plug in an ethernet cord and be on your merry way. routers with authentication for ethernet and whatnot should read onwards

network={
key_mgmt=IEEE8021X
eap=PEAP
pairwise=CCMP
phase2="auth=MSCHAPV2"
identity="username@university-email.edu"
password="university-password"
ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
}

network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=PEAP
pairwise=CCMP
phase2="auth=MSCHAPV2"
identity="username@university-email.edu"
password="university-password"
ca_cert="/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem"
mesh_fwding=1
}

replacing sudo

this is optional. I just hate sudo’s configuration. therefore, I use doas. install the opendoas package.

doas is incredibly easy to configure. man doas.conf is less than 100 lines. here’s my recommended config:

# env var
permit setenv { DISPLAY XAUTHORITY LANG LC_ALL } :wheel

# nopass rules
permit nopass :wheel as root cmd xbps-install args -Su
permit nopass :wheel as root cmd xbps-remove args -Oo
permit nopass :wheel as root cmd reboot args
permit nopass :wheel as root cmd shutdown args -h now

# denies
deny :wheel cmd su

then we’ll need to remove sudo from the system. however, sudo is a dependency of base-system, so we need to first ignorepkg it

# echo "ignorepkg=sudo" >> /etc/xbps.d/20-user-preferences.conf
# xbps-remove sudo

an important thing to note is that doas by default does not keep environment variables (much like su -), which might trip you up when trying to use stuff like graphical applications. this is what the setenv part addresses. the nopass rules are just standard maintenance commands I use basically every day that would be a hassle to enter a password in for every time

one final thing to note if you utilize doas for calling scripts: the environment variable DOAS_USER is set in the environment doas runs, just in case you need it for anything

XDG Variables

I’ll cover XDG in depth more later, but for now all that you should know is that it’s recommended to set these. in /etc/profile.d/00-xdg-variables.sh, add:

export XDG_CONFIG_HOME="$HOME/.config"
export XDG_CACHE_HOME="$HOME/.cache"
export XDG_DATA_HOME="$HOME/.local/share"
export XDG_STATE_HOME="$HOME/.local/state"

make sure all these directories exist too so that nothing yells at you when trying to run just yet