As a follow up to my post on installing Gentoo on a “new” system, below are notes on the things I did after booting the server up for the first time. All of which are pretty basic things fore a headless systemd console machine.

User & Groups

Working as root is never a good idea, so the first thing I do on a new system is create a normal user account, and set a password different than the root account.

~ # useradd -m -G users,wheel,audio,video,usb,portage -s /bin/bash larry
~ # passwd larry

You can now choose the new password or passphrase.

A good password should be a mix of upper and lower case letters,
digits, and other characters.  You can use a password
that consists of 8 characters.

A passphrase should be of at least 3 words, 8 to 40 characters
long, and contain enough different characters.

Alternatively, if no one else can see your terminal now, you can
pick this as your password: "doctor8Fit+parcel".

Enter new password:
Re-type new password:
passwd: password updated successfully

Systemd

Set Machine ID

~ # systemd-machine-id-setup

Set Hostname

~ # hostnamectl set-hostname sparky

Set Locale and Keyboard

~ # localectl set-locale en_US.utf8
~ # localectl set-keymap us
~ # localectl
   System Locale: LANG=en_US.utf8
       VC Keymap: us
      X11 Layout: us
       X11 Model: pc105+inet
     X11 Options: terminate:ctrl_alt_bksp
~ # env-update && source /etc/profile
>>> Regenerating /etc/ld.so.cache..

Time and Date

I enable NTP and set a time zone below.

~ # timedatectl status
               Local time: Mon 2021-02-08 10:48:44 UTC
           Universal time: Mon 2021-02-08 10:48:44 UTC
                 RTC time: Mon 2021-02-08 10:48:45
                Time zone: n/a (UTC, +0000)
System clock synchronized: no
              NTP service: inactive
          RTC in local TZ: no 
~ # timedatectl set-ntp true
timedatectl timesync-status
       Server: 184.105.182.16 (0.gentoo.pool.ntp.org)
Poll interval: 2min 8s (min: 32s; max 34min 8s)
         Leap: normal
      Version: 4
      Stratum: 2
    Reference: D8DAFECA
    Precision: 1us (-22)
Root distance: 47.485ms (max: 5s)
       Offset: +7.294ms
        Delay: 74.095ms
       Jitter: 11.411ms
 Packet count: 3
    Frequency: +28.497ppm
~ # timedatectl set-timezone "America/Chicago"
          RTC in local TZ: no

Networking

The machine I am working on has four NICs. I am not totally sure what my network need will be in the end, so fro now I am simply going to create a bond using two of the NICs.I do a reboot after configuring the Network to make sure all is working as expected.

~ # systemctl enable systemd-networkd
Created symlink /etc/systemd/system/dbus-org.freedesktop.network1.service → /lib/systemd/system/systemd-networkd.service.
Created symlink /etc/systemd/system/multi-user.target.wants/systemd-networkd.service → /lib/systemd/system/systemd-networkd.service.
Created symlink /etc/systemd/system/sockets.target.wants/systemd-networkd.socket → /lib/systemd/system/systemd-networkd.socket.
Created symlink /etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service → /lib/systemd/system/systemd-networkd-wait-online.service.

~ # systemctl enable systemd-resolved
Created symlink /etc/systemd/system/dbus-org.freedesktop.resolve1.service → /lib/systemd/system/systemd-resolved.service.
Created symlink /etc/systemd/system/multi-user.target.wants/systemd-resolved.service → /lib/systemd/system/systemd-resolved.service.

~ # mv /etc/resolv.conf /etc/resolv.conf.build
~ # ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

/etc/systemd/network # ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 2c:76:8a:56:9f:28 brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 2c:76:8a:56:9f:29 brd ff:ff:ff:ff:ff:ff
4: eno3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 2c:76:8a:56:9f:2a brd ff:ff:ff:ff:ff:ff
5: eno4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 2c:76:8a:56:9f:2b brd ff:ff:ff:ff:ff:ff

~ # vim /etc/systemd/network/10-bond0.netdev
[NetDev]
Name=bond0
Kind=bond

[Bond]
Mode=active-backup
PrimaryReselectPolicy=better
MIIMonitorSec=1s

~ # vim /etc/systemd/network/10-bond0.network
[Match]
Name=bond0

[Network]
Address=192.168.100.95/24
Gateway=192.168.100.1
DNS=192.168.100.96
DNS=1.1.1.1
DNS=8.8.8.8

~ # vim /etc/systemd/network # vim 21-eno1.network
[Match]
Name=eno1

[Network]
Bond=bond0
PrimarySlave=True

~ # vim /etc/systemd/network # vim 22-eno2.network
[Match]
Name=eno2

[Network]
Bond=bond0

~ # systemctl reboot

~ # networkctl
IDX LINK  TYPE     OPERATIONAL SETUP
  1 lo    loopback carrier     unmanaged
  2 eno1  ether    enslaved    configured
  3 eno2  ether    enslaved    configured
  4 eno3  ether    off         unmanaged
  5 eno4  ether    off         unmanaged
  6 bond0 bond     routable    configured

6 links listed.
~ #

Journal Log Files

I want to be able to look at system logs as my normal user account, so I need to add account to the systemd-journal group as below.

~ # gpasswd --add larry systemd-journal
Adding user larry to group systemd-journal
~ #

Start SSH Server Service on Boot

 ~ # systemctl enable sshd
Created symlink /etc/systemd/system/multi-user.target.wants/sshd.service → /lib/systemd/system/sshd.service.
~ # systemctl start sshd
~ #

Start Cron Service on Boot

 ~ # systemctl enable cronie
Created symlink /etc/systemd/system/multi-user.target.wants/cronie.service → /lib/systemd/system/cronie.service.
~ # systemctl start cronie
~ #

Read the News

Always read the news as this is the primary source of local information on potentially needed configuration changes or other actions before or after upgrades. As encountered during the build there has been a change to default licensing. I read all the nes, but only show output from the ACCEPT_LICENSE default piece.

~ # eselect news list
News items:
  [1]   N  2016-06-19  L10N USE_EXPAND variable replacing LINGUAS
  [2]   N  2018-08-07  Migration required for OpenSSH with LDAP
  [3]   N  2019-05-23  Change of ACCEPT_LICENSE default
  [4]   N  2019-12-30  Genkernel 4 changed default filenames
  [5]   N  2020-06-23  sys-libs/pam-1.4.0 upgrade
  [6]   N  2021-01-30  Python preference to follow PYTHON_TARGETS

~ # eselect news read 3
2019-05-23-accept_license
  Title                     Change of ACCEPT_LICENSE default
  Author                    Ulrich Müller <ulm@gentoo.org>
  Author                    Thomas Deutschmann <whissi@gentoo.org>
  Posted                    2019-05-23
  Revision                  2

The default set of accepted licenses has been changed [1,2] to:

   ACCEPT_LICENSE="-* @FREE"

This means that by default only free software and documentation
will be installable. The "FREE" license group is defined in the
profiles/license_groups file in the Gentoo repository. It contains
licenses that are explicitly approved by the Free Software Foundation,
the Open Source Initiative, or that follow the Free Software
Definition.

The system wide default for the accepted licenses is controlled by
the ACCEPT_LICENSE variable in /etc/portage/make.conf, or it can be
specified on a per-package basis in /etc/portage/package.license.

For example, to allow the app-arch/unrar and sys-kernel/linux-firmware
packages to be installed, the following lines would have to be added
to /etc/portage/package.license:

   app-arch/unrar unRAR
   sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE

A migration tool app-portage/elicense is available. It scans installed
packages for licenses that are no longer accepted, and generates a list
in the same format as the package.license file. See elicense's README
for further details.

If you want to revert to the previous default, add the following line
to /etc/portage/make.conf:

   ACCEPT_LICENSE="* -@EULA"

This will permit all licenses, except End User License Agreements that
require reading and signing an acceptance agreement. Note that this
will also accept non-free software and documentation.

See GLEP 23 [3] as well as the make.conf(5) and portage(5) man pages
for the detailed syntax of the ACCEPT_LICENSE variable. Further
information about licenses can be found in the Gentoo Handbook [4]
and on the license groups wiki page [5].

[1] https://projects.gentoo.org/council/meeting-logs/20190210-summary.txt
[2] https://bugs.gentoo.org/676248
[3] https://www.gentoo.org/glep/glep-0023.html
[4] https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Portage#Licenses
[5] https://wiki.gentoo.org/wiki/License_groups

I am comfortable with the previous license behavior, so I will restore behavior to what it was before the change by adding the decribed line to my make.conf file.

~ # echo 'ACCEPT_LICENSE="* -@EULA"' >> /etc/portage/make.conf

Packages

Below are some of the packages I installed right away because I use the often, and find useful on headless console based machines.

File System Tools

Miscellaneous

  • mlocate - Merging locate index tool for finding files.
  • neofetch - System information at command line.
  • stow - GNU symlink farm manager.
  • tmux - Run multiple programs in single terminal, persist running while disconnected.

Package Management

  • eix - sync, search and maintain local ebuild repository.
  • gentoolkit - Gentoo administration tools.

Services

  • cronie - A standard daemon cron. I have yet to accept systemd timers.

Tools

  • sysbench - Scriptable benchmark tool.
  • vim - Text editor, installed during OS install/build.

References

Gentoo Wiki Systemd

Arch Wiki Linux console/Keyboard configuration

timedatect

100 Days od Linux

Kerli Low -Setting Up systemd-networkd with Bonding