# Gentoo ZFS Install. Boot LiveGUI Image in UEFI mode. Login to a root prompt.

# Setup networking
nmtui

# Change password
passwd gentoo

# Check EFI
dmesg | grep -i efivars

# Load ZFS
modprobe zfs

# Generate a random hostid
head /dev/urandom | tr -dc a-f0-9 | head -c 13 > /etc/hostid

# Define variables
export USERNAME="gentoo"
export ZPOOLNAME="tank"

# Define disk variables (HDD/SDD)
export BOOT_DISK="/dev/sda"
export BOOT_PART="1"
export BOOT_DEVICE="${BOOT_DISK}${BOOT_PART}"
export POOL_DISK="/dev/sda"
export POOL_PART="2"
export POOL_DEVICE="${POOL_DISK}${POOL_PART}"

# Define disk variables (NVMe)
export BOOT_DISK="/dev/nvme0n1"
export BOOT_PART="1"
export BOOT_DEVICE="${BOOT_DISK}p${BOOT_PART}"
export POOL_DISK="/dev/nvme0n1"
export POOL_PART="2"
export POOL_DEVICE="${POOL_DISK}p${POOL_PART}"

# Wipe disk (HDD)
shred -n 7 -v "$BOOT_DISK"

# Wipe disk (SSD) 
loginctl suspend 
hdparm -I "$BOOT_DISK" | grep frozen
hdparm --user-master u --security-set-pass PasSWorD "$BOOT_DISK"
hdparm --user-master u --security-erase-enhanced PasSWorD "$BOOT_DISK"

# Wipe disk (NVMe) 
https://wiki.archlinux.org/title/Solid_state_drive/Memory_cell_clearing#NVMe_drive

# Create partitions 
sgdisk --zap-all "$BOOT_DISK"
sgdisk -n "${BOOT_PART}:1m:+512m" -t "${BOOT_PART}:ef00" "$BOOT_DISK"
sgdisk -n "${POOL_PART}:0:-10m" -t "${POOL_PART}:bf00" "$POOL_DISK"

# Create a keyphrase
vim /etc/zfs/zroot.key && chmod 000 /etc/zfs/zroot.key

# Create zpool
zpool create -f -o ashift=12 \
 -O compression=lz4 \
 -O acltype=posixacl \
 -O xattr=sa \
 -O relatime=on \
 -O encryption=aes-256-gcm \
 -O keylocation=file:///etc/zfs/zroot.key \
 -O keyformat=passphrase \
 -o autotrim=on \
 -R /mnt/gentoo "$ZPOOLNAME" "$POOL_DEVICE"

# Create datasets
zfs create -o mountpoint=none 						"$ZPOOLNAME"/ROOT
zfs create -o mountpoint=/ -o canmount=noauto				"$ZPOOLNAME"/ROOT/gentoo
zfs create -o mountpoint=/root						"$ZPOOLNAME"/ROOT/gentoo/root
zfs create -o mountpoint=/opt						"$ZPOOLNAME"/ROOT/gentoo/opt
zfs create -o mountpoint=/usr						"$ZPOOLNAME"/ROOT/gentoo/usr
zfs create -o mountpoint=/usr/local					"$ZPOOLNAME"/ROOT/gentoo/usr/local
zfs create -o mountpoint=/usr/portage -o atime=off -o setuid=off	"$ZPOOLNAME"/ROOT/gentoo/usr/portage
zfs create -o mountpoint=/usr/portage/distfiles -o setuid=off		"$ZPOOLNAME"/ROOT/gentoo/usr/portage/distfiles
zfs create -o mountpoint=/usr/portage/packages -o setuid=off		"$ZPOOLNAME"/ROOT/gentoo/usr/portage/packages
zfs create -o mountpoint=/usr/src					"$ZPOOLNAME"/ROOT/gentoo/usr/src
zfs create -o mountpoint=/var						"$ZPOOLNAME"/ROOT/gentoo/var
zfs create -o mountpoint=/var/log					"$ZPOOLNAME"/ROOT/gentoo/var/log
zfs create -o mountpoint=/var/notmp -o sync=disabled			"$ZPOOLNAME"/ROOT/gentoo/var/notmp
zfs create -o mountpoint=/home						"$ZPOOLNAME"/HOME
zfs create -o mountpoint=/home/"$USERNAME"				"$ZPOOLNAME"/HOME/"$USERNAME"

# Set boot dataset
zpool set bootfs="$ZPOOLNAME"/ROOT/gentoo "$ZPOOLNAME"

# Export, re-import, unencrypt
zpool export "$ZPOOLNAME"
zpool import -N -R /mnt "$ZPOOLNAME"
zfs load-key -L prompt "$ZPOOLNAME"

# Mount datasets
zfs mount "$ZPOOLNAME"/ROOT/gentoo
zfs mount "$ZPOOLNAME"/ROOT/gentoo/root
zfs mount "$ZPOOLNAME"/ROOT/gentoo/opt
zfs mount "$ZPOOLNAME"/ROOT/gentoo/usr
zfs mount "$ZPOOLNAME"/ROOT/gentoo/usr/local
zfs mount "$ZPOOLNAME"/ROOT/gentoo/usr/portage
zfs mount "$ZPOOLNAME"/ROOT/gentoo/usr/portage/distfiles
zfs mount "$ZPOOLNAME"/ROOT/gentoo/usr/portage/packages
zfs mount "$ZPOOLNAME"/ROOT/gentoo/usr/src
zfs mount "$ZPOOLNAME"/ROOT/gentoo/var
zfs mount "$ZPOOLNAME"/ROOT/gentoo/var/log
zfs mount "$ZPOOLNAME"/ROOT/gentoo/var/notmp
zfs mount "$ZPOOLNAME"/HOME
zfs mount "$ZPOOLNAME"/HOME/"$USERNAME"

# Check mountpoints
mount -t zfs

# Update device symbolic links
udevadm trigger

# Start handbook, end at chrooting section
https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Installing_a_stage_tarball

# Copy files into chroot
cp /etc/hostid /mnt/gentoo/etc
mkdir -p /mnt/gentoo/etc/zfs
cp /etc/zfs/zroot.key /mnt/gentoo/etc/zfs

# Continue into chroot, up until here
https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#Preparing_for_a_bootloader

# Make some dirs for later
mkdir -p /etc/dracut.conf.d
mkdir -p /etc/portage/env
mkdir -p /etc/zfsbootmenu

# Cat some files for later
cat << EOF > /etc/dracut.conf.d/zol.conf
nofsck="yes"
add_dracutmodules+=" zfs "
omit_dracutmodules+=" btrfs "
install_items+=" /etc/zfs/zroot.key "
EOF

cat << EOF >> /etc/fstab
$( blkid | grep "$BOOT_DEVICE" | cut -d ' ' -f 2 ) /boot/efi vfat defaults 0 0
tmpfs /tmp tmpfs rw,noatime,nodev,nosuid,mode=1777 0 0 
/tmp /var/tmp none rw,noatime,nodev,nosuid,mode=1777,bind 0 0 
tmpfs /var/tmp/portage tmpfs rw,noatime,nodev,nosuid,size=4G,x-mount.mkdir=775 0 0 
EOF

cat << EOF > /etc/portage/package.env
app-office/libreoffice		notmp.conf
dev-lang/ghc			notmp.conf
dev-lang/mono			notmp.conf
dev-lang/rust			notmp.conf
dev-lang/spidermonkey		notmp.conf
mail-client/thunderbird		notmp.conf
sys-devel/clang                 notmp.conf
sys-devel/gcc			notmp.conf
sys-devel/llvm                  notmp.conf
www-client/chromium		notmp.conf
www-client/firefox		notmp.conf
EOF

cat << EOF > /etc/zfsbootmenu/config.yaml
Global:
  ManageImages: true
  BootMountPoint: /boot/efi
Components:
   Enabled: false
EFI:
  ImageDir: /boot/efi/EFI/zbm
  Versions: false
  Enabled: true
Kernel:
  CommandLine: quiet loglevel=0
EOF

# Setup portage tmpfs
mount /tmp && mount /var/tmp && mount /var/tmp/portage
echo 'PORTAGE_TMPDIR="/var/notmp"' > /etc/portage/env/notmp.conf
chmod 775 /var/notmp && chmod 775 /var/tmp/portage
chown portage:portage /var/notmp && chown portage:portage /var/tmp/portage

# Continue with the Handbook, skip 'Preparing for a bootloader' section. Stop at kernel configuration.

# Kernel magic, enable 'dist-kernel' useflag beforehand. 
echo 'sys-apps/systemd-utils boot' > /etc/portage/package.use/systemd-boot
emerge -a eselect-repository && eselect repository enable guru && emerge --sync
emerge -a dracut efibootmgr gentoo-kernel systemd-utils zfs zfs-kmod zfsbootmenu --autounmask
emerge @module-rebuild && emerge --config sys-kernel/gentoo-kernel

# Set zfs properties
rc-update add zfs-import sysinit && rc-update add zfs-mount sysinit
zfs set org.zfsbootmenu:commandline="quiet loglevel=4" "$ZPOOLNAME"/ROOT
zfs set org.zfsbootmenu:keysource="$ZPOOLNAME/ROOT/gentoo" "$ZPOOLNAME"

# Configure boot device
mkfs.vfat -F32 "$BOOT_DEVICE" && mkdir /boot/efi && mount /boot/efi

# Create ZBM image and add an EFI entry
generate-zbm
efibootmgr -c -d "$BOOT_DISK" -p "$BOOT_PART" -L "ZFSBootMenu" -l '\EFI\ZBM\VMLINUZ.EFI'

# Exit, unmount, reboot
exit
cd
umount -l /mnt/gentoo/dev/{/shm,/pts,}
umount -n -R /mnt/gentoo
zpool export "$ZPOOLNAME"