..

Gentoo + LUKS + EFIStub

Prepare the disk

fdisk /dev/nvme0n1

First, a fresh partition table is created on /dev/nvme0n1 with:

Command (m for help): g
Created a new GPT disklabel (GUID: 8D91A3C1-8661-2940-9076-65B815B36906).

With a GPT partition table created, the EFI System Partition (ESP) can be added using n:

Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-134217694, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-134217694, default 134215679): +1G

Created a new partition 1 of type 'Linux filesystem' and of size 1 GiB.

The ESP property can be set using t:

Command (m for help): t
Selected partition 1
Partition type or alias (type L to list all): 1
Changed type of partition 'Linux filesystem' to 'EFI System'.

Created a new partition 1 of type 'Linux filesystem' and of size 1 GiB.

Create the Root partition

Command (m for help): n
Partition number (2-128, default 2):
First sector (2099200-134217694, default 2099200):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2099200-134217694, default 134215679):

Created a new partition 2 of type 'Linux filesystem' and of size 62 GiB.

Finally, the changes can be written with w:

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

cryptsetup luksFormat /dev/nvme0n1p2
cryptsetup luksOpen /dev/nvme0n1p2 root
mkfs.vfat -F32 /dev/nvme0n1p1
mkfs.ext4 -L rootfs /dev/mapper/root

mkdir --parents /mnt/gentoo
mount -L rootfs /mnt/gentoo

Download and unpack stage3 file

cd /mnt/gentoo
wget STAGEFILEHERE.tar
tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner -C /mnt/gentoo

Configure repos

mkdir -pv "/mnt/gentoo/etc/portage/repos.conf"
cp -fv "/mnt/gentoo/usr/share/portage/config/repos.conf" "/mnt/gentoo/etc/portage/repos.conf/gentoo.conf"
cp -fv -L "/etc/resolv.conf" "/mnt/gentoo/etc"

Chroot

manjaro-chroot /mnt/gentoo /bin/bash
source /etc/profile
export PS1="(chroot) ${PS1}"

Timezone

ln -sf ../usr/share/zoneinfo/Europe/Moscow /etc/localtime

Sync repos

emerge --sync --quiet
emerge --quiet-build "dev-vcs/git"

Locale

sed -i "/#en_US.UTF/ s/#//g" "/etc/locale.gen"
locale-gen
eselect locale set "en_US.utf8"
echo 'LC_COLLATE="C.UTF-8"' >> "/etc/env.d/02locale"

env-update && source "/etc/profile" && export PS1="(chroot) ${PS1}"

Portage

You can skip this step if you have preconfigured portage files.

sed -i '/COMMON_FLAGS=/ c\COMMON_FLAGS="-march=native -O2 -pipe"
    /^FFLAGS/ a\LDFLAGS="-Wl,-O2 -Wl,--as-needed"
    /^FFLAGS/ a\RUSTFLAGS="-C debuginfo=0 -C codegen-units=1 -C target-cpu=native -C opt-level=3"' "/etc/portage/make.conf"

echo "" >> "/etc/portage/make.conf"

emerge --oneshot "app-portage/cpuid2cpuflags"
cpuid2cpuflags | sed 's/: /="/; s/$/"/' >> "/etc/portage/make.conf"

echo "" >> "/etc/portage/make.conf"
echo 'ACCEPT_KEYWORDS="~amd64"' >> /etc/portage/make.conf
echo "" >> "/etc/portage/make.conf"
echo 'ACCEPT_LICENSE="*"' >> /etc/portage/make.conf
echo 'VIDEO_CARDS="nvidia"' >> /etc/portage/make.conf

echo 'MAKEOPTS="-j32 -l33"' >> /etc/portage/make.conf
echo 'EMERGE_DEFAULT_OPTS="--jobs=999 --load-average=33 --keep-going --verbose --quiet-build --with-bdeps=y --complete-graph=y --deep"' >> /etc/portage/make.conf
echo 'USE="-systemd -gnome -kde -X -qt5 minimal lto pgo wayland system-png pipewire"' >> /etc/portage/make.conf
echo 'FEATURES="fixlafiles unmerge-orphans nodoc noinfo notitles parallel-install parallel-fetch clean-logs"' >> /etc/portage/make.conf
echo 'PORTAGE_COMPRESS_EXCLUDE_SUFFIXES="[1-9] n [013]p [1357]ssl"' >> /etc/portage/make.conf
echo 'PORTAGE_COMPRESS=gzip' >> /etc/portage/make.conf
# vvv not necessary needed but currently yes
echo 'PYTHON_TARGETS="python3_13"' >> /etc/portage/make.conf
echo 'PYTHON_SINGLE_TARGET="python3_13"' >> /etc/portage/make.conf

Renew env

env-update && source "/etc/profile" && export PS1="(chroot) ${PS1}"

Update system

[!NOTE] If you encounter freetype circular dependency then just oneshot it with -harfbuzz use flag

emerge --ask --update --newuse @world
CLEAN_DELAY="0" emerge --depclean --verbose=n -q
emerge @preserved-rebuild

Install clang and rust

MAKEOPTS="-j21 -l22" emerge llvm-core/clang dev-lang/rust --ask

Install firmware

emerge "sys-kernel/linux-firmware"

Build linux kernel

emerge "sys-kernel/gentoo-sources" "app-arch/lz4"

Copy your kernel config into /usr/src/linux

Optional to build with LTO

export LLVM="1" LLVM_IAS="1" CFLAGS="-O3 -march=native -pipe" KCFLAGS="-O3 -march=native -pipe"

Make menuconfig

make olddefconfig

Don’t forget to change your cmdline

CONFIG_CMDLINE="root=UUID=(HERE UUID OF UNENCRYPTED /dev/mapper/root) rd.luks.uuid=(HERE UUID OF ENCRYPTED /dev/nvme0n1p2) init=/sbin/openrc-init nvidia_drm.modeset=1 nvidia_drm.fbdev=1"

Build

make -j$(nproc)
make modules_install

Mount boot partition

mount /dev/nvme0n1p1 /boot
mkdir -p /boot/EFI/BOOT

Copy kernel into /boot

cp /usr/src/linux/arch/x86/boot/bzImage /boot/EFI/BOOT/BOOTX64.EFI

Install nvidia-drivers

emerge nvidia-drivers

Generate fstab

UUID=${/dev/nvme0n1p1} /boot vfat defaults,noatime 0 2
UUID=${encrypted /dev/nvme0n1p2} / ext4 defaults,noatime 0 1

Configure hosts

Edit /etc/conf.d/hostname

YOURHOSTNAME

Edit /etc/hosts

127.0.0.1	YOURHOSTNAME	localhost
::1		    YOURHOSTNAME	localhost

DHCP

emerge dhcpcd
rc-update add dhcpcd default

OpenRC

Edit /etc/rc.conf

rc_parallel="YES"

Run this to fix hang issue

for n in $(seq "1" "6"); do
    ln -s "/etc/init.d/agetty" "/etc/init.d/agetty.tty${n}"
    rc-config add "agetty.tty${n}" default
done

Configure account

emerge "sys-auth/seatd" "sys-process/dcron" "media-video/wireplumber" "media-video/pipewire" "app-admin/doas" "net-p2p/transmission"

passwd
useradd -mG wheel,audio,video,usb,input,portage,pipewire,seat,cron,transmission YOURUSERNAME
passwd YOURUSERNAME

Edit /etc/doas.conf

permit nopass root
permit :wheel
permit persist :wheel
permit nopass :wheel cmd mount
permit nopass :wheel cmd umount
permit nopass :wheel cmd lsblk args -rpo "uuid,name,type,size,label,mountpoint,fstype"

rc-update add seatd default
rc-update add dcron default

Configure repos

emerge "app-eselect/eselect-repository"

eselect repository remove "gentoo" && rm -rf "/var/db/repos/gentoo"

eselect repository enable "gentoo"

eselect repository enable "guru"
eselect repository add "awy" git "https://git.awy.one/awy.git"

emaint sync -a

emerge --oneshot "sys-apps/portage"

Add nvidia modules

mkdir -p "/etc/modules-load.d"

{
    echo "nvidia"
    echo "nvidia_modeset"
    echo "nvidia_uvm"
    echo "nvidia_drm"
} > "/etc/modules-load.d/video.conf"

Generate initramfs

emerge ugrd
ugrd --kver KERNEL_VERSION /boot/initramfs.xz

Create boot entry

emerge -a1 "sys-boot/efibootmgr"
efibootmgr -c -d /dev/nvme0n1 -p 1 -L gentoo -l '\EFI\BOOT\BOOTX64.EFI' -u "initrd=initramfs.xz"