User:Alonbl/Configuration Workstation

= Alon Bar-Lev's Gentoo Workstation =

I maintain a complex development workstation, there is some value in documenting it for other people to take what they like.

As a base, I use Bootstrap and Gentoo Configuration.

Kernel
I use minimal module (when possible) kernel with. I use splashutils because it makes the acceptance of Linux better for people that experiencing it at first.

Device specific configuration can be found at any of my hardware article.

To compile kernel, I use genkernel-utils which uses genkernel and ease disk encryption initramfs configuration, and allow stable and none stable configuration to co-exist.

Hardware
See hardware articles.

Networking
I integrate networking as much as I can with OpenRC.

The following articles document my configuration:
 * openresolv
 * Stealth_DHCP
 * Firewall_Using_Firehol
 * OpenVPN_Non_Root
 * VM_Tap_Networking
 * PPP_Client
 * PPPoE_Client

Workstation is a complete network:

+---+            |                    INTERNET                   | +---+              ^          ^          ^          ^          ^               |          |          |          |          |               |          |          |          |          |               |          |          |          |          |            GSM modem  Broadband   GSM modem  wired     wireless |         |          |          |          |              ppp0       ppp1       ppp2       eth0       wlan0 |         |          |          |          |             +---+             |               \\ | //                 \\ | // |             |                 NAT     WORKSTATION     NAT   | |                   ^                      ^   |             |  /-NAT--<-\ \                      \  | +---+              |                     |                     |              vpn0                  br0                   usb0 |                    |                     |               |                +++                |               |                |         |                |               V               vm0       vm1               V             OFFICE             |         |             EMBEDDED QEMU1    QEMU2

In words, workstation connects to the Internet via multiple coice of interfaces. It also provides access to the Internet for embedded devices and virtual machines via NAT. DHCP is made using special mode which hides computer indentity from DHCP server.

The virtual machines resides in their own segment interacting with workstaion via br0 interface.

There is also VPN using OpenVPN non root mode to office network, virtual machines can access this network via NAT.

All interfaces are protected by firewall.

To enable user wpa_supplicant access, I use the following:

As usually only wireless networking is working, we would like to switch off the wired and boardband interfaces, set the following:

Security
On most of my mobile devices I encrypt the disk using which is the most strong and fast cryptographic method I found. I use compliant smartcard with CCID compliant reader using.

I do not use as it is too complex, consume power as it busy loops, and does not run in least privileged mode.

I use firewall for all of my interfaces, with outgoing and incoming traffic rules.

To avoid man-in-the-middle attacks on portage synchronization, I always use signed snapshots.

My X is running as non root, not xdm.

Power Management
I use Usermode suspend, with as wrapper, and as event managemet.

USB power down extends battery life, as long as it works, I use it.

Gentoo Configuration
Based on Gentoo common configuration.

Licenses: User:Alonbl/Gentoo_Licensing

Always none stable
sys-kernel/gentoo-sources ~amd64 sys-kernel/genkernel ~amd64         # I use recent kernel app-emulation/qemu-kvm ~amd64       # I use recent kernel media-gfx/splashutils ~amd64        # I use recent kernel sys-fs/loop-aes ~amd64              # I use recent kernel x11-drivers/xf86-video-intel ~amd64 # so far acceleration is not right

Localization
Hebrew.

udev
Until https://bugs.launchpad.net/qemu/+bug/891625 resolved:

X11
I use only evdev input driver, without HAL or any other automation.

KDE
I use KDE as my desktop, why? I do not understand gnome, and Qt looks right, including proper Hebrew support.

I use the following packages: kde-base/kdebase-startkde kde-base/ark kde-base/dolphin kde-base/kfind kde-base/kate kde-base/kcalc kde-base/kcharselect kde-base/kde-l10n kde-base/kdesdk-kioslaves kde-base/kdm kde-base/kget kde-base/kmenuedit kde-base/kmix kde-base/kolourpaint kde-base/konqueror kde-base/konsole kde-base/kscreensaver kde-base/ksnapshot kde-base/okular kde-base/kopete media-libs/phonon-vlc net-misc/knemo

To enable gtk+ (firefox, gimp, wireshark...) integration to Qt:

Qemu
I use kvm

Maintainer
Alon Bar-Lev