docs/posts/03-security-improvements.md: update

Added Void Linux compatibility.

docs/desktop-os/index.md

@@ -1,5 +0,0 @@
-# Desktop operating-system Blog
-
-The blog page of the topics particularly related to desktop operating systems. 
-
----

docs/index.md

@@ -1,9 +1,3 @@
----
-hide:
-  - navigation
-  - toc
----
-
 # Welcome to the blog of the Ampel organisation
 
 Here we blog about various topics related to desktop and server operating systems. From base system installs to particular configuration of top level software. Always striving for simplicity, minimalism and security in each of these layers.

docs/posts/03-security-improvements.md

@@ -9,6 +9,7 @@ authors:
 tags:
     - Alpine Linux
     - Gentoo Linux
+    - Void Linux
 categories:
     - Security
 ---
@@ -23,10 +24,25 @@ Linux Security Modules (LSM) is a framework that allows the implementation of va
 
 These security modules may be enabled by adding them to the kernel `cmdline`:
 
+=== "Alpine Linux"
+
+    ``` shell title="/etc/kernel-hooks.d/secureboot.conf"
+    cmdline="... lsm=landlock,lockdown,yama,integrity ..."
+    ```
+
+=== "Gentoo Linux"
+
     ``` shell title="/etc/kernel/cmdline"
     ... lsm=landlock,lockdown,yama,integrity ...
     ```
 
+=== "Void Linux"
+
+    ``` shell title="/etc/dracut.conf.d/cmdline.conf"
+    kernel_cmdline="... lsm=landlock,lockdown,yama,integrity ..."
+    ```
+
+
 ### Landlock
 
 Landlock (`landlock`) is an access-control system that enables any processes to securely restrict themselves and their future children, i.e. sandboxing. 
@@ -69,6 +85,12 @@ AppArmor is a security module that provides a simpler alternative to SELinux. It
     sh# apk add apparmor apparmor-utils apparmor-profiles
     ```
 
+    and add it to the boot runlevel:
+
+    ``` shell-session
+    sh# rc-update add apparmor boot
+    ```
+
 === "Gentoo Linux"
 
     ``` shell-session
@@ -81,12 +103,38 @@ and add it to the boot runlevel:
     sh# rc-update add apparmor boot
     ```
 
+=== "Void Linux"
+
+    ``` shell-session
+    sh# xbps-install apparmor apparmor-utils apparmor-profiles
+    ```
+
+    and add the service:
+
+    ``` shell-session
+    sh# ln -s /etc/sv/apparmor /var/service
+    ```
+
 Add `apparmor` to the kernel `cmdline` to make it operational:
 
+=== "Alpine Linux"
+
+    ``` shell title="/etc/kernel-hooks.d/secureboot.conf"
+    cmdline="... lsm=...,apparmor apparmor=1 ..."
+    ```
+
+=== "Gentoo Linux"
+
     ``` shell title="/etc/kernel/cmdline"
     ... lsm=...,apparmor apparmor=1 ...
     ```
 
+=== "Void Linux"
+
+    ``` shell title="/etc/dracut.conf.d/cmdline.conf"
+    kernel_cmdline="... lsm=...,apparmor apparmor=1 ..."
+    ```
+
 Then reconfigure the `kernel`:
 
 === "Alpine Linux"
@@ -101,6 +149,12 @@ Then reconfigure the `kernel`:
     sh# emerge --config gentoo-kernel
     ```
 
+=== "Void Linux"
+
+    ``` shell-session
+    sh# xbps-reconfigure -f linux<version>
+    ```
+
 You can check the status of `apparmor` with `apparmor-utils`:
 
 ``` shell-session
@@ -111,10 +165,24 @@ sh# aa-status
 
 Boot parameters configure the bootloader to parse the relevant settings to the kernel at boot. Hardening the boot process will improve the overall security of the system. The listed boot parameters in this chapter can be parsed into the kernel `cmdline`:
 
+=== "Alpine Linux"
+
+    ``` shell title="/etc/kernel-hooks.d/secureboot.conf"
+    cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on ..."
+    ```
+
+=== "Gentoo Linux"
+
     ``` shell title="/etc/kernel/cmdline"
     ... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on ...
     ```
 
+=== "Void Linux"
+
+    ``` shell title="/etc/dracut.conf.d/cmdline.conf"
+    kernel_cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on ..."
+    ```
+
 ### Mitigations of system vulnerabilities
 
 * The setting `slab_nomerge` disables [slab merging](https://en.wikipedia.org/wiki/Slab_allocation) which helps to protect against heap exploitation.
@@ -275,6 +343,12 @@ The default memory allocator of `musl` is already reasonably secure but not as s
     sh# emerge -a hardened-malloc
     ```
 
+=== "Void Linux"
+
+    ``` shell-session
+    sh# xbps-install hardened-malloc
+    ```
+
 and set it to system-wide edit:
 
 ``` shell title="/etc/ld-musl-x86_64.path"
@@ -308,6 +382,12 @@ Improve the security of the system by increasing the entropy with the `jitterent
     sh# emerge -a jitterentropy
     ```
 
+=== "Void Linux"
+
+    ``` shell-session
+    sh# xbps-install jitterentropy
+    ```
+
 and make sure that the module gets loaded:
 
 ``` shell title="/etc/modules-load.d/entropy.conf"

docs/server-os/.authors.yml

@@ -1,13 +0,0 @@
-authors:
-  luc:
-    name: "Luc"
-    description: ""
-    avatar: "https://git.ampel.dev/avatars/cbd8e77b1f18b62a6a8dc56124238153?size=512"
-    slug: "luc"
-    url: "https://git.ampel.dev/luc"
-  nils:
-    name: "Nils"
-    description: ""
-    avatar: "https://git.ampel.dev/avatars/caa9d4634a522b6e874804a280ce6d1001e4213b5e9db9ec965641269f862623?size=512"
-    slug: "nils"
-    url: "https://git.ampel.dev/nils"

docs/server-os/index.md

@@ -1,5 +0,0 @@
-# Server operating-system Blog
-
-The blog page of the topics particularly related to server operating systems. 
-
----

mkdocs.yml

@@ -13,8 +13,6 @@ theme:
   features:
     - navigation.instant
     - navigation.instant.progress
-    - navigation.indexes
-    - navigation.tabs
     - navigation.sections
     - toc.follow
     - search.suggest
@@ -60,13 +58,4 @@ plugins:
   - search
   - tags
   - blog:
-      blog_dir: desktop-os
+      blog_dir: .
-  - blog:
-      blog_dir: server-os
-
-nav:
-  - 'Home': index.md
-  - 'Desktop OS':
-    - desktop-os/index.md
-  - 'Server OS':
-    - server-os/index.md