Documentation

Overview of krypt/sh — design philosophy, the pure LLVM/musl toolchain, and what to expect from a source-based system with no GCC and no glibc.

The dual-prefix directory structure, XDG runtime directories, and the absence of PAM and elogind.

Managing packages with addpkg, delpkg, infopkg, and the high-level pkg manager. Reverse dependency checking with revdep after library upgrades.

Syncing the ports tree, building packages from source with mkpkg, MAKEPKG file anatomy, and build configuration.

Managing services with runit. Writing run, finish, and log scripts. Examples for daemons, one-shot services, and services with cleanup.

Adding users, managing groups, and privilege escalation with doas. No PAM — authentication goes through shadow utilities directly.

Static IP, DHCP with dhcpcd, WiFi with wpa_supplicant, DNS, and the nftables firewall. No NetworkManager.

The graphics stack, seatd, GPU drivers, and launching Wayland compositors (labwc, sway) from a TTY. Pure Wayland — no X11.

Download the disk image, write to USB, and install krypt/sh to disk. Covers partitioning, package installation, fstab, system configuration, and EFISTUB boot. UEFI only — x86_64.

Building a custom kernel with LLVM, loading modules, EFISTUB, security options, and cgroups configuration.

Full disk encryption with LUKS2 and dm-crypt. Setup, opening volumes at boot without an initramfs, and required kernel options.

Rootless VMs using passt for networking, GTK/Wayland display, and clipboard sharing without SPICE.

Rootless containers with crun, netavark, and aardvark-dns. No Docker daemon required.

Hardware-enforced VM isolation as a Xen dom0. Booting with limine via multiboot2, runit services for the Xen toolstack, creating PVH domUs.