The internal server should be Gentoo. If you prefer a different distribution, go ahead, but you will need to adapt all the future instruction as i will use Gentoo.

The external server again should be Gentoo, but specially on VPSs you might not have freedom of choice. As far as it's a reliable Linux distribution, you should be fine. After all, you will only run tunnels on it.

All the following applies to the internal server. Most of it also the external server, if you are installing Gentoo there too.

Why Gentoo Linux? Because its lightweight, gives you full control on your server and can be much more secure than others bloated Linux distributions.

When installing Gentoo Linux you have the total freedom to choose any single piece of the system, including whether to install or not a Cron Daemon and even a logger daemon. No other distro gives you so much freedom. Moreover, while you can use SystemD and NetworkManager with Gentoo, you are not forced to use them, and in fact specially for small servers, they might both be unneeded.

For reference, always follow the Gentoo Handbook which is the Gentoo Bible.

Installing Gentoo Linux is less difficult than you might think. The great Gentoo Handbook is very well written and also fairly easy to follow if you don't rush it. I assume you are capable of following it up until you can boot a text-only system.

This is NOT a comprehensive installation guide rather a list of quick points to keep in mind while following the already mentioned Gentoo Handbook above.

Prerequisite: you already know where (on which disk/partition) you are going to install Gentoo and which IP address you want to use for your home (internal) network.

Burn Gentoo installation ISO to a CD or a USB key, and boot it all the way to the Gentoo command-line prompt.

Setup internet access from your booted installation ISO.

Format your root partition on your PC harddrive as EXT4: i recomend EXT4 for the root partition (that's not where you will be storing any data or services!) because it's always supported out of the box and can avoid issues in the future. Let's assume it's /dev/sda2.

Mount your root folder:

 > mount /dev/sda2 /mnt/gentoo

Download the Gentoo Stage 3 tarball for your architecture (arm64, amd64, etc). From the Gentoo boot ISO, you can use links, which is a neat text-only web browser.

Decompress the Stage 3, be careful to specify the following options (the 'p' one is critical!):

 > cd /mnt/gentoo
 > tar xvfp stage3.blah-blah.tar.zy 

Prepare and enter the chroot environment:

 > cp /etc/resolv.conf /mnt/gentoo/etc
 > modprobe efivarfs
 > for i in dev dev/pts sys run proc sys/firmware/efi/efivars; do mount /$i /mnt/gentoo/$i -o bind; done
 > chroot /mnt/gentoo /bin/bash
 > source /etc/profile

You are now inside your brand new Gentoo Linux installation… But there is still a lot of work to be able to boot it.

You also need, now, to mount the boot/efi partition in side the chroot (let's assume it's /dev/sda1), so something like:

> mkdir /boot
 > mount /dev/sda1 /boot

You need now to setup portage, Gentoo package manager.

Accept licenses, put this into <b>/etc/portage/make.conf</b>:

ACCEPT_LICENSE="-* @FREE @BINARY-REDISTRIBUTABLE @EULA"

It's time to populate the portage tree:

 > emerge --sync

Configure your timezone (choose the correct one):

 > echo "Europe/Brussels" > /etc/timezone
 > emerge --config sys-libs/timezone-data

Configure your locales by editing the file /etc/locale.gen and running:

 > locale-gen

And select your preferred profile. I would choose a plain basic profile like default/linux/amd64/17.1 or a selinux/hardened one if you feel adventurous:

 > eselect profile list

Install and properly setup your CPU flags:

 > emerge -vp cpuid2cpuflags
 > echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags

Now reinstall/recompile the basic system according to your selections:

 > emerge -uv --deep --newuse @world

And it's time to install some basic stuff (pick your own! there are also many choices):

 > emerge -vp genkernel gentoo-sources pciutils usbutils mdadm vim tmux cronie  syslog-ng bash-completion chrony dosfstools  io-scheduler-udev-rules intel-microcode 

Research each one and pick yours.

Now it's time to build the kernel:

 > eselect kernel set 1
 > genkernel --mountboot --install all

Then create a user and set root password:

 > passwd
 > useradd user
 > passwd user

Setup network and ensure SSH starts by default on boot (i assume your ethernet device is called xxx, you can check in /sys/class/net):

 > vi /etc/conf/net
 > rc-update add sshd default
 > ln -s /et/init.d/net.lo /etc/init.d/net.xxx
 > rc-update add net.xxx default

Last, setup boot loader (Grub2 here):

grub-install --target=x86_64-efi --efi-directory=/boot

and then reboot.

Now, you are of course free to install whatever you want, even a fully fledged Plasma Workspace, but i strongly advise against. This is a server and less stuff you install, the better.

A few more notes and suggestion that will be important in the future.

A few notes to follow:

• don't bother with setting up the external data disks, you will do it later
• don't install any graphical user interface, you will not need it
• don't install SystemD as all commands are not for SystemD (or install it and adapt the commands)

Note: i don't care for SystemD. It does fix a problem i don't have and never had. It's a complication i never had a need for, and Gentoo gives me the choice to not use it. Please use it yourself if you prefer, just adapt the commands where it is involved accordingly.

(not needed for the external server)

You will need to create a special group called media which will be used to allow the different tools to access the respective data folders without compromising the security of your installation and media collection:

 > groupadd media

this will create a new group called media. You will need it later.

There are also a few specific tools we need to install for what comes ahead, let's do it:

 > emerge -v sys-fs/mdadm

mdadm are the software RAID tools.

Once you have Gentoo installed on your hardware, keep reading.