My 2018 Mac mini (64G RAM, 2T SSD) has long been a trusty multi-VM pkgsrc and notqmail build machine, mostly via SSH. And during the first couple COVID years when I was still consulting independently but we were out of the country, it was also a trusty low-latency system for collaborative coding sessions with USA-based clients, mostly via screen sharing.

The mini still performs quite well. I still rely on it for keeping my NetBSD VPS running on the latest -current pkgsrc every week or so. But macOS NFS service had a tendency to be a source of annoyance and/or effort on each new major release. NetBSD’s NFS client got fixed, which was enough to get me by, but my Tribblix and Linux VMs had already been basically unusable for a while. And macOS had lately gotten a little unstable after reboot: sometimes misrendering the login screen, freezing after a correctly entered password, or suddenly pegging the fans for no apparent reason and powering abruptly off. So when macOS Tahoe dropped support for nearly all Intel Macs, I was already game to repave mine.

I generally prefer NetBSD when possible, and generally consider my non-NetBSD systems to be only temporarily so (e.g., Small ARMs). Hosting a pile of nvmm-accelerated VMs while also building natively for my primary NetBSD production target would have been a solid use case. But the 2018 mini has a T2 security chip that makes a bunch of basic onboard devices relatively difficult for an OS to attach, and Linux appears to be the only free OS that mostly deals with this. Even then, we’ll need a T2-customized installer and special attention.

1. Prepare installer

$ cd ~/Downloads
$ bash <<<1 <(curl -sL https://github.com/t2linux/T2-Mint/releases/latest/download/iso.sh)
$ sudo dd if=linuxmint-*-cinnamon-*-t2-*.iso of=/dev/$YOUR_USB_STICK
$ rm -f linuxmint-*-cinnamon-*-t2-*.iso

2. Prepare machine

1. Reboot and hold down Command-R.
2. In macOS Recovery, choose Utilities -> Startup Security Utility.
3. Secure Boot: No Security.
4. Allowed Boot Media: Allow booting from external or removable media.
5. Connect USB keyboard/mouse/Ethernet directly (not via Bluetooth or Thunderbolt dock).
6. Quit Startup Security Utility.

3. Install

1. Reboot and hold down Option.
2. Choose your USB stick.
3. In the live environment, open Terminal.
4. Wipe, partition, and format the disk:

   $ for i in \
   "mklabel gpt" \
   "mkpart ESP fat32 1MiB 513MiB" \
   "set 1 esp on" \
   "set 1 boot on" \
   "mkpart Root btrfs 513MiB 100%"; do
   sudo parted $YOUR_DISK_DEVICE $i
   done
   $ sudo mkfs.fat -F32 -n ESP ${YOUR_DISK_DEVICE}p1
   

5. In the live environment, run Install.
6. Instead of “Erase disk and install Linux Mint”, choose “Something else”.
7. Click the btrfs partition -> “Change…”.
8. Use as: btrfs journaling file system.
9. Format the partition: [x].
10. Mount point: /.
11. ”Install Now” and follow the prompts until “Installation Complete”.
12. DO NOT click “Continue Testing” or “Restart Now”. We’re not ready for the new install to be unmounted.

4. Tweak new install

1. Enter newly installed environment:

   $ for i in proc dev dev/pts; do
   sudo mount -B /$i /target/$i
   done
   $ sudo chroot /target
   

2. From now on, track configuration changes in git:

   # echo | apt install etckeeper
   # cd /etc
   # git branch -m pet-power-plant
   # git gc --prune
   

3. Configure grub:

   # echo 'GRUB_RECORDFAIL_TIMEOUT=0' > default/grub.d/60_skip_grub_prompt.cfg
   # etckeeper commit -m 'Skip grub prompt.'
   # update-grub
   

4. Give Mac boot picker a custom icon:

   # apt install libarchive-tools
   # curl -sL https://master.dl.sourceforge.net/project/mac-icns/mac-icns.iso \
   | bsdtar -xOf- iconverticons.com/os_linuxmint.icns \
   > /boot/efi/.VolumeIcon.icns
   

5. Return to the “Installation Complete” dialog (finally!) and click “Restart Now”.

5. Before first boot

1. When prompted, remove USB stick and press Enter.
2. On reboot, hold down Command-R.
3. In macOS Recovery, choose Utilities -> Terminal.
4. Give Mac boot picker a custom label:

   # diskutil list
   # diskutil mount /dev/$YOUR_EFI_SYSTEM_PARTITION_DEVICE
   # bless --folder /Volumes/ESP/EFI/BOOT --label "Linux Mint"
   

5. Reboot and hold down Option.
6. Observe the icon and label. Fancy! Someday you’ll hold down Option again, and this’ll help you disambiguate which volume you’re trying to boot.

6. First boot

1. Go for it!
2. Observe no grub prompt, just straight through the Mint logo to the login screen.
3. Log in.
4. Enable passwordless sudo:

   $ echo '%sudo ALL=(ALL: ALL) NOPASSWD: ALL' \
   | sudo tee /etc/sudoers.d/10sudo_nopasswd >/dev/null
   $ sudo chmod 440 /etc/sudoers.d/10sudo_nopasswd
   $ sudo etckeeper commit -m 'Skip sudo password prompt.'
   

5. Allowlist your Thunderbolt dock, if any:

   $ boltctl list                   # find your device's UUID
   $ sudo boltctl enroll --policy auto $YOUR_THUNDERBOLT_UUID
   

6. Fetch WiFi and Bluetooth firmware:

   $ sudo apt install dmg2img
   $ echo 7 | sudo get-apple-firmware get_from_online
   

7. Connect Ethernet/WiFi/mouse/keyboard as you prefer.
8. Enable T2 fan control and SSH service:

   $ echo | sudo apt install t2fanrd openssh-server
   $ sudo systemctl enable --now ssh
   $ sudo etckeeper commit -m 'Enable sshd.'
   

9. Update device firmware:

   $ echo y | sudo fwupdmgr get-updates
   

   (Note that the Mac’s EFI can’t be updated this way. The only way to update Mac EFI is as a side effect of installing the latest macOS.)
10. Follow the post-install Welcome prompts.
11. In “Account details”, add my photo.
12. Install some basics:

    $ echo | sudo apt install tmux vim myrepos tig silversearcher-ag qemu-system-x86-64 kdeconnect dropbox
    

7. Back to work

1. Mount source trees from NAS. (Oh hey, I finally have a NAS! Similar post forthcoming about that.)
2. Create a NetBSD VM to match my production VPS.
3. Build a fresh batch of packages.
4. Carry on with life.

I’ve got some older Mac minis that may also soon find gainful employment around here.