I suppose the most tangible benefit I get out of it is embedding a custom initramfs into the kernel and using it as an EFI stub. And I usually disable module loading and compile in everything I need, which feels cleaner. Also I make sure to tune the settings for my CPU and GPU, enable various virtualization options, and force SELinux to always remain active, among other things.

mpd + ncmpcpp

Yes! Awk is great, I use it all the time for text processing problems that are beyond the scope of normal filters but aren’t worth writing a whole program for. It’s pretty versatile, and you can split expressions up and chain them together when they get too complicated. Try piping the output into sh sometime. It can be messy though and my awk programs tend to be write-only

Yeah for me it’s been great and I do essentially leave it plugged in the whole time I’m using my PC (attached to my keys). It does require a pin entered each boot, so leaving it in would still offer security. But as someone else mentioned getting kwallet PAM working would make things easier in any case

Lol. I press a button on the device (which I unlocked with a pin before boot), but it would be nice to have the DB unlock automatically

Personally, I’ve relied on an OnlyKey for a few years (with backups and an extra fallback device) and haven’t needed to type passwords since. This doesn’t help with the number of prompts, but it does make them easier to dismiss.

I do use autologin, but I don’t use a system wallet (only KeePassXC, which I do need to unlock manually). Autologin with system wallets can be tricky, but I’ve had some luck setting it up in the past. You might want to check out this wiki for PAM configuration.

If you’re willing to spend the time to learn how to write custom policies, SELinux can be used for this, to some extent. It’s highly customizable and can sandbox your apps, but the process of doing so is quite complicated. I wrote a small guide on custom policy management on Gentoo in another comment if you’re interested.

There’s also apparently a “sandbox” feature, but I don’t know much about it. I just write my own policies and make them as strict as possible.

As an example, my web browser can’t access my home directory or anything except its own directories, and nobody (including my own user), except root and a few select processes (gpg, gpg-agent, git, pass) can access my gnupg directory.

This only covers security/permissions, and doesn’t include many of the other benefits of containerization or isolation. You could also try KVM with libvirt and Gentoo VMs; that works pretty well (despite update times) and I did that for a while with some success.

I use Terminus (ter-112n) for TTY, Source Code Pro for terminal emulators, and DejaVu, Liberation, and Noto for others

Had the same issue with Plasma Wayland in QEMU but I never found a solution. Toggling anti-aliasing sometimes helped, temporarily

Yes! Depending on how much time you want to spend figuring things out… there is a learning curve, but the documentation is quite extensive. And you do learn a lot about Linux by diving in. The compile times aren’t really an issue today if you have decent hardware- I run it at home and on all of my servers (some of them not very powerful). You can do other things while it’s compiling.

It’s great if you want to customize everything and learn how your system works, or are interested in optimizing everything for your specific CPU architecture. There are a few pitfalls (especially when learning), but I’ve generally been able to learn how to fix any issues as they arise.

Also, the package availability is great. If you can’t find something in the gentoo repository or in an overlay, you can usually find its dependencies and build it yourself.