Login as a root user

su - cleanly resets all environment variables, changes the working directory to the target user's home directory, and sources the target user's profile scripts, simulating a fresh login as root:

su -

Enable 32-bit architecture support

Steam requires 32-bit architecture support libraries and proprietary components, so enable it:

dpkg --add-architecture i386

Enable non-free & contrib repository sources

The Steam installer package resides in the contrib repository, and the non-free repository provides the essential 32-bit (i386) graphics drivers, Mesa libraries, and other hardware-specific components required for Steam to function and for games to run correctly. Ensure that both repositories are active in your sources list for your release. Depending on which source list is currently active on your PC, fill in the following information on one of these files:

1. Within /etc/apt/sources.list:

deb http://deb.devuan.org/merged ceres main non-free non-free-firmware contrib

2. Within /etc/apt/sources.list.d/devuan.sources:

# Modernized from /etc/apt/sources.list
Types: deb
URIs: http://deb.devuan.org/merged/
Suites: ceres
Components: main non-free non-free-firmware contrib
Signed-By: /usr/share/keyrings/devuan-archive-keyring.gpg

Update repositories and install Steam

After enabling the required repositories, update your package lists:

sudo apt update

Install the steam-installer package using:

sudo apt install steam-installer

Install and set up xwayland

The Steam client requires xwayland to run on a Wayland session because the Steam client itself is an X11-only application and lacks native Wayland support. If you're experiencing a display crash or the "Could not open connection to X" error, it's likely because Steam cannot connect to an X server. Currently, under a Wayland session, this is handled by xwayland, which acts as a compatibility layer allowing X11 applications like Steam to run.

Install xwayland via:

sudo apt install xwayland

Verify xwayland is active by running by printing the value of the $DISPLAY enviroment variable. This should return :0:

echo $DISPLAY

If the DISPLAY variable is not set, you can set it manually. The command export DISPLAY=:0 sets the DISPLAY environment variable to :0, telling graphical (a la X11) applications to render their graphical interface on the first local display (screen 0) of the local X server:

export DISPLAY=:0

Restart Wayland session

Restart your Wayland session to ensure xwayland starts with the compositor; an easy way to do that for Hyprland specifically would be:

hyprctl dispatch exit
dbus-run-session start-hyprland

Launch Steam

Finally, launch Steam from the application menu or via the terminal:

steam

By following these steps, you should be able to install and run Steam on your Devuan system using a Wayland-based desktop environment like Hyprland.

Kernel version: 6.12.48+deb13-amd64
Binary file: forgejo-13.0.3-linux-amd64
Partition scheme: / 12%, swap 12%, /home -1
Does these matters? I don't know but I have tried this steps only on systems having exactly the same specs like above, so if you get any error message related for example to swap memory and you have no swap then I won't know what to tell you but create a swap partition and try again.

# First, make sure the domain/host name on /etc/hosts it's like: IP <FQDN> <hostname>, for example for a local domain /etc/hosts should be like:
127.0.0.1    localhost
192.168.1.10 myhost.mydomain.home myhost
# Where 192.168.1.10 is the local network IP for your local forgejo host, to verify it then execute:

hostname -f

# The result should be for example:
myhost.mydomain.home
# This is a must since later we will use the variables FQDN and HOSTNAME to retreive those values automatically
# to generate the self signed cert and to avoid mistyping errors that could make the setup completely fail.

# Install dependencies

sudo apt install -y git git-lfs nginx openssl

# Download and install binary

wget https://codeberg.org/forgejo/forgejo/releases/download/v13.0.3/forgejo-13.0.3-linux-amd64
chmod +x forgejo-13.0.3-linux-amd64
sudo cp forgejo-13.0.3-linux-amd64 /usr/local/bin/forgejo
sudo chmod 755 /usr/local/bin/forgejo

# Create git user on the system. Forgejo will run as that user, and when accessing git through
# SSH (which is the default), this user is part of the URL (for example
# in: git clone git@git.example.com:YourOrg/YourRepo.git the "git" at the left of @ is the user you’ll create now).

sudo adduser --system --shell /bin/bash --gecos 'Git Version Control' \
  --group --disabled-password --home /home/git git

# Create the directory where Forgejo’s config, called app.ini it's stored in. Initially it needs to be writable by Forgejo,
# but after the installation you can make it read-only even for Forgejo because then it shouldn’t modify it anymore.

sudo mkdir -p /etc/forgejo/{ssl}
sudo chown -R root:git /etc/forgejo && sudo chmod -R 770 /etc/forgejo

# In this case, below will use the path "/home/git/" where Forgejo will store its data, including your repositories, 
# this in order to make it easier to preserve and backup when ussing separated /home partition and SQLite database,
# but that value can be modified to anything that suits best for you if you know what are you doing.

# Create Forgejo service file, copy and paste from #!/bin/sh line to "exit 0" line and save.

sudo nano /etc/init.d/forgejo

#!/bin/sh
### BEGIN INIT INFO
# Provides:          forgejo
# Required-Start:    $remote_fs $network $syslog
# Required-Stop:     $remote_fs $network $syslog
# Should-Start:      $local_fs
# Should-Stop:       $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Forgejo Git server daemon
# Description:       Starts, stops, and manages the Forgejo service.
### END INIT INFO

# Where Forgejo lives (binary, config, data)
FORGEJO_ROOT="/home/git/lib/forgejo"
FORGEJO_BINARY="/usr/local/bin/forgejo"
FORGEJO_WORK_DIR="/home/git/lib/forgejo"
FORGEJO_USER="git"
FORGEJO_GROUP="git"

# Config file
FORGEJO_CONFIG="/etc/forgejo/app.ini"

# Log files – same locations used by the systemd unit
FORGEJO_LOG_DIR="${FORGEJO_ROOT}/log"
STDOUT_LOG="${FORGEJO_LOG_DIR}/stdout.log"
STDERR_LOG="${FORGEJO_LOG_DIR}/stderr.log"

# PID file – used for status checks and clean shutdowns
PIDFILE="/var/run/forgejo.pid"

# Extra flags you might want to pass (e.g., --config)
DAEMON_OPTS="web --config ${FORGEJO_CONFIG}"

log_msg() {
    echo "[forgejo] $*"
}

# Ensure the binary exists before we try anything
[ -x "${FORGEJO_BINARY}" ] || {
    log_msg "Executable not found at ${FORGEJO_BINARY}. Aborting."
    exit 1
}

# Create log directory if missing
[ -d "${FORGEJO_LOG_DIR}" ] || mkdir -p "${FORGEJO_LOG_DIR}"
chown ${FORGEJO_USER}:${FORGEJO_GROUP} "${FORGEJO_LOG_DIR}"

do_start() {
    log_msg "Starting Forgejo…"
    # Run as the dedicated user, detach, and capture PID
    start-stop-daemon --start \
        --quiet \
        --background \
        --make-pidfile \
        --pidfile "${PIDFILE}" \
        --chuid "${FORGEJO_USER}:${FORGEJO_GROUP}" \
        --exec "${FORGEJO_BINARY}" \
        -- ${DAEMON_OPTS} >>"${STDOUT_LOG}" 2>>"${STDERR_LOG}"
    RET=$?
    [ $RET -eq 0 ] && log_msg "Forgejo started (PID $(cat ${PIDFILE}))"
    return $RET
}

do_stop() {
    log_msg "Stopping Forgejo…"
    if [ -f "${PIDFILE}" ]; then
        PID=$(cat "${PIDFILE}")
        start-stop-daemon --stop --quiet --pid "${PID}" --retry=TERM/30/KILL/5
        RET=$?
        [ $RET -eq 0 ] && rm -f "${PIDFILE}" && log_msg "Forgejo stopped"
    else
        log_msg "No PID file found – is Forgejo already stopped?"
        RET=1
    fi
    return $RET
}

do_restart() {
    do_stop && do_start
}

do_status() {
    if [ -f "${PIDFILE}" ]; then
        PID=$(cat "${PIDFILE}")
        if kill -0 "$PID" 2>/dev/null; then
            echo "Forgejo is running (PID $PID)"
            return 0
        else
            echo "Forgejo PID file exists but process is dead"
            return 1
        fi
    else
        echo "Forgejo is not running"
        return 3
    fi
}

case "$1" in
    start)
        do_start
        ;;
    stop)
        do_stop
        ;;
    restart|force-reload)
        do_restart
        ;;
    status)
        do_status
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 2
        ;;
esac

exit 0

# Make it executable

sudo chmod +x /etc/init.d/forgejo

# Enable the service auto-start at boot

sudo update-rc.d forgejo defaults

# Generate self signed cert and key

sudo openssl genrsa -out /etc/nginx/ssl/$(hostname).key 4096
sudo openssl req -x509 -new -nodes -key /etc/nginx/ssl/$(hostname).key -sha256 -days 365 -subj "/CN=$(hostname -f)" -reqexts v3_req -extensions v3_ca -out /etc/nginx/ssl/$(hostname).crt

# Change cert and key group permissions but maintaining root ownership

sudo chgrp git /etc/nginx/ssl/$(hostname).crt
sudo chmod 644 /etc/nginx/ssl/$(hostname).crt
sudo chgrp git /etc/nginx/ssl/$(hostname).key
sudo chmod 600 /etc/nginx/ssl/$(hostname).key

# Prevent git error: server verification failed: certificate signer not trusted for your local repo/server

git config --global http."https://$(hostname -f)/".sslCAInfo /etc/nginx/ssl/$(hostname).crt

# Copy the new certificate system wide (optional):

sudo cp /etc/nginx/ssl/$(hostname).crt /usr/local/share/ca-certificates/
sudo update-ca-certificates

# To prevent error: RPC failed; HTTP 413 curl 22 The requested URL returned error: 413

sudo nano /etc/nginx/nginx.conf

# Add this line inside the "http {" block

        # To prevent error: RPC failed; HTTP 413 curl 22 The requested URL returned error: 41
        client_max_body_size 500M;  # Increase limit from default 1MB to 500M

# Create the initial forgejo settings: copy, paste and enter (to pass the hostname values).

sudo tee /etc/forgejo/app.ini > /dev/null <<'EOF'
[server]
PROTOCOL                   = http
DOMAIN                     = $(hostname -d)
ROOT_URL                   = https://$(hostname -f)
APP_DATA_PATH              = /home/git/data
LOCAL_ROOT_URL             =

[session]
COOKIE_SECURE              = true
EOF

# Change /etc/forgejo/app.ini ownership

sudo chown git:git /etc/forgejo/app.ini
sudo chmod 644 /etc/forgejo/app.ini

# Create the NGINX site configuration: copy, paste, press enter.

sudo tee /etc/nginx/sites-available/forgejo.conf > /dev/null <<'EOF'
# --------------------------------------------------------------
# HTTP → HTTPS redirect (listen on port 80)
# --------------------------------------------------------------
server {
    listen 80;
    listen [::]:80;
    server_name $(hostname -f);
    
    # Redirect every request to the same URL but with https
    return 301 https://$host$request_uri;
}

# --------------------------------------------------------------
# TLS termination + reverse‑proxy to Forgejo (listen on 443)
# --------------------------------------------------------------
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    server_name $(hostname -f);

    # ----- TLS certificates -----
    ssl_certificate     /etc/nginx/ssl/$(hostname).crt;
    ssl_certificate_key /etc/nginx/ssl/$(hostname).key;

    # ----- Recommended SSL settings (Mozilla intermediate profile) -----
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_ciphers         HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_timeout 1d;
    ssl_session_cache   shared:SSL:10m;

    # ----- HSTS (force browsers to stay on HTTPS) -----
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    # ----- Proxy settings -----
    location / {
        # Forgejo runs internally on HTTP port 3000 (unchanged)
        proxy_pass http://127.0.0.1:3000;

        # Preserve original host and scheme for Forgejo’s own link generation
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Optional: increase timeout for large git pushes
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
    }

    # ----- Optional: static assets cache (speed up UI) -----
    location ~* \.(css|js|png|jpg|jpeg|svg|ico|woff2?)$ {
        expires 30d;
        add_header Cache-Control "public, immutable";
        try_files $uri @forgejo;
    }

    # Fallback to the main proxy block if the static file isn’t found
    location @forgejo {
        proxy_pass http://127.0.0.1:3000;
    }
}
EOF

# Enable the site & test the NGINX config

sudo ln -sf /etc/nginx/sites-available/forgejo.conf /etc/nginx/sites-enabled/

# Test syntax (very important!)

sudo nginx -t

# You should see:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

# Open firewall ports (if applicable)
# If you have ufw, firewalld, or a cloud‑provider security group, allow only 80 and 443 inbound:

# UFW example

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# (Optionally deny direct access to 3000 from outside)

sudo ufw deny 3000/tcp

# For firewalld:

sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --remove-port=3000/tcp --permanent   # optional
sudo firewall-cmd --reload

# Start both services

sudo service forgejo start
sudo service nginx start

# Finally, open your browser and go to http://<FQDN_here> to finish the setup.
# Yes, of course you will get the warning of self signed cert but other than that everything will work as intended.

If slimlock is set as the lock command in xfce4, it will not work correctly with sleep security. (Xfce Settings → Power Manager → System → Lock screen when system is going to sleep) Since xfce4 waits for the screenlocker to return before putting the system to sleep, the user sees the lock screen but the system will not sleep. Once the user unlocks the screen, then the system will go to sleep. Obviously this is not what the user wants.

Here's how to fix it.

Create the file /usr/local/bin/aslimlock.sh with these contents:

#!/bin/sh
/usr/bin/slimlock &
sleep 1
pgrep --parent ${$} --full --exact "/usr/bin/slimlock"

This script runs slimlock asynchronously, ensures that it is still running after one second, and returns a success or error code depending on the status.

Ensure this script is given execute permissions.

Now set aslimlock.sh as xfce4's lock command.

You can use the GUI: Navigate to Xfce Settings → Settings Editor → Channel: xfce4-session → Property: LockCommand; and enter /usr/local/bin/aslimlock.sh in the Value field.

Alternatively, you can use the command line:
xfconf-query --channel 'xfce4-session' --property '/general/LockCommand' --set '/usr/local/bin/aslimlock.sh'

The system will now correctly respond to a suspend request. The screen will lock and the system will enter sleep mode. On wake, the screen will be locked and awaiting a password.

thanks for the guide! as it was said in other posts I haven't found yet the time to write a comprehensive guide/documentation to runit, for several reason:
time constrains of course, but also parts of the runit debian integration are still under development and I prefer to finish before writing a guide (it will be obsolete soon otherwise).
I try to keep manpages up to date though, so I suggest reading

man invoke-run
man update-service
man cpsv

Also I try to keep README files in runit and runit-servics packages up to date

If not installed by default (not sure), I suggest to install apt-listchanges package
to read the NEWS during the upgrade (I do write NEWS when there are important changes)

that said let me add few comments on top of your guide:

this is correct and is the desired end state, however there are still packages (getty-run, openssh-server, acpid, tor, irqbalance and few others)
that are using the legacy layout and install the service directory directly in /etc/sv/ (without metafiles, the legacy runit-helper is used instead of trigger_sv): I still have to organize the transition.

be aware that, as the name may suggest, trigger_sv run as a dpkg trigger at the end of each apt operation (install/remove/upgrade), so the sync happens at runtime; then a sync was added to stage 2 to ensure that the first time you boot runit after an init-switch (sysvinit --> runit-init) the state of services is synched with defaults.
At runtime the trigger loop takes care of enable/disable services, but it also runs the second ("upgrade") loop that make sure that running services are restarted (or reloaded) when their binary is upgraded.
The upgrade loop is very important for security: if the running instance is not upgraded it may still be affected by CVEs while the package changelog claims the issue is fixed..

/etc/runit/2 is a conffile so dpkg will ask at upgrade if you want to keep your version or want to use the package version, no automatic overwrite will happen: but this wont stop the runtime dpkg trigger invocation.

If you want to override something (including metafiles) inside a service directory that is in /usr/share/runit/sv.current , the intended way is
create a copy in /etc/sv/ and maintain it by yourself (it won't be automatically overwirtten at upgrades, and there is no dpkg prompt so you have to import bugfixes by yourself).

(better if runit >= 2.2.0-7 is used for this)
As example for cron, you can do
(make sure there is no /etc/sv/cron dir first)

#cpsv p cron

than you can remove any symlink and replace it with a real file that includes your changes
to inspect the diff later you can do

#cpsv d cron

if you want to override *all* services dir in /usr/share/runit/sv.current then writing copies in /etc/sv/ is no longer practical: the metafiles interface and cpsv are designed to allow to roll your local/private collection in place of services provided by packages, but I haven't tested this myself yet and the operation is dangerous if done at runtime (if a directory disappear from runsvdir directory, the service is stopped, so guess what can happen if you switch the target of symlinks in /usr/share/runit/ the wrong way..) so I won't document it here for now.

Best,
Lorenzo

I mark this topic as RESOLVED

## Steps

### Prerequisites

    Login as superuser—initializing a full login environment:

su -

    Ensure the necessary packages are present:

apt install -y wget apt-transport-https gpg

    Download the Eclipse Adoptium GPG key:

wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor | tee /etc/apt/trusted.gpg.d/adoptium.gpg > /dev/null

### Configure the Eclipse Adoptium apt repository

    Create the adoptium.list file, with the proper repository information for the package manager (apt) to source from:

echo "deb https://packages.adoptium.net/artifactory/deb <distribution-release> main" > /etc/apt/sources.list.d/adoptium.list

    Update apt's repositories:

apt update

### Installation

Install the Temurin version required:

apt install temurin-<version>-jdk

Of course you have to it is a fat32 file system it does not use forward slashes for a directory seperator.

The list of all repositories:
https://pkgmaster.devuan.org/mirror_list.txt

##On server side ### you can execute these via SSH as well.

#Install the required packages for TOTPs:

sudo apt install -y oathtool libpam-oath qrencode keyutils

#Make a backup copy of /etc/ssh/sshd_config

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config~

#Update the SSH daemon configuration in /etc/ssh/sshd_config

sudo nano /etc/ssh/sshd_config

# Make sure this options are enabled
ChallengeResponseAuthentication yes
KbdInteractiveAuthentication yes
UsePAM yes

#Generate a secure hex secret key for the current user using sha256sum and store it in keyctl to keep the key_id as variable only:

KEY_ID=$(keyctl add user hex_secret $(head -15 /dev/urandom | sha256sum | cut -b 1-30) @s)

     
#Add the secret to the /etc/users.oath file without actually echoing it:

echo "HOTP/T30/6 $USER - $(keyctl pipe $KEY_ID)" | sudo tee -a /etc/users.oath > /dev/null

 
#File /etc/users.oath must be readable and writable only by root to maintain security.

sudo chmod 600 /etc/users.oath

   
# Generate a QR code for the user’s authenticator app:

TKNTITLE="Your token title here"

BASE32_SECRET=$(oathtool --verbose --totp "$(keyctl pipe $KEY_ID)" --digits=6 -w 1 | grep Base32 | cut -d ' ' -f 3)

qrencode --type=ANSIUTF8 "otpauth://totp/$TKNTITLE:$USER@$HOSTNAME?secret=$BASE32_SECRET&issuer=$TKNTITLE&digits=6"

#Scan the previous QR code with your Authenticator app.

#Configure PAM to use pam_oath.

sudo nano /etc/pam.d/sshd

#add the following two lines at the top of the file, before the @include common-auth line:
# TOTPs config
auth requisite pam_oath.so usersfile=/etc/users.oath window=20 digits=6

#Restart the SSH service to apply changes:

sudo service ssh restart && exit

# At this point your user can log in via SSH using a dynamically generated OTP from your authenticator app.
# Please notice this wont work from any workstations that you have SSH password-less authentication since the purpose for this guide is mostly to prevent brute force password attacks.

Now from you will have to enter an OTP (Authenticator app) and your user password after, the ssh login screen it will look like:

(user@XX.XXX.X.XXX) One-time password (OATH) for `user':

(user@XX.XXX.X.XXX) Password:

# To disable the OTP auth then make the new /etc/ssh/sshd_config as backup, restore the original file and restart ssh service

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config-2fa

sudo cp /etc/ssh/sshd_config~ /etc/ssh/sshd_config

sudo service ssh restart

# This way you can switch back and fourt if you need.

# Finally lets create a passwordless key based authentication for SSH from your workstation(s) as plan B.

Password-less key based authentication

## On client/workstation side ##
# Create a new ssh key with Ed25519

ssh-keygen -t ed25519 -a 100 -f ~/.ssh/id_ed25519 -C "$USER@$HOSTNAME-$(date +%F)"

#Enter the same password that you have for your user, this will keep things easier

# Copy the new ssh key to server

ssh-copy-id -i ~/.ssh/id_ed25519.pub $USER@<SERVER_NAME/IP>

# This copied the user key to the file ~/.ssh/authorized_keys on server, in other words, to remove password-less authentication for this server then on the same server:

rm ~/.ssh/authorized_keys

# Now you can connect like "ssh <SERVER_NAME/IP>" and wont be asked to enter a password or even a 2FA,
# this simply to avoid having to use the Authenticator app every time from your own trusted workstations.
# or in worst case scenario, if for any reason you can't use your phone or usb key at the moment.
# You can have as many client/workstation keys as you want, just make sure you keep your username as constant.

Tested with Devuan 6 (Excalibur) but it should work the same with previous versions.

Note:
This setup will give you a working xserver without the need for a displaymanager or a desktop enviroment.

1. List all available video drivers in the repos with a short description

apt-cache search xserver-xorg-video-.* | pager

2. Install the one(s) you need

apt-get install xserver-xorg-video-Your_GPU_Vendor_Here

3. Install the minimum packages to get a working and useable xserver

apt-get install x11-xserver-utils xfonts-100dpi xfonts-75dpi xfonts-base xfonts-scalable xinit xorg xserver-xorg-input-kbd xserver-xorg-input-libinput xserver-xorg-input-mouse

4. Install a window manager (I use evilwm, but you can use what ever you want)

apt-get install evilwm

5. Install a terminal emulator (I use rxvt-unicode, but you can use what ever you want)

apt-get install rxvt-unicode

6. Install a hotkey utility to start programs with keybindings
I use keylaunch since ages.
Sadly the developer has dropped it, but the deb-files for it are still available here:
https://packages.debian.org/bullseye/keylaunch
It still works on Devuan 5 Daedalus and on Devuan 6 Excalibur.
It is very small, it only dependencies are libc6 and libx11-6 (so packages every system has normally) and has only one configuration file in text format, wich is pretty easy to understand and to edit.

Download the deb-file you need and install it with:

dpkg --install keylaunch_1.3.9+b2_amd64.deb

7. Create the configuration file for keylaunch in the home directory of the user who will run the xsession

touch ~.keylaunchrc

8. Edit the configuration file for keylaunch
Put this at the top of the file content, it explains the whole file:

# Format:
# key=...KeyName:Command
#
# ... No modifier
# *.. Shift
# .*. Ctrl
# ..* Alt

And then some actual binding, here for example to start the rxvt-unicode terminal emulator:

key=*.*t:rxvt-unicode

This means, when you in a running xsession, you can press and hold down Shift and Alt and then press t and this will spawn a terminal.
Of course you can use the hotkey combination you like the most, this is just an example.

9. Create a xinit file in the home directory of the user who will run the xsession

touch ~/.xinitrc

10. Put the starting command for the windowmanager in that file, so that the windowmanager will start right after the xsession has started

evilwm

This is an example, if you use a different windowmanager than evilwm, use the start command of that instead.

11. Reboot your computer

reboot

You need to do this for the drivers, so you could have done it before, but to do it after setting all things up is easier.

12. Start the xsession with the prefered user (so the user who has the .xinitrc and .keylaunchrc files in the home directory).

startx

13. End the xsession by killing the windowmanager

pidof evilwm | xargs kill