diff --git a/docs/server-os/posts/01-alpine-install.md b/docs/server-os/posts/01-alpine-install.md index 8f3d0a9..2c9eace 100644 --- a/docs/server-os/posts/01-alpine-install.md +++ b/docs/server-os/posts/01-alpine-install.md @@ -154,7 +154,7 @@ sh# zfs create -o mountpoint=/home -o atime=off -o setuid=off -o devices=off -o Write the encryption key to TPM with `zlevis`: ``` shell-session -sh# zlevis encrypt rpool '{"pcr_ids":"0,1,7"}' < /tmp/rpool.key #(1)! +sh# zlevis encrypt rpool '{"pcr_ids":"0,5,7"}' < /tmp/rpool.key #(1)! ``` 1. See [zlevis functionality](https://docs.ampel.dev/zlevis/functionality/) to see the functionality of each `pcr_id`, and the other options that can be set. @@ -393,25 +393,26 @@ To configure Swap install `zram-init`: sh# apk add zram-init ``` -and add it to the default runlevel: +Configure `zram-init` to create a swap device of size one fourth of the ram size: + +``` shell title="/etc/conf.d/zram-init" +load_on_start="yes" +unload_on_stop="yes" +num_devices="1" + +type0="swap" +size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'` +maxs0=1 +algo0=zstd +labl0=zram_swap +``` + +and add `zram-init` to the default runlevel: ``` shell-session sh# rc-update add zram-init default ``` -Configure `zram-init` by editing: - -``` shell title="/etc/conf.d/zram-init" -num_devices= - -# swap - 500M - -#size0=512 -size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'` -``` - -Now the size of the swap device will be one fourth of the ram size. - ### Users To run applications securely, in an environment with fewer privileges, a user is necessary. @@ -455,4 +456,4 @@ root:x:0:0:root:/root:/sbin/nologin ## Concluding remarks -This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the improvement of the security of the system and the configuration of the container management software. \ No newline at end of file +This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the improvement of the security of the system and the configuration of the container management software.