ampel/blog
2
0
Fork 0
Code Issues Pull requests Activity

docs/server-os/posts/01-alpine-install.md: update

Browse source
This commit is contained in:
Luc Bijl 2025-08-16 15:13:22 +02:00
parent 090e412f5b
commit 3871127f43
1 changed files with 17 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

33
docs/server-os/posts/01-alpine-install.md
View file

@ -154,7 +154,7 @@ sh# zfs create -o mountpoint=/home -o atime=off -o setuid=off -o devices=off -o
Write the encryption key to TPM with `zlevis`: Write the encryption key to TPM with `zlevis`:
``` shell-session ``` shell-session
sh# zlevis encrypt rpool '{"pcr_ids":"0,1,7"}' < /tmp/rpool.key #(1)! sh# zlevis encrypt rpool '{"pcr_ids":"0,5,7"}' < /tmp/rpool.key #(1)!
``` ```
1. See [zlevis functionality](https://docs.ampel.dev/zlevis/functionality/) to see the functionality of each `pcr_id`, and the other options that can be set. 1. See [zlevis functionality](https://docs.ampel.dev/zlevis/functionality/) to see the functionality of each `pcr_id`, and the other options that can be set.
@ -393,25 +393,26 @@ To configure Swap install `zram-init`:
sh# apk add zram-init sh# apk add zram-init
``` ```
and add it to the default runlevel: Configure `zram-init` to create a swap device of size one fourth of the ram size:
``` shell title="/etc/conf.d/zram-init"
load_on_start="yes"
unload_on_stop="yes"
num_devices="1"
type0="swap"
size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'`
maxs0=1
algo0=zstd
labl0=zram_swap
```
and add `zram-init` to the default runlevel:
``` shell-session ``` shell-session
sh# rc-update add zram-init default sh# rc-update add zram-init default
``` ```
Configure `zram-init` by editing:
``` shell title="/etc/conf.d/zram-init"
num_devices=<n>
# swap - 500M
#size0=512
size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'`
```
Now the size of the swap device will be one fourth of the ram size.
### Users ### Users
To run applications securely, in an environment with fewer privileges, a user is necessary. To run applications securely, in an environment with fewer privileges, a user is necessary.
@ -455,4 +456,4 @@ root:x:0:0:root:/root:/sbin/nologin
## Concluding remarks ## Concluding remarks
This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the improvement of the security of the system and the configuration of the container management software. This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the improvement of the security of the system and the configuration of the container management software.