From 81bd613c6cfcab65a07dc7337392eb7633b278b1 Mon Sep 17 00:00:00 2001 From: Luc Date: Wed, 23 Jul 2025 10:49:14 +0200 Subject: [PATCH] docs/server-os/posts/01-alpine-install.md: update Added post installation section, consisting of repository setup, firmware and drivers installation, swap setup and user setup. --- docs/server-os/posts/01-alpine-install.md | 129 +++++++++++++++++++++- 1 file changed, 126 insertions(+), 3 deletions(-) diff --git a/docs/server-os/posts/01-alpine-install.md b/docs/server-os/posts/01-alpine-install.md index 1873c03..959fe0f 100644 --- a/docs/server-os/posts/01-alpine-install.md +++ b/docs/server-os/posts/01-alpine-install.md @@ -1,13 +1,13 @@ --- title: Alpine Linux base installation slug: alpine-linux-base-install -date: 2024-08-30 +date: 2024-08-12 draft: false authors: - luc + - nils tags: - Alpine Linux - - Linux categories: - Base installation --- @@ -336,4 +336,127 @@ sh# exit sh# umount -lf /mnt sh# zpool export rpool sh# reboot -``` \ No newline at end of file +``` + +## Post installation + +### Repositories + +To set the correct repositories configure: + +``` shell title="/etc/apk/repositories" +https://dl-cdn.alpinelinux.org/alpine/latest-stable/main +https://dl-cdn.alpinelinux.org/alpine/latest-stable/community +``` + +This will use the latest stable repository of Alpine (for example `v3.19`). To use a different version of Alpine simply change `latest-stable` to whatever version you want. Do note that you cannot (easily) downgrade your system's version. + +There is also the `edge` repository which contains the latest packages, but is not recommended, due to the instability it imposes on the system. + +> If a package is not yet in a stable release one may additionally configure: +> +> ``` shell title="/etc/apk/repositories" +> @ https://dl-cdn.alpinelinux.org/alpine/edge/ +> ``` +> +> for the relevant `` and perform: +> +> ``` shell-session +> sh# apk add @ +> ``` +> +> for the relevant ``. + +### Firmware and drivers + +Install the device firmware for either AMD or Intel: + +=== "AMD" + + ``` shell-session + sh# apk add amd-ucode + ``` + +=== "Intel" + + ``` shell-session + sh# apk add intel-ucode + ``` + +To make sure it is included during boot, regenerate the UKI with: + +``` shell-session +sh# apk fix kernel-hooks +``` + +### Swap + +To configure Swap install `zram-init`: + +``` shell-session +sh# apk add zram-init +``` + +and add it to the default runlevel: + +``` shell-session +sh# rc-update add zram-init default +``` + +Configure `zram-init` by editing: + +``` shell title="/etc/conf.d/zram-init" +num_devices= + +# swap - 500M + +#size0=512 +size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'` +``` + +Now the size of the swap device will be one fourth of the ram size. + +### Users + +To run applications securely, in an environment with fewer privileges, a user is necessary. + +Before creating the user, install `doas`. To be able to "do as" root when it is required: + +``` shell-session +sh# apk add doas +``` + +and configure `doas` by editing: + +``` shell title="/etc/doas.d/wheel.conf" +permit persist :wheel as root +``` + +A user can be added in Alpine Linux with the `setup-user` script. Here we can specify the name, groups and more: + +``` +# setup-user -g wheel +# passwd +``` + +You may have to change the shell of the user in `/etc/passwd` from `/sbin/nologin` to a shell from `/etc/shells`. Alpine Linux comes with `/bin/ash` by default: + +``` shell title="/etc/passwd" +:x:1234:1234::/home/:/bin/ +``` + +If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with: + +``` +# passwd -l root +``` + +and by changing its login shell to: + +``` shell title="/etc/passwd" +root:x:0:0:root:/root:/sbin/nologin +``` + +## Concluding remarks + +This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the optimisation of the security of the system and the configuration of the container management software. \ No newline at end of file