docs/server-os/posts/01-alpine-install.md: update

Added post installation section, consisting of repository setup,
firmware and drivers installation, swap setup and user setup.

docs/server-os/posts/01-alpine-install.md

@@ -1,13 +1,13 @@
 ---
 title: Alpine Linux base installation
 slug: alpine-linux-base-install
-date: 2024-08-30
+date: 2024-08-12
 draft: false
 authors:
     - luc
+    - nils
 tags:
     - Alpine Linux
-    - Linux
 categories: 
     - Base installation
 ---
@@ -336,4 +336,127 @@ sh# exit
 sh# umount -lf /mnt
 sh# zpool export rpool
 sh# reboot
-```
+```
+
+## Post installation
+
+### Repositories
+
+To set the correct repositories configure:
+
+``` shell title="/etc/apk/repositories"
+https://dl-cdn.alpinelinux.org/alpine/latest-stable/main
+https://dl-cdn.alpinelinux.org/alpine/latest-stable/community
+```
+
+This will use the latest stable repository of Alpine (for example `v3.19`). To use a different version of Alpine simply change `latest-stable` to whatever version you want. Do note that you cannot (easily) downgrade your system's version. 
+
+There is also the `edge` repository which contains the latest packages, but is not recommended, due to the instability it imposes on the system.
+
+> If a package is not yet in a stable release one may additionally configure:
+>
+> ``` shell title="/etc/apk/repositories"
+> @<repository> https://dl-cdn.alpinelinux.org/alpine/edge/<repository>
+> ```
+>
+> for the relevant `<repository>` and perform:
+>
+> ``` shell-session
+> sh# apk add <package>@<repository>
+> ```
+>
+> for the relevant `<package>`. 
+
+### Firmware and drivers
+
+Install the device firmware for either AMD or Intel:
+
+=== "AMD"
+
+    ``` shell-session
+    sh# apk add amd-ucode
+    ```
+
+=== "Intel"
+
+    ``` shell-session
+    sh# apk add intel-ucode
+    ```
+
+To make sure it is included during boot, regenerate the UKI with:
+
+``` shell-session
+sh# apk fix kernel-hooks
+```
+
+### Swap
+
+To configure Swap install `zram-init`:
+
+``` shell-session
+sh# apk add zram-init
+```
+
+and add it to the default runlevel:
+
+``` shell-session
+sh# rc-update add zram-init default
+```
+
+Configure `zram-init` by editing:
+
+``` shell title="/etc/conf.d/zram-init"
+num_devices=<n>
+
+# swap - 500M
+
+#size0=512
+size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'`
+```
+
+Now the size of the swap device will be one fourth of the ram size. 
+
+### Users
+
+To run applications securely, in an environment with fewer privileges, a user is necessary. 
+
+Before creating the user, install `doas`. To be able to "do as" root when it is required:
+
+``` shell-session
+sh# apk add doas
+```
+
+and configure `doas` by editing:
+
+``` shell title="/etc/doas.d/wheel.conf"
+permit persist :wheel as root
+```
+
+A user can be added in Alpine Linux with the `setup-user` script. Here we can specify the name, groups and more:
+
+```
+# setup-user -g wheel <username>
+# passwd <username>
+```
+
+You may have to change the shell of the user in `/etc/passwd` from `/sbin/nologin` to a shell from `/etc/shells`. Alpine Linux comes with `/bin/ash` by default:
+
+``` shell title="/etc/passwd"
+<username>:x:1234:1234:<Full Name>:/home/<username>:/bin/<shell>
+```
+
+If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
+
+```
+# passwd -l root
+```
+
+and by changing its login shell to:
+
+``` shell title="/etc/passwd"
+root:x:0:0:root:/root:/sbin/nologin
+```
+
+## Concluding remarks
+
+This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the optimisation of the security of the system and the configuration of the container management software.