From 090e412f5beb89f8b2feb0b98182cf3f49917ef4 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sat, 16 Aug 2025 15:06:01 +0200 Subject: [PATCH 1/4] docs/desktop-os/posts/02-gentoo-openrc-install.md: update --- docs/desktop-os/posts/02-gentoo-openrc-install.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/desktop-os/posts/02-gentoo-openrc-install.md b/docs/desktop-os/posts/02-gentoo-openrc-install.md index 0cb6a71..a261631 100644 --- a/docs/desktop-os/posts/02-gentoo-openrc-install.md +++ b/docs/desktop-os/posts/02-gentoo-openrc-install.md @@ -214,7 +214,7 @@ PORTAGE_LOGDIR_CLEAN="find \"\${PORTAGE_LOGDIR}\" -type f ! -name \"summary.log* ACCEPT_LICENSE="-* @FREE" # USE flags -USE="${USE} -debug -telemetry -modemmanager -ext* -ppp -systemd -elogind -X -kde -gnome -gtk-doc -webengine hardened dist-kernel udev initramfs hostonly secureboot modules-sign apparmor acpi networkmanager dbus hwaccel bash-completion man pam pipewire vulkan wayland jpeg png svg" #(2)! +USE="${USE} -debug -telemetry -modemmanager -ext* -ppp -systemd -elogind -X -kde -gnome -gtk-doc -webengine hardened dist-kernel udev initramfs hostonly secureboot modules-sign apparmor acpi networkmanager dbus hwaccel bash-completion man pam pipewire vulkan wayland eme-free jpeg png svg" #(2)! # Emerge flags EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --with-bdeps y --quiet-build y" @@ -242,8 +242,8 @@ Configure some key aspects of the system: ``` shell-session sh# echo > /etc/hostname -sh# echo TZ="/usr/share/zoneinfo//" > /etc/env.d/timezone -sh# echo MUSL_LOCPATH="/usr/share/i18n/locales/musl" > /etc/env.d/musl_locales #(1)! +sh# echo TZ="/usr/share/zoneinfo//" > /etc/env.d/00tz +sh# echo MUSL_LOCPATH="/usr/share/i18n/locales/musl" > /etc/env.d/01locales #(1)! sh# env-update && source /etc/profile sh# eselect locale set #(2)! sh# rc-update add ntpd default @@ -599,4 +599,4 @@ For users to be able to modify connections on the system they will have to be ad ## Concluding remarks -This is the bare minimum for a Gentoo Linux desktop system. Some additional features such as bluetooth, laptop battery management, printer compatiblity, et cetera, have been documented well in the [Gentoo Wiki](https://wiki.gentoo.org/wiki/Main_Page), and can thus be found there. The next steps are the improvement of the security of the system and the configuration of the graphical session. \ No newline at end of file +This is the bare minimum for a Gentoo Linux desktop system. Some additional features such as bluetooth, laptop battery management, printer compatiblity, et cetera, have been documented well in the [Gentoo Wiki](https://wiki.gentoo.org/wiki/Main_Page), and can thus be found there. The next steps are the improvement of the security of the system and the configuration of the graphical session. From 3871127f433f0be064bc0435500a6a1fa6721593 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sat, 16 Aug 2025 15:13:22 +0200 Subject: [PATCH 2/4] docs/server-os/posts/01-alpine-install.md: update --- docs/server-os/posts/01-alpine-install.md | 33 ++++++++++++----------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/docs/server-os/posts/01-alpine-install.md b/docs/server-os/posts/01-alpine-install.md index 8f3d0a9..2c9eace 100644 --- a/docs/server-os/posts/01-alpine-install.md +++ b/docs/server-os/posts/01-alpine-install.md @@ -154,7 +154,7 @@ sh# zfs create -o mountpoint=/home -o atime=off -o setuid=off -o devices=off -o Write the encryption key to TPM with `zlevis`: ``` shell-session -sh# zlevis encrypt rpool '{"pcr_ids":"0,1,7"}' < /tmp/rpool.key #(1)! +sh# zlevis encrypt rpool '{"pcr_ids":"0,5,7"}' < /tmp/rpool.key #(1)! ``` 1. See [zlevis functionality](https://docs.ampel.dev/zlevis/functionality/) to see the functionality of each `pcr_id`, and the other options that can be set. @@ -393,25 +393,26 @@ To configure Swap install `zram-init`: sh# apk add zram-init ``` -and add it to the default runlevel: +Configure `zram-init` to create a swap device of size one fourth of the ram size: + +``` shell title="/etc/conf.d/zram-init" +load_on_start="yes" +unload_on_stop="yes" +num_devices="1" + +type0="swap" +size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'` +maxs0=1 +algo0=zstd +labl0=zram_swap +``` + +and add `zram-init` to the default runlevel: ``` shell-session sh# rc-update add zram-init default ``` -Configure `zram-init` by editing: - -``` shell title="/etc/conf.d/zram-init" -num_devices= - -# swap - 500M - -#size0=512 -size0=`LC_ALL=C free -m | awk '/^mem:/{print int($2/4)}'` -``` - -Now the size of the swap device will be one fourth of the ram size. - ### Users To run applications securely, in an environment with fewer privileges, a user is necessary. @@ -455,4 +456,4 @@ root:x:0:0:root:/root:/sbin/nologin ## Concluding remarks -This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the improvement of the security of the system and the configuration of the container management software. \ No newline at end of file +This is essentially it, you now have a fully operational alpine base system running, configured for server use. The next steps are the improvement of the security of the system and the configuration of the container management software. From e063a86dfff59752357d0c4f6a9efad943f1f72c Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sat, 16 Aug 2025 15:18:25 +0200 Subject: [PATCH 3/4] docs/server-os/posts/03-container-management-podman-runit.md: update --- docs/server-os/posts/03-container-management-podman-runit.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/server-os/posts/03-container-management-podman-runit.md b/docs/server-os/posts/03-container-management-podman-runit.md index 384785f..ebdcfa1 100644 --- a/docs/server-os/posts/03-container-management-podman-runit.md +++ b/docs/server-os/posts/03-container-management-podman-runit.md @@ -104,7 +104,7 @@ sh$ podman run --rm hello-world To run a single container create: -``` shell title="~/.config/sv//run" +``` shell title="~/.config/sv/{container-name}/run" #!/bin/sh command="/usr/bin/podman" @@ -360,4 +360,4 @@ Make it executable and link it to the service directory: ``` shell-session sh$ chmod +x ~/.config/sv/caddy/run sh$ ln -s /.config/sv/caddy /.local/service -``` \ No newline at end of file +``` From 7cb603a4158114abda79cd1dd49d384f24950d89 Mon Sep 17 00:00:00 2001 From: Luc Bijl Date: Sat, 16 Aug 2025 15:26:11 +0200 Subject: [PATCH 4/4] mkdocs.yml: change license --- mkdocs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mkdocs.yml b/mkdocs.yml index fdf4420..5b03df1 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -1,6 +1,6 @@ site_name: Ampel Blog site_url: https://blog.ampel.dev -copyright: This work is dedicated to the public domain under the Creative Commons CC0 public domain dedication. +copyright: "\copyright 2022-2025 Ampel Authors: This work is licensed under the CC-BY-NC-SA-4.0 license" repo_name: ampel/blog repo_url: https://git.ampel.dev/ampel/blog @@ -69,4 +69,4 @@ nav: - 'Desktop OS': - desktop-os/index.md - 'Server OS': - - server-os/index.md \ No newline at end of file + - server-os/index.md