container-server/setup/alpine-setup.md

177 lines
3.5 KiB
Markdown
Raw Normal View History

# Alpine Host Setup
Setup steps for alpine container host using podman compose.
For usage with docker compose, the following parts (might) need adjustment
- Mount point for lv_containers
- Installed packages
- iptables/awall rules
Download standard iso from https://alpinelinux.org/downloads/
## live system
boot from downloaded iso
### setup-alpine
```sh
setup-alpine
```
- Keyboard: `us-us` (adjust if needed)
- set hostname
- Network: `eth0`, `dhcp`, manual `n`
- set root password
- Timezone: `Europe/Berlin` (adjust if preferred)
- Proxy: `none`
- apk mirror: `f` (detect automatically)
- add user to your liking
- SSH server: `openssh`
- Select disk: `sda`
- Disk Setup: `lvm`, then `sys`
- Erase disk: `y`
Setup lvm before reboot
### LVM
https://wiki.archlinux.org/title/LVM
```sh
# install some needed packages
apk add lvm-extra e2fsprogs-extra
# list existing LVs
lvs
# resize existing and create missing LVs
lvresize -L <SIZE>G [-r] /dev/vg0/<LV>
lvcreate -L <SIZE>G -n <LV NAME> vg0
lvcreate -l 100%FREE -n lv_srv vg0
# init filesystem for each newly created LV
mkfs.ext4 /dev/vg/<LV>
```
```
LV LSize Mount
lv_root 8.00g /
lv_logs 4.00g /var/log
lv_containers 20.00g /var/lib/containers
lv_srv =REST /srv
lv_swap =RAM swap
```
## Reboot into installed system
Remove/reorder boot iso. Reboot via hardreset, qemo-guest not functional yet!
### SSHD
```sh
vi /etc/ssh/sshd_config
```
- `Port 222`
- `PermitRootLogin no`
- `AllowTcpForwarding yes`
### Installed Packages
Uncomment community repo in `/etc/apk/repositories`
```sh
apk update && apk upgrade && apk add \
gettext \
git \
nano \
tmux \
tree \
zsh \
docker \
docker-compose \
docker-zsh-completion \
docker-compose-zsh-completion \
awall \
qemu-guest-agent \ # depends on your KVM/virtualization situation
doas \
podman \
doas-sudo-shim \
py3-pip \ # requirement for podman-compose
```
### sudo/doas config
https://wiki.archlinux.org/title/Doas
```sh
echo permit persist csp > /etc/doas.conf
chown -c root:root /etc/doas.conf
chmod -c 0400 /etc/doas.conf
doas -C /etc/doas.conf && echo "config ok" || echo "config error"
```
### ZSH
```sh
sudo nano /etc/passwd
```
- Change to `/bin/zsh` for desired user.
### ohmyzsh
https://ohmyz.sh/#install
```sh
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
```
- Theme: bira
### fstab
```sh
sudo nano /etc/fstab
```
fstab content:
```
/dev/vg0/lv_root / ext4 rw,relatime 0 1
/dev/vg0/lv_logs /var/log ext4 rw,relatime 0 2
/dev/vg0/lv_containers /var/lib/containers ext4 rw,relatime 0 2
/dev/vg0/lv_srv /srv ext4 rw,relatime 0 2
```
### awall
https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/
https://github.com/alpinelinux/awall/blob/master/README.md
https://ipset.netfilter.org/iptables-extensions.man.html#lbAO
If error `modprobe: FATAL: Module ip_tables not found...` -> reboot
```sh
cd /etc/awall/optional
ln -s /opt/container-server/setup/awall/* .
awall enable {default,ssh,hhtp}
awall activate
podman network reload --all
```
### podman + podman-compose
https://wiki.alpinelinux.org/wiki/Podman
```sh
rc-update add docker
# rc-update add cgroups
# rc-service cgroups start
```
https://github.com/containers/podman-compose#installation
```sh
pip3 install podman-compose
```