2022-11-13 01:10:26 +01:00
|
|
|
# Alpine Host Setup
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
Setup steps for alpine container host using docker compose.
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
Download standard iso from https://alpinelinux.org/downloads/
|
|
|
|
|
|
|
|
## live system
|
|
|
|
|
|
|
|
boot from downloaded iso
|
|
|
|
|
|
|
|
### setup-alpine
|
|
|
|
|
|
|
|
```sh
|
|
|
|
setup-alpine
|
|
|
|
```
|
|
|
|
|
|
|
|
- Keyboard: `us-us` (adjust if needed)
|
|
|
|
- set hostname
|
|
|
|
- Network: `eth0`, `dhcp`, manual `n`
|
|
|
|
- set root password
|
|
|
|
- Timezone: `Europe/Berlin` (adjust if preferred)
|
|
|
|
- Proxy: `none`
|
|
|
|
- apk mirror: `f` (detect automatically)
|
|
|
|
- add user to your liking
|
|
|
|
- SSH server: `openssh`
|
|
|
|
- Select disk: `sda`
|
|
|
|
- Disk Setup: `lvm`, then `sys`
|
|
|
|
- Erase disk: `y`
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
**Setup lvm before reboot!**
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
### LVM
|
|
|
|
|
|
|
|
https://wiki.archlinux.org/title/LVM
|
|
|
|
|
|
|
|
```sh
|
|
|
|
# install some needed packages
|
2023-08-09 11:34:50 +02:00
|
|
|
apk add lvm2-extra e2fsprogs-extra device-mapper
|
2022-11-13 01:10:26 +01:00
|
|
|
# list existing LVs
|
|
|
|
lvs
|
|
|
|
# resize existing and create missing LVs
|
|
|
|
lvresize -L <SIZE>G [-r] /dev/vg0/<LV>
|
|
|
|
lvcreate -L <SIZE>G -n <LV NAME> vg0
|
|
|
|
lvcreate -l 100%FREE -n lv_srv vg0
|
|
|
|
# init filesystem for each newly created LV
|
2023-08-09 11:34:50 +02:00
|
|
|
mkfs.ext4 /dev/vg0/<LV>
|
2022-11-13 01:10:26 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
```
|
|
|
|
LV LSize Mount
|
|
|
|
lv_root 8.00g /
|
|
|
|
lv_logs 4.00g /var/log
|
|
|
|
lv_containers 20.00g /var/lib/containers
|
|
|
|
lv_srv =REST /srv
|
|
|
|
lv_swap =RAM swap
|
|
|
|
```
|
|
|
|
|
|
|
|
## Reboot into installed system
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
Remove/reorder boot iso. Reboot via hardreset, qemu-guest not functional yet!
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
### SSHD
|
|
|
|
|
|
|
|
```sh
|
|
|
|
vi /etc/ssh/sshd_config
|
|
|
|
```
|
|
|
|
|
|
|
|
- `Port 222`
|
|
|
|
- `PermitRootLogin no`
|
2022-11-22 20:46:51 +01:00
|
|
|
- `AllowTcpForwarding yes`
|
2022-11-13 01:10:26 +01:00
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
```sh
|
|
|
|
service sshd restart
|
|
|
|
```
|
|
|
|
|
|
|
|
### sudo
|
|
|
|
|
|
|
|
```sh
|
|
|
|
apk update && apk add sudo
|
|
|
|
visudo
|
|
|
|
```
|
|
|
|
|
|
|
|
Uncomment `%wheel ALL=(ALL:ALL) ALL` to allow users in 'wheel' group to use sudo.
|
|
|
|
|
|
|
|
## From here on you can use ssh and sudo
|
|
|
|
|
|
|
|
```sh
|
|
|
|
ssh -p 222 <username>@<hostname>
|
2023-09-19 22:28:39 +02:00
|
|
|
sudo -i # use only for setup, it's not good practice to use a root shell!
|
2023-08-09 11:34:50 +02:00
|
|
|
```
|
|
|
|
|
2022-11-13 01:10:26 +01:00
|
|
|
### Installed Packages
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
```sh
|
2023-09-19 22:28:39 +02:00
|
|
|
vi /etc/apk/repositories
|
2023-08-09 11:34:50 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
Uncomment community repo
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
```sh
|
2023-09-19 22:28:39 +02:00
|
|
|
apk update && apk upgrade && apk add \
|
2022-11-13 01:10:26 +01:00
|
|
|
gettext \
|
2023-08-09 11:34:50 +02:00
|
|
|
awall \
|
|
|
|
docker \
|
|
|
|
docker-compose \
|
|
|
|
docker-zsh-completion \
|
2022-11-13 01:10:26 +01:00
|
|
|
git \
|
2023-08-09 11:34:50 +02:00
|
|
|
htop \
|
2022-11-13 01:10:26 +01:00
|
|
|
nano \
|
2023-08-09 11:34:50 +02:00
|
|
|
qemu-guest-agent \
|
|
|
|
sudo \
|
2022-11-13 01:10:26 +01:00
|
|
|
tree \
|
|
|
|
zsh \
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
# currently not available in alpine 3.18:
|
|
|
|
docker-compose-zsh-completion \
|
2022-11-13 01:10:26 +01:00
|
|
|
```
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
### zsh
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
```sh
|
2023-09-19 22:28:39 +02:00
|
|
|
nano /etc/passwd
|
2022-11-13 01:10:26 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
- Change to `/bin/zsh` for desired user.
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
#### ohmyzsh
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
https://ohmyz.sh/#install
|
|
|
|
|
|
|
|
```sh
|
|
|
|
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
|
|
|
|
```
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
- Theme: amuse
|
2023-09-19 22:28:39 +02:00
|
|
|
- `export EDITOR=nano`
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
### fstab
|
|
|
|
|
|
|
|
```sh
|
2023-09-19 22:28:39 +02:00
|
|
|
nano /etc/fstab
|
2022-11-13 01:10:26 +01:00
|
|
|
```
|
|
|
|
|
|
|
|
fstab content:
|
|
|
|
|
|
|
|
```
|
|
|
|
/dev/vg0/lv_root / ext4 rw,relatime 0 1
|
|
|
|
/dev/vg0/lv_logs /var/log ext4 rw,relatime 0 2
|
|
|
|
/dev/vg0/lv_containers /var/lib/containers ext4 rw,relatime 0 2
|
|
|
|
/dev/vg0/lv_srv /srv ext4 rw,relatime 0 2
|
|
|
|
```
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
To mount all:
|
|
|
|
|
|
|
|
```sh
|
2023-09-19 22:28:39 +02:00
|
|
|
mount -a
|
2023-08-09 11:34:50 +02:00
|
|
|
```
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
### ntp
|
|
|
|
|
|
|
|
```sh
|
|
|
|
rc-update add ntpd
|
|
|
|
service ntpd start
|
|
|
|
```
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
### checkout repo
|
|
|
|
|
|
|
|
```sh
|
|
|
|
cd /opt
|
2023-09-19 22:28:39 +02:00
|
|
|
git clone <this repo's url>
|
2023-08-09 11:34:50 +02:00
|
|
|
```
|
|
|
|
|
2022-11-13 01:10:26 +01:00
|
|
|
### awall
|
|
|
|
|
|
|
|
https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/
|
|
|
|
https://github.com/alpinelinux/awall/blob/master/README.md
|
|
|
|
https://ipset.netfilter.org/iptables-extensions.man.html#lbAO
|
|
|
|
|
|
|
|
If error `modprobe: FATAL: Module ip_tables not found...` -> reboot
|
|
|
|
|
|
|
|
```sh
|
2022-11-23 21:44:02 +01:00
|
|
|
cd /etc/awall/optional
|
2023-09-19 22:28:39 +02:00
|
|
|
ln -vs /opt/container-server/setup/awall/* .
|
|
|
|
awall enable {default,ssh,http}
|
|
|
|
awall activate
|
2022-11-13 01:10:26 +01:00
|
|
|
```
|
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
### docker
|
2022-11-13 01:10:26 +01:00
|
|
|
|
2023-08-09 11:34:50 +02:00
|
|
|
https://wiki.alpinelinux.org/wiki/Docker
|
2022-11-13 01:10:26 +01:00
|
|
|
|
|
|
|
```sh
|
2022-12-10 18:16:50 +01:00
|
|
|
rc-update add docker
|
2023-08-09 11:34:50 +02:00
|
|
|
service docker start
|
2022-11-13 01:10:26 +01:00
|
|
|
```
|
2023-09-13 22:33:47 +02:00
|
|
|
|
2023-09-19 22:28:39 +02:00
|
|
|
### mta
|
|
|
|
|
|
|
|
Allow system to send mail
|
|
|
|
|
|
|
|
```sh
|
|
|
|
setup-mta
|
|
|
|
```
|
|
|
|
|
|
|
|
Set outgoing mail server to localhost
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
### cron
|
|
|
|
|
2023-09-19 22:28:39 +02:00
|
|
|
```sh
|
|
|
|
crontab -e
|
|
|
|
```
|
|
|
|
Add first line: `MAILTO=cron@<your domain>`.
|
|
|
|
|
|
|
|
|
2023-09-13 22:33:47 +02:00
|
|
|
```sh
|
2023-10-18 19:54:47 +02:00
|
|
|
ln -vs /opt/container-server/setup/cron/daily/* /etc/periodic/daily/
|
|
|
|
ln -vs /opt/container-server/setup/cron/weekly/* /etc/periodic/weekly/
|
2023-09-13 22:33:47 +02:00
|
|
|
```
|
2023-09-24 22:47:56 +02:00
|
|
|
|
|
|
|
### localhost alias
|
|
|
|
|
|
|
|
Add alias ip to allow other containers (e.g. through woodpecker ci) to trigger watchtower update.
|
|
|
|
|
|
|
|
```sh
|
|
|
|
nano /etc/networking/interfaces
|
|
|
|
service networking restart
|
|
|
|
```
|
|
|
|
|
|
|
|
Add following lines to `auto lo` config block. Replace the ip address with the value you set as `WATCHTOWER_IP` in `.env` (e.g. 10.10.10.10).
|
|
|
|
|
|
|
|
```
|
|
|
|
iface lo inet static
|
|
|
|
address <IP ADDRESS>
|
|
|
|
```
|
|
|
|
|
|
|
|
### cgroup mode
|
|
|
|
|
|
|
|
To allow woodpecker build Dockerfiles, set correct cgroup mode.
|
|
|
|
|
|
|
|
```sh
|
|
|
|
nano /etc/rc.conf
|
|
|
|
reboot
|
|
|
|
```
|
|
|
|
|
|
|
|
Set `rc_cgroup_mode="unified`
|