# Alpine Host Setup Setup steps for alpine container host using docker compose. Download standard iso from https://alpinelinux.org/downloads/ ## live system boot from downloaded iso ### setup-alpine ```sh setup-alpine ``` - Keyboard: `us-us` (adjust if needed) - set hostname - Network: `eth0`, `dhcp`, manual `n` - set root password - Timezone: `Europe/Berlin` (adjust if preferred) - Proxy: `none` - apk mirror: `f` (detect automatically) - add user to your liking - SSH server: `openssh` - Select disk: `sda` (depending on your system) - Disk Setup: `lvm`, then `sys` - Erase disk: `y` **Setup lvm (see next step) before reboot!** ### LVM https://wiki.archlinux.org/title/LVM ```sh # install some needed packages (only installed in live system) apk add lvm2-extra e2fsprogs-extra device-mapper # list existing LVs lvs # resize existing and create missing LVs lvresize -L G [-r] /dev/vg0/ lvcreate -L G -n vg0 lvcreate -l 100%FREE -n vg0 # init filesystem for each newly created LV mkfs.ext4 /dev/vg0/ ``` ``` LV LSize Mount lv_root 8.00g / lv_logs 4.00g /var/log lv_containers 20.00g /var/lib/containers lv_swap =RAM swap lv_srv =REST /srv ``` ## Reboot into installed system Remove/reorder boot iso. Reboot via hardreset, qemu-guest not functional yet! ### SSHD ```sh vi /etc/ssh/sshd_config ``` - `Port 222` - `PermitRootLogin no` - `AllowTcpForwarding yes` ```sh service sshd restart ``` ### sudo ```sh apk update && apk add sudo visudo ``` Uncomment `%wheel ALL=(ALL:ALL) ALL` to allow users in 'wheel' group to use sudo. ## From here on you can use ssh and sudo ```sh ssh -p 222 @ sudo -i # use only for setup, it's not good practice to use a root shell! ``` ### Installed Packages Enable community repo (uncomment line): ```sh vi /etc/apk/repositories ``` Install needed packages. Check and adjust to your needs. ```sh apk update && apk upgrade && apk add \ gettext \ awall \ curl \ docker \ docker-zsh-completion \ git \ htop \ nano \ qemu-guest-agent \ sudo \ tree \ wireguard-tools \ zsh \ ``` ### zsh ```sh nano /etc/passwd ``` - Change to `/bin/zsh` for desired user. #### ohmyzsh https://ohmyz.sh/#install ```sh sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)" ``` - Theme: amuse - `export EDITOR=nano` ### fstab ```sh nano /etc/fstab ``` fstab content: ``` /dev/vg0/lv_root / ext4 rw,relatime 0 1 /dev/vg0/lv_logs /var/log ext4 rw,relatime 0 2 /dev/vg0/lv_containers /var/lib/containers ext4 rw,relatime 0 2 /dev/vg0/lv_srv /srv ext4 rw,relatime 0 2 ``` To mount all: ```sh mount -a ``` ### ntp ```sh rc-update add ntpd service ntpd start ``` ### checkout repo ```sh cd /opt git clone ``` ### awall https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/ https://github.com/alpinelinux/awall/blob/master/README.md https://ipset.netfilter.org/iptables-extensions.man.html#lbAO If error `modprobe: FATAL: Module ip_tables not found...` -> reboot ```sh cd /etc/awall/optional ln -vs /opt/container-server/setup/awall/* . awall enable {default,ssh,http} awall activate ``` ### docker https://wiki.alpinelinux.org/wiki/Docker https://docs.docker.com/engine/logging/drivers/local/ ```sh mkdir -p /etc/docker cd /etc/docker ln -vs /opt/container-server/setup/docker/daemon.json . rc-update add docker service docker start ``` ### docker-compose https://docs.docker.com/compose/install/standalone/ docker-compose in system packages or pip is outdated, we need to install it manually ```sh curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose ``` ### mta Allow system to send mail ```sh setup-mta ``` Set outgoing mail server to localhost ### cron Link the crons: ```sh mkdir -p /etc/periodic/always/ for part in /opt/container-server/setup/cron/*; do ln -vs $part/* /etc/periodic/${part##*/}/ done ``` Update crontab: ```sh crontab -e ``` Add first line: `MAILTO=cron@` Add following cron entry: `* * * * * run-parts /etc/periodic/always` ### cgroup mode To allow woodpecker build Dockerfiles, set correct cgroup mode. ```sh nano /etc/rc.conf reboot ``` Set `rc_cgroup_mode="unified` ### memory overcommit https://redis.io/docs/latest/develop/get-started/faq/#background-saving-fails-with-a-fork-error-on-linux https://www.kernel.org/doc/Documentation/vm/overcommit-accounting ```sh cd /etc/sysctl.d ln -vs /opt/container-server/setup/sysctl.d/* . ```