200 lines
3.4 KiB
Markdown
200 lines
3.4 KiB
Markdown
# Alpine Host Setup
|
|
|
|
Setup steps for alpine container host using docker compose.
|
|
|
|
Download standard iso from https://alpinelinux.org/downloads/
|
|
|
|
## live system
|
|
|
|
boot from downloaded iso
|
|
|
|
### setup-alpine
|
|
|
|
```sh
|
|
setup-alpine
|
|
```
|
|
|
|
- Keyboard: `us-us` (adjust if needed)
|
|
- set hostname
|
|
- Network: `eth0`, `dhcp`, manual `n`
|
|
- set root password
|
|
- Timezone: `Europe/Berlin` (adjust if preferred)
|
|
- Proxy: `none`
|
|
- apk mirror: `f` (detect automatically)
|
|
- add user to your liking
|
|
- SSH server: `openssh`
|
|
- Select disk: `sda`
|
|
- Disk Setup: `lvm`, then `sys`
|
|
- Erase disk: `y`
|
|
|
|
**Setup lvm before reboot!**
|
|
|
|
### LVM
|
|
|
|
https://wiki.archlinux.org/title/LVM
|
|
|
|
```sh
|
|
# install some needed packages
|
|
apk add lvm2-extra e2fsprogs-extra device-mapper
|
|
# list existing LVs
|
|
lvs
|
|
# resize existing and create missing LVs
|
|
lvresize -L <SIZE>G [-r] /dev/vg0/<LV>
|
|
lvcreate -L <SIZE>G -n <LV NAME> vg0
|
|
lvcreate -l 100%FREE -n lv_srv vg0
|
|
# init filesystem for each newly created LV
|
|
mkfs.ext4 /dev/vg0/<LV>
|
|
```
|
|
|
|
```
|
|
LV LSize Mount
|
|
lv_root 8.00g /
|
|
lv_logs 4.00g /var/log
|
|
lv_containers 20.00g /var/lib/containers
|
|
lv_srv =REST /srv
|
|
lv_swap =RAM swap
|
|
```
|
|
|
|
## Reboot into installed system
|
|
|
|
Remove/reorder boot iso. Reboot via hardreset, qemu-guest not functional yet!
|
|
|
|
### SSHD
|
|
|
|
```sh
|
|
vi /etc/ssh/sshd_config
|
|
```
|
|
|
|
- `Port 222`
|
|
- `PermitRootLogin no`
|
|
- `AllowTcpForwarding yes`
|
|
|
|
```sh
|
|
service sshd restart
|
|
```
|
|
|
|
### sudo
|
|
|
|
```sh
|
|
apk update && apk add sudo
|
|
visudo
|
|
```
|
|
|
|
Uncomment `%wheel ALL=(ALL:ALL) ALL` to allow users in 'wheel' group to use sudo.
|
|
|
|
## From here on you can use ssh and sudo
|
|
|
|
```sh
|
|
ssh -p 222 <username>@<hostname>
|
|
```
|
|
|
|
### Installed Packages
|
|
|
|
```sh
|
|
sudo vi /etc/apk/repositories
|
|
```
|
|
|
|
Uncomment community repo
|
|
|
|
```sh
|
|
sudo apk update && sudo apk upgrade && sudo apk add \
|
|
gettext \
|
|
awall \
|
|
docker \
|
|
docker-compose \
|
|
docker-zsh-completion \
|
|
git \
|
|
htop \
|
|
nano \
|
|
nftables \
|
|
qemu-guest-agent \
|
|
sudo \
|
|
tree \
|
|
zsh \
|
|
|
|
# currently not available in alpine 3.18:
|
|
docker-compose-zsh-completion \
|
|
```
|
|
|
|
### zsh
|
|
|
|
```sh
|
|
sudo nano /etc/passwd
|
|
```
|
|
|
|
- Change to `/bin/zsh` for desired user.
|
|
|
|
#### ohmyzsh
|
|
|
|
https://ohmyz.sh/#install
|
|
|
|
```sh
|
|
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
|
|
```
|
|
|
|
- Theme: amuse
|
|
|
|
### fstab
|
|
|
|
```sh
|
|
sudo nano /etc/fstab
|
|
```
|
|
|
|
fstab content:
|
|
|
|
```
|
|
/dev/vg0/lv_root / ext4 rw,relatime 0 1
|
|
/dev/vg0/lv_logs /var/log ext4 rw,relatime 0 2
|
|
/dev/vg0/lv_containers /var/lib/containers ext4 rw,relatime 0 2
|
|
/dev/vg0/lv_srv /srv ext4 rw,relatime 0 2
|
|
```
|
|
|
|
To mount all:
|
|
|
|
```sh
|
|
sudo mount -a
|
|
```
|
|
|
|
### ntp
|
|
|
|
```sh
|
|
rc-update add ntpd
|
|
service ntpd start
|
|
```
|
|
|
|
### checkout repo
|
|
|
|
```sh
|
|
cd /opt
|
|
sudo git clone <this repo's url>
|
|
```
|
|
|
|
### awall
|
|
|
|
https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/
|
|
https://github.com/alpinelinux/awall/blob/master/README.md
|
|
https://ipset.netfilter.org/iptables-extensions.man.html#lbAO
|
|
|
|
If error `modprobe: FATAL: Module ip_tables not found...` -> reboot
|
|
|
|
```sh
|
|
cd /etc/awall/optional
|
|
sudo ln -vs /opt/container-server/setup/awall/* .
|
|
sudo awall enable {default,ssh,http}
|
|
sudo awall activate
|
|
```
|
|
|
|
### docker
|
|
|
|
https://wiki.alpinelinux.org/wiki/Docker
|
|
|
|
```sh
|
|
rc-update add docker
|
|
service docker start
|
|
```
|
|
|
|
### cron
|
|
|
|
```sh
|
|
cp -r /opt/container-server/setup/cron/* /etc/periodic/
|
|
```
|