Carsten Sprung
43955ad352
mailserver added proxy log transformer added manage enabled services via text file instead of renaming docker-compose files
176 lines
3.5 KiB
Markdown
176 lines
3.5 KiB
Markdown
# Alpine Host Setup
|
|
|
|
Setup steps for alpine container host using podman compose.
|
|
|
|
For usage with docker compose, the following parts (might) need adjustment
|
|
|
|
- Mount point for lv_containers
|
|
- Installed packages
|
|
- iptables/awall rules
|
|
|
|
Download standard iso from https://alpinelinux.org/downloads/
|
|
|
|
## live system
|
|
|
|
boot from downloaded iso
|
|
|
|
### setup-alpine
|
|
|
|
```sh
|
|
setup-alpine
|
|
```
|
|
|
|
- Keyboard: `us-us` (adjust if needed)
|
|
- set hostname
|
|
- Network: `eth0`, `dhcp`, manual `n`
|
|
- set root password
|
|
- Timezone: `Europe/Berlin` (adjust if preferred)
|
|
- Proxy: `none`
|
|
- apk mirror: `f` (detect automatically)
|
|
- add user to your liking
|
|
- SSH server: `openssh`
|
|
- Select disk: `sda`
|
|
- Disk Setup: `lvm`, then `sys`
|
|
- Erase disk: `y`
|
|
|
|
Setup lvm before reboot
|
|
|
|
### LVM
|
|
|
|
https://wiki.archlinux.org/title/LVM
|
|
|
|
```sh
|
|
# install some needed packages
|
|
apk add lvm-extra e2fsprogs-extra
|
|
# list existing LVs
|
|
lvs
|
|
# resize existing and create missing LVs
|
|
lvresize -L <SIZE>G [-r] /dev/vg0/<LV>
|
|
lvcreate -L <SIZE>G -n <LV NAME> vg0
|
|
lvcreate -l 100%FREE -n lv_srv vg0
|
|
# init filesystem for each newly created LV
|
|
mkfs.ext4 /dev/vg/<LV>
|
|
```
|
|
|
|
```
|
|
LV LSize Mount
|
|
lv_root 8.00g /
|
|
lv_logs 4.00g /var/log
|
|
lv_containers 20.00g /var/lib/containers
|
|
lv_srv =REST /srv
|
|
lv_swap =RAM swap
|
|
```
|
|
|
|
## Reboot into installed system
|
|
|
|
Remove/reorder boot iso. Reboot via hardreset, qemo-guest not functional yet!
|
|
|
|
### SSHD
|
|
|
|
```sh
|
|
vi /etc/ssh/sshd_config
|
|
```
|
|
|
|
- `Port 222`
|
|
- `PermitRootLogin no`
|
|
- `AllowTcpForwarding yes`
|
|
|
|
### Installed Packages
|
|
|
|
Uncomment community repo in `/etc/apk/repositories`
|
|
|
|
```sh
|
|
apk update && apk upgrade && apk add \
|
|
gettext \
|
|
git \
|
|
nano \
|
|
tmux \
|
|
tree \
|
|
zsh \
|
|
docker \
|
|
docker-compose \
|
|
docker-zsh-completion \
|
|
docker-compose-zsh-completion \
|
|
awall \
|
|
qemu-guest-agent \ # depends on your KVM/virtualization situation
|
|
doas \
|
|
podman \
|
|
doas-sudo-shim \
|
|
py3-pip \ # requirement for podman-compose
|
|
```
|
|
|
|
### sudo/doas config
|
|
|
|
https://wiki.archlinux.org/title/Doas
|
|
|
|
```sh
|
|
echo permit persist csp > /etc/doas.conf
|
|
chown -c root:root /etc/doas.conf
|
|
chmod -c 0400 /etc/doas.conf
|
|
doas -C /etc/doas.conf && echo "config ok" || echo "config error"
|
|
```
|
|
|
|
### ZSH
|
|
|
|
```sh
|
|
sudo nano /etc/passwd
|
|
```
|
|
|
|
- Change to `/bin/zsh` for desired user.
|
|
|
|
### ohmyzsh
|
|
|
|
https://ohmyz.sh/#install
|
|
|
|
```sh
|
|
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
|
|
```
|
|
|
|
- Theme: bira
|
|
|
|
### fstab
|
|
|
|
```sh
|
|
sudo nano /etc/fstab
|
|
```
|
|
|
|
fstab content:
|
|
|
|
```
|
|
/dev/vg0/lv_root / ext4 rw,relatime 0 1
|
|
/dev/vg0/lv_logs /var/log ext4 rw,relatime 0 2
|
|
/dev/vg0/lv_containers /var/lib/containers ext4 rw,relatime 0 2
|
|
/dev/vg0/lv_srv /srv ext4 rw,relatime 0 2
|
|
```
|
|
|
|
### awall
|
|
|
|
https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/
|
|
https://github.com/alpinelinux/awall/blob/master/README.md
|
|
https://ipset.netfilter.org/iptables-extensions.man.html#lbAO
|
|
|
|
If error `modprobe: FATAL: Module ip_tables not found...` -> reboot
|
|
|
|
```sh
|
|
cd /etc/awall/optional
|
|
ln -s /opt/container-server/setup/awall/* .
|
|
awall enable {default,ssh,hhtp}
|
|
awall activate
|
|
podman network reload --all
|
|
```
|
|
|
|
### podman + podman-compose
|
|
|
|
https://wiki.alpinelinux.org/wiki/Podman
|
|
|
|
```sh
|
|
rc-update add docker
|
|
# rc-update add cgroups
|
|
# rc-service cgroups start
|
|
```
|
|
|
|
https://github.com/containers/podman-compose#installation
|
|
|
|
```sh
|
|
pip3 install podman-compose
|
|
```
|