container-server/setup/alpine-setup.md

3.3 KiB

Alpine Host Setup

Setup steps for alpine container host using docker compose.

Download standard iso from https://alpinelinux.org/downloads/

live system

boot from downloaded iso

setup-alpine

setup-alpine
  • Keyboard: us-us (adjust if needed)
  • set hostname
  • Network: eth0, dhcp, manual n
  • set root password
  • Timezone: Europe/Berlin (adjust if preferred)
  • Proxy: none
  • apk mirror: f (detect automatically)
  • add user to your liking
  • SSH server: openssh
  • Select disk: sda
  • Disk Setup: lvm, then sys
  • Erase disk: y

Setup lvm before reboot!

LVM

https://wiki.archlinux.org/title/LVM

# install some needed packages
apk add lvm2-extra e2fsprogs-extra device-mapper
# list existing LVs
lvs
# resize existing and create missing LVs
lvresize -L <SIZE>G [-r] /dev/vg0/<LV>
lvcreate -L <SIZE>G -n <LV NAME> vg0
lvcreate -l 100%FREE -n lv_srv vg0
# init filesystem for each newly created LV
mkfs.ext4 /dev/vg0/<LV>
LV                LSize  Mount
lv_root           8.00g  /
lv_logs           4.00g  /var/log
lv_containers    20.00g  /var/lib/containers
lv_srv            =REST  /srv
lv_swap            =RAM  swap

Reboot into installed system

Remove/reorder boot iso. Reboot via hardreset, qemu-guest not functional yet!

SSHD

vi /etc/ssh/sshd_config
  • Port 222
  • PermitRootLogin no
  • AllowTcpForwarding yes
service sshd restart

sudo

apk update && apk add sudo
visudo

Uncomment %wheel ALL=(ALL:ALL) ALL to allow users in 'wheel' group to use sudo.

From here on you can use ssh and sudo

ssh -p 222 <username>@<hostname>

Installed Packages

sudo vi /etc/apk/repositories

Uncomment community repo

sudo apk update && sudo apk upgrade && sudo apk add \
    gettext \
    awall \
    docker \
    docker-compose \
    docker-zsh-completion \
    git \
    htop \
    nano \
    qemu-guest-agent \
    sudo \
    tree \
    zsh \

    # currently not available in alpine 3.18:
    docker-compose-zsh-completion \

zsh

sudo nano /etc/passwd
  • Change to /bin/zsh for desired user.

ohmyzsh

https://ohmyz.sh/#install

sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
  • Theme: amuse

fstab

sudo nano /etc/fstab

fstab content:

/dev/vg0/lv_root        /                       ext4    rw,relatime 0 1
/dev/vg0/lv_logs        /var/log                ext4    rw,relatime 0 2
/dev/vg0/lv_containers  /var/lib/containers     ext4    rw,relatime 0 2
/dev/vg0/lv_srv         /srv                    ext4    rw,relatime 0 2

To mount all:

sudo mount -a

checkout repo

cd /opt
sudo git clone https://git.csprung.de/carsten/container-server.git

awall

https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/
https://github.com/alpinelinux/awall/blob/master/README.md
https://ipset.netfilter.org/iptables-extensions.man.html#lbAO

If error modprobe: FATAL: Module ip_tables not found... -> reboot

cd /etc/awall/optional
sudo ln -vs /opt/container-server/setup/awall/* .
sudo awall enable {default,ssh,http}
sudo awall activate

docker

https://wiki.alpinelinux.org/wiki/Docker

rc-update add docker
service docker start