4.7 KiB
Alpine Host Setup
Setup steps for alpine container host using docker compose.
Download standard iso from https://alpinelinux.org/downloads/
live system
boot from downloaded iso
setup-alpine
setup-alpine
- Keyboard:
us-us
(adjust if needed) - set hostname
- Network:
eth0
,dhcp
, manualn
- set root password
- Timezone:
Europe/Berlin
(adjust if preferred) - Proxy:
none
- apk mirror:
f
(detect automatically) - add user to your liking
- SSH server:
openssh
- Select disk:
sda
(depending on your system) - Disk Setup:
lvm
, thensys
- Erase disk:
y
Setup lvm (see next step) before reboot!
LVM
https://wiki.archlinux.org/title/LVM
# install some needed packages (only installed in live system)
apk add lvm2-extra e2fsprogs-extra device-mapper
# list existing LVs
lvs
# resize existing and create missing LVs
lvresize -L <SIZE>G [-r] /dev/vg0/<LV>
lvcreate -L <SIZE>G -n <LV NAME> vg0
lvcreate -l 100%FREE -n <LV NAME> vg0
# init filesystem for each newly created LV
mkfs.ext4 /dev/vg0/<LV>
LV LSize Mount
lv_root 8.00g /
lv_logs 4.00g /var/log
lv_containers 20.00g /var/lib/containers
lv_swap =RAM swap
lv_srv =REST /srv
Reboot into installed system
Remove/reorder boot iso. Reboot via hardreset, qemu-guest not functional yet!
SSHD
vi /etc/ssh/sshd_config
Port 222
PermitRootLogin no
AllowTcpForwarding yes
service sshd restart
sudo
apk update && apk add sudo
visudo
Uncomment %wheel ALL=(ALL:ALL) ALL
to allow users in 'wheel' group to use sudo.
From here on you can use ssh and sudo
ssh -p 222 <username>@<hostname>
sudo -i # use only for setup, it's not good practice to use a root shell!
Installed Packages
Enable community repo (uncomment line):
vi /etc/apk/repositories
Install needed packages. Check and adjust to your needs.
apk update && apk upgrade && apk add \
gettext \
awall \
curl \
docker \
docker-zsh-completion \
git \
htop \
nano \
qemu-guest-agent \
sudo \
tree \
wireguard-tools \
zsh \
zsh
nano /etc/passwd
- Change to
/bin/zsh
for desired user.
ohmyzsh
sh -c "$(wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -)"
- Theme: amuse
export EDITOR=nano
fstab
nano /etc/fstab
fstab content:
/dev/vg0/lv_root / ext4 rw,relatime 0 1
/dev/vg0/lv_logs /var/log ext4 rw,relatime 0 2
/dev/vg0/lv_containers /var/lib/containers ext4 rw,relatime 0 2
/dev/vg0/lv_srv /srv ext4 rw,relatime 0 2
To mount all:
mount -a
ntp
rc-update add ntpd
service ntpd start
checkout repo
cd /opt
git clone <this repo's url>
awall
https://www.cyberciti.biz/faq/how-to-set-up-a-firewall-with-awall-on-alpine-linux/
https://github.com/alpinelinux/awall/blob/master/README.md
https://ipset.netfilter.org/iptables-extensions.man.html#lbAO
If error modprobe: FATAL: Module ip_tables not found...
-> reboot
cd /etc/awall/optional
ln -vs /opt/container-server/setup/awall/* .
awall enable {default,ssh,http}
awall activate
docker
https://wiki.alpinelinux.org/wiki/Docker https://docs.docker.com/engine/logging/drivers/local/
mkdir -p /etc/docker
cd /etc/docker
ln -vs /opt/container-server/setup/docker/daemon.json .
rc-update add docker
service docker start
docker-compose
https://docs.docker.com/compose/install/standalone/
docker-compose in system packages or pip is outdated, we need to install it manually
curl -SL https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
mta
Allow system to send mail
setup-mta
Set outgoing mail server to localhost
cron
Link the crons:
mkdir -p /etc/periodic/always/
for part in /opt/container-server/setup/cron/*; do
ln -vs $part/* /etc/periodic/${part##*/}/
done
Update crontab:
crontab -e
Add first line: MAILTO=cron@<your domain>
Add following cron entry: * * * * * run-parts /etc/periodic/always
cgroup mode
To allow woodpecker build Dockerfiles, set correct cgroup mode.
nano /etc/rc.conf
reboot
Set rc_cgroup_mode="unified
memory overcommit
https://redis.io/docs/latest/develop/get-started/faq/#background-saving-fails-with-a-fork-error-on-linux https://www.kernel.org/doc/Documentation/vm/overcommit-accounting
cd /etc/sysctl.d
ln -vs /opt/container-server/setup/sysctl.d/* .