Setting Up Alpine Linux

https://wiki.alpinelinux.org/wiki/Tutorials_and_Howtos

New Server Checklist: https://drewdevault.com/new-server

Setting Up Users and Permissions

https://flak.tedunangst.com/post/doas-mastery

“Unix never says please.” – Rob Pike

The real intent of sudo is to enable the root user to delegate to one or two non-root users, access to one or two specific privileged commands that they need on a regular basis. The reasoning behind this is that of the lazy sysadmin; allowing the users access to a command or two that requires elevated privileges and that they use constantly, many times per day, saves the SysAdmin a lot of requests from the users and eliminates the wait time that the users would otherwise experience. But most non-root users should never have full root access, just to the few commands that they need.

https://www.redhat.com/sysadmin/sysadmins-dont-sudo

https://kifarunix.com/run-only-specific-commands-with-sudo-in-linux/

https://www.atrixnet.com/allow-an-unprivileged-user-to-run-a-certain-command-with-sudo/

https://www.2daygeek.com/allow-permit-normal-user-group-to-run-certain-particular-commands-as-root-with-sudo/

https://ostechnix.com/add-delete-and-grant-sudo-privileges-to-users-in-alpine-linux/

https://wiki.alpinelinux.org/wiki/Setting_up_a_new_user

Enabling Repositories

cat > /etc/apk/repositories << EOF
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community
EOF

Then update your repositories:

apk update

apk Package Manager

Side note: a great place to find packages is https://pkgs.org/

Install a package with:

apk add packagename

Remove a package with:

apk del packagename

List installed packages with:

apk info

OpenRC

https://wiki.alpinelinux.org/wiki/Alpine_Linux_Init_System

Firewall

https://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall

https://wiki.alpinelinux.org/wiki/Uncomplicated_Firewall

Tailscale

apk add tailscale --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/

NSD

apk add nsd

Start and install service:

rc-service nsd start // Starts service
rc-update add nsd // Starts service on startup

Validate DNS Settings at https://intodns.com/ or https://dnsinspect.com/

Tip: If you are using a Hotspot, don't forget to clear DNS cache on that too!

https://calomel.org/nsd_dns.html

https://drewdevault.com/2016/12/06/A-broad-intro-to-networking.html

https://www.netmeister.org/blog/dns-rrs.html

Apache2

apk add apache2 apache2-proxy apache2-ssl

Start and install service:

rc-service apache2 start // Starts service
rc-update add apache2 // Starts service on startup

Uncomment the following in /etc/apache2/httpd.conf to enable mod_rewrite

#LoadModule rewrite_module modules/mod_rewrite.so

Then to apply your settings:

rc-service apache2 restart

Uacme - SSL Certificates

This is way too easy for the amount of time it took to figure out.

apk add uacme
mkdir /etc/ssl/uacme.d/
uacme -v -c /etc/ssl/uacme.d new
uacme -v -c /etc/ssl/uacme.d issue kk6mrp.com *.kk6mrp.com

If you don't get the dns-01 challenge right off, press any key but 'y' and then enter.

You can then press Ctrl+Z to put that process in the background.

Create the following DNS record substituting key_auth for the key provided in the ACME Challenge:

_acme-challenge IN TXT "key_auth"

Save and reload NSD:

rc-service nsd stop
rc-service nsd start

Enter 'fg' to return to the uacme process and type 'y' followed by return to finish the challenge.

The resulting certificate files will be located here if the challenge completes successfully:

/path/to/uacme.d/kk6mrp.com/cert.pem
/path/to/uacme.d/private/kk6mrp.com/key.pem

PHP

apk add php7 php7-pdo php7-apache2 php7-sqlite3 php7-gd php7-json php7-session php7-ctype

Increase the maximum upload file size from 2 Mb to 5 Mb in /etc/php7/php.ini

upload_max_filesize = 2M

Then to apply your settings:

rc-service apache2 restart

PHP-FPM

https://wiki.alpinelinux.org/wiki/Apache_with_php-fpm

SQLite

apk add sqlite

Vim

apk add vim

Wordpress

To set up wordpress, download the latest version and extract:

curl -O https://wordpress.org/latest.tar.gz
tar -zxf latest.tar.gz

Copy db.php to wordpress/wp-content/db.php and remember to change ownership to the webserver user.

If you encounter the following error:

Your PHP installation appears to be missing the MySQL extension which is required by WordPress.

you will need to install "php7-pdo_mysql"

apk add php7-pdo_mysql

and then to fix:

PDO Driver for SQLite is missing. Your PHP installation appears not to have the right PDO drivers loaded. These are required for this version of WordPress and the type of database you have specified.

you will presumably need to install "php7-pdo_sqlite" but the last time I tried this I spent six hours trying to get it going only for it to start working on its own :/

apk add php7-pdo_sqlite

Then to apply your settings:

rc-service apache2 restart

Webmail

https://sr.ht/~migadu/alps/

https://cypht.org/

Filestash

Install Docker, download docker compose, install and run

apk add docker docker-compose
addgroup username docker
rc-update add docker boot
service docker start
docker-compose pull
docker-compose up -d

Grafana

doas apk add grafana gcompat

To edit configuration you'll want /etc/grafana.ini

Networking with iwd

https://gist.github.com/pojntfx/d323ade1305098d306980363237023ec

To set up iwd, make sure the wpa_supplicant and networking services are disabled, then perform the following:

apk add iwd dbus
echo "[General]\nEnableNetworkConfiguration=true" >> /etc/iwd/main.conf
rc-service iwd start
rc-service dbus start
rc-update add iwd boot
rc-update add dbus default

To connect to a network use the following command:

iwctl station wlan0 connect "SSID"

Or to connect to a hidden network use:

iwctl station wlan0 connect-hidden "SSID"

Creating Packages

https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package