Setting Up Alpine Linux
https://wiki.alpinelinux.org/wiki/Tutorials_and_Howtos
New Server Checklist: https://drewdevault.com/new-server
Setting Up Users and Permissions
https://flak.tedunangst.com/post/doas-mastery
“Unix never says please.” – Rob Pike
The real intent of sudo is to enable the root user to delegate to one or two non-root users, access to one or two specific privileged commands that they need on a regular basis. The reasoning behind this is that of the lazy sysadmin; allowing the users access to a command or two that requires elevated privileges and that they use constantly, many times per day, saves the SysAdmin a lot of requests from the users and eliminates the wait time that the users would otherwise experience. But most non-root users should never have full root access, just to the few commands that they need.
https://www.redhat.com/sysadmin/sysadmins-dont-sudo
https://kifarunix.com/run-only-specific-commands-with-sudo-in-linux/
https://www.atrixnet.com/allow-an-unprivileged-user-to-run-a-certain-command-with-sudo/
https://ostechnix.com/add-delete-and-grant-sudo-privileges-to-users-in-alpine-linux/
https://wiki.alpinelinux.org/wiki/Setting_up_a_new_user
Enabling Repositories
cat > /etc/apk/repositories << EOF
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main
http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community
EOFThen update your repositories:
apk updateapk Package Manager
Side note: a great place to find packages is https://pkgs.org/
Install a package with:
apk add packagenameRemove a package with:
apk del packagenameList installed packages with:
apk infoOpenRC
https://wiki.alpinelinux.org/wiki/Alpine_Linux_Init_System
Firewall
https://wiki.alpinelinux.org/wiki/How-To_Alpine_Wall
https://wiki.alpinelinux.org/wiki/Uncomplicated_Firewall
Tailscale
apk add tailscale --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/NSD
apk add nsdStart and install service:
rc-service nsd start // Starts service
rc-update add nsd // Starts service on startupValidate DNS Settings at https://intodns.com/ or https://dnsinspect.com/
Tip: If you are using a Hotspot, don't forget to clear DNS cache on that too!
https://calomel.org/nsd_dns.html
https://drewdevault.com/2016/12/06/A-broad-intro-to-networking.html
https://www.netmeister.org/blog/dns-rrs.html
Apache2
apk add apache2 apache2-proxy apache2-sslStart and install service:
rc-service apache2 start // Starts service
rc-update add apache2 // Starts service on startupUncomment the following in /etc/apache2/httpd.conf to enable mod_rewrite
#LoadModule rewrite_module modules/mod_rewrite.soThen to apply your settings:
rc-service apache2 restartUacme - SSL Certificates
This is way too easy for the amount of time it took to figure out.
apk add uacme
mkdir /etc/ssl/uacme.d/
uacme -v -c /etc/ssl/uacme.d new
uacme -v -c /etc/ssl/uacme.d issue kk6mrp.com *.kk6mrp.comIf you don't get the dns-01 challenge right off, press any key but 'y' and then enter.
You can then press Ctrl+Z to put that process in the background.
Create the following DNS record substituting key_auth for the key provided in the ACME Challenge:
_acme-challenge IN TXT "key_auth"Save and reload NSD:
rc-service nsd stop
rc-service nsd startEnter 'fg' to return to the uacme process and type 'y' followed by return to finish the challenge.
The resulting certificate files will be located here if the challenge completes successfully:
/path/to/uacme.d/kk6mrp.com/cert.pem
/path/to/uacme.d/private/kk6mrp.com/key.pemPHP
apk add php7 php7-pdo php7-apache2 php7-sqlite3 php7-gd php7-json php7-session php7-ctypeIncrease the maximum upload file size from 2 Mb to 5 Mb in /etc/php7/php.ini
upload_max_filesize = 2MThen to apply your settings:
rc-service apache2 restartPHP-FPM
https://wiki.alpinelinux.org/wiki/Apache_with_php-fpm
SQLite
apk add sqliteVim
apk add vimWordpress
To set up wordpress, download the latest version and extract:
curl -O https://wordpress.org/latest.tar.gz
tar -zxf latest.tar.gzCopy db.php to wordpress/wp-content/db.php and remember to change ownership to the webserver user.
If you encounter the following error:
Your PHP installation appears to be missing the MySQL extension which is required by WordPress.you will need to install "php7-pdo_mysql"
apk add php7-pdo_mysqland then to fix:
PDO Driver for SQLite is missing. Your PHP installation appears not to have the right PDO drivers loaded. These are required for this version of WordPress and the type of database you have specified.you will presumably need to install "php7-pdo_sqlite" but the last time I tried this I spent six hours trying to get it going only for it to start working on its own :/
apk add php7-pdo_sqliteThen to apply your settings:
rc-service apache2 restartWebmail
Filestash
Install Docker, download docker compose, install and run
apk add docker docker-compose
addgroup username docker
rc-update add docker boot
service docker start
docker-compose pull
docker-compose up -dGrafana
doas apk add grafana gcompatTo edit configuration you'll want /etc/grafana.ini
Networking with iwd
https://gist.github.com/pojntfx/d323ade1305098d306980363237023ec
To set up iwd, make sure the wpa_supplicant and networking services are disabled, then perform the following:
apk add iwd dbus
echo "[General]\nEnableNetworkConfiguration=true" >> /etc/iwd/main.conf
rc-service iwd start
rc-service dbus start
rc-update add iwd boot
rc-update add dbus defaultTo connect to a network use the following command:
iwctl station wlan0 connect "SSID"Or to connect to a hidden network use:
iwctl station wlan0 connect-hidden "SSID"Task Management
doas apk add btopCreating Packages
https://wiki.alpinelinux.org/wiki/Creating_an_Alpine_package