Setting Up Alpine Linux

New Server Checklist:

Setting Up Users and Permissions

“Unix never says please.” – Rob Pike

The real intent of sudo is to enable the root user to delegate to one or two non-root users, access to one or two specific privileged commands that they need on a regular basis. The reasoning behind this is that of the lazy sysadmin; allowing the users access to a command or two that requires elevated privileges and that they use constantly, many times per day, saves the SysAdmin a lot of requests from the users and eliminates the wait time that the users would otherwise experience. But most non-root users should never have full root access, just to the few commands that they need.

Enabling Repositories

cat > /etc/apk/repositories << EOF$(cat /etc/alpine-release | cut -d'.' -f1,2)/main$(cat /etc/alpine-release | cut -d'.' -f1,2)/community

Then update your repositories:

apk update

apk Package Manager

Side note: a great place to find packages is

Install a package with:

apk add packagename

Remove a package with:

apk del packagename

List installed packages with:

apk info




apk add tailscale --repository=


apk add nsd

Start and install service:

rc-service nsd start // Starts service
rc-update add nsd // Starts service on startup

Validate DNS Settings at or

Tip: If you are using a Hotspot, don't forget to clear DNS cache on that too!


apk add apache2 apache2-proxy apache2-ssl

Start and install service:

rc-service apache2 start // Starts service
rc-update add apache2 // Starts service on startup

Uncomment the following in /etc/apache2/httpd.conf to enable mod_rewrite

#LoadModule rewrite_module modules/

Then to apply your settings:

rc-service apache2 restart

Uacme - SSL Certificates

This is way too easy for the amount of time it took to figure out.

apk add uacme
mkdir /etc/ssl/uacme.d/
uacme -v -c /etc/ssl/uacme.d new
uacme -v -c /etc/ssl/uacme.d issue *

If you don't get the dns-01 challenge right off, press any key but 'y' and then enter.

You can then press Ctrl+Z to put that process in the background.

Create the following DNS record substituting key_auth for the key provided in the ACME Challenge:

_acme-challenge IN TXT "key_auth"

Save and reload NSD:

rc-service nsd stop
rc-service nsd start

Enter 'fg' to return to the uacme process and type 'y' followed by return to finish the challenge.

The resulting certificate files will be located here if the challenge completes successfully:



apk add php7 php7-pdo php7-apache2 php7-sqlite3 php7-gd php7-json php7-session php7-ctype

Increase the maximum upload file size from 2 Mb to 5 Mb in /etc/php7/php.ini

upload_max_filesize = 2M

Then to apply your settings:

rc-service apache2 restart



apk add sqlite


apk add vim


To set up wordpress, download the latest version and extract:

curl -O
tar -zxf latest.tar.gz

Copy db.php to wordpress/wp-content/db.php and remember to change ownership to the webserver user.

If you encounter the following error:

Your PHP installation appears to be missing the MySQL extension which is required by WordPress.

you will need to install "php7-pdo_mysql"

apk add php7-pdo_mysql

and then to fix:

PDO Driver for SQLite is missing. Your PHP installation appears not to have the right PDO drivers loaded. These are required for this version of WordPress and the type of database you have specified.

you will presumably need to install "php7-pdo_sqlite" but the last time I tried this I spent six hours trying to get it going only for it to start working on its own :/

apk add php7-pdo_sqlite

Then to apply your settings:

rc-service apache2 restart



Install Docker, download docker compose, install and run

apk add docker docker-compose
addgroup username docker
rc-update add docker boot
service docker start
docker-compose pull
docker-compose up -d


doas apk add grafana gcompat

To edit configuration you'll want /etc/grafana.ini

Networking with iwd

To set up iwd, make sure the wpa_supplicant and networking services are disabled, then perform the following:

apk add iwd dbus
echo "[General]\nEnableNetworkConfiguration=true" >> /etc/iwd/main.conf
rc-service iwd start
rc-service dbus start
rc-update add iwd boot
rc-update add dbus default

To connect to a network use the following command:

iwctl station wlan0 connect "SSID"

Or to connect to a hidden network use:

iwctl station wlan0 connect-hidden "SSID"

Creating Packages