merge org branch into main

1 files changed, 269 insertions, 0 deletions

diff --git a/content/blog/2022-10-22-alpine-linux.org b/content/blog/2022-10-22-alpine-linux.org
new file mode 100644
index 0000000..8d4a14b
--- /dev/null
+++ b/content/blog/2022-10-22-alpine-linux.org
@@ -0,0 +1,269 @@
+#+title: Alpine Linux: My New Server OS
+#+date: 2022-10-22
+#+description: A retrospective on installing and configuring Alpine Linux as my new server operating system.
+#+filetags: :linux:
+
+* Alpine Linux
+[[https://alpinelinux.org][Alpine Linux]] is a very small distro, built
+on musl libc and busybox. It uses ash as the default shell, OpenRC as
+the init system, and apk as the package manager. According to their
+website, an Alpine container "requires no more than 8 MB and a minimal
+installation to disk requires around 130 MB of storage." An actual bare
+metal machine is recommended to have 100 MB of RAM and 0-700 MB of
+storage space.
+
+Historically, I've used Ubuntu's minimal installation image as my server
+OS for the last five years. Ubuntu worked well and helped as my original
+server contained an nVidia GPU and no onboard graphics, so quite a few
+distros won't boot or install without a lot of tinkering.
+
+Alpine has given me a huge increase in performance across my Docker apps
+and Nginx websites. CPU load for the new server I'm using to test Alpine
+hovers around 0-5% on average with an Intel(R) Core(TM) i3-6100 CPU @
+3.70GHz.
+
+The only services I haven't moved over to Alpine are Plex Media Server
+and Syncthing, which may increase CPU load quite a bit depending on how
+many streams are running.
+
+** Installation
+In terms of installation, Alpine has an incredibly useful
+[[https://wiki.alpinelinux.org/wiki/Installation][wiki]] that will guide
+a user throughout the installation and post-installation processes, as
+well as various other articles and guides.
+
+To install Alpine, find an appropriate
+[[https://alpinelinux.org/downloads/][image to download]] and flash it
+to a USB using software such as Rufus or Etcher. I opted to use the
+Standard image for my x86_{64} architecture.
+
+Once the USB is ready, plug it into the machine and reboot. Note that
+you may have to use a key such as =Esc= or =F1-12= to access the boot
+menu. The Alpine Linux terminal will load quickly and for a login.
+
+To log in to the installation image, use the =root= account; there is no
+password. Once logged-in, execute the setup command:
+
+#+begin_src sh
+setup-alpine
+#+end_src
+
+The setup script will ask a series of questions to configure the system.
+Be sure to answer carefully or else you may have to re-configure the
+system after boot.
+
+- Keyboard Layout (Local keyboard language and usage mode, e.g., us and
+  variant of us-nodeadkeys.)
+- Hostname (The name for the computer.)
+- Network (For example, automatic IP address discovery with the "DHCP"
+  protocol.)
+- DNS Servers (Domain Name Servers to query. For privacy reasons, it is
+  NOT recommended to route every local request to servers like Google's
+  8.8.8.8 .)
+- Timezone
+- Proxy (Proxy server to use for accessing the web. Use "none" for
+  direct connections to the internet.)
+- Mirror (From where to download packages. Choose the organization you
+  trust giving your usage patterns to.)
+- SSH (Secure SHell remote access server. "Openssh" is part of the
+  default install image. Use "none" to disable remote login, e.g. on
+  laptops.)
+- NTP (Network Time Protocol client used for keeping the system clock in
+  sync with a time-server. Package "chrony" is part of the default
+  install image.)
+- Disk Mode (Select between diskless (disk="none"), "data" or "sys", as
+  described above.)
+
+Once the setup script is finished, be sure to reboot the machine and
+remove the USB device.
+
+#+begin_src sh
+reboot
+#+end_src
+
+** Post-Installation
+There are many things you can do once your Alpine Linux system is up and
+running, and it largely depends on what you'll use the machine for. I'm
+going to walk through my personal post-installation setup for my web
+server.
+
+1. Upgrade the System
+
+   First, login as =root= in order to update and upgrade the system:
+
+   #+begin_src sh
+   apk -U upgrade
+   #+end_src
+
+2. Adding a User
+
+   I needed to add a user so that I don't need to log in as root. Note
+   that if you're used to using the =sudo= command, you will now need to
+   use the =doas= command on Alpine Linux.
+
+   #+begin_src sh
+   apk add doas
+   adduser <username>
+   adduser <username> wheel
+   #+end_src
+
+   You can now log out and log back in using the newly-created user:
+
+   #+begin_src sh
+   exit
+   #+end_src
+
+3. Enable Community Packages
+
+   In order to install more common packages that aren't found in the
+   =main= repository, you will need to enable the =community=
+   repository:
+
+   #+begin_src sh
+   doas nano /etc/apk/repositories
+   #+end_src
+
+   Uncomment the community line for whichever version of Alpine you're
+   running:
+
+   #+begin_src sh
+   /media/usb/apks
+   http://dl-cdn.alpinelinux.org/alpine/v3.16/main
+   http://dl-cdn.alpinelinux.org/alpine/v3.16/community
+   #http://dl-cdn.alpinelinux.org/alpine/edge/main
+   #http://dl-cdn.alpinelinux.org/alpine/edge/community
+   #http://dl-cdn.alpinelinux.org/alpine/edge/testing
+   #+end_src
+
+4. Install Required Packages
+
+   Now that the community packages are available, you can install any
+   packages you need. In my case, I installed the web server packages I
+   need for my services:
+
+   #+begin_src sh
+   doas apk add nano nginx docker docker-compose ufw
+   #+end_src
+
+5. SSH
+
+   If you didn't install OpenSSH as part of the installation, you can do
+   so now:
+
+   #+begin_src sh
+   doas apk add openssh
+   #+end_src
+
+   Next, either create a new key or copy your SSH key to the server from
+   your current machines:
+
+   #+begin_src sh
+   # Create a new key
+   ssh-keygen
+   #+end_src
+
+   If you need to copy an existing SSH key from a current machine:
+
+   #+begin_src sh
+   # Copy key from existing machines
+   ssh-copy-id <username>@<ip_address>
+   #+end_src
+
+6. Firewall
+
+   Lastly, I installed =ufw= above as my firewall. To set up, default to
+   deny incoming and allow outgoing connections. Then selectively allow
+   other ports or apps as needed.
+
+   #+begin_src sh
+   doas ufw default deny incoming
+   doas ufw default allow outgoing
+   doas ufw allow SSH
+   doas ufw allow "WWW Full"
+   doas ufw allow 9418 # Git server port
+   #+end_src
+
+7. Change Hostname
+
+   If you don't like the hostname set during installation, you just need
+   to edit two files. First, edit the simple hostname file:
+
+   #+begin_src sh
+   doas nano /etc/hostname
+   #+end_src
+
+   #+begin_src sh
+   <hostname>
+   #+end_src
+
+   Next, edit the =hosts= file:
+
+   #+begin_src sh
+   doas nano /etc/hosts
+   #+end_src
+
+   #+begin_src sh
+   127.0.0.1   <hostname>.local <hostname> localhost.local localhost
+   ::1         <hostname> <hostname>.local
+   #+end_src
+
+* Nginx Web Server
+To set up my web server, I simply created the =www= user and created the
+necessary files.
+
+#+begin_src sh
+doas adduser -D -g 'www' www
+mkdir /www
+doas mkdir /www
+doas chown -R www:www /var/lib/nginx/
+doas chown -R www:www /www
+#+end_src
+
+If you're running a simple webroot, you can alter the main =nginx.conf=
+file. Otherwise, you can drop configuration files in the following
+directory. You don't need to enable or symlink the configuration file
+like you do in other systems.
+
+#+begin_src sh
+doas nano /etc/nginx/http.d/example_website.conf
+#+end_src
+
+Once the configuration is set and pointed at the =/www= directory to
+serve files, enable the Nginx service:
+
+#+begin_src sh
+# Note that 'default' must be included or Nginx will not start on boot
+doas rc-update add nginx default
+#+end_src
+
+* Docker Containers
+Docker works exactly the same as other systems. Either execute a
+=docker run= command or create a =docker-compose.yml= file and do
+=docker-compose up -d=.
+
+* Git Server
+I went in-depth on how to self-host a git server in another post:
+[[../git-server/][Self-Hosting a Personal Git Server]].
+
+However, there are a few differences with Alpine. First note that in
+order to change the =git= user's shell, you must do a few things a
+little different:
+
+#+begin_src sh
+doas apk add libuser
+doas touch /etc/login.defs
+doas mkdir /etc/default
+doas touch /etc/default/useradd
+doas lchsh git
+#+end_src
+
+* Thoughts on Alpine
+So far, I love Alpine Linux. I have no complaints about anything at this
+point, but I'm not completely finished with the migration yet. Once I'm
+able to upgrade my hardware to a rack-mounted server, I will migrate
+Plex and Syncthing over to Alpine as well - possibly putting Plex into a
+container or VM.
+
+The performance is stellar, the =apk= package manager is seamless, and
+system administration tasks are effortless. My only regret is that I
+didn't install Alpine sooner.