Alpine Linux install guide
Guide to installing Alpine Linux with full disk encryption
Introduction
The goal of this guide is to set up a minimal installation of Alpine Linux with full disk encryption. Refer to the Alpine installation wiki if encountering any issues
Acquire an installation image
- Go to the downloads page https://www.alpinelinux.org/downloads
- Under the Standard section, download the
x86_64version
Prepare an installation medium
Linux
- Insert a USB flash drive into your PC with at least 2 GB of space available on it.
- Find the corresponding block device for the flash drive in
/devfolder. Usually it is/dev/sdb1. - Write the image to the flash drive (assuming your flash drive is
/dev/sdb1).
This command will wipe the /dev/sdb1 partition
doas dd bs=4M if=~/Downloads/alpine*x86_64.iso of=/dev/sdb1 conv=fsync oflag=direct status=progressWindows
Use Rufus
Boot the live environment
Alpine Linux installation images do not support Secure Boot. You will need to disable Secure Boot in your BIOS to boot the installation medium.
- Power off your PC.
- Insert the flash drive into the computer on which you are installing Alpine Linux.
- Power on your PC and press your boot menu key.
- Boot the installation medium.
Enter the live environment
Log in as the user root. Initially, the root user has no password.
nvme0n1 will be used as the target install drive throughout this guide, adapt it to your drive name.
Change alpine to your desired hostname and system to your desired username.
Change Asia/Dubai to your timezone.
setup-alpineSelect keyboard layout: usSelect variant: usEnter system hostname: alpineWhich one do you want to initialize?: [enter]Ip address for [your_interface]?: dhcpDo you want to do any manual network configuration?: nNew password: [your_root_password]Retype password: [your_root_password]Which timezone are you in?: Asia/DubaiHTTP/FTP proxy URL?: noneEnter mirror number: fSetup a user?: systemFull name for user system?: systemNew password:Retype password:Enter ssh key or URL for system: noneWhich SSH server?: opensshWhich NTP client to run?: chronyWhich disks would you like to use?: nvme0n1How would you like to use it?: cryptsysErase above disks and continue?: yEnter passphrase for /dev/nvme0n1p2: [your_encryption_passphrase]Verify passphrase: [your_encryption_passphrase]Reboot
- You can now reboot and enter into your new installation
Unplug your flash drive after the screen turns black
rebootPost install
After entering the decryption passphrase, you will be greeted with a similar screen as when you first booted from the flash drive.
Login using the credentials that you set, if you followed the example, your username would be system
Add repositories
Testing will not be used by default, but you can install a package from it like so
doas apk add [your_package]@testingdoas apk updatedoas apk upgradeAdd swap
doas apk add e2fsprogs-extradoas fallocate -l 4G /swapfiledoas chmod 600 /swapfiledoas mkswap /swapfiledoas swapon /swapfiledoas cp /etc/fstab /etc/fstab.bakecho '/swapfile none swap sw 0 0' | doas tee -a /etc/fstab
doas swapoff /dev/nvme0n1/lv_swapdoas lvremove /dev/nvme0n1/lv_swapdoas lvextend -l +100%FREE /dev/nvme0n1/lv_rootdoas resize2fs /dev/nvme0n1/lv_root/dev/nvme0n1/lv_swap none swap defaults 0 0Install Docker
export EDITOR=nvimexport XDG_CONFIG_HOME="$HOME/.config"export XDG_DATA_HOME="$HOME/.local/share"export XDG_BIN_HOME="$HOME/.local/bin"export XDG_STATE_HOME="$HOME/.local/state"export XDG_CACHE_HOME="$HOME/.cache"export XDG_RUNTIME_DIR=/tmp/1000-runtime-direxport PATH="$XDG_BIN_HOME:$PATH"export ZDOTDIR="$XDG_CONFIG_HOME/zsh"doas apk add docker docker-cli-compose zsh shadow neovimchsh -s zsh $USERdoas addgroup $USER dockerdoas rc-update add docker && rc-service docker startdoas apk del shadowWG-Easy
If you’re planning to use wg-easy, save yourself hours of troubleshooting by running the following commands
doas apk add iptables ip6tablesdoas rebootdoas modprobe ip_tablesdoas echo 'ip_tables' >> /etc/modulesdoas reboot