commit 4ebf8a33fcafb43df34036ef9eebec23255d16e8 Author: Neale Pickett Date: Wed Dec 20 20:04:23 2023 +0000 Working version diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..6673bba --- /dev/null +++ b/Containerfile @@ -0,0 +1,5 @@ +FROM alpine +RUN apk update +RUN apk add alpine-conf doas runit openssh-server +COPY etc/ /etc/ +CMD [ "/sbin/runit" ] diff --git a/README.md b/README.md new file mode 100644 index 0000000..36ccccc --- /dev/null +++ b/README.md @@ -0,0 +1,65 @@ +Alpine Toolbox +============== + +This is a little Alpine container I run to provide SSH logins with a bunch of tools. + + +Persistence +---------- + +If `/mnt/toolbox` exists, +toolbox will persist installed packages and system changes +by using methods that already exist in arch. + +* [Alpine Local Backup](https://wiki.alpinelinux.org/wiki/Alpine_local_backup) + is pre-configured to use `/mnt/toolbox/lbu`. +* [Local APK cache](https://wiki.alpinelinux.org/wiki/Local_APK_cache) + is pre-configured to use `/mnt/toolbox/apk`. + +It's important to `lbu` that your machine have a hostname. +If you change hostnames, +you will need to rename files in `/mnt/toolbox/lbu`. + +``` +podman run \ + --hostname toolbox \ + --volume /path/to/toolbox:/mnt/toolbox \ + git.woozle.org/neale/toolbox +``` + + +First Run +--------- + +You may want to `podman exec` into the container, +in order to edit `/etc/doas.conf` +set up user accounts, +and/or install ssh `authorized_keys`. + +Once set up, +you should be able to ssh in for most of your needs. + + +Why This Exists +--------------- + +I run my server in Alpine's "diskless mode". +The Raspberry Pi uses a MicroSD card, +which will "wear out" after many writes. +This means my system runs entirely in RAM. + +However, I also like my creature comforts. +Running a more robust installation in a container +allows me to use my magnetic storage for the larger system, +and install and remove packages when I like, +without worrying about wearing out the MicroSD card. + + +Shout Out +--------- + +Alpine Linux is cool. +It provides all the difficult parts of this, +I just had to set up some config files. + +The really cool part is that my container works the same way as the host it runs on! diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..3fe2764 --- /dev/null +++ b/build.sh @@ -0,0 +1,5 @@ +#! /bin/sh + +image=git.woozle.org/neale/toolbox +podman build --tag $image . +podman push $image diff --git a/etc/lbu/lbu.conf b/etc/lbu/lbu.conf new file mode 100644 index 0000000..a9f9341 --- /dev/null +++ b/etc/lbu/lbu.conf @@ -0,0 +1,16 @@ +# what cipher to use with -e option +DEFAULT_CIPHER=aes-256-cbc + +# Uncomment the row below to encrypt config by default +# ENCRYPTION=$DEFAULT_CIPHER + +# Uncomment below to avoid option to 'lbu commit' +# Can also be set to 'floppy' +# LBU_MEDIA=mmcblk0p1 + +# Set the LBU_BACKUPDIR variable in case you prefer to save the apkovls +# in a normal directory instead of mounting an external media. +LBU_BACKUPDIR=/mnt/toolbox/backups + +# Uncomment below to let lbu make up to 3 backups +# BACKUP_LIMIT=3 diff --git a/etc/runit/1 b/etc/runit/1 new file mode 100755 index 0000000..cae6183 --- /dev/null +++ b/etc/runit/1 @@ -0,0 +1,20 @@ +#! /bin/sh + +error () { + printf '\033[31mFLAGRANT SYSTEM ERROR\033[0m - %s' "$*" >> /etc/motd +} + +echo "*** Setting up directories" +[ -d /mnt/toolbox ] && mkdir -p /mnt/toolbox/lbu /mnt/toolbox/apk +[ -d /etc/apk/cache ] || ln -s /mnt/toolbox/apk /etc/apk/cache + +echo "*** Restoring system from backup" +apkovl=/mnt/toolbox/lbu/$(hostname).apkovl.tar.gz +if [ -f $apkovl ]; then + tar xf $apkovl || error "restoring system: untar $apkovl failed" +else + echo "$apkovl missing, skipping restore" +fi + +echo "*** Updating packages" +apk fix diff --git a/etc/runit/2 b/etc/runit/2 new file mode 100755 index 0000000..7332592 --- /dev/null +++ b/etc/runit/2 @@ -0,0 +1,3 @@ +#! /bin/sh + +exec /sbin/runsvdir /etc/service diff --git a/etc/runit/3 b/etc/runit/3 new file mode 100755 index 0000000..3f70c8d --- /dev/null +++ b/etc/runit/3 @@ -0,0 +1,3 @@ +#! /bin/sh + +echo "*** Goodbye." diff --git a/etc/service/sshd/run b/etc/service/sshd/run new file mode 100755 index 0000000..3ac57d7 --- /dev/null +++ b/etc/service/sshd/run @@ -0,0 +1,4 @@ +#! /bin/sh + +ssh-keygen -A +/usr/sbin/sshd -D