Working version

Containerfile

@@ -0,0 +1,5 @@
+FROM alpine
+RUN apk update
+RUN apk add alpine-conf doas runit openssh-server
+COPY etc/ /etc/
+CMD [ "/sbin/runit" ]

README.md

@@ -0,0 +1,65 @@
+Alpine Toolbox
+==============
+
+This is a little Alpine container I run to provide SSH logins with a bunch of tools.
+
+
+Persistence
+----------
+
+If `/mnt/toolbox` exists,
+toolbox will persist installed packages and system changes
+by using methods that already exist in arch.
+
+* [Alpine Local Backup](https://wiki.alpinelinux.org/wiki/Alpine_local_backup)
+  is pre-configured to use `/mnt/toolbox/lbu`.
+* [Local APK cache](https://wiki.alpinelinux.org/wiki/Local_APK_cache)
+  is pre-configured to use `/mnt/toolbox/apk`.
+
+It's important to `lbu` that your machine have a hostname.
+If you change hostnames,
+you will need to rename files in `/mnt/toolbox/lbu`.
+
+```
+podman run \
+  --hostname toolbox \
+  --volume /path/to/toolbox:/mnt/toolbox \
+  git.woozle.org/neale/toolbox
+```
+
+
+First Run
+---------
+
+You may want to `podman exec` into the container,
+in order to edit `/etc/doas.conf`
+set up user accounts,
+and/or install ssh `authorized_keys`.
+
+Once set up,
+you should be able to ssh in for most of your needs.
+
+
+Why This Exists
+---------------
+
+I run my server in Alpine's "diskless mode".
+The Raspberry Pi uses a MicroSD card,
+which will "wear out" after many writes.
+This means my system runs entirely in RAM.
+
+However, I also like my creature comforts.
+Running a more robust installation in a container
+allows me to use my magnetic storage for the larger system,
+and install and remove packages when I like,
+without worrying about wearing out the MicroSD card.
+
+
+Shout Out
+---------
+
+Alpine Linux is cool.
+It provides all the difficult parts of this,
+I just had to set up some config files.
+
+The really cool part is that my container works the same way as the host it runs on!

build.sh

@@ -0,0 +1,5 @@
+#! /bin/sh
+
+image=git.woozle.org/neale/toolbox
+podman build --tag $image .
+podman push $image

etc/lbu/lbu.conf

@@ -0,0 +1,16 @@
+# what cipher to use with -e option
+DEFAULT_CIPHER=aes-256-cbc
+
+# Uncomment the row below to encrypt config by default
+# ENCRYPTION=$DEFAULT_CIPHER
+
+# Uncomment below to avoid <media> option to 'lbu commit'
+# Can also be set to 'floppy'
+# LBU_MEDIA=mmcblk0p1
+
+# Set the LBU_BACKUPDIR variable in case you prefer to save the apkovls
+# in a normal directory instead of mounting an external media.
+LBU_BACKUPDIR=/mnt/toolbox/backups
+
+# Uncomment below to let lbu make up to 3 backups
+# BACKUP_LIMIT=3

etc/runit/1

@@ -0,0 +1,20 @@
+#! /bin/sh
+
+error () {
+  printf '\033[31mFLAGRANT SYSTEM ERROR\033[0m - %s' "$*" >> /etc/motd
+}
+
+echo "*** Setting up directories"
+[ -d /mnt/toolbox ] && mkdir -p /mnt/toolbox/lbu /mnt/toolbox/apk
+[ -d /etc/apk/cache ] || ln -s /mnt/toolbox/apk /etc/apk/cache
+
+echo "*** Restoring system from backup"
+apkovl=/mnt/toolbox/lbu/$(hostname).apkovl.tar.gz
+if [ -f $apkovl ]; then
+  tar xf $apkovl || error "restoring system: untar $apkovl failed"
+else
+  echo "$apkovl missing, skipping restore"
+fi
+
+echo "*** Updating packages"
+apk fix

etc/runit/2

@@ -0,0 +1,3 @@
+#! /bin/sh
+
+exec /sbin/runsvdir /etc/service

etc/runit/3

@@ -0,0 +1,3 @@
+#! /bin/sh
+
+echo "*** Goodbye."

etc/service/sshd/run

@@ -0,0 +1,4 @@
+#! /bin/sh
+
+ssh-keygen -A
+/usr/sbin/sshd -D