diff --git a/docs/alpine-server-setup/installation.md b/docs/alpine-server-setup/installation.md
index 4806a74..10b7c14 100644
--- a/docs/alpine-server-setup/installation.md
+++ b/docs/alpine-server-setup/installation.md
@@ -48,6 +48,7 @@ The other setup scripts can be used to configure key aspects of the system. Besi
# setup-keymap us us-euro
# setup-timezone -i /
# setup-ntp openntpd
+# setup-sshd -c dropbear
# rc-update add acpid default
# rc-update add seedrng boot
# rm -rf /var/tmp
diff --git a/docs/alpine-server-setup/post-install/swap.md b/docs/alpine-server-setup/post-install/swap.md
index 08e5986..1d836e6 100644
--- a/docs/alpine-server-setup/post-install/swap.md
+++ b/docs/alpine-server-setup/post-install/swap.md
@@ -12,7 +12,7 @@ Install it with:
`zram-init` can be configured in `/etc/conf.d/zram-init`. The amount of devices and the size of zram can be changed here, for example:
```
-num_devices=1
+num_devices=
# swap - 500M
diff --git a/docs/alpine-server-setup/post-install/users.md b/docs/alpine-server-setup/post-install/users.md
index c9de02b..4f89996 100644
--- a/docs/alpine-server-setup/post-install/users.md
+++ b/docs/alpine-server-setup/post-install/users.md
@@ -14,8 +14,6 @@ Configure `doas` through `/etc/doas.d/main.conf`:
```
permit persist :wheel as root
-permit nopasss :_power cmd /sbin/poweroff
-permit nopasss :_power cmd /sbin/reboot
```
## Adding a user
@@ -27,6 +25,14 @@ Adding a user in Alpine Linux can be done using the `setup-user` script. Here we
# passwd
```
+> Make sure that the home dataset is decrypted and mounted, before creating a user.
+
+You may have to change the shell of the user in `/etc/passwd` from `/sbin/nologin` to a shell from `/etc/shells`. Alpine Linux comes with `/bin/ash` by default:
+
+```
+:x:1234:1234::/home/:/bin/
+```
+
If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
```
@@ -41,3 +47,96 @@ root:x:0:0:root:/root:/sbin/nologin
## User services
+The user will have its own init system, for the management of user containers and other user services. The `runsvdir` command of the `runit` init system will be used to create a local init system for the user.
+
+```
+# apk add runit
+```
+
+Create `/etc/init.d/runsvdir-user`, which will be the init script for the local init system of the user.
+
+```
+#!/sbin/openrc-run
+
+user="${RC_SVCNAME##*.}"
+svdir="/home/${user}/.local/service"
+pidfile="/run/runsvdir-user.${user}.pid"
+
+command="/usr/bin/runsvdir"
+command_args="$svdir"
+command_user="$user"
+command_background=true
+
+depend()
+{
+ after mount-home
+}
+```
+
+Make `/etc/init.d/runsvdir-user` an executable
+
+```
+# chmod +x /etc/init.d/runsvdir-user
+```
+
+Link the user to `/etc/init.d/runsvdir-user`
+
+```
+# ln -s /etc/init.d/runsvdir-user /etc/init.d/runsvdir-user.
+```
+
+Finally, add the service to the manual runlevel
+
+```
+# rc-update add runsvdir-user. manual
+```
+
+> This process can of course be repeated for several users.
+
+### Mounting home
+
+Before the user init system can be started, the home dataset should be decrypted and mounted. This process will be partially automated by adding it to the manual runlevel.
+
+Create `/etc/init.d/mount-home`
+
+```
+#!/sbin/openrc-run
+
+depend()
+{
+ need localmount
+}
+
+start()
+{
+ zfs load-key -L prompt tank/home
+ zfs mount tank/home
+}
+
+stop()
+{
+ zfs unmount tank/home
+ zfs unload-key tank/home
+}
+```
+
+Make `/etc/init.d/mount-home` an executable
+
+```
+# chmod +x /etc/init.d/mount-home
+```
+
+Add the service to the manual runlevel
+
+```
+# rc-update add mount-home manual
+```
+
+Now the scripts can be started accordingly with
+
+```
+# openrc -n manual
+```
+
+> Note that after a reboot this command should be performed to decrypt the home partition and to start the user services.
+