Added user services and mount-home to users in alpine-server setup.

docs/alpine-server-setup/installation.md

@@ -48,6 +48,7 @@ The other setup scripts can be used to configure key aspects of the system. Besi
 # setup-keymap us us-euro
 # setup-timezone -i <area>/<subarea>
 # setup-ntp openntpd
+# setup-sshd -c dropbear
 # rc-update add acpid default
 # rc-update add seedrng boot
 # rm -rf /var/tmp

docs/alpine-server-setup/post-install/swap.md

@@ -12,7 +12,7 @@ Install it with:
 `zram-init` can be configured in `/etc/conf.d/zram-init`. The amount of devices and the size of zram can be changed here, for example:
 
 ```
-num_devices=1
+num_devices=<n>
 
 # swap - 500M
 

docs/alpine-server-setup/post-install/users.md

@@ -14,8 +14,6 @@ Configure `doas` through `/etc/doas.d/main.conf`:
 
 ```
 permit persist :wheel as root
-permit nopasss :_power cmd /sbin/poweroff
-permit nopasss :_power cmd /sbin/reboot
 ```
 
 ## Adding a user
@@ -27,6 +25,14 @@ Adding a user in Alpine Linux can be done using the `setup-user` script. Here we
 # passwd <username>
 ```
 
+> Make sure that the home dataset is decrypted and mounted, before creating a user. 
+
+You may have to change the shell of the user in `/etc/passwd` from `/sbin/nologin` to a shell from `/etc/shells`. Alpine Linux comes with `/bin/ash` by default:
+
+```
+<username>:x:1234:1234:<Full Name>:/home/<username>:/bin/<shell>
+```
+
 If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
 
 ```
@@ -41,3 +47,96 @@ root:x:0:0:root:/root:/sbin/nologin
 
 ## User services
 
+The user will have its own init system, for the management of user containers and other user services. The `runsvdir` command of the `runit` init system will be used to create a local init system for the user. 
+
+```
+# apk add runit
+```
+
+Create `/etc/init.d/runsvdir-user`, which will be the init script for the local init system of the user. 
+
+```
+#!/sbin/openrc-run
+
+user="${RC_SVCNAME##*.}"
+svdir="/home/${user}/.local/service"
+pidfile="/run/runsvdir-user.${user}.pid"
+
+command="/usr/bin/runsvdir"
+command_args="$svdir"
+command_user="$user"
+command_background=true
+
+depend()
+{
+    after mount-home
+}
+```
+
+Make `/etc/init.d/runsvdir-user` an executable
+
+```
+# chmod +x /etc/init.d/runsvdir-user
+```
+
+Link the user to `/etc/init.d/runsvdir-user`
+
+```
+# ln -s /etc/init.d/runsvdir-user /etc/init.d/runsvdir-user.<username>
+```
+
+Finally, add the service to the manual runlevel
+
+```
+# rc-update add runsvdir-user.<username> manual
+```
+
+> This process can of course be repeated for several users.
+
+### Mounting home
+
+Before the user init system can be started, the home dataset should be decrypted and mounted. This process will be partially automated by adding it to the manual runlevel. 
+
+Create `/etc/init.d/mount-home`
+
+```
+#!/sbin/openrc-run
+
+depend()
+{
+    need localmount
+}
+
+start()
+{
+    zfs load-key -L prompt tank/home
+    zfs mount tank/home
+}
+
+stop()
+{
+    zfs unmount tank/home
+    zfs unload-key tank/home
+}
+```
+
+Make `/etc/init.d/mount-home` an executable
+
+```
+# chmod +x /etc/init.d/mount-home
+```
+
+Add the service to the manual runlevel
+
+```
+# rc-update add mount-home manual
+```
+
+Now the scripts can be started accordingly with
+
+```
+# openrc -n manual
+```
+
+> Note that after a reboot this command should be performed to decrypt the home partition and to start the user services.
+