Updated post install section of alpine-server setup.

docs/alpine-desktop-setup/post-install/users.md

@@ -26,10 +26,10 @@ and create a `_power` group for users to be able to poweroff the system without
 
 ## Adding a user
 
-Adding a user in Alpine Linux can be done using the `setup-user` script. Here we can specify the name, full name with `-f`, groups and more:
+Adding a user in Alpine Linux can be done using the `setup-user` script. Here we can specify the name, groups and more:
 
 ```
-# setup-user -g wheel,_power -f "<Full Name>" <username>
+# setup-user -g wheel,_power <username>
 # passwd <username>
 ```
 

docs/alpine-server-setup/post-install/drivers.md

@@ -1,6 +1,6 @@
 # Firmware and drivers
 
-Device firmware and drivers are necessary for graphics and also security. Luckily the graphics drivers will be installed through `home-manager` which now only leaves the CPU firmware. For Intel systems install `intel-ucode` and for AMD systems install `amd-ucode`:
+Device firmware and drivers are necessary for better performance and security. For Intel systems install `intel-ucode` and for AMD systems install `amd-ucode`:
 
 ```
 # apk add intel-ucode
@@ -8,7 +8,7 @@ Device firmware and drivers are necessary for graphics and also security. Luckil
 # apk add amd-ucode
 ```
 
-To make sure it is included during boot, regenerate the initramfs with:
+To make sure it is included during boot, regenerate the UKI with:
 
 ```
 # apk fix kernel-hooks

docs/alpine-server-setup/post-install/logging.md

@@ -0,0 +1,16 @@
+# Logging
+
+Enable the logger to log the rc-processes by editing `/etc/rc.conf`
+
+```
+rc_logger="YES"
+```
+
+To also log the kernel add `klogd`.
+
+```
+# apk add sysklogd
+# rc-update add klogd boot
+```
+
+You can view the logs in `/var/log/dmesg` and `/var/log/messages`.

docs/alpine-server-setup/post-install/repositories.md

@@ -0,0 +1,18 @@
+# Repositories
+
+It's important to set the correct repositories when using any Linux distro. For Alpine these can be configured in `/etc/apk/repositories`:
+
+```
+https://dl-cdn.alpinelinux.org/alpine/latest-stable/main
+https://dl-cdn.alpinelinux.org/alpine/latest-stable/community
+```
+
+This will use the latest stable repository of Alpine (for example `v3.19`). To use a different version of Alpine simply change `latest-stable` to whatever version you want. Do note that you can not (easily) downgrade your system's version. There also is the `edge` repository which contains more packages but it is not recommended because it can result in faster breakage of your system.
+
+## apk-ample
+
+We also host our own repository which contains some packages not found in the stable repository but also our own packages like `linux-hardened`. If you want to add it to your system edit `/etc/apk/repositories` and add this line under the other repositories:
+
+```
+https://git.bijl.us/lnco/apk-ample/raw/branch/main/alpine/
+```

docs/alpine-server-setup/post-install/security.md

@@ -33,6 +33,7 @@ You can check the status of apparmor using `apparmor-utils`:
 # apk add apparmor-utils
 # aa-status
 ```
+
 ## Kernel settings 
 
 ### Commandline
@@ -43,7 +44,7 @@ There are a lot of kernel settings which can be passed to the command line to ma
 cmdline="... slab_nomerge init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off module.sig_enforce=1 lockdown=confidentiality mce=0 loglevel=0 intel_iommu=on amd_iommu=on iommu=force efi=disable_early_pci_dma spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full mds=full l1ft=flush ipv6.disable=1 rd.shell=0 rd.emergency=reboot"
 ```
 
-After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time so these settings should do for now. 
+After reconfiguring `kernel-hooks` try to reboot and it should boot. Although there are more options that might make the system more secure, these come with a big performance hit most of the time, so these settings should do for now. 
 
 > Whilst booting up your system you may see sysctl complaining about ipv6 settings. [We are trying to resolve the problem](https://git.bijl.us/lnco/documentation/issues/30).
 

docs/alpine-server-setup/post-install/users.md

@@ -0,0 +1,43 @@
+# Users
+
+To run containers securely; in an environment with fewer privileges, a user is necessary.
+
+## Wheel
+
+Before creating the user install `doas`, to use when root is required:
+
+```
+# apk add doas
+```
+
+Configure `doas` through `/etc/doas.d/main.conf`:
+
+```
+permit persist :wheel as root
+permit nopasss :_power cmd /sbin/poweroff
+permit nopasss :_power cmd /sbin/reboot
+```
+
+## Adding a user
+
+Adding a user in Alpine Linux can be done using the `setup-user` script. Here we can specify the name, groups and more:
+
+```
+# setup-user -g wheel,_power <username>
+# passwd <username>
+```
+
+If you have checked that `doas` works with the user then you can lock the root account because it imposes security risks if it is kept open. This can be done with:
+
+```
+# passwd -l root
+```
+
+and editing `/etc/passwd` to change the login shell from `/bin/ash` to `/sbin/nologin`:
+
+```
+root:x:0:0:root:/root:/sbin/nologin
+```
+
+## User services
+

mkdocs.yml

@@ -14,7 +14,7 @@ theme:
     - media: "(prefers-color-scheme: light)"
       scheme: default
       primary: white
-      accent: teal
+      accent: blue
       toggle:
         icon: material/brightness-7 
         name: Switch to dark mode
@@ -79,7 +79,7 @@ nav:
       - 'Logging': alpine-server-setup/post-install/logging.md
       - 'Swap': alpine-server-setup/post-install/swap.md
       - 'Users': alpine-server-setup/post-install/users.md
-      - 'Podman': alpine-server-setup/post-install/podman.md
+      - 'Containers': alpine-server-setup/post-install/containers.md
 
   - 'Void-desktop setup':
     - void-desktop-setup/index.md