# Installation

To install the Alpine Linux distribution on the system, the alpine root partition and the EFI partition have to be mounted to the main system.

```
# mount /dev/vg/alpine_root /mnt -t ext4
# mkdir /mnt/esp
# mount /dev/disk/by-label/esp /mnt/esp -t vfat
```

Then install Alpine Linux using `setup disk`

```
# setup-disk -m sys /mnt
```

> This will also add `grub` as bootloader which will be replaced but for now it will reside on the ESP.

To have a functional chroot into the system, bind the system process directories

```
# for i in dev proc sys run; do
> mount --rbind --make-rslave /$i /mnt/$i
> done
# chroot /mnt
```

The other setup scripts can be used to configure key aspects of the system. Besides that a few necessary services have to be activated.

```
# setup-hostname <hostname>
# setup-keymap us us-euro
# setup-timezone -i <area>/<subarea>
# setup-ntp openntpd
# rc-update add acpid default
# rc-update add lvm boot
# rc-update add seedrng boot
# rm -rf /var/tmp
# ln -s /tmp /var/tmp
# passwd root
```

> The root password does not really matter because it is going to be locked after a user has been created.

Set the `hwclock` to use `UTC` in `/etc/conf.d/hwclock` and disable writing the time to hardware. Running a NTP negates its usability.

```
clock="UTC"
clock_hctosys="NO"
clock_systohc="NO"
```

Edit `/etc/fstab` for correct mounts

```
/dev/disk/by-label/esp  /esp        vfat    defaults,nodev,nosuid,noexec                            0 2
/dev/vg/alpine_root     /           ext4    defaults,noatime                                        0 1
/dev/vg/home            /home       ext4    defaults,noatime,nodev,nosuid                           0 2
/dev/vg/var             /var        ext4    defaults,nodev,nosuid,noexec                            0 2
/dev/vg/nix             /nix        ext4    defaults,noatime,nodev,nosuid                           0 2
tmpfs                   /tmp        tmpfs   rw,size=4G,nr_inodes=5k,nodev,nosuid,noexec,mode=1777   0 0
proc                    /proc       proc    nodev,nosuid,noexec,hidepid=2                           0 0
```

By default, Alpine Linux uses `mkinitfs` to create an initial ram filesystem, although it is minimal that also means that it lacks some functionality which is needed for a proper setup. Because of this `mkinitfs` and `grub-efi `will be replaced with `booster` and `secureboot-hook`.

```
# apk add booster secureboot-hook sbctl
# apk del mkinitfs grub-efi
```

To configure booster edit `/etc/booster.yaml`:

```
enable_lvm: true
busybox: false
modules: vfat,nls_cp437,nls_iso8859_1
```

The most important step is the creation of a UKI using `secureboot-hook` which also automatically signs them. First the hook itself will have to be tweaked to use `booster` instead of `mkinitfs`, edit `/etc/kernel-hooks.d/50-secureboot.hook` and change the line:

```
/sbin/mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR"
```

to:

```
/usr/bin/booster build "$tmpdir"/initramfs --kernel-version "$NEW_VERSION-$FLAVOR"
```

and configure `/etc/kernel-hooks.d/secureboot.conf` for cmdline and secureboot. 

```
cmdline="rw rd.luks.name=<uuid>=luks rd.lvm.vg=vg root=/dev/vg/alpine_root modules=ext4 quiet splash"

signing_cert="/usr/share/secureboot/keys/db/db.pem"
signing_key="/usr/share/secureboot/keys/db/db.key"

output_dir="/esp/efi/linux"
output_name="alpine-linux-{flavor}.efi"
```

Here `<uuid>` has to be replaced with the UUID of the partition which contains the volume group:

```
# blkid /dev/<disk>2 >> /etc/kernel-hooks.d/secureboot.conf
```

Use `sbctl` to create secureboot keys and sign them.

```
# sbctl create-keys
# sbctl enroll-keys
```

> Whilst enrolling the keys it might be necessary to add the `--microsoft` flag if you are unable to use custom keys.

Now to see if everything went succesfully run:

```
# apk fix kernel-hooks
```

and it should give no warnings if done properly. 

As discussed earlier `grub` will be replaced, install `gummiboot` as a bootloader.

```
# apk add gummiboot
# mkdir /esp/loader
# mkdir /esp/efi/boot
# cp /usr/lib/gummiboot/gummibootx64.efi /esp/efi/boot/bootx64.efi
```

Sign the bootloader with `sbctl`

```
# sbctl sign -s /esp/efi/boot/bootx64.efi
```

and also remove some remnants of `grub`.

```
# rm -rf /boot/grub
# rm -rf /etc/default
# cd /boot && unlink boot && cd ..
```

`gummiboot` can be configured with the file `/esp/loader/loader.conf` with which the timeout and the default OS can be specified.

```
default alpine-linux-<flavor>.efi
timeout 2
editor no
```

Before finishing the installation `networkmanager` will be installed for networking. Also install `networkmanager-wifi` and `wpa_supplicant` for Wi-Fi functionality.

```
# apk add networkmanager networkmanager-wifi wpa_supplicant
# setup-devd udev
# rc-update add networkmanager default
```

Wi-Fi will not yet work. For Wi-Fi configuration see the [network section](post-install/network). 

> If internet does not work after reboot create the config file as described in the [network section](post-install/network) and restart the service.

Now exit the chroot and you should be able to reboot into a working Alpine system.

```
# exit
# umount -lf /mnt
# reboot
```

When booting up your screen might appear blank, this is the encryption prompt. Enter the encryption key and press enter to boot.