Installing Alpine Linux on PCEngines APU1C4

After some deliberation, due to the nature of my work, I decided to install Linux on my firewall. I basically have to interact with iptables five days a week, and my skills with it are seriously lacking, BSD’s pf(4) utterly spoils us in it’s simplicity!

I considered Ubuntu, but after some research, Alpine looked very interesting so I gave that a go instead. I’m extremely happy with Alpine, it keeps the partitions mounted read-only at runtime, with a convenient lbu utility to commit the configuration to disk for you. As long as it’s not during one of these writes, you can pull the power at any point and the system will recover without issue. I gushed a bit more about Alpine on the related journal entry, so here’s how to install it (because the documentation is pretty piss-poor online).

Create a bootable filesystem on a USB drive and boot the APU

Download alpine-standard-3.7.0-x86_64.iso and write it to a USB or SD card, I used Rufus but dd will work fine too. Then mount the device (it’s FAT, so you can do this under Windows with a suitable text editor) and add the line “serial” to the top of syslinux.cfg:

serial 0 115200
DEFAULT loadconfig

LABEL loadconfig
  CONFIG /boot/syslinux/syslinux.cfg
  APPEND /boot/syslinux/

Next, edit boot/syslinux/syslinux.cfg and add the serial console option to the append line:

TIMEOUT 20
PROMPT 1
DEFAULT hardened

LABEL hardened
MENU LABEL Linux hardened
KERNEL /boot/vmlinuz-hardened
INITRD /boot/initramfs-hardened
DEVICETREEDIR /boot/dtbs
APPEND modules=loop,squashfs,sd-mod,usb-storage quiet nomodeset console=ttyS0,115200

Now eject (cleanly unmount) the filesystem, put the USB into the APU along with an empty (or unneeded) SD card, connect your serial console, boot the APU and if necessary press F12 when prompted and boot from the correct device.

After some seconds, you should be presented with the Alpine login screen, login as root to proceed.

Configure Alpine

Run setup-alpine to configure the system to your liking - I configured eth0 (the port closest to the serial console on the APU1) to use DHCP. I set a few other things like my time zone, and configured updates to be saved to USB. I left SSH options as default, and disabled NTP.

Now run adduser fwaggle (replacing with your desired username), setting an appropriate password.

Diskless mode

Unless you like the idea of cheap SD cards (as I am wont to purchase) spontaneously deciding no longer to work, or have stuck a real SSD in your APU, you’re probably going to want diskless mode. This mode causes everything to boot from read-only filesystems, and things that need to be read-write have a memory overlay on top of them to store changes, resulting in almost no disk write activity, prolonging the life of your cheap SD cards.

Setting this up is fairly trivial: you must first DD the alpine installer directly to your SD card, repartitioning it as you see fit. Now boot from the SD card, and go through the alpine install process above. It’ll say something like “what disk do you want to use”, pick “none” (or it might complain “no disk found, want to try <boot disk>?”, pick “no”). Next it’ll ask where you want to store things, probably the default option is correct (/dev/sda1 in my case), pick that.

Now you can run lbu commit to save the configuration changes to USB, and then reboot and see what happens. With any luck, the machine will come right back in some 30 seconds having remembered all your settings.

Other tasks

You may want a few of these things:

• Installing lm sensors - TL;DR: apk update && apk add lm_sensors && lbu commit && sensors