Introduction

Beholder is a minimal and secure Linux desktop workstation based on Alpine Linux suitable for software development and operations.

Features

• Encrypted DNS (DoT + DNSSEC)
• Keyboard-driven interface (Sway)
• Web browser (firefox)

Installation

Requirements:

A physical desktop computer with an Ethernet connection, a single storage drive, a display and a keyboard.

Download and boot Alpine Linux 3.17.0 (assuming amd64).

Then, once booted:

1. Setup live environment (log in as the root user)

setup-alpine

poweroff

Post-Installation

13. Set root password

passwd

14. Add a regular user

adduser user

passwd user

addgroup user input

addgroup user video

addgroup user audio

addgroup user wheel

addgroup user kvm

apk add doas

vi /etc/doas.d/doas.conf

permit nopass user

15. Set hostname

vi /etc/hostname

beholder

16. Set keymap

setup-keymap

17. Set timezone

setup-timezone

18. Set up networking

setup-interfaces

19. Setup system clock

setup-ntp

DNS

apk add ca-certificates unbound

install -d -o unbound -g unbound -m 700 /var/lib/unbound

doas -u unbound unbound-anchor -a /var/lib/unbound/root.key

vi /etc/unbound/unbound.conf

server:
  tls-upstream: yes
  tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
  auto-trust-anchor-file: "/var/lib/unbound/root.key"
forward-zone:
  name: "."
  forward-addr: 8.8.8.8@853#dns.google

rc-update add unbound

rc-service unbound start

vi /etc/resolv.conf

nameserver 127.0.0.1

Display

apk add mesa-dri-gallium libudev-zero seatd nerd-fonts sway foot zsh vim

setup-devd mdev

addgroup user seat

rc-update add seatd

rc-service seatd start

vi /etc/profile.d/xdg_runtime_dir.sh

if test -z "${XDG_RUNTIME_DIR}"; then
  export XDG_RUNTIME_DIR=/tmp/$(id -u)-runtime-dir
  if ! test -d "${XDG_RUNTIME_DIR}"; then
    mkdir "${XDG_RUNTIME_DIR}"
    chmod 0700 "${XDG_RUNTIME_DIR}"
  fi
fi

sway

Sound (optional)

apk add alsa-lib alsa-utils alsa-ucm-conf

Further

apk add firefox