improved UX (editors, fonts, terminals) + fixes + openssh + docker details

README.md

@@ -29,6 +29,14 @@ doas apk update
 doas apk upgrade
 ```
 
+## Usable editor by default (not vi)
+
+```
+doas apk add micro
+echo "export EDITOR=micro" >>.profile
+echo "permit setenv { EDITOR=\$EDITOR } nopass :wheel as root" | tee -a /etc/doas.d/doas.conf
+```
+
 ## Installing river
 
 ```
@@ -106,6 +114,12 @@ For time to work,
 doas apk add tzdata
 ```
 
+For icons to work,
+```
+doas apk add font-roboto
+```
+(do not add `font-awesome`, for some reason it looks awful, kerning is terrible, and the text is all-caps in waybar with it)
+
 ### HiDPI
 
 ```
@@ -270,7 +284,7 @@ But sometimes network disappears after wakeup.
 For suspend on lid close and unsuspend on open, follow https://wiki.alpinelinux.org/wiki/Suspend_on_LID_close :
 ```
 doas mkdir -p /etc/acpi/LID
-doas nano /etc/acpi/LID/00000080
+doas micro /etc/acpi/LID/00000080
 ```
 should have the following content
 ```
@@ -293,7 +307,7 @@ Otherwise, alpine wiki describes how to configure WiFi using `iwd`.
 
 ```
 doas apk add light
-doas nano /etc/udev/rules.d/backlight.rules
+doas micro /etc/udev/rules.d/backlight.rules
 ```
 add the following lines into backlight.rules to make it possible for all users in video group (not just superusers) to control backlight:
 ```
@@ -511,7 +525,7 @@ If there are no IPv4 address for eth0, you'll have to configure it manually,
 by editing `/etc/network/interfaces`.
 The easiest way to do it is by
 ```
-doas nano ~/.local/share/lxc/CONTAINERNAME/rootfs/etc/network/interfaces`
+doas micro ~/.local/share/lxc/CONTAINERNAME/rootfs/etc/network/interfaces`
 ```
 on the host.
 
@@ -538,10 +552,10 @@ echo nameserver 8.8.8.8 >> /etc/resolv.conf
 echo nameserver 8.8.4.4 >> /etc/resolv.conf
 ```
 
-(or add them using nano on the host, as you did for interfaces)
+(or add them using micro on the host, as you did for interfaces)
 
 Make sure `ping 8.8.8.8` works.
-APK should work too: `apd add nano neofetch`
+APK should work too: `apk add micro neofetch`
 
 #### Creating an user inside container
 
@@ -549,12 +563,12 @@ In container root shell:
 ```
 adduser -g USERNAME USERNAME
 adduser USERNAME wheel
-echo "permit persist :wheel" > /etc/doas.d/doas.conf
+echo "permit persist :wheel" >> /etc/doas.d/doas.conf
 ```
 
 Now exit root shell (just with `exit`), and try `lxc-console -n CONTAINERNAME`.
 You should be able to log in using the new username and password.
-(To exit lxc console, use Ctrl+A, Q)
+(To exit lxc console, use Ctrl+A, Q).
 
 ### Alternatively: unprivileged LXC using LXD
 
@@ -597,8 +611,32 @@ doas lxc exec test-alpine-container -- /bin/ash
 ```
 Networking should work inside of container.
 
+#### OpenSSH
+
+With password-based auth (not recommended): in container (from root, `lxc-attach`/`lxc exec`)
+
+```
+apk add openssh
+rc-update add sshd
+rc-service sshd start
+```
+
+Check IP of container with `ifconfig`, and then on host,
+```
+doas apk add openssh-client
+ssh CONTAINER_IP
+```
+
+With keys-based auth: TODO
+
 ### Docker
 
+For container terminal apps to be usable:
+
+```
+doas apk add ncurses-terminfo
+```
+
 #### (inside LXC)
 
 TODO once nesting in LXC works (reference: https://discuss.linuxcontainers.org/t/lxc-on-alpine-host-sys-fs-cgroup-is-not-mounted-into-unprivileged-alpine-guest/15026/1)
@@ -611,11 +649,16 @@ doas apk add docker
 doas rc-update docker start
 doas docker run hello-world
 ```
+in the guest.
+
+For networked docker containers, `doas lxc config edit CONTAINERNAME`,
+add `linux.kernel_modules: br_netfilter` to the `config:` section,
+and restart container (`doas lxc restart CONTAINERNAME`).
 
 ## TODO
 
 * Fix internal mic
-* Docker
+* Docker in containers ran by unprivileged users
 * IDE (code-oss?)
 * Make river usable
 * Make waybar usable (+waybar fonts)