Welcome to the blog of the Ampel organisation

Here we blog about various topics related to desktop and server operating systems. From base system installs to particular configuration of top level software. Always striving for simplicity, minimalism and security in each of these layers.

August 8, 2025
in Graphical session
10 min read

A minimal graphical session with River, PipeWire and OpenRC

Graphical sessions are often full of unnecessary features, increasing (unnecessarily) the overall complexity of a desktop system. In this blog entry we intend to go back to the bare minimum, which defines itself as a reasonable step forward in practicality compared the default tty. Like being able to run graphical applications in windows and being able to manage these windows efficiently. We will meet but not exceed these requirements with River as our tiling window manager, PipeWire as our multimedia framework, and OpenRC as our user-service manager.

August 2, 2025
in Maintenance
1 min read

Maintaining a system build on ZFS

ZFS opens up novel methods to safely maintain a system. In this blog entry we will outline these methods in the form of an update protocol. To keep your system healthy this protocol should be executed on a weekly/monthly basis.

July 19, 2025
in Base installation
11 min read

A hardened Gentoo-Linux/openrc base installation

This blog entry will demonstrate how to install a hardened x86_64 Gentoo Linux musl/openrc/UEFI signed UKI operating system on an encrypted ZFS pool with automatic decryption using TPM. This entry is based on the Gentoo x86_64 handbook and the Gentoo wiki. Gentoo supplies the right tools to build a Linux operating system from scratch, suited to the hardware and needs of the user. This form of customizability and optimizability together with the strong community behind Gentoo makes it a good choice for a desktop operating system.

August 30, 2024
in Container management
4 min read

Rootless container management with Podman and runit

Containers and pods (a collection of containers in the same namespace) enables easy and secure management of hosted applications. Rootless containers and pods can be deployed on a server with Podman as the rootless container engine and runit as the user service manager. The service manager will be set-up to automatically start and update the containers and pods at boot and to periodically back-up the volumes and databases of the pods.

August 14, 2024
in Security
8 min read

Some Linux security improvements

The security of a Linux system can be further improved as will be outlined in the chapters of this blog entry. These chapters will discuss how to harden the different layers of the operating system and are based on the Madaidans-insecurities page, various Linux man pages and the security considerations of PlagueOS and secureblue. Hardening the system is done to prevent as many exploits as possible. Such that in the end, you, and only you are in control of your system.

August 12, 2024
in Base installation
8 min read

An Alpine Linux base installation

This blog entry will demonstrate how to install x86_64 Alpine Linux for a server application. Alpine Linux will run on a raid configured encrypted ZFS filesystem with automatic decryption using TPM. Alpine Linux makes a good base for a server because of its simplicity, lightweightness and security. Check out the Alpine Linux wiki for additional resources and information.

August 10, 2022
in Base installation
5 min read

A simple Void Linux base installation

This blog entry will demonstrate how to install a luks encrypted x86_64 Void Linux musl/UEFI signed UKI operating system on a ext4 filesystem. This entry is based on the Void Handbook and the Void man pages.