Last active
July 11, 2024 13:15
-
-
Save artizirk/174c029c813515c171af841c0dc17539 to your computer and use it in GitHub Desktop.
Create a debian container on a zfs pool for usage with systemd-nspawn and machinectl https://wiki.wut.ee/en/sysadmin/systemd-nspawn_containers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| DEFAULT_SUITE="bookworm" | |
| BASE="/var/lib/machines" | |
| ZDATA="rpool/machines" | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "This script must be run as root" 1>&2 | |
| exit 1 | |
| fi | |
| function show_help { | |
| cat <<-EOF | |
| Usage: $0 -h | -n NAME [-s SUITE] [-d] | |
| Create a nspanw container called NAME | |
| -h help | |
| -n container name | |
| -s debian suite (default: ${DEFAULT_SUITE}) | |
| -d delete container | |
| EOF | |
| } | |
| while getopts 'hn:s:d' flag; do | |
| case "${flag}" in | |
| h) show_help; exit 0;; | |
| n) name="${OPTARG}" ;; | |
| s) suite="${OPTARG}" ;; | |
| d) delete=1 ;; | |
| *) echo "Unexpected option ${flag}" ;; | |
| esac | |
| done | |
| SUITE=${suite:-$DEFAULT_SUITE} | |
| if [[ -z ${name:-} ]]; then | |
| echo "Container name is unset" | |
| echo | |
| show_help | |
| exit; | |
| else | |
| echo "Container name is $name and suite is ${SUITE}" | |
| fi | |
| if [[ -n ${delete:-} ]]; then | |
| zfs destroy -r "${ZDATA}/$name" | |
| exit 0 | |
| fi | |
| zfs create "${ZDATA}/${name}" | |
| APT_CACHE_DIR="/var/cache/apt/archives" | |
| if [[ -d ${APT_CACHE_DIR} ]]; then | |
| CACHE_ARGS="--cache-dir=${APT_CACHE_DIR}" | |
| else | |
| CACHE_ARGS="" | |
| fi | |
| debootstrap ${CACHE_ARGS} "${SUITE}" "${BASE}/${name}" | |
| if [ ! -d "$BASE/$name/root/.ssh" ]; then | |
| mkdir "$BASE/$name/root/.ssh" | |
| chmod 700 "$BASE/$name/root/.ssh" | |
| if [ ! -f "$BASE/$name/root/.ssh/authorized_keys" ]; then | |
| cp -v /root/.ssh/authorized_keys "$BASE/$name/root/.ssh/authorized_keys" | |
| chmod 600 "$BASE/$name/root/.ssh/authorized_keys" | |
| echo "added ssh keys to root" | |
| fi | |
| else | |
| echo "ssh keys probably already added" | |
| fi | |
| if [[ -e "$BASE/$name/etc/resolv.conf" ]]; then | |
| rm "$BASE/$name/etc/resolv.conf" | |
| fi | |
| if [[ -e "$BASE/$name/etc/hostname" ]]; then | |
| rm "$BASE/$name/etc/hostname" | |
| fi | |
| systemd-nspawn --console=pipe -D "$BASE/$name" /bin/bash <<'EOF' | |
| echo "Now running inside nspawn $(pwd)" | |
| source /etc/os-release | |
| if [[ "$ID" == "ubuntu" ]]; then | |
| sed -i '1 s/$/ restricted universe multiverse/' /etc/apt/sources.list | |
| elif [[ "$ID" == "debian" ]]; then | |
| sed -i '1 s/$/ contrib non-free/' /etc/apt/sources.list | |
| fi | |
| apt-get update | |
| apt-get install --yes --no-install-recommends locales dbus ssh | |
| echo "locales locales/default_environment_locale select en_US.UTF-8" | debconf-set-selections | |
| echo "locales locales/locales_to_be_generated multiselect en_US.UTF-8 UTF-8, et_EE.UTF-8 UTF-8" | debconf-set-selections | |
| rm /etc/locale.gen | |
| dpkg-reconfigure --frontend noninteractive locales | |
| ln -fs /usr/share/zoneinfo/Europe/Tallinn /etc/localtime | |
| dpkg-reconfigure -f noninteractive tzdata | |
| apt install --yes --no-install-recommends neovim | |
| update-alternatives --set editor /usr/bin/nvim | |
| ln -sf /usr/share/nvim/runtime/macros/less.sh /usr/local/bin/vless | |
| # Use systemd-resovled directly by configuring /etc/nsswitch.conf | |
| apt install --yes --no-install-recommends libnss-resolve | |
| systemctl enable systemd-networkd | |
| systemctl enable systemd-resolved | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment