egeneralov · May 9, 2021 20:33
diff --git a/machinectl-init.sh b/machinectl-init.sh
 #!/bin/bash -xe

 fallocate -L 10G /var/lib/machines.raw
 mkfs.btrfs -d single -M -L machines -K /var/lib/machines.raw
 systemctl restart var-lib-machines.mount
 btrfs subvolume create /var/lib/machines/buster/
 debootstrap --include=systemd,systemd-container --components=main,contrib,non-free --arch=amd64 --no-check-certificate --no-check-gpg buster /var/lib/machines/buster/ http://deb.debian.org/debian

 chroot /var/lib/machines/buster/ systemctl enable systemd-{network,resolve}d
 chroot /var/lib/machines/buster/ systemctl disable {rsyslog,cron,console-getty}.service
 ln -sf /run/systemd/resolve/stub-resolv.conf /var/lib/machines/buster/etc/resolv.conf
 mkdir /var/lib/machines/buster/etc/systemd/resolved.conf.d
 cat << EOF > /var/lib/machines/buster/etc/systemd/resolved.conf.d/dns.conf
 [Resolve]
 DNS=1.1.1.1 8.8.8.8
 Domains=~.
 DNSSEC=true
 EOF


 cat << EOF > /var/lib/machines/buster/etc/apt/sources.list
 deb http://deb.debian.org/debian/ buster main non-free contrib
 deb http://security.debian.org/debian-security buster/updates main contrib non-free
 deb http://deb.debian.org/debian/ buster-updates main contrib non-free
 deb http://deb.debian.org/debian/ buster-backports main contrib non-free
 EOF
diff --git a/machinectl-new.sh b/machinectl-new.sh
 #!/bin/bash -xe

 new_machine () {

 btrfs subvolume snapshot /var/lib/machines/{buster,${1}}

 mkdir -p /etc/systemd/nspawn/
 cat << EOF > /etc/systemd/nspawn/${1}.nspawn
 [Exec]
 Boot=yes
 #Environment=
 #Capability
 #DropCapability
 #AmbientCapability
 #NoNewPrivileges
 MachineID=$(uuid)
 #Personality
 #LimitCPU=, LimitFSIZE=, LimitDATA=, LimitSTACK=, LimitCORE=, LimitRSS=, LimitNOFILE=, LimitAS=, LimitNPROC=, LimitMEMLOCK=, LimitLOCKS=, LimitSIGPENDING=, LimitMSGQUEUE=, LimitNICE=, LimitRTPRIO=, LimitRTTIME=
 #OOMScoreAdjust=
 #CPUAffinity
 Hostname=${1}
 Timezone=UTC
 LinkJournal=try-guest
 [Files]
 #Bind=, BindReadOnly=
 #Overlay=, OverlayReadOnly=
 #PrivateUsersChown=
 [Network]
 Bridge=bridge
 #Port=
 EOF

 machinectl start ${1}

 machinectl shell ${1} /usr/bin/hostnamectl set-hostname ${1}
 machinectl shell ${1} /usr/bin/apt-get update -q

 }
	#!/bin/bash -xe

	fallocate -L 10G /var/lib/machines.raw
	mkfs.btrfs -d single -M -L machines -K /var/lib/machines.raw
	systemctl restart var-lib-machines.mount
	btrfs subvolume create /var/lib/machines/buster/
	debootstrap --include=systemd,systemd-container --components=main,contrib,non-free --arch=amd64 --no-check-certificate --no-check-gpg buster /var/lib/machines/buster/ http://deb.debian.org/debian

	chroot /var/lib/machines/buster/ systemctl enable systemd-{network,resolve}d
	chroot /var/lib/machines/buster/ systemctl disable {rsyslog,cron,console-getty}.service
	ln -sf /run/systemd/resolve/stub-resolv.conf /var/lib/machines/buster/etc/resolv.conf
	mkdir /var/lib/machines/buster/etc/systemd/resolved.conf.d
	cat << EOF > /var/lib/machines/buster/etc/systemd/resolved.conf.d/dns.conf
	[Resolve]
	DNS=1.1.1.1 8.8.8.8
	Domains=~.
	DNSSEC=true
	EOF


	cat << EOF > /var/lib/machines/buster/etc/apt/sources.list
	deb http://deb.debian.org/debian/ buster main non-free contrib
	deb http://security.debian.org/debian-security buster/updates main contrib non-free
	deb http://deb.debian.org/debian/ buster-updates main contrib non-free
	deb http://deb.debian.org/debian/ buster-backports main contrib non-free
	EOF
	#!/bin/bash -xe

	new_machine () {

	btrfs subvolume snapshot /var/lib/machines/{buster,${1}}

	mkdir -p /etc/systemd/nspawn/
	cat << EOF > /etc/systemd/nspawn/${1}.nspawn
	[Exec]
	Boot=yes
	#Environment=
	#Capability
	#DropCapability
	#AmbientCapability
	#NoNewPrivileges
	MachineID=$(uuid)
	#Personality
	#LimitCPU=, LimitFSIZE=, LimitDATA=, LimitSTACK=, LimitCORE=, LimitRSS=, LimitNOFILE=, LimitAS=, LimitNPROC=, LimitMEMLOCK=, LimitLOCKS=, LimitSIGPENDING=, LimitMSGQUEUE=, LimitNICE=, LimitRTPRIO=, LimitRTTIME=
	#OOMScoreAdjust=
	#CPUAffinity
	Hostname=${1}
	Timezone=UTC
	LinkJournal=try-guest
	[Files]
	#Bind=, BindReadOnly=
	#Overlay=, OverlayReadOnly=
	#PrivateUsersChown=
	[Network]
	Bridge=bridge
	#Port=
	EOF

	machinectl start ${1}

	machinectl shell ${1} /usr/bin/hostnamectl set-hostname ${1}
	machinectl shell ${1} /usr/bin/apt-get update -q

	}