From dc928ecd9665c91d36243c45a374d7389ea0f1df Mon Sep 17 00:00:00 2001
From: Jip-Hop <2871973+Jip-Hop@users.noreply.github.com>
Date: Sun, 25 Feb 2024 16:19:48 +0100
Subject: [PATCH] Format config templates

---
 templates/docker/config | 36 +++++++++++++++++++-----------------
 templates/incus/config  | 33 ++++++++++++++++++---------------
 templates/lxd/config    | 33 ++++++++++++++++++---------------
 templates/podman/config | 35 ++++++++++++++++++-----------------
 4 files changed, 73 insertions(+), 64 deletions(-)

diff --git a/templates/docker/config b/templates/docker/config
index 9c7e428..c141ec8 100644
--- a/templates/docker/config
+++ b/templates/docker/config
@@ -1,6 +1,6 @@
 startup=0
-gpu_passthrough_intel=0
-gpu_passthrough_nvidia=0   
+gpu_passthrough_intel=1
+gpu_passthrough_nvidia=0
 
 # Use macvlan networking to provide an isolated network namespace,
 # so docker can manage firewall rules
@@ -14,18 +14,23 @@ systemd_nspawn_user_args=--network-macvlan=eno1
 # Script to run on the HOST before starting the jail
 # Load kernel module and config kernel settings required for docker
 pre_start_hook=#!/usr/bin/bash
+    set -euo pipefail
     echo 'PRE_START_HOOK'
     echo 1 > /proc/sys/net/ipv4/ip_forward
     modprobe br_netfilter
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
 
+# Only used while creating the jail
+distro=debian
+release=bookworm
+
 # Install docker inside the jail:
 # https://docs.docker.com/engine/install/debian/#install-using-the-repository
 # NOTE: this script will run in the host networking namespace and ignores
 # all systemd_nspawn_user_args such as bind mounts
 initial_setup=#!/usr/bin/bash
-	set -euo pipefail
+    set -euo pipefail
 
     apt-get update && apt-get -y install ca-certificates curl
     install -m 0755 -d /etc/apt/keyrings
@@ -41,19 +46,16 @@ initial_setup=#!/usr/bin/bash
 
 # You generally will not need to change the options below
 systemd_run_default_args=--property=KillMode=mixed
-	--property=Type=notify
-	--property=RestartForceExitStatus=133
-	--property=SuccessExitStatus=133
-	--property=Delegate=yes
-	--property=TasksMax=infinity
-	--collect
-	--setenv=SYSTEMD_NSPAWN_LOCK=0
+    --property=Type=notify
+    --property=RestartForceExitStatus=133
+    --property=SuccessExitStatus=133
+    --property=Delegate=yes
+    --property=TasksMax=infinity
+    --collect
+    --setenv=SYSTEMD_NSPAWN_LOCK=0
 
 systemd_nspawn_default_args=--keep-unit
-	--quiet
-	--boot
-	--bind-ro=/sys/module
-	--inaccessible=/sys/module/apparmor
-
-# Used by jlmkr create
-initial_rootfs_image=debian bookworm
\ No newline at end of file
+    --quiet
+    --boot
+    --bind-ro=/sys/module
+    --inaccessible=/sys/module/apparmor
\ No newline at end of file
diff --git a/templates/incus/config b/templates/incus/config
index 0c19790..2b82dd8 100644
--- a/templates/incus/config
+++ b/templates/incus/config
@@ -1,6 +1,7 @@
+# WARNING: EXPERIMENTAL CONFIG TEMPLATE!
 startup=0
 gpu_passthrough_intel=1
-gpu_passthrough_nvidia=0   
+gpu_passthrough_nvidia=0
 
 # Use macvlan networking to provide an isolated network namespace,
 # so incus can manage firewall rules
@@ -20,6 +21,7 @@ systemd_nspawn_user_args=--network-macvlan=eno1
 # Script to run on the HOST before starting the jail
 # Load kernel module and config kernel settings required for incus
 pre_start_hook=#!/usr/bin/bash
+    set -euo pipefail
     echo 'PRE_START_HOOK'
     echo 1 > /proc/sys/net/ipv4/ip_forward
     modprobe br_netfilter
@@ -27,6 +29,10 @@ pre_start_hook=#!/usr/bin/bash
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
     modprobe vhost_vsock
 
+# Only used while creating the jail
+distro=debian
+release=bookworm
+
 # Install incus according to:
 # https://github.com/zabbly/incus#installation
 # NOTE: this script will run in the host networking namespace and ignores
@@ -50,21 +56,18 @@ initial_setup=#!/usr/bin/bash
 
 # You generally will not need to change the options below
 systemd_run_default_args=--property=KillMode=mixed
-	--property=Type=notify
-	--property=RestartForceExitStatus=133
-	--property=SuccessExitStatus=133
-	--property=Delegate=yes
-	--property=TasksMax=infinity
-	--collect
-	--setenv=SYSTEMD_NSPAWN_LOCK=0
+    --property=Type=notify
+    --property=RestartForceExitStatus=133
+    --property=SuccessExitStatus=133
+    --property=Delegate=yes
+    --property=TasksMax=infinity
+    --collect
+    --setenv=SYSTEMD_NSPAWN_LOCK=0
 # TODO: add below if required:
 # --property=DevicePolicy=auto
 
 systemd_nspawn_default_args=--keep-unit
-	--quiet
-	--boot
-	--bind-ro=/sys/module
-	--inaccessible=/sys/module/apparmor
-
-# Used by jlmkr create
-initial_rootfs_image=debian bookworm
\ No newline at end of file
+    --quiet
+    --boot
+    --bind-ro=/sys/module
+    --inaccessible=/sys/module/apparmor
\ No newline at end of file
diff --git a/templates/lxd/config b/templates/lxd/config
index db6c1fc..2c1e46e 100644
--- a/templates/lxd/config
+++ b/templates/lxd/config
@@ -1,6 +1,7 @@
+# WARNING: EXPERIMENTAL CONFIG TEMPLATE!
 startup=0
 gpu_passthrough_intel=1
-gpu_passthrough_nvidia=0   
+gpu_passthrough_nvidia=0
 
 # Use macvlan networking to provide an isolated network namespace,
 # so lxd can manage firewall rules
@@ -20,6 +21,7 @@ systemd_nspawn_user_args=--network-bridge=br1
 # Script to run on the HOST before starting the jail
 # Load kernel module and config kernel settings required for lxd
 pre_start_hook=#!/usr/bin/bash
+    set -euo pipefail
     echo 'PRE_START_HOOK'
     echo 1 > /proc/sys/net/ipv4/ip_forward
     modprobe br_netfilter
@@ -27,6 +29,10 @@ pre_start_hook=#!/usr/bin/bash
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
     modprobe vhost_vsock
 
+# Only used while creating the jail
+distro=ubuntu
+release=jammy
+
 # NOTE: this script will run in the host networking namespace and ignores
 # all systemd_nspawn_user_args such as bind mounts
 initial_setup=#!/usr/bin/bash
@@ -36,21 +42,18 @@ initial_setup=#!/usr/bin/bash
 
 # You generally will not need to change the options below
 systemd_run_default_args=--property=KillMode=mixed
-	--property=Type=notify
-	--property=RestartForceExitStatus=133
-	--property=SuccessExitStatus=133
-	--property=Delegate=yes
-	--property=TasksMax=infinity
-	--collect
-	--setenv=SYSTEMD_NSPAWN_LOCK=0
+    --property=Type=notify
+    --property=RestartForceExitStatus=133
+    --property=SuccessExitStatus=133
+    --property=Delegate=yes
+    --property=TasksMax=infinity
+    --collect
+    --setenv=SYSTEMD_NSPAWN_LOCK=0
 # TODO: add below if required:
 # --property=DevicePolicy=auto
 
 systemd_nspawn_default_args=--keep-unit
-	--quiet
-	--boot
-	--bind-ro=/sys/module
-	--inaccessible=/sys/module/apparmor
-
-# Used by jlmkr create
-initial_rootfs_image=ubuntu jammy
\ No newline at end of file
+    --quiet
+    --boot
+    --bind-ro=/sys/module
+    --inaccessible=/sys/module/apparmor
\ No newline at end of file
diff --git a/templates/podman/config b/templates/podman/config
index ee8f2c7..4675e07 100644
--- a/templates/podman/config
+++ b/templates/podman/config
@@ -1,6 +1,6 @@
 startup=0
 gpu_passthrough_intel=0
-gpu_passthrough_nvidia=0   
+gpu_passthrough_nvidia=0
 
 # Use macvlan networking to provide an isolated network namespace,
 # so podman can manage firewall rules
@@ -14,18 +14,22 @@ systemd_nspawn_user_args=--network-macvlan=eno1
 # Script to run on the HOST before starting the jail
 # Load kernel module and config kernel settings required for podman
 pre_start_hook=#!/usr/bin/bash
+    set -euo pipefail
     echo 'PRE_START_HOOK'
     echo 1 > /proc/sys/net/ipv4/ip_forward
     modprobe br_netfilter
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
     echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
 
+# Only used while creating the jail
+distro=fedora
+release=39
+
 # Install podman inside the jail
 # NOTE: this script will run in the host networking namespace and ignores
 # all systemd_nspawn_user_args such as bind mounts
-
 initial_setup=#!/usr/bin/bash
-	set -euo pipefail
+    set -euo pipefail
     dnf -y install podman
     # Add the required capabilities to the `newuidmap` and `newgidmap` binaries
     # https://github.com/containers/podman/issues/2788#issuecomment-1016301663
@@ -35,19 +39,16 @@ initial_setup=#!/usr/bin/bash
 
 # You generally will not need to change the options below
 systemd_run_default_args=--property=KillMode=mixed
-	--property=Type=notify
-	--property=RestartForceExitStatus=133
-	--property=SuccessExitStatus=133
-	--property=Delegate=yes
-	--property=TasksMax=infinity
-	--collect
-	--setenv=SYSTEMD_NSPAWN_LOCK=0
+    --property=Type=notify
+    --property=RestartForceExitStatus=133
+    --property=SuccessExitStatus=133
+    --property=Delegate=yes
+    --property=TasksMax=infinity
+    --collect
+    --setenv=SYSTEMD_NSPAWN_LOCK=0
 
 systemd_nspawn_default_args=--keep-unit
-	--quiet
-	--boot
-	--bind-ro=/sys/module
-	--inaccessible=/sys/module/apparmor
-
-# Used by jlmkr create
-initial_rootfs_image=fedora 39
\ No newline at end of file
+    --quiet
+    --boot
+    --bind-ro=/sys/module
+    --inaccessible=/sys/module/apparmor
\ No newline at end of file