Format config templates

This commit is contained in:
Jip-Hop 2024-02-25 16:19:48 +01:00
parent 21eef74929
commit dc928ecd96
4 changed files with 73 additions and 64 deletions
templates
docker
incus
lxd
podman

View File

@ -1,6 +1,6 @@
startup=0 startup=0
gpu_passthrough_intel=0 gpu_passthrough_intel=1
gpu_passthrough_nvidia=0 gpu_passthrough_nvidia=0
# Use macvlan networking to provide an isolated network namespace, # Use macvlan networking to provide an isolated network namespace,
# so docker can manage firewall rules # so docker can manage firewall rules
@ -14,18 +14,23 @@ systemd_nspawn_user_args=--network-macvlan=eno1
# Script to run on the HOST before starting the jail # Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for docker # Load kernel module and config kernel settings required for docker
pre_start_hook=#!/usr/bin/bash pre_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'PRE_START_HOOK' echo 'PRE_START_HOOK'
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
# Only used while creating the jail
distro=debian
release=bookworm
# Install docker inside the jail: # Install docker inside the jail:
# https://docs.docker.com/engine/install/debian/#install-using-the-repository # https://docs.docker.com/engine/install/debian/#install-using-the-repository
# NOTE: this script will run in the host networking namespace and ignores # NOTE: this script will run in the host networking namespace and ignores
# all systemd_nspawn_user_args such as bind mounts # all systemd_nspawn_user_args such as bind mounts
initial_setup=#!/usr/bin/bash initial_setup=#!/usr/bin/bash
set -euo pipefail set -euo pipefail
apt-get update && apt-get -y install ca-certificates curl apt-get update && apt-get -y install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings install -m 0755 -d /etc/apt/keyrings
@ -41,19 +46,16 @@ initial_setup=#!/usr/bin/bash
# You generally will not need to change the options below # You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed systemd_run_default_args=--property=KillMode=mixed
--property=Type=notify --property=Type=notify
--property=RestartForceExitStatus=133 --property=RestartForceExitStatus=133
--property=SuccessExitStatus=133 --property=SuccessExitStatus=133
--property=Delegate=yes --property=Delegate=yes
--property=TasksMax=infinity --property=TasksMax=infinity
--collect --collect
--setenv=SYSTEMD_NSPAWN_LOCK=0 --setenv=SYSTEMD_NSPAWN_LOCK=0
systemd_nspawn_default_args=--keep-unit systemd_nspawn_default_args=--keep-unit
--quiet --quiet
--boot --boot
--bind-ro=/sys/module --bind-ro=/sys/module
--inaccessible=/sys/module/apparmor --inaccessible=/sys/module/apparmor
# Used by jlmkr create
initial_rootfs_image=debian bookworm

View File

@ -1,6 +1,7 @@
# WARNING: EXPERIMENTAL CONFIG TEMPLATE!
startup=0 startup=0
gpu_passthrough_intel=1 gpu_passthrough_intel=1
gpu_passthrough_nvidia=0 gpu_passthrough_nvidia=0
# Use macvlan networking to provide an isolated network namespace, # Use macvlan networking to provide an isolated network namespace,
# so incus can manage firewall rules # so incus can manage firewall rules
@ -20,6 +21,7 @@ systemd_nspawn_user_args=--network-macvlan=eno1
# Script to run on the HOST before starting the jail # Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for incus # Load kernel module and config kernel settings required for incus
pre_start_hook=#!/usr/bin/bash pre_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'PRE_START_HOOK' echo 'PRE_START_HOOK'
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter modprobe br_netfilter
@ -27,6 +29,10 @@ pre_start_hook=#!/usr/bin/bash
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
modprobe vhost_vsock modprobe vhost_vsock
# Only used while creating the jail
distro=debian
release=bookworm
# Install incus according to: # Install incus according to:
# https://github.com/zabbly/incus#installation # https://github.com/zabbly/incus#installation
# NOTE: this script will run in the host networking namespace and ignores # NOTE: this script will run in the host networking namespace and ignores
@ -50,21 +56,18 @@ initial_setup=#!/usr/bin/bash
# You generally will not need to change the options below # You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed systemd_run_default_args=--property=KillMode=mixed
--property=Type=notify --property=Type=notify
--property=RestartForceExitStatus=133 --property=RestartForceExitStatus=133
--property=SuccessExitStatus=133 --property=SuccessExitStatus=133
--property=Delegate=yes --property=Delegate=yes
--property=TasksMax=infinity --property=TasksMax=infinity
--collect --collect
--setenv=SYSTEMD_NSPAWN_LOCK=0 --setenv=SYSTEMD_NSPAWN_LOCK=0
# TODO: add below if required: # TODO: add below if required:
# --property=DevicePolicy=auto # --property=DevicePolicy=auto
systemd_nspawn_default_args=--keep-unit systemd_nspawn_default_args=--keep-unit
--quiet --quiet
--boot --boot
--bind-ro=/sys/module --bind-ro=/sys/module
--inaccessible=/sys/module/apparmor --inaccessible=/sys/module/apparmor
# Used by jlmkr create
initial_rootfs_image=debian bookworm

View File

@ -1,6 +1,7 @@
# WARNING: EXPERIMENTAL CONFIG TEMPLATE!
startup=0 startup=0
gpu_passthrough_intel=1 gpu_passthrough_intel=1
gpu_passthrough_nvidia=0 gpu_passthrough_nvidia=0
# Use macvlan networking to provide an isolated network namespace, # Use macvlan networking to provide an isolated network namespace,
# so lxd can manage firewall rules # so lxd can manage firewall rules
@ -20,6 +21,7 @@ systemd_nspawn_user_args=--network-bridge=br1
# Script to run on the HOST before starting the jail # Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for lxd # Load kernel module and config kernel settings required for lxd
pre_start_hook=#!/usr/bin/bash pre_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'PRE_START_HOOK' echo 'PRE_START_HOOK'
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter modprobe br_netfilter
@ -27,6 +29,10 @@ pre_start_hook=#!/usr/bin/bash
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
modprobe vhost_vsock modprobe vhost_vsock
# Only used while creating the jail
distro=ubuntu
release=jammy
# NOTE: this script will run in the host networking namespace and ignores # NOTE: this script will run in the host networking namespace and ignores
# all systemd_nspawn_user_args such as bind mounts # all systemd_nspawn_user_args such as bind mounts
initial_setup=#!/usr/bin/bash initial_setup=#!/usr/bin/bash
@ -36,21 +42,18 @@ initial_setup=#!/usr/bin/bash
# You generally will not need to change the options below # You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed systemd_run_default_args=--property=KillMode=mixed
--property=Type=notify --property=Type=notify
--property=RestartForceExitStatus=133 --property=RestartForceExitStatus=133
--property=SuccessExitStatus=133 --property=SuccessExitStatus=133
--property=Delegate=yes --property=Delegate=yes
--property=TasksMax=infinity --property=TasksMax=infinity
--collect --collect
--setenv=SYSTEMD_NSPAWN_LOCK=0 --setenv=SYSTEMD_NSPAWN_LOCK=0
# TODO: add below if required: # TODO: add below if required:
# --property=DevicePolicy=auto # --property=DevicePolicy=auto
systemd_nspawn_default_args=--keep-unit systemd_nspawn_default_args=--keep-unit
--quiet --quiet
--boot --boot
--bind-ro=/sys/module --bind-ro=/sys/module
--inaccessible=/sys/module/apparmor --inaccessible=/sys/module/apparmor
# Used by jlmkr create
initial_rootfs_image=ubuntu jammy

View File

@ -1,6 +1,6 @@
startup=0 startup=0
gpu_passthrough_intel=0 gpu_passthrough_intel=0
gpu_passthrough_nvidia=0 gpu_passthrough_nvidia=0
# Use macvlan networking to provide an isolated network namespace, # Use macvlan networking to provide an isolated network namespace,
# so podman can manage firewall rules # so podman can manage firewall rules
@ -14,18 +14,22 @@ systemd_nspawn_user_args=--network-macvlan=eno1
# Script to run on the HOST before starting the jail # Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for podman # Load kernel module and config kernel settings required for podman
pre_start_hook=#!/usr/bin/bash pre_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'PRE_START_HOOK' echo 'PRE_START_HOOK'
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
# Only used while creating the jail
distro=fedora
release=39
# Install podman inside the jail # Install podman inside the jail
# NOTE: this script will run in the host networking namespace and ignores # NOTE: this script will run in the host networking namespace and ignores
# all systemd_nspawn_user_args such as bind mounts # all systemd_nspawn_user_args such as bind mounts
initial_setup=#!/usr/bin/bash initial_setup=#!/usr/bin/bash
set -euo pipefail set -euo pipefail
dnf -y install podman dnf -y install podman
# Add the required capabilities to the `newuidmap` and `newgidmap` binaries # Add the required capabilities to the `newuidmap` and `newgidmap` binaries
# https://github.com/containers/podman/issues/2788#issuecomment-1016301663 # https://github.com/containers/podman/issues/2788#issuecomment-1016301663
@ -35,19 +39,16 @@ initial_setup=#!/usr/bin/bash
# You generally will not need to change the options below # You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed systemd_run_default_args=--property=KillMode=mixed
--property=Type=notify --property=Type=notify
--property=RestartForceExitStatus=133 --property=RestartForceExitStatus=133
--property=SuccessExitStatus=133 --property=SuccessExitStatus=133
--property=Delegate=yes --property=Delegate=yes
--property=TasksMax=infinity --property=TasksMax=infinity
--collect --collect
--setenv=SYSTEMD_NSPAWN_LOCK=0 --setenv=SYSTEMD_NSPAWN_LOCK=0
systemd_nspawn_default_args=--keep-unit systemd_nspawn_default_args=--keep-unit
--quiet --quiet
--boot --boot
--bind-ro=/sys/module --bind-ro=/sys/module
--inaccessible=/sys/module/apparmor --inaccessible=/sys/module/apparmor
# Used by jlmkr create
initial_rootfs_image=fedora 39