Format config templates
This commit is contained in:
parent
21eef74929
commit
dc928ecd96
|
@ -1,6 +1,6 @@
|
||||||
startup=0
|
startup=0
|
||||||
gpu_passthrough_intel=0
|
gpu_passthrough_intel=1
|
||||||
gpu_passthrough_nvidia=0
|
gpu_passthrough_nvidia=0
|
||||||
|
|
||||||
# Use macvlan networking to provide an isolated network namespace,
|
# Use macvlan networking to provide an isolated network namespace,
|
||||||
# so docker can manage firewall rules
|
# so docker can manage firewall rules
|
||||||
|
@ -14,18 +14,23 @@ systemd_nspawn_user_args=--network-macvlan=eno1
|
||||||
# Script to run on the HOST before starting the jail
|
# Script to run on the HOST before starting the jail
|
||||||
# Load kernel module and config kernel settings required for docker
|
# Load kernel module and config kernel settings required for docker
|
||||||
pre_start_hook=#!/usr/bin/bash
|
pre_start_hook=#!/usr/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
echo 'PRE_START_HOOK'
|
echo 'PRE_START_HOOK'
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
modprobe br_netfilter
|
modprobe br_netfilter
|
||||||
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
|
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
|
||||||
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
||||||
|
|
||||||
|
# Only used while creating the jail
|
||||||
|
distro=debian
|
||||||
|
release=bookworm
|
||||||
|
|
||||||
# Install docker inside the jail:
|
# Install docker inside the jail:
|
||||||
# https://docs.docker.com/engine/install/debian/#install-using-the-repository
|
# https://docs.docker.com/engine/install/debian/#install-using-the-repository
|
||||||
# NOTE: this script will run in the host networking namespace and ignores
|
# NOTE: this script will run in the host networking namespace and ignores
|
||||||
# all systemd_nspawn_user_args such as bind mounts
|
# all systemd_nspawn_user_args such as bind mounts
|
||||||
initial_setup=#!/usr/bin/bash
|
initial_setup=#!/usr/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
apt-get update && apt-get -y install ca-certificates curl
|
apt-get update && apt-get -y install ca-certificates curl
|
||||||
install -m 0755 -d /etc/apt/keyrings
|
install -m 0755 -d /etc/apt/keyrings
|
||||||
|
@ -41,19 +46,16 @@ initial_setup=#!/usr/bin/bash
|
||||||
|
|
||||||
# You generally will not need to change the options below
|
# You generally will not need to change the options below
|
||||||
systemd_run_default_args=--property=KillMode=mixed
|
systemd_run_default_args=--property=KillMode=mixed
|
||||||
--property=Type=notify
|
--property=Type=notify
|
||||||
--property=RestartForceExitStatus=133
|
--property=RestartForceExitStatus=133
|
||||||
--property=SuccessExitStatus=133
|
--property=SuccessExitStatus=133
|
||||||
--property=Delegate=yes
|
--property=Delegate=yes
|
||||||
--property=TasksMax=infinity
|
--property=TasksMax=infinity
|
||||||
--collect
|
--collect
|
||||||
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
||||||
|
|
||||||
systemd_nspawn_default_args=--keep-unit
|
systemd_nspawn_default_args=--keep-unit
|
||||||
--quiet
|
--quiet
|
||||||
--boot
|
--boot
|
||||||
--bind-ro=/sys/module
|
--bind-ro=/sys/module
|
||||||
--inaccessible=/sys/module/apparmor
|
--inaccessible=/sys/module/apparmor
|
||||||
|
|
||||||
# Used by jlmkr create
|
|
||||||
initial_rootfs_image=debian bookworm
|
|
|
@ -1,6 +1,7 @@
|
||||||
|
# WARNING: EXPERIMENTAL CONFIG TEMPLATE!
|
||||||
startup=0
|
startup=0
|
||||||
gpu_passthrough_intel=1
|
gpu_passthrough_intel=1
|
||||||
gpu_passthrough_nvidia=0
|
gpu_passthrough_nvidia=0
|
||||||
|
|
||||||
# Use macvlan networking to provide an isolated network namespace,
|
# Use macvlan networking to provide an isolated network namespace,
|
||||||
# so incus can manage firewall rules
|
# so incus can manage firewall rules
|
||||||
|
@ -20,6 +21,7 @@ systemd_nspawn_user_args=--network-macvlan=eno1
|
||||||
# Script to run on the HOST before starting the jail
|
# Script to run on the HOST before starting the jail
|
||||||
# Load kernel module and config kernel settings required for incus
|
# Load kernel module and config kernel settings required for incus
|
||||||
pre_start_hook=#!/usr/bin/bash
|
pre_start_hook=#!/usr/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
echo 'PRE_START_HOOK'
|
echo 'PRE_START_HOOK'
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
modprobe br_netfilter
|
modprobe br_netfilter
|
||||||
|
@ -27,6 +29,10 @@ pre_start_hook=#!/usr/bin/bash
|
||||||
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
||||||
modprobe vhost_vsock
|
modprobe vhost_vsock
|
||||||
|
|
||||||
|
# Only used while creating the jail
|
||||||
|
distro=debian
|
||||||
|
release=bookworm
|
||||||
|
|
||||||
# Install incus according to:
|
# Install incus according to:
|
||||||
# https://github.com/zabbly/incus#installation
|
# https://github.com/zabbly/incus#installation
|
||||||
# NOTE: this script will run in the host networking namespace and ignores
|
# NOTE: this script will run in the host networking namespace and ignores
|
||||||
|
@ -50,21 +56,18 @@ initial_setup=#!/usr/bin/bash
|
||||||
|
|
||||||
# You generally will not need to change the options below
|
# You generally will not need to change the options below
|
||||||
systemd_run_default_args=--property=KillMode=mixed
|
systemd_run_default_args=--property=KillMode=mixed
|
||||||
--property=Type=notify
|
--property=Type=notify
|
||||||
--property=RestartForceExitStatus=133
|
--property=RestartForceExitStatus=133
|
||||||
--property=SuccessExitStatus=133
|
--property=SuccessExitStatus=133
|
||||||
--property=Delegate=yes
|
--property=Delegate=yes
|
||||||
--property=TasksMax=infinity
|
--property=TasksMax=infinity
|
||||||
--collect
|
--collect
|
||||||
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
||||||
# TODO: add below if required:
|
# TODO: add below if required:
|
||||||
# --property=DevicePolicy=auto
|
# --property=DevicePolicy=auto
|
||||||
|
|
||||||
systemd_nspawn_default_args=--keep-unit
|
systemd_nspawn_default_args=--keep-unit
|
||||||
--quiet
|
--quiet
|
||||||
--boot
|
--boot
|
||||||
--bind-ro=/sys/module
|
--bind-ro=/sys/module
|
||||||
--inaccessible=/sys/module/apparmor
|
--inaccessible=/sys/module/apparmor
|
||||||
|
|
||||||
# Used by jlmkr create
|
|
||||||
initial_rootfs_image=debian bookworm
|
|
|
@ -1,6 +1,7 @@
|
||||||
|
# WARNING: EXPERIMENTAL CONFIG TEMPLATE!
|
||||||
startup=0
|
startup=0
|
||||||
gpu_passthrough_intel=1
|
gpu_passthrough_intel=1
|
||||||
gpu_passthrough_nvidia=0
|
gpu_passthrough_nvidia=0
|
||||||
|
|
||||||
# Use macvlan networking to provide an isolated network namespace,
|
# Use macvlan networking to provide an isolated network namespace,
|
||||||
# so lxd can manage firewall rules
|
# so lxd can manage firewall rules
|
||||||
|
@ -20,6 +21,7 @@ systemd_nspawn_user_args=--network-bridge=br1
|
||||||
# Script to run on the HOST before starting the jail
|
# Script to run on the HOST before starting the jail
|
||||||
# Load kernel module and config kernel settings required for lxd
|
# Load kernel module and config kernel settings required for lxd
|
||||||
pre_start_hook=#!/usr/bin/bash
|
pre_start_hook=#!/usr/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
echo 'PRE_START_HOOK'
|
echo 'PRE_START_HOOK'
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
modprobe br_netfilter
|
modprobe br_netfilter
|
||||||
|
@ -27,6 +29,10 @@ pre_start_hook=#!/usr/bin/bash
|
||||||
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
||||||
modprobe vhost_vsock
|
modprobe vhost_vsock
|
||||||
|
|
||||||
|
# Only used while creating the jail
|
||||||
|
distro=ubuntu
|
||||||
|
release=jammy
|
||||||
|
|
||||||
# NOTE: this script will run in the host networking namespace and ignores
|
# NOTE: this script will run in the host networking namespace and ignores
|
||||||
# all systemd_nspawn_user_args such as bind mounts
|
# all systemd_nspawn_user_args such as bind mounts
|
||||||
initial_setup=#!/usr/bin/bash
|
initial_setup=#!/usr/bin/bash
|
||||||
|
@ -36,21 +42,18 @@ initial_setup=#!/usr/bin/bash
|
||||||
|
|
||||||
# You generally will not need to change the options below
|
# You generally will not need to change the options below
|
||||||
systemd_run_default_args=--property=KillMode=mixed
|
systemd_run_default_args=--property=KillMode=mixed
|
||||||
--property=Type=notify
|
--property=Type=notify
|
||||||
--property=RestartForceExitStatus=133
|
--property=RestartForceExitStatus=133
|
||||||
--property=SuccessExitStatus=133
|
--property=SuccessExitStatus=133
|
||||||
--property=Delegate=yes
|
--property=Delegate=yes
|
||||||
--property=TasksMax=infinity
|
--property=TasksMax=infinity
|
||||||
--collect
|
--collect
|
||||||
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
||||||
# TODO: add below if required:
|
# TODO: add below if required:
|
||||||
# --property=DevicePolicy=auto
|
# --property=DevicePolicy=auto
|
||||||
|
|
||||||
systemd_nspawn_default_args=--keep-unit
|
systemd_nspawn_default_args=--keep-unit
|
||||||
--quiet
|
--quiet
|
||||||
--boot
|
--boot
|
||||||
--bind-ro=/sys/module
|
--bind-ro=/sys/module
|
||||||
--inaccessible=/sys/module/apparmor
|
--inaccessible=/sys/module/apparmor
|
||||||
|
|
||||||
# Used by jlmkr create
|
|
||||||
initial_rootfs_image=ubuntu jammy
|
|
|
@ -1,6 +1,6 @@
|
||||||
startup=0
|
startup=0
|
||||||
gpu_passthrough_intel=0
|
gpu_passthrough_intel=0
|
||||||
gpu_passthrough_nvidia=0
|
gpu_passthrough_nvidia=0
|
||||||
|
|
||||||
# Use macvlan networking to provide an isolated network namespace,
|
# Use macvlan networking to provide an isolated network namespace,
|
||||||
# so podman can manage firewall rules
|
# so podman can manage firewall rules
|
||||||
|
@ -14,18 +14,22 @@ systemd_nspawn_user_args=--network-macvlan=eno1
|
||||||
# Script to run on the HOST before starting the jail
|
# Script to run on the HOST before starting the jail
|
||||||
# Load kernel module and config kernel settings required for podman
|
# Load kernel module and config kernel settings required for podman
|
||||||
pre_start_hook=#!/usr/bin/bash
|
pre_start_hook=#!/usr/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
echo 'PRE_START_HOOK'
|
echo 'PRE_START_HOOK'
|
||||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
modprobe br_netfilter
|
modprobe br_netfilter
|
||||||
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
|
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
|
||||||
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
|
||||||
|
|
||||||
|
# Only used while creating the jail
|
||||||
|
distro=fedora
|
||||||
|
release=39
|
||||||
|
|
||||||
# Install podman inside the jail
|
# Install podman inside the jail
|
||||||
# NOTE: this script will run in the host networking namespace and ignores
|
# NOTE: this script will run in the host networking namespace and ignores
|
||||||
# all systemd_nspawn_user_args such as bind mounts
|
# all systemd_nspawn_user_args such as bind mounts
|
||||||
|
|
||||||
initial_setup=#!/usr/bin/bash
|
initial_setup=#!/usr/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
dnf -y install podman
|
dnf -y install podman
|
||||||
# Add the required capabilities to the `newuidmap` and `newgidmap` binaries
|
# Add the required capabilities to the `newuidmap` and `newgidmap` binaries
|
||||||
# https://github.com/containers/podman/issues/2788#issuecomment-1016301663
|
# https://github.com/containers/podman/issues/2788#issuecomment-1016301663
|
||||||
|
@ -35,19 +39,16 @@ initial_setup=#!/usr/bin/bash
|
||||||
|
|
||||||
# You generally will not need to change the options below
|
# You generally will not need to change the options below
|
||||||
systemd_run_default_args=--property=KillMode=mixed
|
systemd_run_default_args=--property=KillMode=mixed
|
||||||
--property=Type=notify
|
--property=Type=notify
|
||||||
--property=RestartForceExitStatus=133
|
--property=RestartForceExitStatus=133
|
||||||
--property=SuccessExitStatus=133
|
--property=SuccessExitStatus=133
|
||||||
--property=Delegate=yes
|
--property=Delegate=yes
|
||||||
--property=TasksMax=infinity
|
--property=TasksMax=infinity
|
||||||
--collect
|
--collect
|
||||||
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
--setenv=SYSTEMD_NSPAWN_LOCK=0
|
||||||
|
|
||||||
systemd_nspawn_default_args=--keep-unit
|
systemd_nspawn_default_args=--keep-unit
|
||||||
--quiet
|
--quiet
|
||||||
--boot
|
--boot
|
||||||
--bind-ro=/sys/module
|
--bind-ro=/sys/module
|
||||||
--inaccessible=/sys/module/apparmor
|
--inaccessible=/sys/module/apparmor
|
||||||
|
|
||||||
# Used by jlmkr create
|
|
||||||
initial_rootfs_image=fedora 39
|
|
Loading…
Reference in New Issue