Trying to get a bit familiar with systemd-nspawn (little bit clumsy name) by following this article:
https://benjamintoll.com/2022/02/04/on-running-systemd-nspawn-containers/
Its a bit outdated, eg. `machinectl pull-raw ...` is `importctl pull-raw`, but it can be translated.
Trying to create an image using `mkosi` that then later can be started.
Overall aim is to start a firefox in a spawned container. Let's see...
The thing I hate about #Discourse is the need to use docker. Docker is a PITA to run in systemd-nspawn, and I guess #lxc, too. I would put much more energy into hosting my Discourse if I just could install it in my system containers without too much hassle.
Other than that, Discourse is great.
Ok #systemd #nixos #nspawn container question.
On the host I've mounted a nfs share rw.
In a nixos container i've a bind mount of that nfs mount into another directory.
If I open a shell inside that container as root I see that nfs/bindmount rw. But all other users (if I look at their /proc/<pid>/mounts see that nfs share mounted as ro read-only ...
Alright , play time aka show off useless craps ... enjoy!
#linuxadmin #opensuse #fedora #systemd #nspawn #tool #opensource
Alright , play time aka show off useless craps ... enjoy!
#linuxadmin #opensuse #fedora #systemd #nspawn #tool #opensource
You can mirror our images via `rsync`, simply use the following command pointing to your mirror's destination path:
`rsync -avzP http://hub.nspawn.org::containers /your_path`
You are welcome to mirror us or use our images for your convenience!
Preview of a project im working on right now with Systemd-Nspawn! What an amazing technology to work with.
With Open Source IDE: #Lapce - https://lapce.dev/
and the ubiquity of #SystemD #nspawn #containers , It is possible to have a bloat-free workstation on #Linux
Just use the nspawn container to store all the dev-related packages and use the remote/SSH connection feature of Lapce to connect to those containers.
Your workstation will stay 'clean' relative to a situation if you had Java, Ruby, NodeJS, Python, Go and Rust all installed directly on the workstation.
Creating Sandboxes with systemd-nspawn and debootstrap
Exploring new #Linux features is exciting, but it can be risky! I sometimes break my system while testing packages. To avoid this, I recently tried #systemd-nspawn with #debootstrap - it's a lightweight #container that works well for isolated testing.
#Debian users, this guide shows you how to get systemd-#nspawn up and running, no fuss.
Installing the packages
First things first, we need to install two packages: systemd-container and debootstrap:
sudo apt install systemd-container debootstrap
debootstrap lets you spin up a lightweight Debian right on your host, and systemd-container utilites such as systemd-nspawn and machinectl manage the OS in a lightweight container.
Create a Debian virtual machine
Let's generate a minimal Debian image called debian-testing with the following command:
sudo debootstrap --include=systemd,dbus stable /var/lib/machines/debian-testing
To verify successful installation, run machinectl list-images. Look for 'debian-testing' in the output.
Logging into virtual machine
Use the following command to start the debian-testing container.
sudo systemd-nspawn -D /var/lib/machines/debian-testing
Since you're now inside your virtual machine, let's set a password for the root user. This will come in handy when you want to manage the container using machinectl.
To swiftly terminate the container, press the Ctrl+] key combination three times in quick succession while inside the container.
Running a graphical application in vm
To run graphical apps like Chromium within the container, we need to set up display sharing. First, gracefully shut down the container. Then, use this command to establish the connection:
xhost local:; sudo systemd-nspawn -E DISPLAY="$DISPLAY" -D /var/lib/machines/debian-testing
Now that you're logged in, it's time to fire up Chromium! Just type the following commands to install and open it:
apt update
apt install chromium
chromium --no-sandbox
References
Are you interested on the Hub for systemd-nspawn containers and images? Chat with us on Matrix at https://matrix.to/#/#nspawn-org:matrix.org or in IRC at #nspawn-org on Libera Chat
I only discovered nspawn today as an alternative to LXC. Been having some hiccups installing it, but it seems like a very niche Linux topic for creating local test/debug containers.
Trying to make debootstrap work with `nspctl` ( management tool for systemd-nspawn containers).
@nobodyinperson have you heard from our Lord & Saviour systemd-nspawn? 😁
That's basically chroot on steroids and allows to enter an OS' filesystem/disk image comparable to chroot, but properly namespaced and without all the "mount dev/proc/...“ dance.
Furthermore it also allows to fully boot such an environment (-b) with a systemd instance running inside, while everything can be controlled nicely from the outside using the -M flag of systemctl/journalctl/...
After a while of doing this, I managed to get the system working properly. #systemd boots the container via #nspawn which runs a minimal #debian image and acts as a router and firewall, allowing the host to be a desktop machine and the second LAN device to connect to a switch, and provide further local network. All set up from a machine originally running windows without me once touching the machine. Remote sysadmin achievement unlocked.
At the moment it clearly boots the #nspawn container and moves the two Ethernet interfaces into the container. It also sets up an extra #veth pair, but for some reason I can't raise the veth pair, "ip link dev lan set up" from the host OS leaves the veth "lan" in the DOWN state... Wth? I think if I could get that veth up id be able to remote log in through #yggdrasil connection.
