Mirrored_Repos/unifios-utilities
1
0
Fork 0
mirror of https://github.com/unifi-utilities/unifios-utilities.git synced 2024-08-30 18:32:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

add nspawn-container folder by @peacey . (#530)

Browse Source 
* add nspawn-container folder by @peacey

* Add an automated interactive setup script
This commit is contained in:
apo-mak 2023-04-18 01:01:36 +03:00 committed by GitHub
parent 5ab900d4ce
commit 16e14aec24
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 686 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

239
nspawn-container/README.md Normal file
View File

@ -0,0 +1,239 @@
# How to Create a Custom Container on UnifiOS 3.x+
This is a guide that shows you how to create your own container on UnifiOS 3.0+, and how to install custom services in your container (such as pihole or adguard home).
Starting with UnifiOS 3.0, podman/docker support has been removed due to a kernel change. However, you can still create a container with systemd-nspawn, which is what this guide will focus on.
## Table of Contents
1. [Instructions](#instructions)
* [Step 1. Create the Container](#step-1-create-the-container)
* [Step 2. Configure the Container](#step-2-configure-the-container)
* [Step 2A. Configure the Container To Use An Isolated MacVLAN Network](#step-2a-configure-the-container-to-use-an-isolated-macvlan-network)
* [Step 3. Configure Persistence Across Firmware Updates](#step-3-configure-persistence-across-firmware-updates)
* [Step 4. Install Custom Services](#step-4-install-custom-services)
2. [FAQ](#faq)
## Instructions
### Step 1. Create the Container
The following commands are all perfomed on the Unifi router in SSH.
1. We first need to install systemd-container and debootstrap. We will use debootstrap to create a directory with a base debian system, and then use systemd-nspawn to boot the container.
```sh
apt -y install systemd-container debootstrap
```
2. Next, we use debootstrap to create a directory called `debian-custom` with a base debian system in `/data/custom/machines`.
```sh
mkdir -p /data/custom/machines
cd /data/custom/machines
debootstrap --include=systemd,dbus unstable debian-custom
```
* This process can take up to 10 minutes to download and install all the packages.
* The container folder will be 390MB after installation, but can increase to 1GB+ after installing many services (storage management is up to you).
* Note: Instead of debootstrap, you can also use pacstrap or other distributions' tools to create an Arch Linux, Fedora, or other container instead of a debian container (see [examples here](https://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#Examples)).
3. Finally, let's bring up a shell on this container, set the root password, and enable the networking service. Run each command one-by-one.
```sh
systemd-nspawn -M debian-custom -D /data/custom/machines/debian-custom
passwd root
systemctl enable systemd-networkd
echo "nameserver 1.1.1.1" > /etc/resolv.conf
echo "debian-custom" > /etc/hostname
exit
```
* The first command should put you in a shell in the container. If it doesn't work, something went wrong.
* Note the password will be hidden when you are typing it out in the `passwd root` command, and you will be asked to type it twice.
* We also set the default nameserver to 1.1.1.1 in resolv.conf. You can change this to your own DNS or omit this command if you plan to configure the DNS later.
* The hostname can be set to whatever you want, here debian-custom is used as an example.
### Step 2. Configure the Container
Now that the container is created, let's configure it. Make sure you are back on the host OS and not in the container.
1. First, we will link the container to `/var/lib/machines` so we can control it with `machinectl`.
```sh
mkdir -p /var/lib/machines
ln -s /data/custom/machines/debian-custom /var/lib/machines/
```
2. Next, we will create a `debian-custom.nspawn` file in `/etc/systemd/nspawn` to configure parameters for the container (such as network, bind mounts, etc). Here I use vim to create the file as a personal preference.
```sh
mkdir -p /etc/systemd/nspawn
vim /etc/systemd/nspawn/debian-custom.nspawn
```
* For a container that has access to all the host network interfaces and full capabilities to do anything to the system, here is an example nspawn configuration file. Note it is important to set `Boot=on` so systemd boots up inside the container.
```ini
[Exec]
Boot=on
Capability=all
[Network]
Private=off
VirtualEthernet=off
ResolvConf=off
```
* For a more isolated container configured with a macvlan bridge, follow [Step 2A](#step-2a-configure-the-container-to-use-an-isolated-macvlan-network) below instead before running the container.
* For other options, see the nspawn manpage [here](https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html).
3. After you've configured your nspawn file, let's boot up the container and see if it works.
```sh
machinectl start debian-custom
machinectl enable debian-custom
```
* If the container booted up, you can check `machinectl status debian-custom` for information (hint: press 'q' to exit the status log).
* The second enable command will enable the container to start on boot.
4. Now that the container is running, we should be able to open a shell or login to it.
* Typing `machinectl shell debian-custom` should open a shell to the machine and bypass login. Typing `exit` in this shell will exit back to the host Unifi OS.
* Typing `machinectl login debian-custom` will give you a login prompt like a normal Linux system. In most cases, you can just use `machinectl shell` to bypass the login for easier access. If you do use the login instead of the shell, you can exit the container by holding the `Ctrl` key and pressing the `]` key 3 times.
5. Now that you have access to your own container, you can install whatever services you want within it like a normal Linux system ([see examples below](#step-4-install-custom-services)). Make sure you ran `machinectl enable debian-custom` so the container starts on boot.
### Step 2A: Configure the Container to use an Isolated MacVLAN Network
This configuration is only needed if you want to isolate the container's network with a macvlan bridge. The following steps are all performed on the host OS.
1. Download the [10-setup-network.sh](scripts/10-setup-network.sh) script to `/data/on_boot.d` and configure it with your VLAN and IPs for your container and gateway. This script will create a brX.mac interface as a gateway bridge for containers to communicate with.
```sh
mkdir -p /data/on_boot.d && cd /data/on_boot.d
curl -LO https://raw.githubusercontent.com/peacey/unifios-utilities/nspawn/nspawn-container/scripts/10-setup-network.sh
vim 10-setup-network.sh
```
* Modify `VLAN` to an existing VLAN network that you want your container to be on. The default is VLAN 5. Make sure this VLAN network is created in Unifi first with a unique subnet and IP (do not use the same IP as you will use for IPV4_IP or IPV4_GW in this script).
* Modify `IPV4_GW` to set the gateway interface's IP. The default is 10.0.5.1/24, but you can use whatever subnet you want as long as it's different than any Unifi subnet.
* Modify `IPV4_IP` to your preferred container IP. The default is 10.0.5.3, but you can use whatever you want as long as its on the same subnet as the gateway subnet `IPV4_GW`.
* Also modify `IPV6_GW` and `IPV6_IP` if you need IPV6 support. Leave them empty for no IPV6 support.
2. Create or modify your `/etc/systemd/nspawn/debian-custom.nspawn` file with the following parameters. This will tell nspawn to isolate the network and create a macvlan interface in the container from our VLAN bridge. This interface will be called mv-br5.
```ini
[Exec]
Boot=on
[Network]
MACVLAN=br5
ResolvConf=off
```
* Change br5 to brX where X = VLAN number you used in `10-setup-network.sh`.
3. Configure your container to set the IP and gateway you defined in `10-setup-network.sh` by creating a network file in the folder `/etc/systemd/network` under your container's directory. Name this file `mv-brX.network` where X = VLAN number you used (e.g. `mv-br5.network`).
```sh
cd /data/custom/machines/debian-custom/etc/systemd/network
vim mv-br5.network
```
* The following is an example configuration based on the default settings in `10-setup-network.sh`.
```ini
[Match]
Name=mv-br5
[Network]
IPForward=yes
Address=10.0.5.3/24
Gateway=10.0.5.1
Address=fd62:89a2:fda9:e23::3/64
Gateway=fd62:89a2:fda9:e23::1
```
* Make sure to change `Name` to the correct VLAN.
* Change `Address` and `Gateway` accordingly if you changed the settings in `10-setup-network.sh`.
* You can remove the last 2 lines with IPv6 addresses if you don't need IPv6.
4. Run the `10-setup-network.sh` script, start the container, open a shell on the container, and check the network.
```sh
chmod +x /data/on_boot.d/10-setup-network.sh
/data/on_boot.d/10-setup-network.sh
machinectl start debian-custom
machinectl shell debian-custom
ip addr show
ping -c4 1.1.1.1
```
* You should see the correct IP defined on mv-br5. If no IP has been assigned, make sure you enabled and started the systemd-networkd service and check again: `systemctl enable --now systemd-networkd`
* If you still don't see any IP on mv-br5, then double-check you're using the correct VLAN and put the configuration in the correct location. You can also check `journalctl -eu systemd-networkd` for any errors.
* If pinging 1.1.1.1 doesn't work from within the container, double-check you set the correct container IP in your 10-setup-network.sh.
5. The script `10-setup-network.sh` in `/data/on_boot.d` needs to be started on boot.
* If you've installed the udm-boot service, it should automatically run any scripts in `/data/on_boot.d` and no further setup is needed.
* If you prefer not to use udm-boot and instead use your own systemd boot service, [here is an example systemd service](scripts/setup-network.service) to run this script at boot. Save it to `/etc/systemd/system/setup-network.service` in the host OS (not container) and then enable it with `systemctl enable setup-network`.
### Step 3: Configure Persistence Across Firmware Updates
When the firmware is updated, `/data` (which contains our container storage) and `/etc/systemd` (which contains our boot scripts) are preserved, but `/var` and `/usr` is deleted by the firmware update script. Any additional debian packages that are installed in the host OS like systemd-container are also deleted. This means we need to reinstall the systemd-container package and re-link our container to /var/lib/machines (for machinectl access) when the firmware is upgraded. This can be accomplished with a simple boot script that checks to see if this package is installed on boot.
1. Download the [0-setup-system.sh](scripts/0-setup-system.sh) script into /data/on_boot.d.
```sh
mkdir -p /data/on_boot.d && cd /data/on_boot.d
curl -LO https://raw.githubusercontent.com/peacey/unifios-utilities/nspawn/nspawn-container/scripts/0-setup-system.sh
chmod +x /data/on_boot.d/0-setup-system.sh
```
2. Download the backup dpkg package files for systemd-container and dependencies into `/data/custom/dpkg`. These packages will only be used as a backup install in case the Internet is down after the first boot after an update.
```sh
mkdir -p /data/custom/dpkg && cd /data/custom/dpkg
apt download systemd-container libnss-mymachines debootstrap arch-test
```
3. The script `0-setup-system.sh` in `/data/on_boot.d` needs to be started on boot.
* If you've installed the udm-boot service, it should automatically run any scripts in `/data/on_boot.d` and no further setup is needed.
* If you prefer not to use udm-boot and instead use your own systemd boot service, [here is an example systemd service](scripts/setup-system.service) to run this script at boot. Save it to `/etc/systemd/system/setup-system.service` in the host OS (not container) and then enable it with `systemctl enable setup-system`.
### Step 4: Install Custom Services
Services can be installed in the container like any linux system. For debian containers, you can use apt or other manual methods. Follow the Debian/Linux guide for your particular software that you want to install.
* Common examples
* [Pi-Hole](examples/pihole/README.md)
* [AdGuard Home](examples/adguardhome/README.md)
## FAQ
1. How do I access a folder from the host OS in the container (e.g. the /data directory)?
* Edit your `.nspawn` config file and add the following `[Files]` section. You can specify multiple `Bind=` or `BindReadOnly=` lines to bind mount multiple directories. See [nspawn manpage](https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html#Bind=) for more details.
```ini
[Files]
Bind=/data:/data
```
2. I am getting security errors trying to run certain privileged commands in the container.
* Edit your `.nspawn` config file and add `Capability=all` under the `[Exec]` section to unlock all security capablitlites. You can also permit or restrict capabilities for enhanced security (see the [nspawn manpage](https://www.freedesktop.org/software/systemd/man/systemd.nspawn.html#Capability=) for more information).
3. Some programs complain of a missing /lib/modules folder and can't access kernel modules.
* Edit your `.nspawn` config file and add `BindReadOnly=/lib/modules` to the `[Files]` section. This will bind mount the /lib/modules folder from the host OS. You might also want to try unlocking all capabilitites or specific ones (as in the above question) if you're still having issues with permissions using certain modules.
4. iptables doesn't work in the container after I installed it.
* You need to use iptables-legacy and not iptables-nft because the host OS is still using the legacy iptables. If using a Debian container, you can switch to the legacy iptables with the following commands executed from within the container. Also, you won't be able to see or modify the host's iptables entries if you're using a private/macvlan network for the container.
```sh
update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/bin/ip6tables-legacy
```

22
nspawn-container/examples/adguardhome/README.md Normal file
View File

@ -0,0 +1,22 @@
## How to Install AdGuard Home in Container
This guide assumes you have already created and started an nspawn container as instructed in the [main README](../../README.md), and have configured an isolated macvlan network for your container.
To install AdGuard Home, we simply run the automated install as instructed in the [AdGuard Home documentation](https://github.com/AdguardTeam/AdGuardHome#automated-install-unix).
1. Spawn a shell to your container.
```sh
machinectl shell debian-custom
```
2. Run the automated install command from the adguard documentation and follow the prompts. Refer to the pihole documentation for more details.
```sh
apt -y install curl
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
```
3. Go to http://10.0.5.3:3000 to configure AdGuard Home (or whatever IP you configured for your container).
4. After configuration, you can access Ad Guard Home web gui at http://10.0.5.3.
5. Now you can set your LAN clients to use the AdGuard Home IP 10.0.5.3 as the DNS, or use dig to test DNS resolution from a client (e.g.: `dig @10.0.5.3 google.com A`).

48
nspawn-container/examples/pihole/README.md Normal file
View File

@ -0,0 +1,48 @@
## How to Install Pi-Hole in Container
This guide assumes you have already created and started an nspawn container as instructed in the [main README](../../README.md), and have configured an isolated macvlan network for your container.
To install pihole, we simply run the automated install as instructed in the [pihole documentation](https://docs.pi-hole.net/main/basic-install/) and follow the prompts.
1. Spawn a shell to your container.
```sh
machinectl shell debian-custom
```
2. Run the automated install command from the pihole documentation and follow the prompts. Refer to the pihole documentation for more details.
```sh
apt -y install curl
curl -sSL https://install.pi-hole.net | PIHOLE_SKIP_OS_CHECK=true bash
```
* You must use `PIHOLE_SKIP_OS_CHECK=true` so pihole can be installed on Debian unstable.
* After installation, the debian-custom container has a size of 611 MB after running `apt clean` to delete the package cache.
3. When the install says a static IP is needed, press Continue.
4. Select an upstream DNS provider on the next page, or add your custom DNS provider. Note all these options can be changed later in the admin panel, so you don't need to be perfect here.
5. On the next page, choose "Yes" to include the default list or "No" to not include any block lists at install (you will have to install your own later in that case).
6. On the next page, choose "Yes" to install the Admin web interface, then "Yes" on the next page to install the default web server that pihole uses (lighthttpd). It's also possible to use nginx instead of lighthttpd, but this isn't covered in this tutorial.
7. On the next two pages, click Yes to enable Query Logging, and enable "Show everything". You can disable query logging or hide information from the log if you prefer.
8. Once the install is finished, it will tell you what your pihole IP and admin password is.
9. You can either use the current admin password the installation gave you, or run `pihole -a -p` to update the password.
10. You should now be able to access the pihole admin page at https://10.0.5.3/admin if you used the default container IP.
11. As a final step, you need to set "Permit all origins" in the Pi-Hole Admin to allow requests from more than one hop away (i.e. your LAN clients). Go to Pi-Hole Admin -> Settings -> DNS -> Permit all origins -> Save.
12. Now you can set your LAN clients to use the pihole IP 10.0.5.3 as the DNS, or use dig to test DNS resolution from a client (e.g.: `dig @10.0.5.3 google.com A`).
## How to Update or Reconfigure Pi-Hole.
To update pihole, simply run the following from within the container.
```sh
PIHOLE_SKIP_OS_CHECK=true pihole -up
```
In case there is a configuration error and pihole is having trouble, you can reconfigure it from scratch by running:
```sh
PIHOLE_SKIP_OS_CHECK=true pihole -r
```

281
nspawn-container/interactive_setup.sh Normal file
View File

@ -0,0 +1,281 @@
#!/bin/bash
###################################################################
#Script Name : interactive_setup
#Description : This script guides you through creating a custom container on UnifiOS 3.0+ using systemd-nspawn.
# It includes steps for configuring the container, ensuring persistence across firmware updates,
# and installing custom services such as pihole (Not Yet) or adguard home.
# The process involves installing systemd-container and debootstrap and using them to create
# a base debian system in /data/custom/machines directory.
#Author : Apo-mak
#Last Date Edited : 09-04-2023
###################################################################
set -e
dnsfile="10-dns.sh"
container_name="debian-custom"
container_root_pasword="12345678"
vlan_id="5"
vlan_address="10.0.5.3/24"
vlan_gateway="10.0.5.1"
##
# Color Variables
##
green='\e[32m'
blue='\e[34m'
clear='\e[0m'
##
# Color Functions
##
ColorGreen(){
echo -ne $green$1$clear
}
ColorBlue(){
echo -ne $blue$1$clear
}
##############################################
function set_variables(){
read -p "Enter the container name [$container_name]: " container_name
container_name=${container_name:-"debian-custom"}
read -p "Enter the container root password [$container_root_pasword]: " container_root_pasword
container_root_pasword=${container_root_pasword:-"12345678"}
}
function set_container_network_variables(){
read -p "Enter the container vlan_id [$vlan_id]: " vlan_id
vlan_id=${vlan_id:-"5"}
read -p "Enter the container vlan_address [$vlan_address]: " vlan_address
vlan_address=${vlan_address:-"10.0.5.3/24"}
read -p "Enter the container vlan_gateway [$vlan_gateway]: " vlan_gateway
vlan_gateway=${vlan_gateway:-"10.0.5.1"}
}
function echo_variables(){
echo "#### Printing set Variables: ###"
echo "Container Name: $container_name "
echo "Container Root Password: $container_root_pasword "
echo "Network Vlan ID: $vlan_id "
echo "Container $vlan_address "
echo "Network Getway: $vlan_gateway "
}
function create_custom_ontainer_simple(){
echo "You have selected to setup a container that has access to all the host network
interfaces and full capabilities to do anything to the system"
read -p "Press enter to continue OR ctrl + c to cancel."
create_custom_ontainer ;
setup_networking_simple ;
setup_persistence ;
setup_backup_dpkg_files
}
function create_custom_ontainer_macvlan(){
echo "You have selected to setup a container to use an Isolated MacVLAN Network AKA Vlan."
read -p "Press enter to continue OR ctrl + c to cancel."
create_custom_ontainer ;
setup_networking_MACVLAN ;
setup_persistence ;
setup_backup_dpkg_files
}
function create_custom_ontainer() {
echo ""
echo " Creating a Custom Container on UnifiOS 3.x"
echo ""
#### check if directory exists and abort
if [ -d "/data/custom/machines/$container_name" ]
then
echo "Directory /data/custom/machines/$container_name already exists... aborting the setup ...
try manual setup or setup with new container name."
exit 1
fi
### Step 1. Create the Container
echo " Installing the systemd-container and debootstrap"
apt -y install systemd-container debootstrap
### create a directory called "$container_name" with a base debian system in /data/custom/machines
echo "Creating container required directories"
mkdir -p /data/custom/machines
cd /data/custom/machines
debootstrap --include=systemd,dbus unstable "$container_name"
### Finally, let's bring up a shell on this container
echo "Set container Root password, Network setting and enable systemd-networkd"
#systemd-nspawn -M "$container_name" -D /data/custom/machines/"$container_name"
#systemd-nspawn -M "$container_name" -D /data/custom/machines/"$container_name" echo "This Echo is from inside the new Container ..."
systemd-nspawn -M "$container_name" -D /data/custom/machines/"$container_name" /bin/bash -c "echo 'root:${container_root_pasword}' | chpasswd"
echo "In container start network"
systemd-nspawn -M "$container_name" -D /data/custom/machines/"$container_name" /bin/bash -c systemctl enable systemd-networkd
echo "in container set default DNS 1.1.1.1"
systemd-nspawn -M "$container_name" -D /data/custom/machines/"$container_name" /bin/bash -c echo "nameserver 1.1.1.1" > /etc/resolv.conf \
echo ""$container_name"" > /etc/hostname
#### we will link the container to /var/lib/machines so we can control it with machinectl
echo "Linking the container to /var/lib/machines"
mkdir -p /var/lib/machines
ln -s /data/custom/machines/"$container_name" /var/lib/machines/
}
function setup_networking_simple() {
echo ""
echo " Setting up networking Simple"
echo ""
##### we will create a "$container_name".nspawn file in /etc/systemd/nspawn to configure parameters for the container
######(such as network, bind mounts, etc)
echo "configuring parameters for the container "
mkdir -p /etc/systemd/nspawn
cat <<EOF > /etc/systemd/nspawn/"$container_name".nspawn
[Exec]
Boot=on
Capability=all
[Network]
Private=off
VirtualEthernet=off
ResolvConf=off
EOF
}
function setup_networking_MACVLAN() {
echo ""
echo " Setting up networking MACVLAN"
echo ""
#####we will create a "$container_name".nspawn file in /etc/systemd/nspawn to configure parameters for the container
######(such as network, bind mounts, etc)
echo "configuring parameters for the container "
mkdir -p /etc/systemd/nspawn
cat <<EOF > /etc/systemd/nspawn/"$container_name".nspawn
[Exec]
Boot=on
[Network]
MACVLAN=br$vlan_id
ResolvConf=off
EOF
##### Configure the Container to use an Isolated MacVLAN Network
echo " Configuring the Container to use an Isolated MacVLAN Network"
cd /data/on_boot.d
if [ -f "$file" ] ; then
rm "$file"
fi
curl -LO https://raw.githubusercontent.com/peacey/unifios-utilities/nspawn/nspawn-container/scripts/10-setup-network.sh
chmod +x 10-setup-network.sh
cat <<EOF > /etc/systemd/nspawn/"$container_name".nspawn
[Exec]
Boot=on
[Network]
MACVLAN=br$vlan_id
ResolvConf=off
EOF
#####Configure your container to set the IP and gateway you defined in 10-setup-network.sh
cd /data/custom/machines/"$container_name"/etc/systemd/network
cat <<EOF > mv-br5.network
[Match]
Name=mv-br$vlan_id
[Network]
IPForward=yes
Address=$vlan_address
Gateway=$vlan_gateway
EOF
#### Run the 10-setup-network.sh script to setup the network interface
/data/on_boot.d/10-setup-network.sh
machinectl stop "$container_name"
machinectl start "$container_name"
}
function setup_adguard() {
echo "You have selected to setup a AdGuardHome in container $container_name"
read -p "Press enter to continue OR ctrl + c to cancel."
echo ""
echo " Setting up adguard"
echo ""
############ install addguard #######
systemd-nspawn -M "$container_name" -D /data/custom/machines/"$container_name" /bin/bash -c "apt -y install curl &&
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v"
echo "Go to http://${vlan_address}:3000 to configure AdGuard Home (or whatever IP your container has if you had select simple install)."
read -p "Press enter to continue"
}
function setup_persistence() {
echo ""
echo " Configuring Persistence Across Firmware Updates"
echo ""
#### Configure Persistence Across Firmware Updates
echo "Configuring Persistence Across Firmware Updates"
cd /data/on_boot.d
curl -LO https://raw.githubusercontent.com/peacey/unifios-utilities/nspawn/nspawn-container/scripts/0-setup-system.sh
chmod +x 0-setup-system.sh
mv 0-setup-system.sh 02-setup-system.sh
}
function setup_backup_dpkg_files() {
echo ""
echo " Downloading the backup dpkg package files"
echo ""
#### Download the backup dpkg package files for systemd-container and dependencies into /data/custom/dpkg.
#####These packages will only be used as a backup install in case the Internet is down after the first boot after an update.
echo "Configuring backup install"
mkdir -p /data/custom/dpkg && cd /data/custom/dpkg
apt download systemd-container libnss-mymachines debootstrap arch-test
echo " Container setup has ended .. :) "
}
menu(){
echo -ne "
Create a container with systemd-nspawn
Select your option from below:
$(ColorGreen '1)') Create a Custom Container Simple
$(ColorGreen '2)') Create a Custom Container Mac Vlan
$(ColorGreen '3)') Install Adguard in existing container.
$(ColorGreen '4)') Print set Variables.
$(ColorGreen '5)') Set Container Variables (name & Root Password).
$(ColorGreen '6)') Set Container Network Variables. (Vlan ID & IP address).
$(ColorGreen '0)') Exit
$(ColorBlue 'Choose an option:') "
read a
case $a in
1) create_custom_ontainer_simple ; menu ;;
2) create_custom_ontainer_macvlan ; menu ;;
3) setup_adguard ; menu ;;
4) echo_variables ; menu ;;
5) set_variables ; menu ;;
6) set_container_network_variables ; menu ;;
0) exit 0 ;;
*) echo -e $red"Wrong option."$clear; WrongCommand;;
esac
}
# Call the menu function
menu

18
nspawn-container/scripts/0-setup-system.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# This script installs systemd-container if it's not installed.
# Also links any containers from /data/custom/machines to /var/lib/machines.
if ! dpkg -l systemd-container | grep ii >/dev/null; then
if ! apt -y install systemd-container debootstrap; then
yes | dpkg -i /data/custom/dpkg/*.deb
fi
fi
mkdir -p /var/lib/machines
for machine in $(ls /data/custom/machines/); do
if [ ! -e "/var/lib/machines/$machine" ]; then
ln -s "/data/custom/machines/$machine" "/var/lib/machines/"
machinectl enable $machine
machinectl start $machine
fi
done

52
nspawn-container/scripts/10-setup-network.sh Normal file
View File

@ -0,0 +1,52 @@
#!/bin/bash
# This script will create a macvlan bridge interface to allow communication
# between container networks and host networks.
# An interface called brX.mac will be created, where X = $VLAN configured below.
# The interface will be assigned an IP of $IPV4_GW, and $IPV6_GW configured below.
# Routes will be added for the container IP $IPV4 and $IPV6.
# Script is based on 10-dns.sh from unifios-utilities.
## CONFIGURATION VARIABLES
# VLAN ID network container will be on. This VLAN has to first be configured as a
# network in Unifi Network settings with a unique IP/subnet. Do not use the same
# IP in the unifi network settings as you will use below for IPV4_IP or IPV4_GW.
VLAN=5
# IP addresses of container.
IPV4_IP="10.0.5.3"
# Gateway IP address of macvlan interface. IP above should be in this subnet.
IPV4_GW="10.0.5.1/24"
# IPv6 container and gateway addresses. These can be empty if not using IPv6.
# Preferably generate your own ULA instead of using the default one below.
# A public IPv6 prefix based on your ISP's prefix can be used too, but any
# prefix changes for dynamic IPv6 prefixes have to be modified manually.
IPV6_IP="fd62:89a2:fda9:e23::3"
IPV6_GW="fd62:89a2:fda9:e23::1/64"
## END OF CONFIGURATION
# set VLAN bridge promiscuous
ip link set "br${VLAN}" promisc on
# create macvlan bridge and add IPv4 IP
ip link add "br${VLAN}.mac" link "br${VLAN}" type macvlan mode bridge
ip addr add "${IPV4_GW}" dev "br${VLAN}.mac" noprefixroute
# (optional) add IPv6 IP to VLAN bridge macvlan bridge
if [ -n "${IPV6_GW}" ]; then
ip -6 addr add "${IPV6_GW}" dev "br${VLAN}.mac" noprefixroute
fi
# set macvlan bridge promiscuous and bring it up
ip link set "br${VLAN}.mac" promisc on
ip link set "br${VLAN}.mac" up
# add IPv4 route to container
ip route add "${IPV4_IP}/32" dev "br${VLAN}.mac"
# (optional) add IPv6 route to container
if [ -n "${IPV6_IP}" ]; then
ip -6 route add "${IPV6_IP}/128" dev "br${VLAN}.mac"
fi

13
nspawn-container/scripts/setup-network.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Setup custom container network service
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/data/on_boot.d/10-setup-network.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

13
nspawn-container/scripts/setup-system.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Setup custom container service
Wants=network-online.target
After=network-online.target
[Service]
Type=oneshot
ExecStart=/data/on_boot.d/0-setup-system.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target