====== To allow reading folder from host ======
Add file with the machines name like so:
/etc/systemd/nspawn/<name>.nspawn 

<code>
[Files]
Bind=/home

[Exec]
ResolvConf=copy-host
#PrivateUsers=false

#Needed when a .nspawn file is used (since bullseye https://github.com/systemd/systemd/issues/12313)
Capability=CAP_NET_ADMIN
</code>

====== Create container with debootstrap ======
<code>
debootstrap --include=systemd,dbus,systemd-container bookworm /var/lib/machines/container_name
</code>

Then either use
<code>
systemd-nspawn -D /var/lib/machines/container_name
</code>
or
<code>
machinectl start container_name
machinectl shell container_name
</code>

If started using machinectl, then enable and start systemd-networkd in the container to get the networking up and running.
<code>
systemctl --now enable systemd-networkd
</code>

====== Add security updates source ======
Example for bookworm, also add contrib etc. if you need them.
<code>
deb http://security.debian.org/ bookworm-security main
</code>