general:linux:systemd_nspawn_containers
Table of Contents
To allow reading folder from host
Add file with the machines name like so: /etc/systemd/nspawn/<name>.nspawn
[Files] Bind=/home [Exec] ResolvConf=copy-host #PrivateUsers=false #Needed when a .nspawn file is used (since bullseye https://github.com/systemd/systemd/issues/12313) Capability=CAP_NET_ADMIN
Create container with debootstrap
debootstrap --include=systemd,dbus,systemd-container bookworm /var/lib/machines/container_name
Then either use
systemd-nspawn -D /var/lib/machines/container_name
or
machinectl start container_name machinectl shell container_name
If started using machinectl, then enable and start systemd-networkd in the container to get the networking up and running.
systemctl --now enable systemd-networkd
Add security updates source
Example for bookworm, also add contrib etc. if you need them.
deb http://security.debian.org/ bookworm-security main
general/linux/systemd_nspawn_containers.txt · Last modified: 2024/10/22 10:47 by sunkan