# Archlinux provisioning

This repository contains several playbooks created to provision specific hosts.
A playbook can be ran as follows:

```
$ ansible-playbook --limit desktop desktop.yml
```

The `--limit` parameter is required to run the playbook only for the specified host(s)
as the default playbook that is included uses `hosts: all`.

## Using systemd-nspawn

Hosts with wired network devices can configure a MACVLAN device to allow networking 
between systemd-nspawn containers and the host (or vice-versa) aswell as between containers
and the outside world (through the hosts network device).

### Creating a debian container

First bootstrap a directory containing the files required for the container:

```
$ debootstrap --include=dbus,libpam-systemd,libnss-systemd,systemd-resolved stable /var/lib/machines/foo
```

Afterwards a root password can be set:

```
$ systemd-nspawn --directory /var/lib/machines/foo
# passwd
```

To configure networking for the container, a configuration file can be made 
in `/etc/systemd-nspawn/foo.nspawn` on the host. It should contain the following options:

```
[Exec]
# Invokes the init program (usually systemd) when the container starts
Boot=yes 
Hostname=foo

[Network]
MACVLAN=enp1s0

# Used for communication between containers in the same zone 
Zone=test 
```

This allows the container to be managed with `machinectl` with the configured options
in the nspawn configuration file without specifying these through commandline options.
It is possible through skip this step, which can come in handy whenever a throwaway
container is to be made, and specify these options through the commandline:

```
$ systemd-nspawn \
  --boot \
  --network-macvlan enp1s0 \
  --network-zone test \
  --hostname foo \
  --directory /var/lib/machines/foo
```

See `man systemd.nspawn` for more configurable options for the `.nspawn` file. 

Inside the container create a network configuration file for the MACVLAN device 
in `/etc/systemd/network/10-mv-ensp1s0.network`:

```
[Match]
Name=mv-enp1s0

[Link]
RequiredForOnline=routable

[Network]
DHCP=yes
```

Note that the example above can be adjusted to your likings. Afterwards enable (and start) the
`systemd-networkd` service and verify the configuration is correctly applied.

To setup DNS resolution don't forget to enable the `systemd-resolved` service inside
the container.

See the [Archlinux wiki](https://wiki.archlinux.org/title/Systemd-nspawn) for more information.