sonny/arch-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
175 commits 3 branches 0 tags 478 KiB
Find a file
Sonny Bakker be2ed3c9bf Move MACVLAN setting to correct template
2026-01-14 16:56:27 +01:00
files Add public keys 2025-10-18 08:24:32 +02:00
group_vars/all Update syncthing configuration 2026-01-08 19:34:55 +01:00
host_vars Update desktop network configuration 2026-01-09 20:52:12 +01:00
tasks Add README 2026-01-09 20:52:47 +01:00
templates Move MACVLAN setting to correct template 2026-01-14 16:56:27 +01:00
vars Ran ansible-lint 2025-12-18 15:00:37 +01:00
.gitignore Use simpler file structure 2021-01-29 21:05:40 +01:00
ansible.cfg Group/host variable refactor 2025-03-15 00:05:30 +01:00
default.yml Fix default playbook inclusion 2026-01-09 20:50:23 +01:00
desktop.yml Update desktop network configuration 2026-01-09 20:52:12 +01:00
handlers.yml Ran ansible-lint 2025-12-18 15:00:37 +01:00
htpc.yml Fix default playbook inclusion 2026-01-09 20:50:23 +01:00
inventory.yml Ran ansible-lint 2025-12-18 15:00:37 +01:00
README.md Add README 2026-01-09 20:52:47 +01:00
requirements.yml Ran ansible-lint 2025-12-18 15:00:37 +01:00
xps.yml Fix default playbook inclusion 2026-01-09 20:50:23 +01:00

README.md

Archlinux provisioning

This repository contains several playbooks created to provision specific hosts. A playbook can be ran as follows:

$ ansible-playbook --limit desktop desktop.yml

The --limit parameter is required to run the playbook only for the specified host(s) as the default playbook that is included uses hosts: all.

Using systemd-nspawn

Hosts with wired network devices can configure a MACVLAN device to allow networking between systemd-nspawn containers and the host (or vice-versa) aswell as between containers and the outside world (through the hosts network device).

Creating a debian container

First bootstrap a directory containing the files required for the container:

$ debootstrap --include=dbus,libpam-systemd,libnss-systemd,systemd-resolved stable /var/lib/machines/foo

Afterwards a root password can be set:

$ systemd-nspawn --directory /var/lib/machines/foo
# passwd

To configure networking for the container, a configuration file can be made in /etc/systemd-nspawn/foo.nspawn on the host. It should contain the following options:

[Exec]
# Invokes the init program (usually systemd) when the container starts
Boot=yes 
Hostname=foo

[Network]
MACVLAN=enp1s0

# Used for communication between containers in the same zone 
Zone=test

This allows the container to be managed with machinectl with the configured options in the nspawn configuration file without specifying these through commandline options. It is possible through skip this step, which can come in handy whenever a throwaway container is to be made, and specify these options through the commandline:

$ systemd-nspawn \
  --boot \
  --network-macvlan enp1s0 \
  --network-zone test \
  --hostname foo \
  --directory /var/lib/machines/foo

See man systemd.nspawn for more configurable options for the .nspawn file.

Inside the container create a network configuration file for the MACVLAN device in /etc/systemd/network/10-mv-ensp1s0.network:

[Match]
Name=mv-enp1s0

[Link]
RequiredForOnline=routable

[Network]
DHCP=yes

Note that the example above can be adjusted to your likings. Afterwards enable (and start) the systemd-networkd service and verify the configuration is correctly applied.

To setup DNS resolution don't forget to enable the systemd-resolved service inside the container.

See the Archlinux wiki for more information.