Fluchtkapsel6d ago

For a few weeks I had some strange errors with my self-hosted webmail, Snappymail. After working for some time it complained that it couldn't connect to tcp://mydomain.tld:143. My email clients worked, though. The situation got worse a few days ago when I updated the server and rebooted it.

My webmail is hosted in a systemd-nspawn system container. I use such containers for a lot of different services.

For debugging purposes I tried some telnet and openssl s_client stuff today but I've been on the wrong track with that. ping'ing from the webmail container already failed. There was something more fundamental amiss.

#systemd #networkd #nspawn #nft #selfhosted

Show threadpapiris🏴🇵🇸Oct 12

On that note, how do people get predictable ip addresses on veth pairs using #systemd #networkd for use with systemd #nspawn with private #networking?

It's the final(?) hurdle to converting my #nixos container based #k3s deployment from the brittle and unpredictable networking scripts in nixos-container to using systemd-networkd instead.

I've got nspawn itself creating interfaces, netdevs and links (with --network-veth) and they get some random ip addresses (multiple), but the systemd.networks options seem to have no impact on them whatsoever🤔

https://codeberg.org/papiris/nix-config/src/branch/testing-vps-ingress

#nix #fediask

nix-config

nix-config

Codeberg.org
FluchtkapselMay 1, 2025

Ich hatte ja fast vergessen, dass ich noch eine Nextcloud laufen habe, die als Server für eine Galerie einer Veranstaltung dient. Das Update von 28.0.5 bis hoch auf 31.0.4 verlief komplett unproblematisch (via Kommandozeile). Im Zuge dessen mal alle nspawn-Systemcontainer und den Host aktualisiert und neugestartet. Abgesehen davon, dass einer der Container nicht enabled war und der Keycloak-Service in einem anderen Container ebenfalls nicht, lief es komplett sauber durch.

Vielleicht kann ich das doch so langsam 😆

#nextcloud #nspawn

FluchtkapselApr 20, 2025

Because of my stupid curiosity I always try to achieve what other people do with a different toolset. People use LXC? I use systemd-nspawn. Docker? Nah, podman!

And today I setup Forgejo running in a systemd-nspawn container. I setup a second nspawn-container for the Forgejo runner.

It went as is to be expected. "Error: cannot ping the docker daemon. […]"

Of course I can't find anything regarding my special situation. 🤷

I got it working by overridng the podman.socket with SocketMode=0666 (default is 0660). Doesn't seem to be safe, though. After adding a group podman and adding the runner to this group the forgejo-runner.service also works with SocketGroup=podman.

#nspawn #forgejo #podman

Alex D'AndreaFeb 28, 2025

Trying to get a bit familiar with systemd-nspawn (little bit clumsy name) by following this article:

https://benjamintoll.com/2022/02/04/on-running-systemd-nspawn-containers/

Its a bit outdated, eg. `machinectl pull-raw ...` is `importctl pull-raw`, but it can be translated.

Trying to create an image using `mkosi` that then later can be started.

Overall aim is to start a firefox in a spawned container. Let's see...

#systemd #nspawn #containers #archlinux

On Running systemd-nspawn Containers - benjamintoll.com

John HammarbergFeb 4, 2025

On the subject of #nixos . Anyone have an unprivileged #nixos-container config working?

I'm pretty sure it's possible but with my luck searching I've only found unresolved support tickets of it not working.

I figure I ask before digging down the rabbit hole of #systemd and #nspawn

FluchtkapselJan 28, 2025

The thing I hate about #Discourse is the need to use docker. Docker is a PITA to run in systemd-nspawn, and I guess #lxc, too. I would put much more energy into hosting my Discourse if I just could install it in my system containers without too much hassle.

Other than that, Discourse is great.

#systemd #nspawn #systemdnspawn

aliosJan 3, 2025

Ok #systemd #nixos #nspawn container question.

On the host I've mounted a nfs share rw.

In a nixos container i've a bind mount of that nfs mount into another directory.

If I open a shell inside that container as root I see that nfs/bindmount rw. But all other users (if I look at their /proc/<pid>/mounts see that nfs share mounted as ro read-only ...

FluchtkapselOct 2, 2024

Ich habe auf meinem Server 2 #systemd-#nspawn-Container. Beiden habe ich ein IPVLAN-Interface konfiguriert und ihnen jeweils 1 IPv4-Adresse zugewiesen. Die sind erreichbar. Ich habe beiden auch jeweils 1 #IPv6-Adresse zugewiesen. Aber erreichbar ist nur 1 von 2 nspawn. Trotz identischer Konfiguration, so weit ich das überblicken kann. Der 2. Container ist heute dazugekommen, der 1. läuft seit Mai mit der Config. Es ist kein DNS-Problem, `ping` auf die IPv6-Adresse selbst sind 100% Paketverlust.

`tcpdump -n -i enp0s31f6 icmp6` auf der Host-Schnittstelle zeigt ICMP-Pakete für die 1. IPv6, aber nicht für die 2. IPv6. Beide sind Teil meines /64, die eine endet auf ::80, die andere auf ::81.

`ping` vom 2. nspawn ins Netz geht auch […]

unixbhaskarSep 24, 2024

Alright , play time aka show off useless craps ... enjoy!

#linuxadmin #opensuse #fedora #systemd #nspawn #tool #opensource