Merge pull request #219 from Jip-Hop/develop

v2.1.0

.github/workflows/test.yml

@@ -6,17 +6,17 @@ name: CI
 on:
   # Triggers the workflow on push or pull request events for any branch
   push:
-    branches: [ "**" ]
+    branches: ["**"]
   pull_request:
-    branches: [ "**" ]
+    branches: ["**"]
 
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   # This workflow contains a single job called "build"
-  build:
+  test:
     # The type of runner that the job will run on
     runs-on: ubuntu-24.04
 
@@ -25,6 +25,68 @@ jobs:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
 
-      # Runs a single command using the runners shell
-      - name: Run a one-line script
-        run: sudo ./test/test.sh
+      - name: Tune GitHub-hosted runner network
+        uses: smorimoto/tune-github-hosted-runner-network@v1
+
+      # Create a network namespace in the GitHub-hosted runner VM,
+      # simulating a primary bridge network on TrueNAS SCALE
+      - name: Set up networking resources
+        run: |
+          sudo -s <<END
+
+          systemctl disable systemd-resolved --now
+          rm /etc/resolv.conf
+          echo 'nameserver 1.1.1.1' > /etc/resolv.conf
+
+          apt-get install -qq -y systemd-container
+
+          cat <<NETWORKCONFIG >/etc/systemd/network/10-br1.network
+          [Match]
+          Kind=bridge
+          Name=br1
+
+          [Network]
+          # Default to using a /24 prefix, giving up to 253 addresses per virtual network.
+          Address=0.0.0.0/24
+          LinkLocalAddressing=yes
+          DHCPServer=yes
+          IPMasquerade=both
+          LLDP=yes
+          EmitLLDP=customer-bridge
+          IPv6AcceptRA=no
+          IPv6SendRA=yes
+          NETWORKCONFIG
+
+          systemctl restart systemd-networkd
+          ip link add name br1 type bridge
+
+          iptables -I DOCKER-USER -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+          iptables -I DOCKER-USER -i br1 -o eth0 -j ACCEPT
+          END
+
+      - name: Examine the GitHub-hosted runner environment
+        run: |
+          uname -r
+          cat /etc/os-release
+          python3 --version
+          ip addr
+
+      # # TODO: create zpool with virtual disks, create jailmaker dataset and test jlmkr.py from there
+      # # https://medium.com/@abaddonsd/zfs-usage-with-virtual-disks-62898064a29b
+      # - name: Create a parent ZFS dataset
+      #   run: |
+      #     sudo -s <<END
+      #     apt-get install -y -qq zfsutils-linux
+      #     modinfo zfs | grep version
+      #     zfs --version
+      #     zpool --version
+      #     END
+
+      # Run multiple commands using the runners shell
+      - name: Run the test script
+        env:
+          PYTHONUNBUFFERED: 1
+        run: |
+          sudo chown 0:0 jlmkr.py ./test/test-jlmkr
+          sudo bash ./test/test-jlmkr
+          sudo ./test/test.sh

docs/compatibility.md

@@ -15,6 +15,7 @@
 |Debian 12 Bookworm|✅|
 |Ubuntu Jammy|✅|
 |Fedora 39|✅|
+|Nixos 24.05|✅|
 |Arch|🟨|
 |Alpine|❌|      
 

docs/network.md

@@ -23,7 +23,7 @@ Add the `--network-bridge=br1 --resolv-conf=bind-host` systemd-nspawn flag when
 The TrueNAS host and the jail will be able to communicate with each other as if the jail was just another device on the LAN. It will use the same DNS servers as the TrueNAS host because the `--resolv-conf=bind-host` option bind mounts the `/etc/resolv.conf` file from the host inside the jail. If you want to use the DNS servers advertised via DHCP, then check [DNS via DHCP](#dns-via-dhcp).
 
 ### Bridge Static IP
-To configure a static IP with our bridge interface, we need to edit the  `/etc/systemd/network/80-container-host0.network` file. Change the [Network] section to look like this:
+To configure a static IP with our bridge interface, we need to edit the `/etc/systemd/network/80-container-host0.network` file. Change the [Network] section to look like this:
 
 ```ini
 [Network]
@@ -43,14 +43,14 @@ ifconfig
 ```
 
 ### Multiple Bridge Interfaces
-[Systemd-nspawn](https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html), the technology on which jailmaker is built, [currently](https://github.com/systemd/systemd/issues/11087) only supports the definition and automatic configuration of a single bridge interface via the [`--network-bridge`](https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#--network-bridge=) argument.  In some cases however, for instance when trying to utilize different vlan interfaces, it can be useful to configure multiple bridge interfaces within a jail.  It is possible to create extra interfaces and join them to host bridges manually with systemd-nspwan using a combination of the [`--network-veth-extra`](https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#--network-veth-extra=) argument and a service config containing `ExecStartPost` commands as outlined [here](https://wiki.csclub.uwaterloo.ca/Systemd-nspawn#Multiple_network_interfaces).
+[Systemd-nspawn](https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html), the technology on which jailmaker is built, [currently](https://github.com/systemd/systemd/issues/11087) only supports the definition and automatic configuration of a single bridge interface via the [`--network-bridge`](https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#--network-bridge=) argument. In some cases however, for instance when trying to utilize different vlan interfaces, it can be useful to configure multiple bridge interfaces within a jail. It is possible to create extra interfaces and join them to host bridges manually with systemd-nspwan using a combination of the [`--network-veth-extra`](https://www.freedesktop.org/software/systemd/man/latest/systemd-nspawn.html#--network-veth-extra=) argument and a service config containing `ExecStartPost` commands as outlined [here](https://wiki.csclub.uwaterloo.ca/Systemd-nspawn#Multiple_network_interfaces).
 
 The `--network-veth-extra` argument instructs system-nspawn to create an addition linked interface between the host and jail and uses a syntax of
 ```
 --network-veth-extra=<host_interface_name>:<jail_interface_name>
 ```
 
-The service config constaining `ExecStartPost` commands is then used to add the host side of the interface link to an existing host bridge and bring the interface up.  Jailmaker has simplified this process by including a `post_start_hook` configuration parameter which can automate the creation of the service config by including the `ExecStartPost` commands as below.
+The service config `ExecStartPost` commands is then used to add the host side of the interface link to an existing host bridge and bring the interface up. Jailmaker has simplified this process by including a `post_start_hook` configuration parameter which can automate the creation of the service config by including the `ExecStartPost` commands as below.
 
 ```
 post_start_hook=#!/usr/bin/bash
@@ -62,7 +62,7 @@ post_start_hook=#!/usr/bin/bash
     ip link set dev ve-docker-2 up
 ```
 
-With the new `--network-veth-extra` interface link created and the host side added to an existing host bridge, the jail side of the link still needs to be configured.  Jailmaker provides a network file in the form of `/etc/systemd/network/vee-dhcp.network` which will automatically perform this configuration.  In order for `vee-dhcp.network` to successfully match and configure the link's jail side interface, the `<jail_interface_name>` must begin with a ***vee-*** prefix.  An example jailmaker config with properly named `--network-veth-extra` interfaces and `post_start_hook` commands is available [here](https://github.com/Jip-Hop/jailmaker/discussions/179#discussioncomment-9499289).
+With the new `--network-veth-extra` interface link created and the host side added to an existing host bridge, the jail side of the link still needs to be configured. Jailmaker provides a network file in the form of `/etc/systemd/network/vee-dhcp.network` which will automatically perform this configuration. In order for `vee-dhcp.network` to successfully match and configure the link's jail side interface, the `<jail_interface_name>` must begin with a ***vee-*** prefix. An example jailmaker config with properly named `--network-veth-extra` interfaces and `post_start_hook` commands is available [here](https://github.com/Jip-Hop/jailmaker/discussions/179#discussioncomment-9499289).
 
 ## Macvlan Networking