Install lxc - nutthawit/alpine-dotfile GitHub Wiki

Installation

doas apk add  lxc lxc-templates lxc-download

Configuration

Add line to /etc/fstab

echo "none /sys/fs/cgroup cgroup2 defaults 0 0" | doas tee -a /etc/fstab
doas mount -a
mount

Enable NAT network

doas apk add iptables dnsmasq lxc-bridge

doas ip link add name lxcbr0 type bridge
doas ip addr add 10.0.3.1/24 dev lxcbr0
doas ip link set lxcbr0 up

# Enable NAT for containers to access internet
doas iptables -t nat -A POSTROUTING -s 10.0.3.0/24 ! -d 10.0.3.0/24 -j MASQUERADE

doas sysctl -w net.ipv4.ip_forward=1

echo "net.ipv4.ip_forward=1" | doas tee -a /etc/sysctl.conf

# Enable the dnsmasq OpenRC service at boot and start it
rc-update add dnsmasq.lxcbr0 boot
service dnsmasq.lxcbr0 start

echo "dhcp-host=wayland-rs-builder,10.0.3.4" | doas tee -a /etc/lxc/dnsmasq.conf

service dnsmasq.lxcbr0 restart

Usage

Create container

Create a privileged container

name=gcc-builder
dist=alpine
release=edge
doas lxc-create --name $name --template download -- --dist $dist --release $release --arch amd64

Attach to container

doas lxc-start -n $name
doas lxc-attach -n $name

Then inside the container set root password with

passwd

Then restart the container network service

systemctl stop systemd-networkd
systemctl start systemd-networkd
reboot

After container is back online, show ip should get 10.0.3.4

doas lxc-attach -n $name

ip a

Mount host path

host_path="/var/lib/lxc/${name}/rootfs/smithay"
doas mkdir $host_path

echo "lxc.mount.entry = /home/tie/smithay smithay none bind 0 0" | doas tee -a "/var/lib/lxc/${name}/config"

doas lxc-stop --name $name
doas lxc-start --name $name 
doas lxc-attach --name $name

Create user

# run as root user
username=tie
apk add shadow libuser
mkdir /etc/default
touch /etc/default/useradd
adduser $username
addgroup $username wheel
usermod -d /my/new/home $username
for u in $(ls /home); do for g in disk lp input audio cdrom dialout video netdev games users; do addgroup $u $g; done;done
touch /etc/doas.d/20-wheel.conf
echo "permit nopass :wheel" | tee -a "/etc/doas.d/20-wheel.conf"

Snapshot

doas apk add rsync

doas -s

name=gcc-builder
lxc-stop -n $name
lxc-snapshot -n $name

See also