Skip to content

Instantly share code, notes, and snippets.

@paigeadelethompson

paigeadelethompson/create_vm.sh

Last active April 16, 2025 09:44
Show Gist options
  • Save paigeadelethompson/437b55bfe67bcdca178569d9c91e244a to your computer and use it in GitHub Desktop.
Save paigeadelethompson/437b55bfe67bcdca178569d9c91e244a to your computer and use it in GitHub Desktop.
Download ZIP
Install Void Linux with BHyve-VM using ZFS zvol disk & virtual router / segmentation (fully-automated, see comments)
Raw
create_vm.sh
#!/usr/bin/env bash
set -e
# Function to handle cleanup on exit
cleanup() {
local exit_code=$?
echo "Cleaning up..."
# First try to exit chroot if we're in it
if [ "$(pwd)" = "/mnt/void-install" ]; then
cd /vm || cd /
fi
# Wait a moment for any processes to finish
sleep 1
# Unmount in reverse order of mounting, with retries
for mount_point in "/mnt/void-install/usr/src/linux" \
"/mnt/void-install/proc" \
"/mnt/void-install/sys" \
"/mnt/void-install/dev" \
"/mnt/void-install/boot/efi" \
"/mnt/void-install"; do
if mount | grep -q "$mount_point"; then
echo "Unmounting $mount_point..."
for i in {1..3}; do
if umount "$mount_point" 2>/dev/null; then
break
fi
echo "Retry $i: Waiting for $mount_point to be unmountable..."
sleep 2
done
fi
done
# If we failed and VM exists, destroy it
if [ $exit_code -ne 0 ] && [ -n "$VM_NAME" ]; then
echo "Installation failed for VM '${VM_NAME}' with template '${VM_TEMPLATE}', destroying VM..."
vm destroy -f "$VM_NAME" || echo "Warning: Failed to destroy VM ${VM_NAME}"
fi
exit $exit_code
}
# Set up trap to call cleanup function on script exit
trap cleanup EXIT
# Check if nmdm kernel module is loaded, if not load it
if ! kldstat -m nmdm > /dev/null 2>&1; then
echo "Loading nmdm kernel module..."
kldload nmdm || { echo "Failed to load nmdm kernel module"; exit 1; }
fi
# Parse command line arguments
VM_TEMPLATE="void" # Default template
usage() {
echo "Usage: $0 <vm_name> [options]"
echo "Options:"
echo " -t, --template <template> Specify the VM template to use (default: void)"
echo " -h, --help Show this help message"
echo ""
echo "Examples:"
echo " $0 my-vm # Create VM 'my-vm' with default 'void' template"
echo " $0 my-vm -t freebsd # Create VM 'my-vm' with 'freebsd' template"
echo " $0 my-vm --template debian # Create VM 'my-vm' with 'debian' template"
exit 1
}
# Check if at least one argument is provided
if [ $# -lt 1 ]; then
usage
fi
VM_NAME="$1"
shift
# Parse remaining arguments
while [ $# -gt 0 ]; do
case "$1" in
-t|--template)
VM_TEMPLATE="$2"
shift 2
;;
-h|--help)
usage
;;
*)
echo "Unknown option: $1"
usage
;;
esac
done
echo "Creating VM with name: ${VM_NAME}, template: ${VM_TEMPLATE}"
# Create the VM
vm create -t ${VM_TEMPLATE} ${VM_NAME} || { echo "Failed to create VM"; exit 1; }
# Prepare zvol
zfs set volmode=geom storage/vm/${VM_NAME}/disk0 || { echo "Failed to set zvol mode"; exit 1; }
# Partition disk
gpart create -s gpt /dev/zvol/storage/vm/${VM_NAME}/disk0 || { echo "Failed to create GPT partition table"; exit 1; }
gpart add -t efi -s 256M /dev/zvol/storage/vm/${VM_NAME}/disk0 || { echo "Failed to add EFI partition"; exit 1; }
gpart add -t freebsd-ufs /dev/zvol/storage/vm/${VM_NAME}/disk0 || { echo "Failed to add UFS partition"; exit 1; }
# Format partitions
newfs_msdos /dev/zvol/storage/vm/${VM_NAME}/disk0p1 || { echo "Failed to format EFI partition"; exit 1; }
newfs /dev/zvol/storage/vm/${VM_NAME}/disk0p2 || { echo "Failed to format UFS partition"; exit 1; }
# Create mount points and mount partitions
mkdir -p /mnt/void-install || { echo "Failed to create mount point"; exit 1; }
mount /dev/zvol/storage/vm/${VM_NAME}/disk0p2 /mnt/void-install || { echo "Failed to mount root partition"; exit 1; }
mkdir -p /mnt/void-install/boot/efi || { echo "Failed to create EFI mount point"; exit 1; }
mount -t msdosfs /dev/zvol/storage/vm/${VM_NAME}/disk0p1 /mnt/void-install/boot/efi || { echo "Failed to mount EFI partition"; exit 1; }
# Check if rootfs archive exists in /mnt/pub, if not download it
if [ ! -f "/mnt/pub/void-x86_64-musl-ROOTFS-20250202.tar.xz" ]; then
mkdir -p /mnt/pub || { echo "Failed to create /mnt/pub directory"; exit 1; }
wget -O /mnt/pub/void-x86_64-musl-ROOTFS-20250202.tar.xz https://repo-default.voidlinux.org/live/current/void-x86_64-musl-ROOTFS-20250202.tar.xz || { echo "Failed to download rootfs"; exit 1; }
fi
# Download and extract rootfs
cd /mnt/void-install || { echo "Failed to change to mount directory"; exit 1; }
cp /mnt/pub/void-x86_64-musl-ROOTFS-20250202.tar.xz . || { echo "Failed to copy rootfs archive"; exit 1; }
bsdtar -x --no-xattrs -f void-x86_64-musl-ROOTFS-20250202.tar.xz || { echo "Failed to extract rootfs"; exit 1; }
rm void-x86_64-musl-ROOTFS-20250202.tar.xz || { echo "Failed to remove rootfs archive"; exit 1; }
# Prepare chroot
mount -t linprocfs linprocfs /mnt/void-install/proc || { echo "Failed to mount proc"; exit 1; }
mount -t linsysfs linsysfs /mnt/void-install/sys || { echo "Failed to mount sys"; exit 1; }
mount -t devfs devfs /mnt/void-install/dev || { echo "Failed to mount dev"; exit 1; }
cp /etc/resolv.conf /mnt/void-install/etc/ || { echo "Failed to copy resolv.conf"; exit 1; }
echo "135.181.160.58 repo-default.voidlinux.org" >> /mnt/void-install/etc/hosts || { echo "Failed to update hosts file"; exit 1; }
# Create /etc/fstab for the VM
cat << EOF > /mnt/void-install/etc/fstab || { echo "Failed to create fstab"; exit 1; }
/dev/vda2 / ufs defaults 0 1
/dev/vda1 /boot/efi msdos defaults 0 2
EOF
# Create script to run inside chroot
cat << EOF > /mnt/void-install/setup.sh || { echo "Failed to create setup script"; exit 1; }
#!/bin/bash
set -e
# VM template used for creation
VM_TEMPLATE="${VM_TEMPLATE}"
VM_NAME="${VM_NAME}"
xbps-pkgdb -m hold linux
xbps-pkgdb -m hold linux-headers
xbps-install --force -Suy
xbps-install --force -y gcc make flex bison libelf rsync elfutils-devel bc openssl-devel perl base-system xz \
tar xz bc elfutils-devel flex gmp-devel kmod libmpc-devel pkg-config openssl-devel perl uboot-mkimage \
cpio pahole python3 zstd
# Print VM info
echo "Setting up VM '${VM_NAME}' created with template '${VM_TEMPLATE}'"
cd /usr/src/linux
if [ ! -f ".config" ]; then
make mrproper
make clean
make defconfig
make kvm_guest.config
scripts/config -e CONFIG_EFI_STUB
scripts/config -e CONFIG_HZ_100
scripts/config -d CONFIG_HZ_250
scripts/config -d CONFIG_HZ_300
scripts/config -d CONFIG_HZ_1000
scripts/config -d CONFIG_NO_HZ_IDLE
scripts/config -d CONFIG_NO_HZ
scripts/config -e CONFIG_PREEMPT
scripts/config -e CONFIG_BOOT_CONFIG
scripts/config -e CONFIG_HZ_PERIODIC
scripts/config -e CONFIG_MSDOS_FS
scripts/config -e CONFIG_VFAT_FS
scripts/config -e CONFIG_EXFAT_FS
scripts/config -e CONFIG_UFS_FS
scripts/config -e CONFIG_UFS_FS_WRITE
scripts/config -e CONFIG_SCSI_VIRTIO
scripts/config -e CONFIG_DRM_VIRTIO_GPU
scripts/config -e CONFIG_HW_RANDOM_VIRTIO
scripts/config -e CONFIG_NFS_FS
scripts/config -e CONFIG_NFS_V2
scripts/config -e CONFIG_NFS_V3
scripts/config -e CONFIG_NFS_V3_ACL
scripts/config -e CONFIG_NFS_V4
scripts/config -e CONFIG_NFS_SWAP
scripts/config -e CONFIG_NFS_V4_1
scripts/config -e CONFIG_NFS_V4_2
scripts/config -e CONFIG_HAVE_KERNEL_GZIP
scripts/config -d CONFIG_HAVE_KERNEL_BZIP2
scripts/config -d CONFIG_HAVE_KERNEL_LZMA
scripts/config -d CONFIG_HAVE_KERNEL_XZ
scripts/config -d CONFIG_HAVE_KERNEL_LZO
scripts/config -d CONFIG_HAVE_KERNEL_LZ4
scripts/config -d CONFIG_HAVE_KERNEL_ZSTD
scripts/config -e CONFIG_KERNEL_GZIP
scripts/config -d CONFIG_KERNEL_BZIP2
scripts/config -d CONFIG_KERNEL_LZMA
scripts/config -d CONFIG_KERNEL_XZ
scripts/config -d CONFIG_KERNEL_LZO
scripts/config -d CONFIG_KERNEL_LZ4
scripts/config -d CONFIG_KERNEL_ZSTD
scripts/config -m CONFIG_NET_KEY
scripts/config -m CONFIG_NET_HANDSHAKE_KUNIT_TEST
scripts/config -m CONFIG_NET_IPIP
scripts/config -m CONFIG_NET_IPGRE_DEMUX
scripts/config -m CONFIG_NET_IP_TUNNEL
scripts/config -m CONFIG_NET_IPGRE
scripts/config -m CONFIG_NET_IPVTI
scripts/config -m CONFIG_NET_UDP_TUNNEL
scripts/config -m CONFIG_NET_FOU
scripts/config -m CONFIG_NET_DSA
scripts/config -m CONFIG_NET_DSA_TAG_NONE
scripts/config -m CONFIG_NET_DSA_TAG_AR9331
scripts/config -m CONFIG_NET_DSA_TAG_BRCM_COMMON
scripts/config -m CONFIG_NET_DSA_TAG_BRCM
scripts/config -m CONFIG_NET_DSA_TAG_BRCM_LEGACY
scripts/config -m CONFIG_NET_DSA_TAG_BRCM_PREPEND
scripts/config -m CONFIG_NET_DSA_TAG_HELLCREEK
scripts/config -m CONFIG_NET_DSA_TAG_GSWIP
scripts/config -m CONFIG_NET_DSA_TAG_DSA_COMMON
scripts/config -m CONFIG_NET_DSA_TAG_DSA
scripts/config -m CONFIG_NET_DSA_TAG_EDSA
scripts/config -m CONFIG_NET_DSA_TAG_MTK
scripts/config -m CONFIG_NET_DSA_TAG_KSZ
scripts/config -m CONFIG_NET_DSA_TAG_OCELOT
scripts/config -m CONFIG_NET_DSA_TAG_OCELOT_8021Q
scripts/config -m CONFIG_NET_DSA_TAG_QCA
scripts/config -m CONFIG_NET_DSA_TAG_RTL4_A
scripts/config -m CONFIG_NET_DSA_TAG_RTL8_4
scripts/config -m CONFIG_NET_DSA_TAG_RZN1_A5PSW
scripts/config -m CONFIG_NET_DSA_TAG_LAN9303
scripts/config -m CONFIG_NET_DSA_TAG_SJA1105
scripts/config -m CONFIG_NET_DSA_TAG_TRAILER
scripts/config -m CONFIG_NET_DSA_TAG_VSC73XX_8021Q
scripts/config -m CONFIG_NET_DSA_TAG_XRS700X
scripts/config -m CONFIG_NET_SCH_HTB
scripts/config -m CONFIG_NET_SCH_HFSC
scripts/config -m CONFIG_NET_SCH_PRIO
scripts/config -m CONFIG_NET_SCH_MULTIQ
scripts/config -m CONFIG_NET_SCH_RED
scripts/config -m CONFIG_NET_SCH_SFB
scripts/config -m CONFIG_NET_SCH_SFQ
scripts/config -m CONFIG_NET_SCH_TEQL
scripts/config -m CONFIG_NET_SCH_TBF
scripts/config -m CONFIG_NET_SCH_CBS
scripts/config -m CONFIG_NET_SCH_ETF
scripts/config -m CONFIG_NET_SCH_MQPRIO_LIB
scripts/config -m CONFIG_NET_SCH_TAPRIO
scripts/config -m CONFIG_NET_SCH_GRED
scripts/config -m CONFIG_NET_SCH_NETEM
scripts/config -m CONFIG_NET_SCH_DRR
scripts/config -m CONFIG_NET_SCH_MQPRIO
scripts/config -m CONFIG_NET_SCH_SKBPRIO
scripts/config -m CONFIG_NET_SCH_CHOKE
scripts/config -m CONFIG_NET_SCH_QFQ
scripts/config -m CONFIG_NET_SCH_CODEL
scripts/config -m CONFIG_NET_SCH_FQ_CODEL
scripts/config -m CONFIG_NET_SCH_CAKE
scripts/config -m CONFIG_NET_SCH_FQ
scripts/config -m CONFIG_NET_SCH_HHF
scripts/config -m CONFIG_NET_SCH_PIE
scripts/config -m CONFIG_NET_SCH_FQ_PIE
scripts/config -m CONFIG_NET_SCH_INGRESS
scripts/config -m CONFIG_NET_SCH_PLUG
scripts/config -m CONFIG_NET_SCH_ETS
scripts/config -m CONFIG_NET_CLS_BASIC
scripts/config -m CONFIG_NET_CLS_ROUTE4
scripts/config -m CONFIG_NET_CLS_FW
scripts/config -m CONFIG_NET_CLS_U32
scripts/config -m CONFIG_NET_CLS_FLOW
scripts/config -m CONFIG_NET_CLS_CGROUP
scripts/config -m CONFIG_NET_CLS_BPF
scripts/config -m CONFIG_NET_CLS_FLOWER
scripts/config -m CONFIG_NET_CLS_MATCHALL
scripts/config -m CONFIG_NET_EMATCH_CMP
scripts/config -m CONFIG_NET_EMATCH_NBYTE
scripts/config -m CONFIG_NET_EMATCH_U32
scripts/config -m CONFIG_NET_EMATCH_META
scripts/config -m CONFIG_NET_EMATCH_TEXT
scripts/config -m CONFIG_NET_EMATCH_CANID
scripts/config -m CONFIG_NET_EMATCH_IPSET
scripts/config -m CONFIG_NET_EMATCH_IPT
scripts/config -m CONFIG_NET_ACT_POLICE
scripts/config -m CONFIG_NET_ACT_GACT
scripts/config -m CONFIG_NET_ACT_MIRRED
scripts/config -m CONFIG_NET_ACT_SAMPLE
scripts/config -m CONFIG_NET_ACT_NAT
scripts/config -m CONFIG_NET_ACT_PEDIT
scripts/config -m CONFIG_NET_ACT_SIMP
scripts/config -m CONFIG_NET_ACT_SKBEDIT
scripts/config -m CONFIG_NET_ACT_CSUM
scripts/config -m CONFIG_NET_ACT_MPLS
scripts/config -m CONFIG_NET_ACT_VLAN
scripts/config -m CONFIG_NET_ACT_BPF
scripts/config -m CONFIG_NET_ACT_CONNMARK
scripts/config -m CONFIG_NET_ACT_CTINFO
scripts/config -m CONFIG_NET_ACT_SKBMOD
scripts/config -m CONFIG_NET_ACT_IFE
scripts/config -m CONFIG_NET_ACT_TUNNEL_KEY
scripts/config -m CONFIG_NET_ACT_CT
scripts/config -m CONFIG_NET_ACT_GATE
scripts/config -m CONFIG_NET_IFE_SKBMARK
scripts/config -m CONFIG_NET_IFE_SKBPRIO
scripts/config -m CONFIG_NET_IFE_SKBTCINDEX
scripts/config -m CONFIG_NET_MPLS_GSO
scripts/config -m CONFIG_NET_NSH
scripts/config -m CONFIG_NET_PKTGEN
scripts/config -m CONFIG_NET_DROP_MONITOR
scripts/config -m CONFIG_NET_9P
scripts/config -m CONFIG_NET_9P_FD
scripts/config -m CONFIG_NET_9P_VIRTIO
scripts/config -m CONFIG_NET_9P_XEN
scripts/config -m CONFIG_NET_9P_USBG
scripts/config -m CONFIG_NET_9P_RDMA
scripts/config -m CONFIG_NET_IFE
scripts/config -m CONFIG_NET_SELFTESTS
scripts/config -m CONFIG_NET_TEST
scripts/config -m CONFIG_NET_TEAM
scripts/config -m CONFIG_NET_TEAM_MODE_BROADCAST
scripts/config -m CONFIG_NET_TEAM_MODE_ROUNDROBIN
scripts/config -m CONFIG_NET_TEAM_MODE_RANDOM
scripts/config -m CONFIG_NET_TEAM_MODE_ACTIVEBACKUP
scripts/config -m CONFIG_NET_TEAM_MODE_LOADBALANCE
scripts/config -m CONFIG_NET_VRF
scripts/config -m CONFIG_NET_DSA_BCM_SF2
scripts/config -m CONFIG_NET_DSA_LOOP
scripts/config -m CONFIG_NET_DSA_HIRSCHMANN_HELLCREEK
scripts/config -m CONFIG_NET_DSA_LANTIQ_GSWIP
scripts/config -m CONFIG_NET_DSA_MT7530
scripts/config -m CONFIG_NET_DSA_MT7530_MDIO
scripts/config -m CONFIG_NET_DSA_MT7530_MMIO
scripts/config -m CONFIG_NET_DSA_MV88E6060
scripts/config -m CONFIG_NET_DSA_MICROCHIP_KSZ_COMMON
scripts/config -m CONFIG_NET_DSA_MICROCHIP_KSZ9477_I2C
scripts/config -m CONFIG_NET_DSA_MICROCHIP_KSZ_SPI
scripts/config -m CONFIG_NET_DSA_MICROCHIP_KSZ8863_SMI
scripts/config -m CONFIG_NET_DSA_MV88E6XXX
scripts/config -m CONFIG_NET_DSA_MSCC_FELIX_DSA_LIB
scripts/config -m CONFIG_NET_DSA_MSCC_OCELOT_EXT
scripts/config -m CONFIG_NET_DSA_MSCC_FELIX
scripts/config -m CONFIG_NET_DSA_MSCC_SEVILLE
scripts/config -m CONFIG_NET_DSA_AR9331
scripts/config -m CONFIG_NET_DSA_QCA8K
scripts/config -m CONFIG_NET_DSA_SJA1105
scripts/config -m CONFIG_NET_DSA_XRS700X
scripts/config -m CONFIG_NET_DSA_XRS700X_I2C
scripts/config -m CONFIG_NET_DSA_XRS700X_MDIO
scripts/config -m CONFIG_NET_DSA_REALTEK
scripts/config -m CONFIG_NET_DSA_REALTEK_RTL8365MB
scripts/config -m CONFIG_NET_DSA_REALTEK_RTL8366RB
scripts/config -m CONFIG_NET_DSA_SMSC_LAN9303
scripts/config -m CONFIG_NET_DSA_SMSC_LAN9303_I2C
scripts/config -m CONFIG_NET_DSA_SMSC_LAN9303_MDIO
scripts/config -m CONFIG_NET_DSA_VITESSE_VSC73XX
scripts/config -m CONFIG_NET_DSA_VITESSE_VSC73XX_SPI
scripts/config -m CONFIG_NET_DSA_VITESSE_VSC73XX_PLATFORM
scripts/config -m CONFIG_NET_XGENE
scripts/config -m CONFIG_NET_XGENE_V2
scripts/config -m CONFIG_NET_CALXEDA_XGMAC
scripts/config -m CONFIG_NET_AIROHA
scripts/config -m CONFIG_NET_MEDIATEK_SOC
scripts/config -m CONFIG_NET_MEDIATEK_STAR_EMAC
scripts/config -m CONFIG_NET_FAILOVER
scripts/config -m CONFIG_NETCONSOLE
scripts/config -m CONFIG_NETDEV_ADDR_LIST_TEST
scripts/config -m CONFIG_NETDEV_NOTIFIER_ERROR_INJECT
scripts/config -m CONFIG_NETDEVSIM
scripts/config -m CONFIG_NETFILTER_NETLINK
scripts/config -m CONFIG_NETFILTER_NETLINK_HOOK
scripts/config -m CONFIG_NETFILTER_NETLINK_ACCT
scripts/config -m CONFIG_NETFILTER_NETLINK_QUEUE
scripts/config -m CONFIG_NETFILTER_NETLINK_LOG
scripts/config -m CONFIG_NETFILTER_NETLINK_OSF
scripts/config -m CONFIG_NETFILTER_CONNCOUNT
scripts/config -m CONFIG_NETFILTER_SYNPROXY
scripts/config -m CONFIG_NETFILTER_XTABLES
scripts/config -m CONFIG_NETFILTER_XT_MARK
scripts/config -m CONFIG_NETFILTER_XT_CONNMARK
scripts/config -m CONFIG_NETFILTER_XT_SET
scripts/config -m CONFIG_NETFILTER_XT_TARGET_AUDIT
scripts/config -m CONFIG_NETFILTER_XT_TARGET_CHECKSUM
scripts/config -m CONFIG_NETFILTER_XT_TARGET_CLASSIFY
scripts/config -m CONFIG_NETFILTER_XT_TARGET_CONNMARK
scripts/config -m CONFIG_NETFILTER_XT_TARGET_CONNSECMARK
scripts/config -m CONFIG_NETFILTER_XT_TARGET_CT
scripts/config -m CONFIG_NETFILTER_XT_TARGET_DSCP
scripts/config -m CONFIG_NETFILTER_XT_TARGET_HL
scripts/config -m CONFIG_NETFILTER_XT_TARGET_HMARK
scripts/config -m CONFIG_NETFILTER_XT_TARGET_IDLETIMER
scripts/config -m CONFIG_NETFILTER_XT_TARGET_LED
scripts/config -m CONFIG_NETFILTER_XT_TARGET_LOG
scripts/config -m CONFIG_NETFILTER_XT_TARGET_MARK
scripts/config -m CONFIG_NETFILTER_XT_NAT
scripts/config -m CONFIG_NETFILTER_XT_TARGET_NETMAP
scripts/config -m CONFIG_NETFILTER_XT_TARGET_NFLOG
scripts/config -m CONFIG_NETFILTER_XT_TARGET_NFQUEUE
scripts/config -m CONFIG_NETFILTER_XT_TARGET_NOTRACK
scripts/config -m CONFIG_NETFILTER_XT_TARGET_RATEEST
scripts/config -m CONFIG_NETFILTER_XT_TARGET_REDIRECT
scripts/config -m CONFIG_NETFILTER_XT_TARGET_MASQUERADE
scripts/config -m CONFIG_NETFILTER_XT_TARGET_TEE
scripts/config -m CONFIG_NETFILTER_XT_TARGET_TPROXY
scripts/config -m CONFIG_NETFILTER_XT_TARGET_TRACE
scripts/config -m CONFIG_NETFILTER_XT_TARGET_SECMARK
scripts/config -m CONFIG_NETFILTER_XT_TARGET_TCPMSS
scripts/config -m CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
scripts/config -m CONFIG_NETFILTER_XT_MATCH_BPF
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CGROUP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CLUSTER
scripts/config -m CONFIG_NETFILTER_XT_MATCH_COMMENT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CONNBYTES
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CONNLABEL
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CONNLIMIT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CONNMARK
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CONNTRACK
scripts/config -m CONFIG_NETFILTER_XT_MATCH_CPU
scripts/config -m CONFIG_NETFILTER_XT_MATCH_DCCP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_DEVGROUP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_DSCP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_ECN
scripts/config -m CONFIG_NETFILTER_XT_MATCH_ESP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_HELPER
scripts/config -m CONFIG_NETFILTER_XT_MATCH_HL
scripts/config -m CONFIG_NETFILTER_XT_MATCH_IPCOMP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_IPRANGE
scripts/config -m CONFIG_NETFILTER_XT_MATCH_IPVS
scripts/config -m CONFIG_NETFILTER_XT_MATCH_L2TP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_LENGTH
scripts/config -m CONFIG_NETFILTER_XT_MATCH_LIMIT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_MAC
scripts/config -m CONFIG_NETFILTER_XT_MATCH_MARK
scripts/config -m CONFIG_NETFILTER_XT_MATCH_MULTIPORT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_NFACCT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_OSF
scripts/config -m CONFIG_NETFILTER_XT_MATCH_OWNER
scripts/config -m CONFIG_NETFILTER_XT_MATCH_POLICY
scripts/config -m CONFIG_NETFILTER_XT_MATCH_PHYSDEV
scripts/config -m CONFIG_NETFILTER_XT_MATCH_PKTTYPE
scripts/config -m CONFIG_NETFILTER_XT_MATCH_QUOTA
scripts/config -m CONFIG_NETFILTER_XT_MATCH_RATEEST
scripts/config -m CONFIG_NETFILTER_XT_MATCH_REALM
scripts/config -m CONFIG_NETFILTER_XT_MATCH_RECENT
scripts/config -m CONFIG_NETFILTER_XT_MATCH_SCTP
scripts/config -m CONFIG_NETFILTER_XT_MATCH_SOCKET
scripts/config -m CONFIG_NETFILTER_XT_MATCH_STATE
scripts/config -m CONFIG_NETFILTER_XT_MATCH_STATISTIC
scripts/config -m CONFIG_NETFILTER_XT_MATCH_STRING
scripts/config -m CONFIG_NETFILTER_XT_MATCH_TCPMSS
scripts/config -m CONFIG_NETFILTER_XT_MATCH_TIME
scripts/config -m CONFIG_NETFILTER_XT_MATCH_U32
scripts/config -m CONFIG_NETFS_SUPPORT
scripts/config -m CONFIG_NETLINK_DIAG
scripts/config -m CONFIG_NETROM
scripts/config -m CONFIG_NF_CONNTRACK
scripts/config -m CONFIG_NF_LOG_SYSLOG
scripts/config -m CONFIG_NF_CONNTRACK_AMANDA
scripts/config -m CONFIG_NF_CONNTRACK_FTP
scripts/config -m CONFIG_NF_CONNTRACK_H323
scripts/config -m CONFIG_NF_CONNTRACK_IRC
scripts/config -m CONFIG_NF_CONNTRACK_BROADCAST
scripts/config -m CONFIG_NF_CONNTRACK_NETBIOS_NS
scripts/config -m CONFIG_NF_CONNTRACK_SNMP
scripts/config -m CONFIG_NF_CONNTRACK_PPTP
scripts/config -m CONFIG_NF_CONNTRACK_SANE
scripts/config -m CONFIG_NF_CONNTRACK_SIP
scripts/config -m CONFIG_NF_CONNTRACK_TFTP
scripts/config -m CONFIG_NF_CT_NETLINK
scripts/config -m CONFIG_NF_CT_NETLINK_TIMEOUT
scripts/config -m CONFIG_NF_CT_NETLINK_HELPER
scripts/config -m CONFIG_NF_NAT
scripts/config -m CONFIG_NF_NAT_AMANDA
scripts/config -m CONFIG_NF_NAT_FTP
scripts/config -m CONFIG_NF_NAT_IRC
scripts/config -m CONFIG_NF_NAT_SIP
scripts/config -m CONFIG_NF_NAT_TFTP
scripts/config -m CONFIG_NF_TABLES
scripts/config -m CONFIG_NF_DUP_NETDEV
scripts/config -m CONFIG_NF_FLOW_TABLE_INET
scripts/config -m CONFIG_NF_FLOW_TABLE
scripts/config -m CONFIG_NF_DEFRAG_IPV4
scripts/config -m CONFIG_NF_SOCKET_IPV4
scripts/config -m CONFIG_NF_TPROXY_IPV4
scripts/config -m CONFIG_NF_DUP_IPV4
scripts/config -m CONFIG_NF_LOG_ARP
scripts/config -m CONFIG_NF_LOG_IPV4
scripts/config -m CONFIG_NF_REJECT_IPV4
scripts/config -m CONFIG_NF_NAT_SNMP_BASIC
scripts/config -m CONFIG_NF_NAT_PPTP
scripts/config -m CONFIG_NF_NAT_H323
scripts/config -m CONFIG_NF_SOCKET_IPV6
scripts/config -m CONFIG_NF_TPROXY_IPV6
scripts/config -m CONFIG_NF_DUP_IPV6
scripts/config -m CONFIG_NF_REJECT_IPV6
scripts/config -m CONFIG_NF_LOG_IPV6
scripts/config -m CONFIG_NF_DEFRAG_IPV6
scripts/config -m CONFIG_NF_TABLES_BRIDGE
scripts/config -m CONFIG_NF_CONNTRACK_BRIDGE
scripts/config -m CONFIG_INET_AH
scripts/config -m CONFIG_INET_ESP
scripts/config -m CONFIG_INET_ESP_OFFLOAD
scripts/config -m CONFIG_INET_IPCOMP
scripts/config -m CONFIG_INET_XFRM_TUNNEL
scripts/config -m CONFIG_INET_TUNNEL
scripts/config -m CONFIG_INET_DIAG
scripts/config -m CONFIG_INET_TCP_DIAG
scripts/config -m CONFIG_INET_UDP_DIAG
scripts/config -m CONFIG_INET_RAW_DIAG
scripts/config -m CONFIG_INET_MPTCP_DIAG
scripts/config -m CONFIG_INET_DCCP_DIAG
scripts/config -m CONFIG_INET_SCTP_DIAG
scripts/config -m CONFIG_INET6_AH
scripts/config -m CONFIG_INET6_ESP
scripts/config -m CONFIG_INET6_ESP_OFFLOAD
scripts/config -m CONFIG_INET6_IPCOMP
scripts/config -m CONFIG_INET6_XFRM_TUNNEL
scripts/config -m CONFIG_INET6_TUNNEL
scripts/config -m CONFIG_IPVLAN
scripts/config -m CONFIG_IPVTAP
scripts/config -d CONFIG_VLAN_8021Q
scripts/config -m CONFIG_VLAN_8021Q
scripts/config -d CONFIG_VLAN_8021Q_GVRP
scripts/config -e CONFIG_VLAN_8021Q_GVRP
scripts/config -d CONFIG_VLAN_8021Q_MVRP
scripts/config -e CONFIG_VLAN_8021Q_MVRP
scripts/config -d CONFIG_VETH
scripts/config -m CONFIG_VETH
scripts/config -d CONFIG_TUN
scripts/config -m CONFIG_TUN
scripts/config -d CONFIG_TUN_VNET_CROSS_LE
scripts/config -e CONFIG_TUN_VNET_CROSS_LE
scripts/config -d CONFIG_TAP
scripts/config -m CONFIG_TAP
scripts/config -d CONFIG_XFRM
scripts/config -e CONFIG_XFRM
scripts/config -d CONFIG_XFRM_OFFLOAD
scripts/config -e CONFIG_XFRM_OFFLOAD
scripts/config -d CONFIG_XFRM_ALGO
scripts/config -m CONFIG_XFRM_ALGO
scripts/config -d CONFIG_XFRM_USER
scripts/config -m CONFIG_XFRM_USER
scripts/config -d CONFIG_XFRM_USER_COMPAT
scripts/config -m CONFIG_XFRM_USER_COMPAT
scripts/config -d CONFIG_XFRM_INTERFACE
scripts/config -m CONFIG_XFRM_INTERFACE
scripts/config -d CONFIG_XFRM_SUB_POLICY
scripts/config -e CONFIG_XFRM_SUB_POLICY
scripts/config -d CONFIG_XFRM_MIGRATE
scripts/config -e CONFIG_XFRM_MIGRATE
scripts/config -d CONFIG_XFRM_STATISTICS
scripts/config -e CONFIG_XFRM_STATISTICS
scripts/config -d CONFIG_XFRM_AH
scripts/config -m CONFIG_XFRM_AH
scripts/config -d CONFIG_XFRM_ESP
scripts/config -m CONFIG_XFRM_ESP
scripts/config -d CONFIG_XFRM_IPCOMP
scripts/config -m CONFIG_XFRM_IPCOMP
scripts/config -d CONFIG_XFRM_IPTFS
scripts/config -m CONFIG_XFRM_IPTFS
scripts/config -d CONFIG_XFRM_ESPINTCP
scripts/config -e CONFIG_XFRM_ESPINTCP
scripts/config -d CONFIG_MPTCP
scripts/config -e CONFIG_MPTCP
scripts/config -d CONFIG_MPTCP_KUNIT_TEST
scripts/config -m CONFIG_MPTCP_KUNIT_TEST
scripts/config -d CONFIG_PPTP
scripts/config -m CONFIG_PPTP
scripts/config -d CONFIG_PPPOE
scripts/config -m CONFIG_PPPOE
scripts/config -d CONFIG_PPPOE_HASH_BITS_4
scripts/config -e CONFIG_PPPOE_HASH_BITS_4
scripts/config -d CONFIG_PPPOE_HASH_BITS
scripts/config --set-val CONFIG_PPPOE_HASH_BITS 4
scripts/config -d CONFIG_PPP
scripts/config -m CONFIG_PPP
scripts/config -d CONFIG_PPP_BSDCOMP
scripts/config -m CONFIG_PPP_BSDCOMP
scripts/config -d CONFIG_PPP_DEFLATE
scripts/config -m CONFIG_PPP_DEFLATE
scripts/config -d CONFIG_PPP_FILTER
scripts/config -e CONFIG_PPP_FILTER
scripts/config -d CONFIG_PPP_MPPE
scripts/config -m CONFIG_PPP_MPPE
scripts/config -d CONFIG_PPP_MULTILINK
scripts/config -e CONFIG_PPP_MULTILINK
scripts/config -d CONFIG_PPP_ASYNC
scripts/config -m CONFIG_PPP_ASYNC
scripts/config -d CONFIG_PPP_SYNC_TTY
scripts/config -m CONFIG_PPP_SYNC_TTY
scripts/config -d CONFIG_GENEVE
scripts/config -m CONFIG_GENEVE
scripts/config -d CONFIG_L2TP
scripts/config -m CONFIG_L2TP
scripts/config -d CONFIG_L2TP_DEBUGFS
scripts/config -m CONFIG_L2TP_DEBUGFS
scripts/config -d CONFIG_L2TP_V3
scripts/config -e CONFIG_L2TP_V3
scripts/config -d CONFIG_L2TP_IP
scripts/config -m CONFIG_L2TP_IP
scripts/config -d CONFIG_L2TP_ETH
scripts/config -m CONFIG_L2TP_ETH
scripts/config -d CONFIG_VXLAN
scripts/config -m CONFIG_VXLAN
make mod2yesconfig
make -j$(nproc) bzImage
make -j$(nproc) modules
fi
make modules_install
make headers_install
mkdir -p /boot/efi/efi/boot
cp arch/x86_64/boot/bzImage /boot/efi/efi/boot/vmlinuz
# Create startup.nsh for EFI boot
cat << 'EOFNSH' > /boot/efi/efi/boot/startup.nsh
fs0:\efi\boot\vmlinuz console=ttyS0 root=/dev/vda2 rootflags=ufstype=ufs2 rootfstype=ufs
EOFNSH
chmod +x /boot/efi/efi/boot/startup.nsh
# Basic system configuration
echo "${VM_NAME}" > /etc/hostname
ln -s /etc/sv/agetty-ttyS0 /etc/runit/runsvdir/default
# Install sudo
xbps-install -y sudo
# Create a user with sudo permissions
useradd -m -G wheel -s /bin/bash admin
usermod -U admin
passwd -d admin
# Add the user to sudoers with ALL/ALL privileges
echo "admin ALL=(ALL) ALL" > /etc/sudoers.d/admin
chmod 440 /etc/sudoers.d/admin
EOF
# Make the script executable
chmod +x /mnt/void-install/setup.sh || { echo "Failed to make setup script executable"; exit 1; }
# Check if Linux source exists in /mnt/pub, if not clone it
if [ ! -d "/mnt/pub/linux" ]; then
mkdir -p /mnt/pub || { echo "Failed to create /mnt/pub directory"; exit 1; }
git clone --single-branch --branch v6.14 https://github.com/torvalds/linux.git /mnt/pub/linux || { echo "Failed to clone Linux source"; exit 1; }
fi
# Mount Linux source to VM using nullfs instead of copying
mkdir -p /mnt/void-install/usr/src/linux || { echo "Failed to create Linux source mount point"; exit 1; }
mount_nullfs /mnt/pub/linux /mnt/void-install/usr/src/linux || { echo "Failed to mount Linux source"; exit 1; }
# Run the script inside chroot and ensure we exit properly
cd /vm || { echo "Failed to change to /vm directory"; exit 1; }
chroot /mnt/void-install /setup.sh || { echo "Failed to run setup script in chroot"; exit 1; }
echo "Installation complete for VM '${VM_NAME}' with template '${VM_TEMPLATE}'."
echo "Start the VM with: vm start -f ${VM_NAME}"
Raw
pf.conf
# 192.168.0.0/16 is null-routed on FIB 8, but this should prevent NAT traversal too while NAT is enabled
nat on ix1 inet from 198.18.0.0/23 to !192.168.0.0/16 -> ix1
Raw
rc.conf
# Enable routing
gateway_enable="YES"
ipv6_gateway_enable="YES"
# Physical interface
ifconfig_ix1="inet 192.168.1.128 netmask 255.255.255.0"
# Virtual interfaces for VM networking
cloned_interfaces="bridge0 epair0 tap0"
ifconfig_bridge0="fib 8 up"
ifconfig_bridge0_aliases="addm epair0b addm tap0"
ifconfig_epair0a="192.0.0.0/31 fib 0 up"
ifconfig_epair0b="192.0.0.1/31 fib 8 up"
ifconfig_tap0="198.18.0.1/23 fib 8 up"
# Static routes (combined)
static_routes="net1 net2 default_fib8 null_private_fib8"
route_net1="-net 192.168.1.0/24 192.168.1.1"
route_net2="default 192.168.1.1"
route_default_fib8="-fib 8 default 192.0.0.0"
route_null_private_fib8="-fib 8 -net 192.168.0.0/16 -reject"
route_fib0_to_fib8="-net 198.18.0.0/23 192.0.0.1"
Raw
void.conf
# /vm/.templates/void.conf
loader="uefi"
cpu="1"
cpu_sockets="1"
cpu_cores="1"
cpu_threads="1"
memory=512M
disk0_type="virtio-blk"
disk0_dev="zvol"
disk0_name="disk0"
disk0_size="8G"
loader="bhyveload"
comports="com1"
graphics="no"
xhci_mouse="no"
wired_memory="yes"
network0_type="virtio-net"
network0_switch="bridge0"
network0_span="yes"
@paigeadelethompson
Copy link
Author

paigeadelethompson commented Apr 16, 2025
edited
Loading

TODO

  • Why the hell is UFS2 write support experimental in Linux mainline in 2025?
  • This script works for not but it is just dying to die... I really just wanted to make a point that there is a lot that can be trivialized in this process and relying cd images to install anything in 2025 is just out of the question for me. I don't even want to do it for physical hardware and if I just got my shit together a little better, I don't think I would have an excuse given things like iPXE

Take aways

I just can't really believe how little a UDM pro actually delivers in terms of being able to do simple things like a VRF. Well afaik UDM is Linux and in my experience VRF on Linux is more of an insult to injury compared to Free/OpenBSD's fib/rtable. I guess NetNS does it's job, well enough that people can use it for Docker and somewhere in the world I think somebody even uses VRF in the context of Docker (custom OCI network driver.) It's still a nightmare for the things I want to do with it and it's actually a huge part of why I've come back to BSD after... 20 years.

Usage

./script.sh BIGVM -t littletemplate and template.conf go in /vm/.templates

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment