community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add advanced Proxmox container feature support

Browse Source 
Introduces support for advanced Proxmox container features including nesting, keyctl, mknod, mount filesystems, protection flag, and timezone. Updates variable handling, settings UI, and container build logic to allow configuration and passing of these options.
This commit is contained in:
CanbiZ 2025-11-17 13:48:59 +01:00
parent 541816f3b6
commit 73d6cabb52
1 changed files with 116 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
misc/build.func
View File

@ -535,6 +535,12 @@ base_settings() {
TAGS="community-script,${var_tags:-}" TAGS="community-script,${var_tags:-}"
ENABLE_FUSE=${var_fuse:-"${1:-no}"} ENABLE_FUSE=${var_fuse:-"${1:-no}"}
ENABLE_TUN=${var_tun:-"${1:-no}"} ENABLE_TUN=${var_tun:-"${1:-no}"}
ENABLE_NESTING=${var_nesting:-"${1:-1}"}
ENABLE_KEYCTL=${var_keyctl:-"${1:-0}"}
ALLOW_MOUNT_FS=${var_mount_fs:-""}
ENABLE_MKNOD=${var_mknod:-"${1:-0}"}
PROTECT_CT=${var_protection:-"${1:-no}"}
CT_TIMEZONE=${var_timezone:-""}
# Since these 2 are only defined outside of default_settings function, we add a temporary fallback. TODO: To align everything, we should add these as constant variables (e.g. OSTYPE and OSVERSION), but that would currently require updating the default_settings function for all existing scripts # Since these 2 are only defined outside of default_settings function, we add a temporary fallback. TODO: To align everything, we should add these as constant variables (e.g. OSTYPE and OSVERSION), but that would currently require updating the default_settings function for all existing scripts
if [ -z "$var_os" ]; then if [ -z "$var_os" ]; then
@ -558,9 +564,9 @@ default_var_settings() {
# Allowed var_* keys (alphabetically sorted) # Allowed var_* keys (alphabetically sorted)
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
local VAR_WHITELIST=( local VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
) )
@ -638,6 +644,14 @@ var_ssh=no
# Features/Tags/verbosity # Features/Tags/verbosity
var_fuse=no var_fuse=no
var_tun=no var_tun=no
# Advanced Settings (Proxmox-official features)
var_nesting=1 # Allow nesting (required for Docker/LXC in CT)
var_keyctl=0 # Allow keyctl() - needed for Docker (systemd-networkd workaround)
var_mknod=0 # Allow device node creation (requires kernel 5.3+, experimental)
var_mount_fs= # Allow specific filesystems: nfs,fuse,ext4,etc (leave empty for defaults)
var_protection=no # Prevent accidental deletion of container
var_timezone= # Container timezone (e.g. Europe/Berlin, leave empty for host timezone)
var_tags=community-script var_tags=community-script
var_verbose=no var_verbose=no
@ -904,6 +918,12 @@ _build_current_app_vars_tmp() {
_apt_cacher_ip="${APT_CACHER_IP:-}" _apt_cacher_ip="${APT_CACHER_IP:-}"
_fuse="${ENABLE_FUSE:-no}" _fuse="${ENABLE_FUSE:-no}"
_tun="${ENABLE_TUN:-no}" _tun="${ENABLE_TUN:-no}"
_nesting="${ENABLE_NESTING:-1}"
_keyctl="${ENABLE_KEYCTL:-0}"
_mknod="${ENABLE_MKNOD:-0}"
_mount_fs="${ALLOW_MOUNT_FS:-}"
_protect="${PROTECT_CT:-no}"
_timezone="${CT_TIMEZONE:-}"
_tags="${TAGS:-}" _tags="${TAGS:-}"
_verbose="${VERBOSE:-no}" _verbose="${VERBOSE:-no}"
@ -947,6 +967,12 @@ _build_current_app_vars_tmp() {
[ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")" [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
[ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")" [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
[ -n "$_nesting" ] && echo "var_nesting=$(_sanitize_value "$_nesting")"
[ -n "$_keyctl" ] && echo "var_keyctl=$(_sanitize_value "$_keyctl")"
[ -n "$_mknod" ] && echo "var_mknod=$(_sanitize_value "$_mknod")"
[ -n "$_mount_fs" ] && echo "var_mount_fs=$(_sanitize_value "$_mount_fs")"
[ -n "$_protect" ] && echo "var_protection=$(_sanitize_value "$_protect")"
[ -n "$_timezone" ] && echo "var_timezone=$(_sanitize_value "$_timezone")"
[ -n "$_tags" ] && echo "var_tags=$(_sanitize_value "$_tags")" [ -n "$_tags" ] && echo "var_tags=$(_sanitize_value "$_tags")"
[ -n "$_verbose" ] && echo "var_verbose=$(_sanitize_value "$_verbose")" [ -n "$_verbose" ] && echo "var_verbose=$(_sanitize_value "$_verbose")"
@ -1529,6 +1555,51 @@ advanced_settings() {
configure_ssh_settings configure_ssh_settings
export SSH_KEYS_FILE export SSH_KEYS_FILE
echo -e "${ROOTSSH}${BOLD}${DGN}Root SSH Access: ${BGN}$SSH${CL}" echo -e "${ROOTSSH}${BOLD}${DGN}Root SSH Access: ${BGN}$SSH${CL}"
# Advanced Settings - Proxmox Features
if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "ADVANCED SETTINGS" --yesno "Configure Advanced Proxmox Features?" 10 58); then
# keyctl: for Docker support
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Enable keyctl()" --yesno "Allow keyctl() system calls?\n\nNeeded for: Docker inside container, systemd-networkd\nDefault: No (not needed for most applications)" 10 58); then
ENABLE_KEYCTL="1"
else
ENABLE_KEYCTL="0"
fi
echo -e "${SEARCH}${BOLD}${DGN}Allow keyctl(): ${BGN}$ENABLE_KEYCTL${CL}"
# mknod: device node creation
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Enable mknod()" --yesno "Allow device node creation?\n\nNeeded for: Complex device management (experimental, kernel 5.3+)\nDefault: No (rarely needed)" 10 58); then
ENABLE_MKNOD="1"
else
ENABLE_MKNOD="0"
fi
echo -e "${SEARCH}${BOLD}${DGN}Allow mknod(): ${BGN}$ENABLE_MKNOD${CL}"
# mount: specific filesystems
if MOUNT_FS=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allow specific filesystems (e.g., nfs,fuse,ext4)\nLeave blank for defaults" 8 58 "$ALLOW_MOUNT_FS" --title "Mount Filesystems" 3>&1 1>&2 2>&3); then
ALLOW_MOUNT_FS="$MOUNT_FS"
[ -z "$ALLOW_MOUNT_FS" ] && ALLOW_MOUNT_FS="(defaults)"
else
exit_script
fi
echo -e "${SEARCH}${BOLD}${DGN}Mount Filesystems: ${BGN}$ALLOW_MOUNT_FS${CL}"
# Container protection
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Protection Flag" --yesno "Prevent accidental deletion?\n\nIf enabled, container cannot be deleted or its disk modified\nDefault: No" 10 58); then
PROTECT_CT="yes"
else
PROTECT_CT="no"
fi
echo -e "${SEARCH}${BOLD}${DGN}Container Protection: ${BGN}$PROTECT_CT${CL}"
# Container timezone
if CT_TIMEZONE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set container timezone (e.g., Europe/Berlin)\nLeave blank to use host timezone" 8 58 "$CT_TIMEZONE" --title "Container Timezone" 3>&1 1>&2 2>&3); then
[ -z "$CT_TIMEZONE" ] && CT_TIMEZONE="(host)"
else
exit_script
fi
echo -e "${SEARCH}${BOLD}${DGN}Container Timezone: ${BGN}$CT_TIMEZONE${CL}"
fi
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "FUSE Support" --yesno "Enable FUSE support?\nRequired for tools like rclone, mergerfs, AppImage, etc." 10 58); then if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "FUSE Support" --yesno "Enable FUSE support?\nRequired for tools like rclone, mergerfs, AppImage, etc." 10 58); then
ENABLE_FUSE="yes" ENABLE_FUSE="yes"
else else
@ -1829,13 +1900,12 @@ settings_menu() {
local settings_items=( local settings_items=(
"1" "Manage API-Diagnostic Setting" "1" "Manage API-Diagnostic Setting"
"2" "Edit Default.vars" "2" "Edit Default.vars"
"3" "Edit Default Storage"
) )
if [ -f "$(get_app_defaults_path)" ]; then if [ -f "$(get_app_defaults_path)" ]; then
settings_items+=("4" "Edit App.vars for ${APP}") settings_items+=("3" "Edit App.vars for ${APP}")
settings_items+=("5" "Exit")
else
settings_items+=("4" "Exit") settings_items+=("4" "Exit")
else
settings_items+=("3" "Exit")
fi fi
local choice local choice
@ -2196,16 +2266,31 @@ build_container() {
none) ;; none) ;;
esac esac
if [ "$CT_TYPE" == "1" ]; then # Build FEATURES string with advanced settings
FEATURES="keyctl=1,nesting=1" # Start with nesting (almost always enabled for Proxmox CTs)
else FEATURES="nesting=${ENABLE_NESTING}"
FEATURES="nesting=1"
# keyctl: needed for Docker inside containers (systemd-networkd workaround)
# Typically needed for unprivileged containers with Docker
if [ "$CT_TYPE" == "1" ] || [ "$ENABLE_KEYCTL" == "1" ]; then
FEATURES="$FEATURES,keyctl=1"
fi fi
# mknod: allow device node creation (requires kernel 5.3+, experimental)
if [ "$ENABLE_MKNOD" == "1" ]; then
FEATURES="$FEATURES,mknod=1"
fi
# FUSE: required for rclone, mergerfs, AppImage, etc.
if [ "$ENABLE_FUSE" == "yes" ]; then if [ "$ENABLE_FUSE" == "yes" ]; then
FEATURES="$FEATURES,fuse=1" FEATURES="$FEATURES,fuse=1"
fi fi
# mount: allow specific filesystems (e.g., nfs, ext4, etc.)
if [ -n "$ALLOW_MOUNT_FS" ]; then
FEATURES="$FEATURES,mount=$ALLOW_MOUNT_FS"
fi
TEMP_DIR=$(mktemp -d) TEMP_DIR=$(mktemp -d)
pushd "$TEMP_DIR" >/dev/null pushd "$TEMP_DIR" >/dev/null
if [ "$var_os" == "alpine" ]; then if [ "$var_os" == "alpine" ]; then
@ -2239,9 +2324,27 @@ build_container() {
export CTTYPE="$CT_TYPE" export CTTYPE="$CT_TYPE"
export ENABLE_FUSE="$ENABLE_FUSE" export ENABLE_FUSE="$ENABLE_FUSE"
export ENABLE_TUN="$ENABLE_TUN" export ENABLE_TUN="$ENABLE_TUN"
export ENABLE_NESTING="$ENABLE_NESTING"
export ENABLE_KEYCTL="$ENABLE_KEYCTL"
export ENABLE_MKNOD="$ENABLE_MKNOD"
export ALLOW_MOUNT_FS="$ALLOW_MOUNT_FS"
export PROTECT_CT="$PROTECT_CT"
export CT_TIMEZONE="$CT_TIMEZONE"
export PCT_OSTYPE="$var_os" export PCT_OSTYPE="$var_os"
export PCT_OSVERSION="$var_version" export PCT_OSVERSION="$var_version"
export PCT_DISK_SIZE="$DISK_SIZE" export PCT_DISK_SIZE="$DISK_SIZE"
# Build protection flag if enabled
_PROT_FLAG=""
if [ "$PROTECT_CT" == "yes" ]; then
_PROT_FLAG="-protection 1"
fi
# Build timezone flag if set
_TZ_FLAG=""
if [ -n "$CT_TIMEZONE" ]; then
_TZ_FLAG="-timezone $CT_TIMEZONE"
fi
export PCT_OPTIONS=" export PCT_OPTIONS="
-features $FEATURES -features $FEATURES
-hostname $HN -hostname $HN
@ -2253,6 +2356,8 @@ build_container() {
-cores $CORE_COUNT -cores $CORE_COUNT
-memory $RAM_SIZE -memory $RAM_SIZE
-unprivileged $CT_TYPE -unprivileged $CT_TYPE
$_PROT_FLAG
$_TZ_FLAG
$PW $PW
" "
export TEMPLATE_STORAGE="${var_template_storage:-}" export TEMPLATE_STORAGE="${var_template_storage:-}"