Add advanced Proxmox container feature support
Introduces support for advanced Proxmox container features including nesting, keyctl, mknod, mount filesystems, protection flag, and timezone. Updates variable handling, settings UI, and container build logic to allow configuration and passing of these options.
This commit is contained in:
CanbiZ
parent
541816f3b6
commit
73d6cabb52
127
misc/build.func
127
misc/build.func
@ -535,6 +535,12 @@ base_settings() {
|
||||
TAGS="community-script,${var_tags:-}"
|
||||
ENABLE_FUSE=${var_fuse:-"${1:-no}"}
|
||||
ENABLE_TUN=${var_tun:-"${1:-no}"}
|
||||
ENABLE_NESTING=${var_nesting:-"${1:-1}"}
|
||||
ENABLE_KEYCTL=${var_keyctl:-"${1:-0}"}
|
||||
ALLOW_MOUNT_FS=${var_mount_fs:-""}
|
||||
ENABLE_MKNOD=${var_mknod:-"${1:-0}"}
|
||||
PROTECT_CT=${var_protection:-"${1:-no}"}
|
||||
CT_TIMEZONE=${var_timezone:-""}
|
||||
|
||||
# Since these 2 are only defined outside of default_settings function, we add a temporary fallback. TODO: To align everything, we should add these as constant variables (e.g. OSTYPE and OSVERSION), but that would currently require updating the default_settings function for all existing scripts
|
||||
if [ -z "$var_os" ]; then
|
||||
@ -558,9 +564,9 @@ default_var_settings() {
|
||||
# Allowed var_* keys (alphabetically sorted)
|
||||
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
|
||||
local VAR_WHITELIST=(
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
|
||||
var_gateway var_hostname var_ipv6_method var_mac var_mtu
|
||||
var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
|
||||
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
|
||||
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
|
||||
var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
|
||||
var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
|
||||
)
|
||||
|
||||
@ -638,6 +644,14 @@ var_ssh=no
|
||||
# Features/Tags/verbosity
|
||||
var_fuse=no
|
||||
var_tun=no
|
||||
|
||||
# Advanced Settings (Proxmox-official features)
|
||||
var_nesting=1 # Allow nesting (required for Docker/LXC in CT)
|
||||
var_keyctl=0 # Allow keyctl() - needed for Docker (systemd-networkd workaround)
|
||||
var_mknod=0 # Allow device node creation (requires kernel 5.3+, experimental)
|
||||
var_mount_fs= # Allow specific filesystems: nfs,fuse,ext4,etc (leave empty for defaults)
|
||||
var_protection=no # Prevent accidental deletion of container
|
||||
var_timezone= # Container timezone (e.g. Europe/Berlin, leave empty for host timezone)
|
||||
var_tags=community-script
|
||||
var_verbose=no
|
||||
|
||||
@ -904,6 +918,12 @@ _build_current_app_vars_tmp() {
|
||||
_apt_cacher_ip="${APT_CACHER_IP:-}"
|
||||
_fuse="${ENABLE_FUSE:-no}"
|
||||
_tun="${ENABLE_TUN:-no}"
|
||||
_nesting="${ENABLE_NESTING:-1}"
|
||||
_keyctl="${ENABLE_KEYCTL:-0}"
|
||||
_mknod="${ENABLE_MKNOD:-0}"
|
||||
_mount_fs="${ALLOW_MOUNT_FS:-}"
|
||||
_protect="${PROTECT_CT:-no}"
|
||||
_timezone="${CT_TIMEZONE:-}"
|
||||
_tags="${TAGS:-}"
|
||||
_verbose="${VERBOSE:-no}"
|
||||
|
||||
@ -947,6 +967,12 @@ _build_current_app_vars_tmp() {
|
||||
|
||||
[ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
|
||||
[ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
|
||||
[ -n "$_nesting" ] && echo "var_nesting=$(_sanitize_value "$_nesting")"
|
||||
[ -n "$_keyctl" ] && echo "var_keyctl=$(_sanitize_value "$_keyctl")"
|
||||
[ -n "$_mknod" ] && echo "var_mknod=$(_sanitize_value "$_mknod")"
|
||||
[ -n "$_mount_fs" ] && echo "var_mount_fs=$(_sanitize_value "$_mount_fs")"
|
||||
[ -n "$_protect" ] && echo "var_protection=$(_sanitize_value "$_protect")"
|
||||
[ -n "$_timezone" ] && echo "var_timezone=$(_sanitize_value "$_timezone")"
|
||||
[ -n "$_tags" ] && echo "var_tags=$(_sanitize_value "$_tags")"
|
||||
[ -n "$_verbose" ] && echo "var_verbose=$(_sanitize_value "$_verbose")"
|
||||
|
||||
@ -1529,6 +1555,51 @@ advanced_settings() {
|
||||
configure_ssh_settings
|
||||
export SSH_KEYS_FILE
|
||||
echo -e "${ROOTSSH}${BOLD}${DGN}Root SSH Access: ${BGN}$SSH${CL}"
|
||||
|
||||
# Advanced Settings - Proxmox Features
|
||||
if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "ADVANCED SETTINGS" --yesno "Configure Advanced Proxmox Features?" 10 58); then
|
||||
# keyctl: for Docker support
|
||||
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Enable keyctl()" --yesno "Allow keyctl() system calls?\n\nNeeded for: Docker inside container, systemd-networkd\nDefault: No (not needed for most applications)" 10 58); then
|
||||
ENABLE_KEYCTL="1"
|
||||
else
|
||||
ENABLE_KEYCTL="0"
|
||||
fi
|
||||
echo -e "${SEARCH}${BOLD}${DGN}Allow keyctl(): ${BGN}$ENABLE_KEYCTL${CL}"
|
||||
|
||||
# mknod: device node creation
|
||||
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Enable mknod()" --yesno "Allow device node creation?\n\nNeeded for: Complex device management (experimental, kernel 5.3+)\nDefault: No (rarely needed)" 10 58); then
|
||||
ENABLE_MKNOD="1"
|
||||
else
|
||||
ENABLE_MKNOD="0"
|
||||
fi
|
||||
echo -e "${SEARCH}${BOLD}${DGN}Allow mknod(): ${BGN}$ENABLE_MKNOD${CL}"
|
||||
|
||||
# mount: specific filesystems
|
||||
if MOUNT_FS=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allow specific filesystems (e.g., nfs,fuse,ext4)\nLeave blank for defaults" 8 58 "$ALLOW_MOUNT_FS" --title "Mount Filesystems" 3>&1 1>&2 2>&3); then
|
||||
ALLOW_MOUNT_FS="$MOUNT_FS"
|
||||
[ -z "$ALLOW_MOUNT_FS" ] && ALLOW_MOUNT_FS="(defaults)"
|
||||
else
|
||||
exit_script
|
||||
fi
|
||||
echo -e "${SEARCH}${BOLD}${DGN}Mount Filesystems: ${BGN}$ALLOW_MOUNT_FS${CL}"
|
||||
|
||||
# Container protection
|
||||
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "Protection Flag" --yesno "Prevent accidental deletion?\n\nIf enabled, container cannot be deleted or its disk modified\nDefault: No" 10 58); then
|
||||
PROTECT_CT="yes"
|
||||
else
|
||||
PROTECT_CT="no"
|
||||
fi
|
||||
echo -e "${SEARCH}${BOLD}${DGN}Container Protection: ${BGN}$PROTECT_CT${CL}"
|
||||
|
||||
# Container timezone
|
||||
if CT_TIMEZONE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set container timezone (e.g., Europe/Berlin)\nLeave blank to use host timezone" 8 58 "$CT_TIMEZONE" --title "Container Timezone" 3>&1 1>&2 2>&3); then
|
||||
[ -z "$CT_TIMEZONE" ] && CT_TIMEZONE="(host)"
|
||||
else
|
||||
exit_script
|
||||
fi
|
||||
echo -e "${SEARCH}${BOLD}${DGN}Container Timezone: ${BGN}$CT_TIMEZONE${CL}"
|
||||
fi
|
||||
|
||||
if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "FUSE Support" --yesno "Enable FUSE support?\nRequired for tools like rclone, mergerfs, AppImage, etc." 10 58); then
|
||||
ENABLE_FUSE="yes"
|
||||
else
|
||||
@ -1829,13 +1900,12 @@ settings_menu() {
|
||||
local settings_items=(
|
||||
"1" "Manage API-Diagnostic Setting"
|
||||
"2" "Edit Default.vars"
|
||||
"3" "Edit Default Storage"
|
||||
)
|
||||
if [ -f "$(get_app_defaults_path)" ]; then
|
||||
settings_items+=("4" "Edit App.vars for ${APP}")
|
||||
settings_items+=("5" "Exit")
|
||||
else
|
||||
settings_items+=("3" "Edit App.vars for ${APP}")
|
||||
settings_items+=("4" "Exit")
|
||||
else
|
||||
settings_items+=("3" "Exit")
|
||||
fi
|
||||
|
||||
local choice
|
||||
@ -2196,16 +2266,31 @@ build_container() {
|
||||
none) ;;
|
||||
esac
|
||||
|
||||
if [ "$CT_TYPE" == "1" ]; then
|
||||
FEATURES="keyctl=1,nesting=1"
|
||||
else
|
||||
FEATURES="nesting=1"
|
||||
# Build FEATURES string with advanced settings
|
||||
# Start with nesting (almost always enabled for Proxmox CTs)
|
||||
FEATURES="nesting=${ENABLE_NESTING}"
|
||||
|
||||
# keyctl: needed for Docker inside containers (systemd-networkd workaround)
|
||||
# Typically needed for unprivileged containers with Docker
|
||||
if [ "$CT_TYPE" == "1" ] || [ "$ENABLE_KEYCTL" == "1" ]; then
|
||||
FEATURES="$FEATURES,keyctl=1"
|
||||
fi
|
||||
|
||||
# mknod: allow device node creation (requires kernel 5.3+, experimental)
|
||||
if [ "$ENABLE_MKNOD" == "1" ]; then
|
||||
FEATURES="$FEATURES,mknod=1"
|
||||
fi
|
||||
|
||||
# FUSE: required for rclone, mergerfs, AppImage, etc.
|
||||
if [ "$ENABLE_FUSE" == "yes" ]; then
|
||||
FEATURES="$FEATURES,fuse=1"
|
||||
fi
|
||||
|
||||
# mount: allow specific filesystems (e.g., nfs, ext4, etc.)
|
||||
if [ -n "$ALLOW_MOUNT_FS" ]; then
|
||||
FEATURES="$FEATURES,mount=$ALLOW_MOUNT_FS"
|
||||
fi
|
||||
|
||||
TEMP_DIR=$(mktemp -d)
|
||||
pushd "$TEMP_DIR" >/dev/null
|
||||
if [ "$var_os" == "alpine" ]; then
|
||||
@ -2239,9 +2324,27 @@ build_container() {
|
||||
export CTTYPE="$CT_TYPE"
|
||||
export ENABLE_FUSE="$ENABLE_FUSE"
|
||||
export ENABLE_TUN="$ENABLE_TUN"
|
||||
export ENABLE_NESTING="$ENABLE_NESTING"
|
||||
export ENABLE_KEYCTL="$ENABLE_KEYCTL"
|
||||
export ENABLE_MKNOD="$ENABLE_MKNOD"
|
||||
export ALLOW_MOUNT_FS="$ALLOW_MOUNT_FS"
|
||||
export PROTECT_CT="$PROTECT_CT"
|
||||
export CT_TIMEZONE="$CT_TIMEZONE"
|
||||
export PCT_OSTYPE="$var_os"
|
||||
export PCT_OSVERSION="$var_version"
|
||||
export PCT_DISK_SIZE="$DISK_SIZE"
|
||||
# Build protection flag if enabled
|
||||
_PROT_FLAG=""
|
||||
if [ "$PROTECT_CT" == "yes" ]; then
|
||||
_PROT_FLAG="-protection 1"
|
||||
fi
|
||||
|
||||
# Build timezone flag if set
|
||||
_TZ_FLAG=""
|
||||
if [ -n "$CT_TIMEZONE" ]; then
|
||||
_TZ_FLAG="-timezone $CT_TIMEZONE"
|
||||
fi
|
||||
|
||||
export PCT_OPTIONS="
|
||||
-features $FEATURES
|
||||
-hostname $HN
|
||||
@ -2253,6 +2356,8 @@ build_container() {
|
||||
-cores $CORE_COUNT
|
||||
-memory $RAM_SIZE
|
||||
-unprivileged $CT_TYPE
|
||||
$_PROT_FLAG
|
||||
$_TZ_FLAG
|
||||
$PW
|
||||
"
|
||||
export TEMPLATE_STORAGE="${var_template_storage:-}"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user