1.3 KiB
| title | date | draft | tags | authors | post | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Wireguard on Nspawn | 2025-01-30 | false |
|
|
35 |
date: 2025-01-30
Introduction
Have you ever been thinking about systemd-nspawn containers and thought wouldn't
it be awesome if you could just wireguard outa there as easily as you can with a
virtual machine?
You can do it!
I have tested this with a Debian 12 nspawn container on a Debian 12 host, as well
as both Arch Linux and Debian 12 containers on an Arch Linux host.
install wireguard-tools in container
mask unwanted dependencies with a trailing -
apt install wireguard-tools linux-base-
You can now configure with wg-quick and start using wireguard.
unpacking the install
The trick is to avoid installing the dependencies of wireguard that you
don't need inside a container. You don't need a kernel, busybox,
initramfs, wireguard-modules, or dkms.
We mask linux-base- by adding a - after it, and the result is that only
wireguard-tools are installed, without wireguard or a bunch of other dependencies.
what about LXD containers?
I'm curious if this will work in LXD containers, but don't really have a testing environment set up for that right now.