Merge branch 'dns' into 'main'

Add a DNS resolver (Closes: #3)

Closes #3

See merge request helmutg/debvm!7

1 files changed, 19 insertions, 1 deletions

diff --git a/debvm-create b/debvm-create
index 539d770..a8f164d 100755
--- a/debvm-create
+++ b/debvm-create
@@ -144,6 +144,19 @@ if test -n "$SSHKEY"; then
 	INCLUDE_PACKAGES="$INCLUDE_PACKAGES,openssh-server"
 fi
 
+# add a DNS resolver
+if test "$DEBVER" -ge 9; then
+	INCLUDE_PACKAGES="$INCLUDE_PACKAGES,libnss-resolve"
+fi
+if test "$DEBVER" -le 11; then
+	set -- '--customize-hook=chroot "$1" systemctl enable systemd-resolved.service' "$@"
+fi
+if test "$DEBVER" -le 9; then
+	set -- '--customize-hook=ln -fs ../run/systemd/resolve/resolv.conf "$1/etc/resolv.conf"' "$@"
+elif test "$DEBVER" -le 11; then
+	set -- '--customize-hook=ln -fs ../run/systemd/resolve/stub-resolv.conf "$1/etc/resolv.conf"' "$@"
+fi
+
 # construct mmdebstrap options as $@:
 set -- \
 	--verbose \
@@ -165,9 +178,14 @@ set -- \
 set -- '--customize-hook=chroot "$1" passwd --delete root' "$@"
 
 # dhcp on all network interfaces
+SYSD_NET_MATCH='Name=en*\n'
+test "$DEBVER" -le 8 && SYSD_NET_MATCH="${SYSD_NET_MATCH}Name=eth*\\n"
+SYSD_NET_NET='DHCP=yes\n'
+# This anchor is included by default since bullseye. Fails DNSSEC validation when missing.
+test "$DEBVER" -le 11 && SYSD_NET_NET="${SYSD_NET_NET}DNSSECNegativeTrustAnchors=home.arpa\\n"
 set -- \
 	'--customize-hook=chroot "$1" systemctl enable systemd-networkd.service' \
-	"--customize-hook=printf '"'[Match]\nName=en*\nName=eth*\n[Network]\nDHCP=yes\n'"'"' > "$1/etc/systemd/network/20-wired.network"' \
+	"--customize-hook=printf \"[Match]\\n$SYSD_NET_MATCH\\n[Network]\\n$SYSD_NET_NET"'\n[DHCP]\nUseDomains=yes\n" > "$1/etc/systemd/network/20-wired.network"' \
 	"$@"
 
 # add ssh key for root