OpenWrt snapshot in systemd-container

(apt install systemd-container)

first boot, need to edit inittab to enable console:

sudo machinectl pull-tar url/to/openwrt-armsr-armv8-rootfs.tar.gz openwrt --verify=no
# or use machinectl copy-from / copy-to? or use nsenter -a -t PID /bin/sh
#echo "console::askfirst:/usr/libexec/login.sh" | sudo tee -a /var/lib/machines/openwrt/etc/inittab
sudo systemd-nspawn --boot -D /var/lib/machines/openwrt --network-veth

the created veth will be called host0 in the container. see also openwrt as client.

# in the openwrt container
uci set network.host0=interface
uci set network.host0.device=host0
uci set network.host0.proto=static
uci set network.host0.ipaddr='10.0.1.2'
uci set network.host0.netmask='255.255.255.0'
uci commit

# prepare the modules list for firewall. or you can add wireguard.
# then save to /etc/modules-load.d/somename.conf
# cat /etc/modules.d/* | grep ^nf

eth0 will be transferred into container. allow jail/ujail and ntpd.
will auto restart after 5 sec so it will be safe to enter poweroff in the container.

cat <<EOF >/etc/systemd/nspawn/openwrt.nspawn
[Network]
VirtualEthernet=yes
Interface=eth0
[Exec]
PrivateUsers=false
Capability=cap_sys_time
[Files]
TemporaryFileSystem=/lib/modules
EOF

cat <<EOF >/etc/systemd/system/ve-openwrt.service
[Unit]
[email protected]
[email protected]
[email protected]
[Service]
Type=oneshot
ExecStart=/sbin/ip link set ve-openwrt up
ExecStart=-/sbin/ip addr add 10.0.1.1/24 dev ve-openwrt
ExecStop=/bin/sh -c "sleep 5; systemctl start [email protected]"
RemainAfterExit=yes
Restart=on-failure
[Install]
[email protected]
EOF

# this is called Unmanaged=yes in systemd-networkd config
cat <<EOF >/etc/NetworkManager/conf.d/99-unmanaged-devices.conf
[keyfile]
unmanaged-devices=interface-name:ve-openwrt;interface-name:eth0
EOF

finally enable at boot.

sudo machinectl enable openwrt
sudo machinectl start openwrt
sudo systemctl daemon-reload
sudo systemctl enable --now ve-openwrt