Bootstrap your container
Assuming you installed firefox in a container
~/containers/firefox. On first
run I had Segmentation faults until I got st
working. I suspect it's something to do with fonts!
Mine looks like:
[Service] ExecStart= ExecStart=/usr/bin/systemd-nspawn \ --bind-ro=/home/hendry/.Xauthority:/home/hendry/.Xauthority \ --bind=/home/hendry/.config:/home/hendry/.config \ --bind=/tmp/.X11-unix \ --bind=/dev/snd \ --bind=/run/user/1000/pulse:/run/user/host/pulse \ -D /home/hendry/containers/firefox \ --bind /dev/shm \ --bind /etc/machine-id \ --network-veth -b
Setup systemd-networkd & OpenVPN
I use a container networking configuration like so /etc/systemd/network/80-container-host0.network.
My VPN configuration lives in ~/containers/firefox/etc/openvpn/uk.conf and
is invoked by starting
This is the most difficult part! After hours of trial and error, attempting to
decipher cryptic error messages, I started pulseaudio with
and things started to work!
/usr/lib/systemd/user/pulseaudio.service with that option.
sudo machinectl shell hendry@firefox --setenv=DISPLAY=:0 --setenv=PULSE_SERVER=unix:/run/user/host/pulse/native
Note that my $USER is
hendry which matches an account created also called
hendry in the container. This is the only way I have figured out how to get
pulseaudio & sound working!!
Firefox fails wtih
ALSA lib confmisc.c:768:(parse_card) cannot find card '0',
but I've found Chromium to work.
This setup needs work. Especially the sound part is very cumbersome. Why is it so hard to share video/sound devices? FFS!
OpenVPN is a but clumsy in the sense there is no way to quickly tell I'm on the VPN and everything is OK.
Word about network accounting
Assuming your container is called "firefox" like mine:
grep firefox /proc/net/dev ve-firefox: 407205 2396 0 0 0 0 0 0 3732997 2814 0 0 0 0 0 0
So ~4 megabytes for a non-interactive Desktop session for BBC news. Notice from the point of view of the host, the data was transmitted - to the container!
/proc/net/dev's Receive and Transmit might be