From 7bbfd817f81611388f14b9f747f428e2bfa03409 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Thu, 11 Nov 2021 23:10:48 +0100
Subject: [PATCH] Switch to persistent overlays.

With tmpfs the containers' disk space is too limited.  Better keep
changes on the disk.
---
 roles/educontainer/tasks/main.yml             | 34 +++++++++++++------
 .../educontainer/templates/contcfg.nspawn.j2  |  4 ++-
 2 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/roles/educontainer/tasks/main.yml b/roles/educontainer/tasks/main.yml
index 6cc80b3..eb9f4f3 100644
--- a/roles/educontainer/tasks/main.yml
+++ b/roles/educontainer/tasks/main.yml
@@ -9,19 +9,14 @@
 ##  User 'ansible' in the sudo group.  Password is empty.
 ##
 
-- name: start all containers
-  command: machinectl start {{ contname }}{{ "%02d" | format(item|int) }}
-  loop: "{{ containers }}"
-  tags:
-    - never
-    - start
-
 - name: stop all containers
   command: machinectl stop {{ contname }}{{ "%02d" | format(item|int) }}
   loop: "{{ containers }}"
   tags:
     - never
     - stop
+    - reset
+    - purge
 
 - name: purge all containers
   command: machinectl remove {{ contname }}{{ "%02d" | format(item|int) }}
@@ -30,12 +25,31 @@
     - never
     - purge
 
+- name: reset all containers to the template
+  file:
+    path: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta
+    state: absent
+  loop: "{{ containers }}"
+  tags:
+    - never
+    - reset
+
+- name: start all containers
+  command: machinectl start {{ contname }}{{ "%02d" | format(item|int) }}
+  loop: "{{ containers }}"
+  tags:
+    - never
+    - start
+    - reset
+
+###########
+
 - name: debootstrap minimal system
   command:
     cmd: >
       debootstrap 
-      --include=systemd-{{ contname }}ainer,openssh-server,sudo
-      --components=main,{{ contname }}rib,non-free stable
+      --include=systemd-container,openssh-server,sudo,python3
+      --components=main,contrib,non-free stable
       {{ contname }}00 http://deb.debian.org/debian
   args:
     chdir: /var/lib/machines/
@@ -113,7 +127,7 @@
     dest: /var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts
   loop: "{{ containers }}"
 
-- name: start all containers on boot
+- name: start all containers on boot and restart now
   systemd:
     name: systemd-nspawn@{{ contname }}{{ "%02d" | format(item|int) }}.service
     state: restarted 
diff --git a/roles/educontainer/templates/contcfg.nspawn.j2 b/roles/educontainer/templates/contcfg.nspawn.j2
index c15c32f..9f8b5ea 100644
--- a/roles/educontainer/templates/contcfg.nspawn.j2
+++ b/roles/educontainer/templates/contcfg.nspawn.j2
@@ -5,9 +5,11 @@ ResolvConf=copy-host
 [Network]
 Port=10{{ "%03d" | format(item|int) }}:22
 Port=10{{ "%03d" | format(item|int + 100) }}:80
+Port=10{{ "%03d" | format(item|int + 200) }}:443
 
 [Files]
-Volatile=overlay
+ReadOnly=yes
+Overlay=+/:/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}-delta:/
 PrivateUsersChown=false
 BindReadOnly=/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hostname:/etc/hostname
 BindReadOnly=/var/lib/machines/{{ contname }}{{ "%02d" | format(item|int) }}.hosts:/etc/hosts