1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/env -S execlineb -P
unshare --net --uts --mount
if { hostname cirno }
s6-ipcclient /run/ontap/port.wlan0
# Create device, but do not get file descriptors
ontapc -t ipvtap --name=nic0 --defer --
# Try to get a deterministic v6 address
if { sysctl -w net.ipv6.conf.nic0.stable_secret=cafe:cafe:feed:dead:beef:cafe:cafe:cafe }
if { sysctl -w net.ipv6.conf.nic0.addr_gen_mode=2 }
if { sysctl -w net.ipv6.conf.nic0.autoconf=1 }
if { ip link set nic0 up }
# drop privileges
setpriv --inh-caps +net_admin --ambient-caps +net_admin --reuid glenda --regid users --init-groups
# wait for kernel to learn a v6 local, global address and default gw
backtick -E laddr { ontap-waitif --addr-in-net=fe80::/10 nic0 }
backtick -E raddr { ontap-waitif --addr-in-net=2000::/3 nic0 }
backtick -E gw { ontap-waitif --has-route=::/0 nic0 }
# ok, *now* we can get our tap fds :)
ontapc --open --
importas -ui -S ONTAP_HWADDR
importas -ui -S ONTAP_FD0
importas -S FD0
# We do the fd dance below to preserve stdin. It's not
# necessary when run as a service, but when running
# interactively it allows you to type into the VM console
fdreserve 1
fdmove $FD0 0
heredoc 0 "nobootprompt=local!/dev/sdC0/fs -A
user=glenda
sysname=cirno
auth=cirno
service=cpu
console=0
laddr=${laddr}
raddr=${raddr}
gateway=${gw}
"
# qemu needs to be able to know the size of initrd
backtick -E tmpfile { mktemp -p /tmp initrd.XXXXXX }
seekablepipe $tmpfile
# restore stdin
fdswap $FD0 0
qemu-system-x86_64 -m 4096 -smp 4 -nographic
-net nic,model=virtio,macaddr=${ONTAP_HWADDR}
-net tap,id=net0,fd=${ONTAP_FD0}
-kernel /storage/glenda/9pc64
-drive file=/storage/glenda/9front.qcow2.img
-initrd /dev/fd/${FD0}