feat: bridge network, audio

android-x86/create.sh

@@ -8,11 +8,8 @@ if ! [ -f android.iso ]; then
         || exit 1
 fi
 
-qemu-img create -f qcow2 hda.qcow2 40G
+qemu-img create -f qcow2 hda.qcow2 10G
 
-CMD=(
+qemu "$@" \
-    "${CMD[@]}"
     -drive file=android.iso,media=cdrom,readonly=on
-)
+    #-device usb-host,vendorid=0xffff,productid=0xffff
-
-"${CMD[@]}"

android-x86/run.sh

@@ -8,12 +8,6 @@ if ! [ -f hda.qcow2 ]; then
         || exit 1
 fi
 
-CMD=(
+qemu "$@" \
-    "${CMD[@]}"
+    -vga std \
-    -nic user,model=virtio-net-pci
-    -vga std
-    # USB passthrough, might need root privileges
     #-device usb-host,vendorid=0xffff,productid=0xffff
-)
-
-"${CMD[@]}"

arch/run.sh

@@ -10,11 +10,5 @@ if ! [ -f hda.qcow2 ]; then
         || exit 1
 fi
 
-CMD=(
+qemu "$@" \
-    "${CMD[@]}"
-    -nic user,model=virtio-net-pci
-    # USB passthrough, might need root privileges
     #-device usb-host,vendorid=0xffff,productid=0xffff
-)
-
-"${CMD[@]}"

debian12/run.sh

@@ -10,11 +10,5 @@ if ! [ -f hda.qcow2 ]; then
         || exit 1
 fi
 
-CMD=(
+qemu "$@" \
-    "${CMD[@]}"
-    -nic user,model=virtio-net-pci
-    # USB passthrough, might need root privileges
     #-device usb-host,vendorid=0xffff,productid=0xffff
-)
-
-"${CMD[@]}"

lib.sh

@@ -1,9 +1,12 @@
 #!/bin/bash -e
+DIR="$(dirname "${BASH_SOURCE[0]}")"
+
+BRIDGE=virbr0
 
 function ask_yn() {
     local ans
 
-    printf "$1 (Y/n) " >&2
+    printf '%s (Y/n) ' "$1" >&2
     read -r ans
     case "${ans,,}" in
         y*|'') return 0 ;;
@@ -11,24 +14,43 @@ function ask_yn() {
     esac
 }
 
-RAM="$(free -g | awk '/^Mem:/{print $2 - 2}')"
+function _getmaxram() {
+    local ram; ram="$(free -g | awk '/^Mem:/{print $2 - 2}')"
 
-if   [ "$RAM" -le  2 ]; then  RAM=2
+    if   [ "$ram" -le  2 ]; then  ram=2
-elif [ "$RAM" -gt 32 ]; then RAM=32; fi
+    elif [ "$ram" -gt 32 ]; then ram=32; fi
+    echo "${ram}G"
+}
 
-RAM="${RAM}G"
+function _getnet() {
+    local net=user
 
-CMD=(
+    if ! ip link show "$BRIDGE" | grep -q UP; then
-    qemu-system-x86_64
+        ask_yn 'create bridge?' && sudo "$DIR/startnat.sh" "$BRIDGE" > /dev/null
-        -accel kvm
+    fi
-        -M q35
+    if ip link show "$BRIDGE" | grep -q UP; then
-        -cpu host
+        net="bridge,br=$BRIDGE"
-        -m "2G,maxmem=$RAM"
+    fi
-        -vga virtio
+    echo "$net"
-        -drive if=virtio,file=hda.qcow2
+}
-        # usb
+
-        -device qemu-xhci
+function qemu() {
-        # shared memory
+    local maxram; maxram="$(_getmaxram)"
-        -object memory-backend-ram,id=mem,size=2G,share=on
+    local net; net="$(_getnet)"
-        -numa node,memdev=mem
+
-)
+    (set -x
+        qemu-system-x86_64 -accel kvm \
+            -M q35 \
+            -bios /usr/share/ovmf/x64/OVMF.fd \
+            -cpu host \
+            -m "2G,maxmem=$maxram" \
+            -vga virtio \
+            -drive if=virtio,file=hda.qcow2 \
+            -audio pipewire,model=hda \
+            -nic "model=virtio-net-pci,type=$net" \
+            -device qemu-xhci \
+            -object memory-backend-ram,id=mem,size=2G,share=on \
+            -numa node,memdev=mem \
+            "$@"
+    )
+}

startnat.sh

@@ -0,0 +1,56 @@
+#!/bin/bash -ex
+
+function _iptables() {
+    local table="QEMU_$1"; shift
+
+    iptables -C "$table" "$@" 2> /dev/null || iptables -A "$table" "$@"
+}
+
+function newtable() {
+    local table="$1"; shift
+
+    iptables -N "QEMU_$table" "$@" 2> /dev/null || true
+    iptables -A "$table" -j "QEMU_$table" "$@"
+}
+
+if ! command -v dnsmasq iptables-nft; then
+    echo 'missing 1+ dependencies: dnsmasq iptables-nft' >&2
+    exit 1
+fi
+
+if [ "$EUID" != 0 ]; then
+    echo 'this script must be run as root' >&2
+    exit 1
+fi
+
+BRIDGE="${1-virbr0}"
+DEV="$(ip route | grep -Po '^default.*dev\s+\K\w+')"
+
+sysctl net.ipv4.conf.all.forwarding=1
+
+if ! ip link show "$BRIDGE" > /dev/null; then
+    ip link add "$BRIDGE" type bridge
+fi
+
+ip link set dev "$BRIDGE" up
+
+ip address flush dev "$BRIDGE"
+ip address add 192.168.122.1/24 dev "$BRIDGE"
+
+newtable INPUT
+newtable FORWARD
+newtable OUTPUT
+newtable POSTROUTING -tnat
+
+_iptables INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+_iptables INPUT -i virbr0 -j ACCEPT
+_iptables FORWARD -i "$BRIDGE" -o "$DEV" -j ACCEPT
+_iptables FORWARD -i "$DEV" -o "$BRIDGE" -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+_iptables POSTROUTING -o "$DEV" -j MASQUERADE -tnat
+
+pidof dnsmasq | grep -q "$(cat /var/run/dnsmasq-virbr0.pid)" \
+    || dnsmasq --bind-dynamic \
+        -i "$BRIDGE" \
+        -F 192.168.122.2,192.168.122.254,255.255.255.0 \
+        -x /var/run/dnsmasq-virbr0.pid

stopnat.sh

@@ -0,0 +1,20 @@
+#!/bin/bash -x
+
+if [ "$EUID" != 0 ]; then
+    echo "this script must be run as root" >&2
+    exit
+fi
+
+BRIDGE="${1-virbr0}"
+
+sysctl net.ipv4.conf.all.forwarding=0
+
+ip link del dev "$BRIDGE"
+
+iptables -S       | sed -n '/QEMU/s/-A/iptables -D/p'           | bash
+iptables -S -tnat | sed -n '/QEMU/s/-A/iptables -tnat -D/p' | bash
+
+iptables -S       | sed -n '/QEMU/s/-N/iptables -X/p'           | bash
+iptables -S -tnat | sed -n '/QEMU/s/-N/iptables -tnat -X/p' | bash
+
+kill -TERM "$(cat /var/run/dnsmasq-virbr0.pid)"

win2k22/create.sh

@@ -10,11 +10,7 @@ fi
 
 qemu-img create -f qcow2 hda.qcow2 40G
 
-CMD=(
+qemu "$@" \
-    "${CMD[@]}"
+    -drive file=win2k22.iso,media=cdrom,readonly=on \
-    -drive file=win2k22.iso,media=cdrom,readonly=on
+    -drive  file=virtio.iso,media=cdrom,readonly=on \
-    -drive  file=virtio.iso,media=cdrom,readonly=on
+    #-device usb-host,vendorid=0xffff,productid=0xffff
-    -nic none # you don't want internet access for a windows installation
-)
-
-"${CMD[@]}"

win2k22/run.sh

@@ -8,11 +8,6 @@ if ! [ -f hda.qcow2 ]; then
         || exit 1
 fi
 
-CMD=(
+qemu "$@" \
-    "${CMD[@]}"
+    -drive  file=virtio.iso,media=cdrom,readonly=on \
-    -nic user,model=virtio-net-pci
-    # USB passthrough, might need root privileges
     #-device usb-host,vendorid=0xffff,productid=0xffff
-)
-
-"${CMD[@]}"