Upload 29 files

.devcontainer.json

@@ -0,0 +1,6 @@
+{
+  "name": "qemu",
+  "service": "qemu",
+  "forwardPorts": [8006],
+  "dockerComposeFile": "compose.yml"
+}

.dockerignore

@@ -0,0 +1,15 @@
+.dockerignore
+.git
+.github
+.gitignore
+.gitlab-ci.yml
+.gitmodules
+Dockerfile
+Dockerfile.archive
+compose.yml
+compose.yaml
+docker-compose.yml
+docker-compose.yaml
+
+*.md
+

.gitignore

@@ -0,0 +1 @@
+

Dockerfile

@@ -0,0 +1,83 @@
+# syntax=docker/dockerfile:1
+
+FROM debian:trixie-slim
+
+ARG TARGETARCH
+ARG VERSION_ARG="0.0"
+ARG VERSION_VNC="1.6.0"
+
+ARG DEBCONF_NOWARNINGS="yes"
+ARG DEBIAN_FRONTEND="noninteractive"
+ARG DEBCONF_NONINTERACTIVE_SEEN="true"
+
+RUN set -eu && \
+    apt-get update && \
+    apt-get --no-install-recommends -y install \
+        bc \
+        jq \
+        xxd \
+        tini \
+        wget \
+        7zip \
+        curl \
+        ovmf \
+        fdisk \
+        nginx \
+        swtpm \
+        procps \
+        ethtool \
+        iptables \
+        iproute2 \
+        apt-utils \
+        dnsmasq \
+        xz-utils \
+        net-tools \
+        e2fsprogs \
+        qemu-utils \
+        iputils-ping \
+        genisoimage \
+        netcat-openbsd \
+        ca-certificates \
+        qemu-system-x86 && \
+    wget "https://github.com/qemus/passt/releases/download/v2025_09_19/passt_2025_09_19_${TARGETARCH}.deb" -O /tmp/passt.deb -q && \
+    dpkg -i /tmp/passt.deb && \
+    apt-get clean && \
+    mkdir -p /etc/qemu && \
+    echo "allow br0" > /etc/qemu/bridge.conf && \
+    mkdir -p /usr/share/novnc && \
+    wget "https://github.com/novnc/noVNC/archive/refs/heads/master.tar.gz" -O /tmp/novnc.tar.gz -q --timeout=10 && \
+    tar -xf /tmp/novnc.tar.gz -C /tmp/ && \
+    cd "/tmp/noVNC-master" && \
+    mv app core vendor package.json ./*.html /usr/share/novnc && \
+    unlink /etc/nginx/sites-enabled/default && \
+    sed -i 's/^worker_processes.*/worker_processes 1;/' /etc/nginx/nginx.conf && \
+    echo "$VERSION_ARG" > /run/version && \
+    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+COPY --chmod=755 ./src /run/
+COPY --chmod=755 ./web /var/www/
+COPY --chmod=664 ./web/conf/defaults.json /usr/share/novnc
+COPY --chmod=664 ./web/conf/mandatory.json /usr/share/novnc
+COPY --chmod=744 ./web/conf/nginx.conf /etc/nginx/default.conf
+
+ADD --chmod=755 "https://github.com/qemus/fiano/releases/download/v1.2.0/utk_1.2.0_${TARGETARCH}.bin" /run/utk.bin
+
+VOLUME /storage
+EXPOSE 22 5900 8006
+
+
+
+# Make the entire /app directory fully writeable for all users
+RUN chmod -R 777 /app
+
+# Ensure the app runs as the same user as the Space UI
+RUN useradd -m -u 1000 user
+USER user
+
+
+ENV BOOT="alpine"
+ENV CPU_CORES="2"
+ENV RAM_SIZE="2G"
+ENV DISK_SIZE="64G"
+
+ENTRYPOINT ["/usr/bin/tini", "-s", "/run/entry.sh"]

compose.yml

@@ -0,0 +1,17 @@
+services:
+  qemu:
+    image: qemux/qemu
+    container_name: qemu
+    environment:
+      BOOT: "mint"
+    devices:
+      - /dev/kvm
+      - /dev/net/tun
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - 8006:8006
+    volumes:
+      - ./qemu:/storage
+    restart: always
+    stop_grace_period: 2m

kubernetes.yml

@@ -0,0 +1,86 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: qemu-pvc
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 64Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: qemu
+  labels:
+    name: qemu
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: qemu
+  template:
+    metadata:
+      labels:
+        app: qemu
+    spec:
+      containers:
+      - name: qemu
+        image: qemux/qemu
+        env:
+        - name: BOOT
+          value: "mint"
+        - name: DISK_SIZE
+          value: "64G"
+        ports:
+          - containerPort: 8006
+            name: http
+            protocol: TCP
+          - containerPort: 5900
+            name: vnc
+            protocol: TCP
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+          privileged: true
+        volumeMounts:
+        - mountPath: /storage
+          name: storage
+        - mountPath: /dev/kvm
+          name: dev-kvm
+        - mountPath: /dev/net/tun
+          name: dev-tun
+      terminationGracePeriodSeconds: 120
+      volumes:
+      - name: storage
+        persistentVolumeClaim:
+          claimName: qemu-pvc
+      - hostPath:
+          path: /dev/kvm
+        name: dev-kvm
+      - hostPath:
+          path: /dev/net/tun
+          type: CharDevice
+        name: dev-tun
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: qemu
+spec:
+  internalTrafficPolicy: Cluster
+  ports:
+    - name: http
+      port: 8006
+      protocol: TCP
+      targetPort: 8006
+    - name: vnc
+      port: 5900
+      protocol: TCP
+      targetPort: 5900
+  selector:
+    app: qemu
+  type: ClusterIP

src/boot.sh

@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+: "${BIOS:=""}"         # BIOS file
+: "${TPM:="N"}"         # Disable TPM
+: "${SMM:="N"}"         # Disable SMM
+
+BOOT_DESC=""
+BOOT_OPTS=""
+
+SECURE="off"
+[[ "$SMM" == [Yy1]* ]] && SECURE="on"
+[ -n "$BIOS" ] && BOOT_MODE="custom"
+
+msg="Configuring boot..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
+
+case "${BOOT_MODE,,}" in
+  "uefi" | "" )
+    BOOT_MODE="uefi"
+    ROM="OVMF_CODE_4M.fd"
+    VARS="OVMF_VARS_4M.fd"
+    ;;
+  "secure" )
+    SECURE="on"
+    BOOT_DESC=" securely"
+    ROM="OVMF_CODE_4M.secboot.fd"
+    VARS="OVMF_VARS_4M.secboot.fd"
+    ;;
+  "windows" | "windows_plain" )
+    ROM="OVMF_CODE_4M.fd"
+    VARS="OVMF_VARS_4M.fd"
+    ;;
+  "windows_secure" )
+    TPM="Y"
+    SECURE="on"
+    BOOT_DESC=" securely"
+    ROM="OVMF_CODE_4M.ms.fd"
+    VARS="OVMF_VARS_4M.ms.fd"
+    ;;
+  "windows_legacy" )
+    HV="N"
+    SECURE="on"
+    BOOT_DESC=" (legacy)"
+    [ -z "${USB:-}" ] && USB="usb-ehci,id=ehci"
+    ;;
+  "legacy" )
+    BOOT_DESC=" with SeaBIOS"
+    ;;
+  "custom" )
+    BOOT_OPTS="-bios $BIOS"
+    BOOT_DESC=" with custom BIOS file"
+    ;;
+  *)
+    error "Unknown BOOT_MODE, value \"${BOOT_MODE}\" is not recognized!"
+    exit 33
+    ;;
+esac
+
+if [[ "${BOOT_MODE,,}" == "windows"* ]]; then
+  BOOT_OPTS+=" -rtc base=localtime"
+  BOOT_OPTS+=" -global ICH9-LPC.disable_s3=1"
+  BOOT_OPTS+=" -global ICH9-LPC.disable_s4=1"
+fi
+
+case "${BOOT_MODE,,}" in
+  "uefi" | "secure" | "windows" | "windows_plain" | "windows_secure" )
+
+    OVMF="/usr/share/OVMF"
+    DEST="$STORAGE/${BOOT_MODE,,}"
+
+    if [ ! -s "$DEST.rom" ] || [ ! -f "$DEST.rom" ]; then
+      [ ! -s "$OVMF/$ROM" ] || [ ! -f "$OVMF/$ROM" ] && error "UEFI boot file ($OVMF/$ROM) not found!" && exit 44
+      cp "$OVMF/$ROM" "$DEST.rom"
+      if [[ "${LOGO:-}" != [Nn]* ]]; then
+        /run/utk.bin "$DEST.rom" replace_ffs LogoDXE "/var/www/img/${PROCESS,,}.ffs" save "$DEST.rom"
+      fi
+    fi
+
+    if [ ! -s "$DEST.vars" ] || [ ! -f "$DEST.vars" ]; then
+      [ ! -s "$OVMF/$VARS" ] || [ ! -f "$OVMF/$VARS" ]&& error "UEFI vars file ($OVMF/$VARS) not found!" && exit 45
+      cp "$OVMF/$VARS" "$DEST.vars"
+    fi
+
+    if [[ "${BOOT_MODE,,}" == "secure" || "${BOOT_MODE,,}" == "windows_secure" ]]; then
+      BOOT_OPTS+=" -global driver=cfi.pflash01,property=secure,value=on"
+    fi
+
+    BOOT_OPTS+=" -drive file=$DEST.rom,if=pflash,unit=0,format=raw,readonly=on"
+    BOOT_OPTS+=" -drive file=$DEST.vars,if=pflash,unit=1,format=raw"
+
+    ;;
+esac
+
+MSRS="/sys/module/kvm/parameters/ignore_msrs"
+if [ -e "$MSRS" ]; then
+  result=$(<"$MSRS")
+  result="${result//[![:print:]]/}"
+  if [[ "$result" == "0" || "${result^^}" == "N" ]]; then
+    echo 1 | tee "$MSRS" > /dev/null 2>&1 || true
+  fi
+fi
+
+CLOCKSOURCE="tsc"
+[[ "${ARCH,,}" == "arm64" ]] && CLOCKSOURCE="arch_sys_counter"
+CLOCK="/sys/devices/system/clocksource/clocksource0/current_clocksource"
+
+if [ ! -f "$CLOCK" ]; then
+  warn "file \"$CLOCK\" cannot not found?"
+else
+  result=$(<"$CLOCK")
+  result="${result//[![:print:]]/}"
+  case "${result,,}" in
+    "${CLOCKSOURCE,,}" ) ;;
+    "kvm-clock" ) info "Nested KVM virtualization detected.." ;;
+    "hyperv_clocksource_tsc_page" ) info "Nested Hyper-V virtualization detected.." ;;
+    "hpet" ) warn "unsupported clock source detected: '$result'. Please set host clock source to '$CLOCKSOURCE'." ;;
+    *) warn "unexpected clock source detected: '$result'. Please set host clock source to '$CLOCKSOURCE'." ;;
+  esac
+fi
+
+SM_BIOS=""
+PS="/sys/class/dmi/id/product_serial"
+
+if [ -s "$PS" ] && [ -r "$PS" ]; then
+
+  BIOS_SERIAL=$(<"$PS")
+  BIOS_SERIAL="${BIOS_SERIAL//[![:alnum:]]/}"
+
+  if [ -n "$BIOS_SERIAL" ]; then
+    SM_BIOS="-smbios type=1,serial=$BIOS_SERIAL"
+  fi
+
+fi
+
+rm -f /var/run/tpm.pid
+
+if [[ "$TPM" == [Yy1]* ]]; then
+
+  if ! swtpm socket -t -d --tpmstate "backend-uri=file://$STORAGE/${BOOT_MODE,,}.tpm" --ctrl type=unixio,path=/run/swtpm-sock --pid file=/var/run/tpm.pid --tpm2; then
+    error "Failed to start TPM emulator, reason: $?"
+  else
+
+    for (( i = 1; i < 20; i++ )); do
+
+      [ -S "/run/swtpm-sock" ] && break
+
+      if (( i % 10 == 0 )); then
+        echo "Waiting for TPM emulator to become available..."
+      fi
+
+      sleep 0.1
+
+    done
+
+    if [ ! -S "/run/swtpm-sock" ]; then
+      error "TPM socket not found? Disabling TPM module..."
+    else
+      BOOT_OPTS+=" -chardev socket,id=chrtpm,path=/run/swtpm-sock"
+      BOOT_OPTS+=" -tpmdev emulator,id=tpm0,chardev=chrtpm -device tpm-tis,tpmdev=tpm0"
+    fi
+
+  fi
+fi
+
+return 0

src/config.sh

@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+: "${UUID:=""}"
+: "${HPET:="off"}"
+: "${VMPORT:="off"}"
+: "${SERIAL:="mon:stdio"}"
+: "${USB:="qemu-xhci,id=xhci,p2=7,p3=7"}"
+: "${MONITOR:="telnet:localhost:$MON_PORT,server,nowait,nodelay"}"
+: "${SMP:="$CPU_CORES,sockets=1,dies=1,cores=$CPU_CORES,threads=1"}"
+
+msg="Configuring QEMU..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
+
+DEV_OPTS=""
+DEF_OPTS="-nodefaults"
+SERIAL_OPTS="-serial $SERIAL"
+CPU_OPTS="-cpu $CPU_FLAGS -smp $SMP"
+RAM_OPTS=$(echo "-m ${RAM_SIZE^^}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
+MON_OPTS="-monitor $MONITOR -name $PROCESS,process=$PROCESS,debug-threads=on"
+MAC_OPTS="-machine type=${MACHINE},smm=${SECURE},graphics=off,vmport=${VMPORT},dump-guest-core=off,hpet=${HPET}${KVM_OPTS}"
+
+[ -n "$UUID" ] && MAC_OPTS+=" -uuid $UUID"
+[ -n "$SM_BIOS" ] && MAC_OPTS+=" $SM_BIOS"
+
+if [[ "${MACHINE,,}" != "pc"* ]]; then
+  DEV_OPTS="-object rng-random,id=objrng0,filename=/dev/urandom"
+  DEV_OPTS+=" -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pcie.0"
+  if [[ "${BOOT_MODE,,}" != "windows"* ]]; then
+    DEV_OPTS+=" -device virtio-balloon-pci,id=balloon0,bus=pcie.0"
+  fi
+fi
+
+if [ -d "/shared" ] && [[ "${BOOT_MODE,,}" != "windows"* ]]; then
+  DEV_OPTS+=" -fsdev local,id=fsdev0,path=/shared,security_model=none"
+  DEV_OPTS+=" -device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=shared"
+fi
+
+[ -n "$USB" ] && [[ "${USB,,}" != "no"* ]] && USB_OPTS="-device $USB -device usb-tablet"
+
+ARGS="$DEF_OPTS $CPU_OPTS $RAM_OPTS $MAC_OPTS $DISPLAY_OPTS $MON_OPTS $SERIAL_OPTS ${USB_OPTS:-} $NET_OPTS $DISK_OPTS $BOOT_OPTS $DEV_OPTS $ARGUMENTS"
+ARGS=$(echo "$ARGS" | sed 's/\t/ /g' | tr -s ' ')
+
+if [[ "${DISPLAY,,}" == "web" ]]; then
+  [ ! -f "$INFO" ] && error "File $INFO not found?!"
+  rm -f "$INFO"
+  [ ! -f "$PAGE" ] && error "File $PAGE not found?!"
+  rm -f "$PAGE"
+else
+  if [[ "${DISPLAY,,}" == "vnc" ]]; then
+    html "You can now connect to VNC on port $VNC_PORT." "0"
+  else
+    html "The virtual machine was booted successfully." "0"
+  fi
+fi
+
+# Check available memory as the very last step
+
+if [[ "$RAM_CHECK" != [Nn]* ]]; then
+
+  RAM_AVAIL=$(free -b | grep -m 1 Mem: | awk '{print $7}')
+  AVAIL_MEM=$(formatBytes "$RAM_AVAIL")
+
+  if (( (RAM_WANTED + RAM_SPARE) > RAM_AVAIL )); then
+    msg="Your configured RAM_SIZE of ${RAM_SIZE/G/ GB} is too high for the $AVAIL_MEM of memory available, please set a lower value."
+    [[ "${FS,,}" != "zfs" ]] && error "$msg" && exit 17
+    info "$msg"
+  else
+    if (( (RAM_WANTED + (RAM_SPARE * 3)) > RAM_AVAIL )); then
+      msg="your configured RAM_SIZE of ${RAM_SIZE/G/ GB} is very close to the $AVAIL_MEM of memory available, please consider a lower value."
+      if [[ "${FS,,}" != "zfs" ]]; then
+        warn "$msg"
+      else
+        info "$msg"
+      fi
+    fi
+  fi
+
+fi
+
+if [[ "$DEBUG" == [Yy1]* ]]; then
+  printf "QEMU arguments:\n\n%s\n\n" "${ARGS// -/$'\n-'}"
+fi
+
+return 0

src/define.sh

@@ -0,0 +1,230 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+pipe() {
+  local code="99"
+  msg="Failed to connect to $1, reason:"
+
+  curl --disable --silent --max-time 15 --fail --location "${1}" || {
+    code="$?"
+  }
+
+  case "${code,,}" in
+    "6" ) error "$msg could not resolve host!" ;;
+    "7" ) error "$msg no internet connection available!" ;;
+    "28" ) error "$msg connection timed out!" ;;
+    "99" ) return 0 ;;
+    *) error "$msg $code" ;;
+  esac
+
+  return 1
+}
+
+getURL() {
+  local id="${1/ /}"
+  local ret="$2"
+  local url=""
+  local arm=""
+  local name=""
+  local body=""
+  local version=""
+
+  case "${id,,}" in
+    "alma" | "almalinux" | "alma-linux" )
+      version="9"
+      name="AlmaLinux"
+      if [[ "$ret" == "url" ]]; then
+        url="https://repo.almalinux.org/almalinux/${version}/live/x86_64/AlmaLinux-${version}-latest-x86_64-Live-GNOME.iso"
+        arm="https://repo.almalinux.org/almalinux/${version}/live/aarch64/AlmaLinux-${version}-latest-aarch64-Live-GNOME.iso"
+      fi ;;
+    "alpine" | "alpinelinux" | "alpine-linux" )
+      name="Alpine Linux"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/latest-releases.yaml") || exit 65
+        version=$(echo "$body" | awk '/"Xen"/{found=0} {if(found) print} /"Virtual"/{found=1}' | grep 'version:' | awk '{print $2}')
+        url="https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-virt-$version-x86_64.iso"
+        arm="https://dl-cdn.alpinelinux.org/alpine/latest-stable/releases/aarch64/alpine-virt-$version-aarch64.iso"
+      fi ;;
+    "arch" | "archlinux" | "arch-linux" )
+      name="Arch Linux"
+      if [[ "$ret" == "url" ]]; then
+        url="https://geo.mirror.pkgbuild.com/iso/latest/archlinux-x86_64.iso"
+      fi ;;
+    "cachy" | "cachyos" )
+      name="CachyOS"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://cachyos.org/download/") || exit 65
+        url=$(echo "$body" | tr '&' '\n' | grep "ISO/desktop" | grep -v 'iso.sha' | grep -v 'iso.sig' | cut -d';' -f2)
+        arm=$(echo "$body" | tr '&' '\n' | grep "ISO/handheld" | grep -v 'iso.sha' | grep -v 'iso.sig' | cut -d';' -f2)
+      fi ;;
+    "centos" | "centosstream" | "centos-stream" )
+      name="CentOS Stream"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://linuxsoft.cern.ch/centos-stream/") || exit 65
+        version=$(echo "$body" | grep "\-stream" | cut -d'"' -f 6 | cut -d'-' -f 1 | head -n 1)
+        url="https://mirrors.xtom.de/centos-stream/$version-stream/BaseOS/x86_64/iso/CentOS-Stream-$version-latest-x86_64-dvd1.iso"
+        arm="https://mirrors.xtom.de/centos-stream/$version-stream/BaseOS/aarch64/iso/CentOS-Stream-$version-latest-aarch64-dvd1.iso"
+      fi ;;
+    "debian" )
+      name="Debian"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://cdimage.debian.org/debian-cd/") || exit 65
+        version=$(echo "$body" | grep '\.[0-9]/' | cut -d'>' -f 9 | cut -d'/' -f 1)
+        url="https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-$version-amd64-standard.iso"
+        arm="https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-$version-arm64-DVD-1.iso"
+      fi ;;
+    "fedora" | "fedoralinux" | "fedora-linux" )
+      name="Fedora Linux"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://getfedora.org/releases.json") || exit 65
+        version=$(echo "$body" | jq -r 'map(.version) | unique | .[]' | sed 's/ /_/g' | sed '/_Beta/d' | sort -r | head -n 1)
+        url=$(echo "$body" | jq -r "map(select(.arch==\"x86_64\" and .version==\"${version}\" and .variant==\"Workstation\" and .subvariant==\"Workstation\" )) | .[].link" | grep -m 1 .iso)
+        arm=$(echo "$body" | jq -r "map(select(.arch==\"aarch64\" and .version==\"${version}\" and .variant==\"Workstation\" and .subvariant==\"Workstation\" )) | .[].link" | grep -m 1 .iso)
+      fi ;;
+    "gentoo" | "gentoolinux" | "gentoo-linux" )
+      name="Gentoo Linux"
+      if [[ "$ret" == "url" ]]; then
+        if [[ "${PLATFORM,,}" != "arm64" ]]; then
+          body=$(pipe "https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-iso.txt") || exit 65
+          version=$(echo "$body" | grep livegui | cut -d' ' -f1)
+          url="https://distfiles.gentoo.org/releases/amd64/autobuilds/$version"
+        else
+          body=$(pipe "https://distfiles.gentoo.org/releases/arm64/autobuilds/latest-qcow2.txt")  || exit 65
+          version=$(echo "$body" | grep cloudinit | cut -d' ' -f1)
+          arm="https://distfiles.gentoo.org/releases/arm64/autobuilds/$version"
+        fi
+      fi ;;
+    "kali" | "kalilinux" | "kali-linux" )
+      name="Kali Linux"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://cdimage.kali.org/current/?C=M;O=D") || exit 65
+        version=$(echo "$body" | grep -o ">kali-linux-.*-live-amd64.iso" | head -n 1 | cut -c 2-)
+        url="https://cdimage.kali.org/current/$version"
+        version=$(echo "$body" | grep -o ">kali-linux-.*-live-arm64.iso" | head -n 1 | cut -c 2-)
+        arm="https://cdimage.kali.org/current/$version"
+      fi ;;
+    "kubuntu" )
+      name="Kubuntu"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://api.launchpad.net/devel/ubuntu/series") || exit 65
+        version=$(echo "$body" | jq -r '.entries | .[] | select(.status=="Current Stable Release").version')
+        url="https://cdimage.ubuntu.com/kubuntu/releases/${version}/release/kubuntu-${version}-desktop-amd64.iso"
+      fi ;;
+    "lmde" )
+      version="6"
+      name="Linux Mint Debian Edition"
+      if [[ "$ret" == "url" ]]; then
+        url="https://pub.linuxmint.io/debian/lmde-${version}-cinnamon-64bit.iso"
+      fi ;;
+    "macos" | "osx" )
+      name="macOS"
+      error "To install $name use: https://github.com/dockur/macos" && return 1 ;;
+    "mint" | "linuxmint" | "linux-mint" )
+      version="22.2"
+      name="Linux Mint"
+      if [[ "$ret" == "url" ]]; then
+        url="https://pub.linuxmint.io/stable/${version}/linuxmint-${version}-cinnamon-64bit.iso"
+      fi ;;
+    "manjaro" )
+      name="Manjaro"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://gitlab.manjaro.org/web/iso-info/-/raw/master/file-info.json") || exit 65
+        url=$(echo "$body" | jq -r .official.plasma.image)
+      fi ;;
+    "mx" | "mxlinux" | "mx-linux" )
+      name="MX Linux"
+      if [[ "$ret" == "url" ]]; then
+        version=$(curl --disable -Ils "https://sourceforge.net/projects/mx-linux/files/latest/download" | grep -i 'location:' | cut -d? -f1 | cut -d_ -f1 | cut -d- -f3) || exit 65
+        url="https://mirror.umd.edu/mxlinux-iso/MX/Final/Xfce/MX-${version}_x64.iso"
+      fi ;;
+    "nixos" )
+      name="NixOS"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://nix-channels.s3.amazonaws.com/?delimiter=/") || exit 65
+        version=$(echo "$body" | grep -o -E 'nixos-[[:digit:]]+\.[[:digit:]]+' | cut -d- -f2 | sort -nru | head -n 1)
+        url="https://channels.nixos.org/nixos-$version/latest-nixos-gnome-x86_64-linux.iso"
+        arm="https://channels.nixos.org/nixos-$version/latest-nixos-gnome-aarch64-linux.iso"
+      fi ;;
+    "opensuse" | "open-suse" | "suse" )
+      name="OpenSUSE"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://download.opensuse.org/distribution/leap/") || exit 65
+        version=$(echo "$body" | grep 'class="name"' | cut -d '/' -f2 | grep -v 42 | sort -r | head -n 1)
+        url="https://download.opensuse.org/distribution/leap/$version/installer/iso/agama-installer.x86_64-Leap_${version}.iso"
+        arm="https://download.opensuse.org/distribution/leap/$version/installer/iso/agama-installer.aarch64-Leap_${version}.iso"
+      fi ;;
+    "rocky" | "rockylinux" | "rocky-linux" )
+      version="9"
+      name="Rocky Linux"
+      if [[ "$ret" == "url" ]]; then
+        url="https://dl.rockylinux.org/pub/rocky/${version}/live/x86_64/Rocky-${version}-Workstation-x86_64-latest.iso"
+        arm="https://dl.rockylinux.org/pub/rocky/${version}/live/aarch64/Rocky-${version}-Workstation-aarch64-latest.iso"
+      fi ;;
+    "slack" | "slackware" )
+      name="Slackware"
+      if [[ "$ret" == "url" ]]; then
+        url="https://slackware.nl/slackware-live/slackware64-current-live/slackware64-live-current.iso"
+      fi ;;
+    "tails" )
+      name="Tails"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://tails.net/install/v2/Tails/amd64/stable/latest.json") || exit 65
+        url=$(echo "$body" | jq -r '.installations[0]."installation-paths"[]|select(.type=="iso")|."target-files"[0].url')
+      fi ;;
+    "ubuntu" | "ubuntu-desktop" )
+      name="Ubuntu Desktop"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://api.launchpad.net/devel/ubuntu/series") || exit 65
+        version=$(echo "$body" | jq -r '.entries | .[] | select(.status=="Current Stable Release").version')
+        url="https://releases.ubuntu.com/${version}/ubuntu-${version}-desktop-amd64.iso"
+        arm="https://cdimage.ubuntu.com/releases/${version}/release/ubuntu-${version}-desktop-arm64.iso"
+      fi ;;
+    "ubuntus" | "ubuntu-server")
+      name="Ubuntu Server"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://api.launchpad.net/devel/ubuntu/series") || exit 65
+        version=$(echo "$body" | jq -r '.entries | .[] | select(.status=="Current Stable Release").version')
+        url="https://releases.ubuntu.com/${version}/ubuntu-${version}-live-server-amd64.iso"
+        arm="https://cdimage.ubuntu.com/releases/${version}/release/ubuntu-${version}-live-server-arm64.iso"
+      fi ;;
+    "windows" )
+      name="Windows"
+      error "To install $name use: https://github.com/dockur/windows" && return 1 ;;
+    "xubuntu" )
+      name="Xubuntu"
+      if [[ "$ret" == "url" ]]; then
+        body=$(pipe "https://api.launchpad.net/devel/ubuntu/series") || exit 65
+        version=$(echo "$body" | jq -r '.entries | .[] | select(.status=="Current Stable Release").version')
+        url="https://cdimages.ubuntu.com/xubuntu/releases/${version}/release/xubuntu-${version}-desktop-amd64.iso"
+      fi ;;
+  esac
+
+  case "${ret,,}" in
+    "name" )
+      echo "$name"
+      ;;
+    "url" )
+
+      if [[ "${PLATFORM,,}" != "arm64" ]]; then
+        if [ -n "$name" ] && [ -z "$url" ]; then
+          error "No image for $name available!"
+          return 1
+        fi
+      else
+        if [ -n "$name" ] && [ -z "$arm" ]; then
+          error "No image for $name is available for ARM64 yet! "
+          return 1
+        fi
+      fi
+
+      if [[ "${PLATFORM,,}" != "arm64" ]]; then
+        echo "$url"
+      else
+        echo "$arm"
+      fi ;;
+  esac
+
+  return 0
+}
+
+return 0

src/disk.sh

@@ -0,0 +1,728 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+
+: "${DISK_IO:="native"}"          # I/O Mode, can be set to 'native', 'threads' or 'io_uring'
+: "${DISK_FMT:=""}"               # Disk file format, can be set to "raw" (default) or "qcow2"
+: "${DISK_TYPE:=""}"              # Device type to be used, "sata", "nvme", "blk" or "scsi"
+: "${DISK_FLAGS:=""}"             # Specifies the options for use with the qcow2 disk format
+: "${DISK_CACHE:="none"}"         # Caching mode, can be set to 'writeback' for better performance
+: "${DISK_DISCARD:="on"}"         # Controls whether unmap (TRIM) commands are passed to the host.
+: "${DISK_ROTATION:="1"}"         # Rotation rate, set to 1 for SSD storage and increase for HDD
+
+fmt2ext() {
+  local DISK_FMT=$1
+
+  case "${DISK_FMT,,}" in
+    qcow2)
+      echo "qcow2"
+      ;;
+    raw)
+      echo "img"
+      ;;
+    *)
+      error "Unrecognized disk format: $DISK_FMT" && exit 78
+      ;;
+  esac
+}
+
+ext2fmt() {
+  local DISK_EXT=$1
+
+  case "${DISK_EXT,,}" in
+    qcow2)
+      echo "qcow2"
+      ;;
+    img)
+      echo "raw"
+      ;;
+    *)
+      error "Unrecognized file extension: .$DISK_EXT" && exit 78
+      ;;
+  esac
+}
+
+getSize() {
+  local DISK_FILE=$1
+  local DISK_EXT DISK_FMT
+
+  DISK_EXT=$(echo "${DISK_FILE//*./}" | sed 's/^.*\.//')
+  DISK_FMT=$(ext2fmt "$DISK_EXT")
+
+  case "${DISK_FMT,,}" in
+    raw)
+      stat -c%s "$DISK_FILE"
+      ;;
+    qcow2)
+      qemu-img info "$DISK_FILE" -f "$DISK_FMT" | grep '^virtual size: ' | sed 's/.*(\(.*\) bytes)/\1/'
+      ;;
+    *)
+      error "Unrecognized disk format: $DISK_FMT" && exit 78
+      ;;
+  esac
+}
+
+isCow() {
+  local FS=$1
+
+  if [[ "${FS,,}" == "btrfs" ]]; then
+    return 0
+  fi
+
+  return 1
+}
+
+supportsDirect() {
+  local FS=$1
+
+  if [[ "${FS,,}" == "ecryptfs" || "${FS,,}" == "tmpfs" ]]; then
+    return 1
+  fi
+
+  return 0
+}
+
+createDisk() {
+
+  local DISK_FILE=$1
+  local DISK_SPACE=$2
+  local DISK_DESC=$3
+  local DISK_FMT=$4
+  local FS=$5
+  local DATA_SIZE DIR SPACE GB FA
+
+  DATA_SIZE=$(numfmt --from=iec "$DISK_SPACE")
+
+  rm -f "$DISK_FILE"
+
+  if [[ "$ALLOCATE" != [Nn]* ]]; then
+
+    # Check free diskspace
+    DIR=$(dirname "$DISK_FILE")
+    SPACE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
+
+    if (( DATA_SIZE > SPACE )); then
+      GB=$(formatBytes "$SPACE")
+      error "Not enough free space to create a $DISK_DESC of ${DISK_SPACE/G/ GB} in $DIR, it has only $GB available..."
+      error "Please specify a smaller ${DISK_DESC^^}_SIZE or disable preallocation by setting ALLOCATE=N." && exit 76
+    fi
+  fi
+
+  html "Creating a $DISK_DESC image..."
+  info "Creating a ${DISK_SPACE/G/ GB} $DISK_STYLE $DISK_DESC image in $DISK_FMT format..."
+
+  local FAIL="Could not create a $DISK_STYLE $DISK_FMT $DISK_DESC image of ${DISK_SPACE/G/ GB} ($DISK_FILE)"
+
+  case "${DISK_FMT,,}" in
+    raw)
+
+      if isCow "$FS"; then
+        if ! touch "$DISK_FILE"; then
+          error "$FAIL" && exit 77
+        fi
+        { chattr +C "$DISK_FILE"; } || :
+      fi
+
+      if [[ "$ALLOCATE" == [Nn]* ]]; then
+
+        # Create an empty file
+        if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
+          rm -f "$DISK_FILE"
+          error "$FAIL" && exit 77
+        fi
+
+      else
+
+        # Create an empty file
+        if ! fallocate -l "$DATA_SIZE" "$DISK_FILE" &>/dev/null; then
+          if ! fallocate -l -x "$DATA_SIZE" "$DISK_FILE"; then
+            if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
+              rm -f "$DISK_FILE"
+              error "$FAIL" && exit 77
+            fi
+          fi
+        fi
+
+      fi
+      ;;
+    qcow2)
+
+      local DISK_PARAM="$DISK_ALLOC"
+      isCow "$FS" && DISK_PARAM+=",nocow=on"
+      [ -n "$DISK_FLAGS" ] && DISK_PARAM+=",$DISK_FLAGS"
+
+      if ! qemu-img create -f "$DISK_FMT" -o "$DISK_PARAM" -- "$DISK_FILE" "$DATA_SIZE" ; then
+        rm -f "$DISK_FILE"
+        error "$FAIL" && exit 70
+      fi
+      ;;
+  esac
+
+  if isCow "$FS"; then
+    FA=$(lsattr "$DISK_FILE")
+    if [[ "$FA" != *"C"* ]]; then
+      error "Failed to disable COW for $DISK_DESC image $DISK_FILE on ${FS^^} filesystem (returned $FA)"
+    fi
+  fi
+
+  return 0
+}
+
+resizeDisk() {
+
+  local DISK_FILE=$1
+  local DISK_SPACE=$2
+  local DISK_DESC=$3
+  local DISK_FMT=$4
+  local FS=$5
+  local CUR_SIZE DATA_SIZE DIR SPACE GB
+
+  CUR_SIZE=$(getSize "$DISK_FILE")
+  DATA_SIZE=$(numfmt --from=iec "$DISK_SPACE")
+  local REQ=$((DATA_SIZE-CUR_SIZE))
+  (( REQ < 1 )) && error "Shrinking disks is not supported yet, please increase ${DISK_DESC^^}_SIZE." && exit 71
+
+  if [[ "$ALLOCATE" != [Nn]* ]]; then
+
+    # Check free diskspace
+    DIR=$(dirname "$DISK_FILE")
+    SPACE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
+
+    if (( REQ > SPACE )); then
+      GB=$(formatBytes "$SPACE")
+      error "Not enough free space to resize $DISK_DESC to ${DISK_SPACE/G/ GB} in $DIR, it has only $GB available.."
+      error "Please specify a smaller ${DISK_DESC^^}_SIZE or disable preallocation by setting ALLOCATE=N." && exit 74
+    fi
+  fi
+
+  GB=$(formatBytes "$CUR_SIZE")
+  MSG="Resizing $DISK_DESC from $GB to ${DISK_SPACE/G/ GB}..."
+  info "$MSG" && html "$MSG"
+
+  local FAIL="Could not resize the $DISK_STYLE $DISK_FMT $DISK_DESC image from ${GB} to ${DISK_SPACE/G/ GB} ($DISK_FILE)"
+
+  case "${DISK_FMT,,}" in
+    raw)
+
+      if [[ "$ALLOCATE" == [Nn]* ]]; then
+
+        # Resize file by changing its length
+        if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
+          error "$FAIL" && exit 75
+        fi
+
+      else
+
+        # Resize file by allocating more space
+        if ! fallocate -l "$DATA_SIZE" "$DISK_FILE" &>/dev/null; then
+          if ! fallocate -l -x "$DATA_SIZE" "$DISK_FILE"; then
+            if ! truncate -s "$DATA_SIZE" "$DISK_FILE"; then
+              error "$FAIL" && exit 75
+            fi
+          fi
+        fi
+
+      fi
+      ;;
+    qcow2)
+
+      if ! qemu-img resize -f "$DISK_FMT" "--$DISK_ALLOC" "$DISK_FILE" "$DATA_SIZE" ; then
+        error "$FAIL" && exit 72
+      fi
+
+      ;;
+  esac
+
+  return 0
+}
+
+convertDisk() {
+
+  local SOURCE_FILE=$1
+  local SOURCE_FMT=$2
+  local DST_FILE=$3
+  local DST_FMT=$4
+  local DISK_BASE=$5
+  local DISK_DESC=$6
+  local FS=$7
+
+  [ -f "$DST_FILE" ] && error "Conversion failed, destination file $DST_FILE already exists?" && exit 79
+  [ ! -f "$SOURCE_FILE" ] && error "Conversion failed, source file $SOURCE_FILE does not exists?" && exit 79
+
+  local TMP_FILE="$DISK_BASE.tmp"
+  rm -f "$TMP_FILE"
+
+  if [[ "$ALLOCATE" != [Nn]* ]]; then
+
+    local DIR CUR_SIZE SPACE GB
+
+    # Check free diskspace
+    DIR=$(dirname "$TMP_FILE")
+    CUR_SIZE=$(getSize "$SOURCE_FILE")
+    SPACE=$(df --output=avail -B 1 "$DIR" | tail -n 1)
+
+    if (( CUR_SIZE > SPACE )); then
+      GB=$(formatBytes "$SPACE")
+      error "Not enough free space to convert $DISK_DESC to $DST_FMT in $DIR, it has only $GB available..."
+      error "Please free up some disk space or disable preallocation by setting ALLOCATE=N." && exit 76
+    fi
+  fi
+
+  local msg="Converting $DISK_DESC to $DST_FMT"
+  html "$msg..."
+  info "$msg, please wait until completed..."
+
+  local CONV_FLAGS="-p"
+  local DISK_PARAM="$DISK_ALLOC"
+  isCow "$FS" && DISK_PARAM+=",nocow=on"
+
+  if [[ "$DST_FMT" != "raw" ]]; then
+    if [[ "$ALLOCATE" == [Nn]* ]]; then
+      CONV_FLAGS+=" -c"
+    fi
+    [ -n "$DISK_FLAGS" ] && DISK_PARAM+=",$DISK_FLAGS"
+  fi
+
+  # shellcheck disable=SC2086
+  if ! qemu-img convert -f "$SOURCE_FMT" $CONV_FLAGS -o "$DISK_PARAM" -O "$DST_FMT" -- "$SOURCE_FILE" "$TMP_FILE"; then
+    rm -f "$TMP_FILE"
+    error "Failed to convert $DISK_STYLE $DISK_DESC image to $DST_FMT format in $DIR, is there enough space available?" && exit 79
+  fi
+
+  if [[ "$DST_FMT" == "raw" ]]; then
+    if [[ "$ALLOCATE" != [Nn]* ]]; then
+      # Work around qemu-img bug
+      CUR_SIZE=$(stat -c%s "$TMP_FILE")
+      if ! fallocate -l "$CUR_SIZE" "$TMP_FILE" &>/dev/null; then
+        if ! fallocate -l -x "$CUR_SIZE" "$TMP_FILE"; then
+          error "Failed to allocate $CUR_SIZE bytes for $DISK_DESC image $TMP_FILE"
+        fi
+      fi
+    fi
+  fi
+
+  rm -f "$SOURCE_FILE"
+  mv "$TMP_FILE" "$DST_FILE"
+
+  if isCow "$FS"; then
+    FA=$(lsattr "$DST_FILE")
+    if [[ "$FA" != *"C"* ]]; then
+      error "Failed to disable COW for $DISK_DESC image $DST_FILE on ${FS^^} filesystem (returned $FA)"
+    fi
+  fi
+
+  msg="Conversion of $DISK_DESC"
+  html "$msg completed..."
+  info "$msg to $DST_FMT completed successfully!"
+
+  return 0
+}
+
+checkFS () {
+
+  local FS=$1
+  local DISK_FILE=$2
+  local DISK_DESC=$3
+  local DIR FA
+
+  DIR=$(dirname "$DISK_FILE")
+  [ ! -d "$DIR" ] && return 0
+
+  if [[ "${FS,,}" == "overlay"* ]]; then
+    info "Warning: the filesystem of $DIR is OverlayFS, this usually means it was binded to an invalid path!"
+  fi
+
+  if [[ "${FS,,}" == "fuse"* ]]; then
+    info "Warning: the filesystem of $DIR is FUSE, this extra layer will negatively affect performance!"
+  fi
+
+  if ! supportsDirect "$FS"; then
+    info "Warning: the filesystem of $DIR is $FS, which does not support O_DIRECT mode, adjusting settings..."
+  fi
+
+  if isCow "$FS"; then
+    if [ -f "$DISK_FILE" ]; then
+      FA=$(lsattr "$DISK_FILE")
+      if [[ "$FA" != *"C"* ]]; then
+        info "Warning: COW (copy on write) is not disabled for $DISK_DESC image file $DISK_FILE, this is recommended on ${FS^^} filesystems!"
+      fi
+    fi
+  fi
+
+  return 0
+}
+
+createDevice () {
+
+  local DISK_FILE=$1
+  local DISK_TYPE=$2
+  local DISK_INDEX=$3
+  local DISK_ADDRESS=$4
+  local DISK_FMT=$5
+  local DISK_IO=$6
+  local DISK_CACHE=$7
+  local DISK_SERIAL=$8
+  local DISK_SECTORS=$9
+  local DISK_ID="data$DISK_INDEX"
+
+  local index=""
+  [ -n "$DISK_INDEX" ] && index=",bootindex=$DISK_INDEX"
+  local result=" -drive file=$DISK_FILE,id=$DISK_ID,format=$DISK_FMT,cache=$DISK_CACHE,aio=$DISK_IO,discard=$DISK_DISCARD,detect-zeroes=on"
+
+  case "${DISK_TYPE,,}" in
+    "none" ) ;;
+    "auto" )
+      echo "$result"
+      ;;
+    "usb" )
+      result+=",if=none \
+      -device usb-storage,drive=${DISK_ID}${index}${DISK_SERIAL}${DISK_SECTORS}"
+      echo "$result"
+      ;;
+    "nvme" )
+      result+=",if=none \
+      -device nvme,drive=${DISK_ID}${index},serial=deadbeaf${DISK_INDEX}${DISK_SERIAL}${DISK_SECTORS}"
+      echo "$result"
+      ;;
+    "ide" | "sata" )
+      result+=",if=none \
+      -device ich9-ahci,id=ahci${DISK_INDEX},addr=$DISK_ADDRESS \
+      -device ide-hd,drive=${DISK_ID},bus=ahci$DISK_INDEX.0,rotation_rate=$DISK_ROTATION${index}${DISK_SERIAL}${DISK_SECTORS}"
+      echo "$result"
+      ;;
+    "blk" | "virtio-blk" )
+      result+=",if=none \
+      -device virtio-blk-pci,drive=${DISK_ID},bus=pcie.0,addr=$DISK_ADDRESS,iothread=io2${index}${DISK_SERIAL}${DISK_SECTORS}"
+      echo "$result"
+      ;;
+    "scsi" | "virtio-scsi" )
+      result+=",if=none \
+      -device virtio-scsi-pci,id=${DISK_ID}b,bus=pcie.0,addr=$DISK_ADDRESS,iothread=io2 \
+      -device scsi-hd,drive=${DISK_ID},bus=${DISK_ID}b.0,channel=0,scsi-id=0,lun=0,rotation_rate=$DISK_ROTATION${index}${DISK_SERIAL}${DISK_SECTORS}"
+      echo "$result"
+      ;;
+  esac
+
+  return 0
+}
+
+addMedia () {
+
+  local DISK_FILE=$1
+  local DISK_TYPE=$2
+  local DISK_INDEX=$3
+  local DISK_ADDRESS=$4
+
+  local index=""
+  local DISK_ID="cdrom$DISK_INDEX"
+  [ -n "$DISK_INDEX" ] && index=",bootindex=$DISK_INDEX"
+  local result=" -drive file=$DISK_FILE,id=$DISK_ID,format=raw,cache=unsafe,readonly=on,media=cdrom"
+
+  case "${DISK_TYPE,,}" in
+    "none" ) ;;
+    "auto" )
+      echo "$result"
+      ;;
+    "usb" )
+      result+=",if=none \
+      -device usb-storage,drive=${DISK_ID}${index},removable=on"
+      echo "$result"
+      ;;
+    "nvme" )
+      result+=",if=none \
+      -device nvme,drive=${DISK_ID}${index},serial=deadbeaf${DISK_INDEX}"
+      echo "$result"
+      ;;
+    "ide" | "sata" )
+      result+=",if=none \
+      -device ich9-ahci,id=ahci${DISK_INDEX},addr=$DISK_ADDRESS \
+      -device ide-cd,drive=${DISK_ID},bus=ahci${DISK_INDEX}.0${index}"
+      echo "$result"
+      ;;
+    "blk" | "virtio-blk" )
+      result+=",if=none \
+      -device virtio-blk-pci,drive=${DISK_ID},bus=pcie.0,addr=$DISK_ADDRESS,iothread=io2${index}"
+      echo "$result"
+      ;;
+    "scsi" | "virtio-scsi" )
+      result+=",if=none \
+      -device virtio-scsi-pci,id=${DISK_ID}b,bus=pcie.0,addr=$DISK_ADDRESS,iothread=io2 \
+      -device scsi-cd,drive=${DISK_ID},bus=${DISK_ID}b.0${index}"
+      echo "$result"
+      ;;
+  esac
+
+  return 0
+}
+
+addDisk () {
+
+  local DISK_BASE=$1
+  local DISK_TYPE=$2
+  local DISK_DESC=$3
+  local DISK_SPACE=$4
+  local DISK_INDEX=$5
+  local DISK_ADDRESS=$6
+  local DISK_FMT=$7
+  local DISK_IO=$8
+  local DISK_CACHE=$9
+  local DISK_EXT DIR SPACE DATA_SIZE FS PREV_FMT PREV_EXT CUR_SIZE
+
+  DISK_EXT=$(fmt2ext "$DISK_FMT")
+  local DISK_FILE="$DISK_BASE.$DISK_EXT"
+
+  DIR=$(dirname "$DISK_FILE")
+  [ ! -d "$DIR" ] && return 0
+
+  SPACE="${DISK_SPACE// /}"
+  [ -z "$SPACE" ] && SPACE="64G"
+  [ -z "${SPACE//[0-9. ]}" ] && SPACE="${SPACE}G"
+  SPACE=$(echo "${SPACE^^}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
+
+  if ! numfmt --from=iec "$SPACE" &>/dev/null; then
+    error "Invalid value for ${DISK_DESC^^}_SIZE: $DISK_SPACE" && exit 73
+  fi
+
+  DATA_SIZE=$(numfmt --from=iec "$SPACE")
+
+  if (( DATA_SIZE < 104857600 )); then
+    error "Please increase ${DISK_DESC^^}_SIZE to at least 100 MB." && exit 73
+  fi
+
+  FS=$(stat -f -c %T "$DIR")
+  checkFS "$FS" "$DISK_FILE" "$DISK_DESC" || exit $?
+
+  if ! supportsDirect "$FS"; then
+    DISK_IO="threads"
+    DISK_CACHE="writeback"
+  fi
+
+  if ! [ -s "$DISK_FILE" ] ; then
+
+    if [[ "${DISK_FMT,,}" != "raw" ]]; then
+      PREV_FMT="raw"
+    else
+      PREV_FMT="qcow2"
+    fi
+
+    PREV_EXT=$(fmt2ext "$PREV_FMT")
+
+    if [ -s "$DISK_BASE.$PREV_EXT" ] ; then
+      convertDisk "$DISK_BASE.$PREV_EXT" "$PREV_FMT" "$DISK_FILE" "$DISK_FMT" "$DISK_BASE" "$DISK_DESC" "$FS" || exit $?
+    fi
+  fi
+
+  if [ -s "$DISK_FILE" ]; then
+
+    CUR_SIZE=$(getSize "$DISK_FILE")
+
+    if (( DATA_SIZE > CUR_SIZE )); then
+      resizeDisk "$DISK_FILE" "$SPACE" "$DISK_DESC" "$DISK_FMT" "$FS" || exit $?
+    fi
+
+  else
+
+    createDisk "$DISK_FILE" "$SPACE" "$DISK_DESC" "$DISK_FMT" "$FS" || exit $?
+
+  fi
+
+  DISK_OPTS+=$(createDevice "$DISK_FILE" "$DISK_TYPE" "$DISK_INDEX" "$DISK_ADDRESS" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" "" "")
+
+  return 0
+}
+
+addDevice () {
+
+  local DISK_DEV=$1
+  local DISK_TYPE=$2
+  local DISK_INDEX=$3
+  local DISK_ADDRESS=$4
+
+  [ -z "$DISK_DEV" ] && return 0
+  [ ! -b "$DISK_DEV" ] && error "Device $DISK_DEV cannot be found! Please add it to the 'devices' section of your compose file." && exit 55
+
+  local sectors=""
+  local result logical physical
+  result=$(fdisk -l "$DISK_DEV" | grep -m 1 -o "(logical/physical): .*" | cut -c 21-)
+  logical="${result%% *}"
+  physical=$(echo "$result" | grep -m 1 -o "/ .*" | cut -c 3-)
+  physical="${physical%% *}"
+
+ if [ -n "$physical" ]; then
+    if [[ "$physical" != "512" ]]; then
+      sectors=",logical_block_size=$logical,physical_block_size=$physical"
+    fi
+  else
+    warn "Failed to determine the sector size for $DISK_DEV"
+  fi
+
+  DISK_OPTS+=$(createDevice "$DISK_DEV" "$DISK_TYPE" "$DISK_INDEX" "$DISK_ADDRESS" "raw" "$DISK_IO" "$DISK_CACHE" "" "$sectors")
+
+  return 0
+}
+
+msg="Initializing disks..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
+
+[ -z "${DISK_OPTS:-}" ] && DISK_OPTS=""
+[ -z "${DISK_TYPE:-}" ] && DISK_TYPE="scsi"
+[ -z "${DISK_NAME:-}" ] && DISK_NAME="data"
+
+case "${DISK_TYPE,,}" in
+  "ide" | "sata" | "nvme" | "usb" | "scsi" | "blk" | "auto" | "none" ) ;;
+  * ) error "Invalid DISK_TYPE specified, value \"$DISK_TYPE\" is not recognized!" && exit 80 ;;
+esac
+
+if [[ "${PLATFORM,,}" != "arm64" ]]; then
+  FALLBACK="ide"
+else
+  FALLBACK="usb"
+fi
+
+[[ "${BOOT_MODE:-}" == "windows_legacy" ]] && FALLBACK="auto"
+
+if [ -z "${MEDIA_TYPE:-}" ]; then
+  if [[ "${BOOT_MODE:-}" != "windows"* ]]; then
+    if [[ "${DISK_TYPE,,}" == "blk" ]]; then
+      MEDIA_TYPE="$FALLBACK"
+    else
+      MEDIA_TYPE="$DISK_TYPE"
+    fi
+  else
+    MEDIA_TYPE="$FALLBACK"
+  fi
+fi
+
+case "${MEDIA_TYPE,,}" in
+  "ide" | "sata" | "nvme" | "usb" | "scsi" | "blk" | "auto" | "none" ) ;;
+  * ) error "Invalid MEDIA_TYPE specified, value \"$MEDIA_TYPE\" is not recognized!" && exit 80 ;;
+esac
+
+if [ -f "$BOOT" ] && [ -s "$BOOT" ]; then
+  case "${BOOT,,}" in
+    *".iso" )
+        if [[ "${HYBRID:-}" == [Yy]* ]]; then
+          DISK_OPTS+=$(addMedia "$BOOT" "usb" "$BOOT_INDEX" "0x5")
+        else
+          DISK_OPTS+=$(addMedia "$BOOT" "$MEDIA_TYPE" "$BOOT_INDEX" "0x5")
+        fi ;;
+    *".img" | *".raw" )
+        DISK_OPTS+=$(createDevice "$BOOT" "$DISK_TYPE" "$BOOT_INDEX" "0x5" "raw" "$DISK_IO" "$DISK_CACHE" "" "") ;;
+    *".qcow2" )
+        DISK_OPTS+=$(createDevice "$BOOT" "$DISK_TYPE" "$BOOT_INDEX" "0x5" "qcow2" "$DISK_IO" "$DISK_CACHE" "" "") ;;
+    * )
+        error "Invalid BOOT image specified, extension \".${BOOT/*./}\" is not recognized!" && exit 80 ;;
+  esac
+fi
+
+DRIVERS="/drivers.iso"
+[ ! -f "$DRIVERS" ] || [ ! -s "$DRIVERS" ] && DRIVERS="$STORAGE/drivers.iso"
+
+if [ -f "$DRIVERS" ] && [ -s "$DRIVERS" ]; then
+  DISK_OPTS+=$(addMedia "$DRIVERS" "$FALLBACK" "" "0x6")
+fi
+
+RESCUE="/start.iso"
+[ ! -f "$RESCUE" ] || [ ! -s "$RESCUE" ] && RESCUE="$STORAGE/start.iso"
+
+if [ -f "$RESCUE" ] && [ -s "$RESCUE" ]; then
+  DISK_OPTS+=$(addMedia "$RESCUE" "$FALLBACK" "1" "0x6")
+fi
+
+DISK1_FILE="$STORAGE/${DISK_NAME}"
+DISK2_FILE="/storage2/${DISK_NAME}2"
+DISK3_FILE="/storage3/${DISK_NAME}3"
+DISK4_FILE="/storage4/${DISK_NAME}4"
+DISK5_FILE="/storage5/${DISK_NAME}5"
+DISK6_FILE="/storage6/${DISK_NAME}6"
+
+if [ -z "$DISK_FMT" ]; then
+  if [ -f "$DISK1_FILE.qcow2" ]; then
+    DISK_FMT="qcow2"
+  else
+    DISK_FMT="raw"
+  fi
+fi
+
+if [ -z "$ALLOCATE" ]; then
+  ALLOCATE="N"
+fi
+
+if [[ "$ALLOCATE" == [Nn]* ]]; then
+  DISK_STYLE="growable"
+  DISK_ALLOC="preallocation=off"
+else
+  DISK_STYLE="preallocated"
+  DISK_ALLOC="preallocation=falloc"
+fi
+
+: "${DISK2_SIZE:=""}"
+: "${DISK3_SIZE:=""}"
+: "${DISK4_SIZE:=""}"
+: "${DISK5_SIZE:=""}"
+: "${DISK6_SIZE:=""}"
+
+: "${DEVICE:=""}"        # Docker variables to passthrough a block device, like /dev/vdc1.
+: "${DEVICE2:=""}"
+: "${DEVICE3:=""}"
+: "${DEVICE4:=""}"
+: "${DEVICE5:=""}"
+: "${DEVICE6:=""}"
+
+[ -z "$DEVICE" ] && [ -b "/disk" ] && DEVICE="/disk"
+[ -z "$DEVICE" ] && [ -b "/disk1" ] && DEVICE="/disk1"
+[ -z "$DEVICE2" ] && [ -b "/disk2" ] && DEVICE2="/disk2"
+[ -z "$DEVICE3" ] && [ -b "/disk3" ] && DEVICE3="/disk3"
+[ -z "$DEVICE4" ] && [ -b "/disk4" ] && DEVICE4="/disk4"
+[ -z "$DEVICE5" ] && [ -b "/disk5" ] && DEVICE5="/disk5"
+[ -z "$DEVICE6" ] && [ -b "/disk6" ] && DEVICE6="/disk6"
+
+[ -z "$DEVICE" ] && [ -b "/dev/disk1" ] && DEVICE="/dev/disk1"
+[ -z "$DEVICE2" ] && [ -b "/dev/disk2" ] && DEVICE2="/dev/disk2"
+[ -z "$DEVICE3" ] && [ -b "/dev/disk3" ] && DEVICE3="/dev/disk3"
+[ -z "$DEVICE4" ] && [ -b "/dev/disk4" ] && DEVICE4="/dev/disk4"
+[ -z "$DEVICE5" ] && [ -b "/dev/disk5" ] && DEVICE4="/dev/disk5"
+[ -z "$DEVICE6" ] && [ -b "/dev/disk6" ] && DEVICE4="/dev/disk6"
+
+if [ -n "$DEVICE" ]; then
+  addDevice "$DEVICE" "$DISK_TYPE" "3" "0xa" || exit $?
+else
+  addDisk "$DISK1_FILE" "$DISK_TYPE" "disk" "$DISK_SIZE" "3" "0xa" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" || exit $?
+fi
+
+if [ -n "$DEVICE2" ]; then
+  addDevice "$DEVICE2" "$DISK_TYPE" "4" "0xb" || exit $?
+else
+  addDisk "$DISK2_FILE" "$DISK_TYPE" "disk2" "$DISK2_SIZE" "4" "0xb" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" || exit $?
+fi
+
+if [ -n "$DEVICE3" ]; then
+  addDevice "$DEVICE3" "$DISK_TYPE" "5" "0xc" || exit $?
+else
+  addDisk "$DISK3_FILE" "$DISK_TYPE" "disk3" "$DISK3_SIZE" "5" "0xc" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" || exit $?
+fi
+
+if [ -n "$DEVICE4" ]; then
+  addDevice "$DEVICE4" "$DISK_TYPE" "6" "0xd" || exit $?
+else
+  addDisk "$DISK4_FILE" "$DISK_TYPE" "disk4" "$DISK4_SIZE" "6" "0xd" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" || exit $?
+fi
+
+if [ -n "$DEVICE5" ]; then
+  addDevice "$DEVICE5" "$DISK_TYPE" "7" "0xe" || exit $?
+else
+  addDisk "$DISK5_FILE" "$DISK_TYPE" "disk5" "$DISK5_SIZE" "7" "0xe" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" || exit $?
+fi
+
+if [ -n "$DEVICE6" ]; then
+  addDevice "$DEVICE6" "$DISK_TYPE" "8" "0xf" || exit $?
+else
+  addDisk "$DISK6_FILE" "$DISK_TYPE" "disk6" "$DISK6_SIZE" "8" "0xf" "$DISK_FMT" "$DISK_IO" "$DISK_CACHE" || exit $?
+fi
+
+DISK_OPTS+=" -object iothread,id=io2"
+
+html "Initialized disks successfully..."
+return 0

src/display.sh

@@ -0,0 +1,72 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+
+: "${GPU:="N"}"         # GPU passthrough
+: "${VGA:="virtio"}"    # VGA adaptor
+: "${DISPLAY:="web"}"   # Display type
+: "${RENDERNODE:="/dev/dri/renderD128"}"  # Render node
+
+port=$(( VNC_PORT - 5900 ))
+[[ "$DISPLAY" == ":0" ]] && DISPLAY="web"
+
+case "${DISPLAY,,}" in
+  "vnc" )
+    DISPLAY_OPTS="-display vnc=:$port -vga $VGA"
+    ;;
+  "web" )
+    DISPLAY_OPTS="-display vnc=:$port,websocket=$WSS_PORT -vga $VGA"
+    ;;
+  "disabled" )
+    DISPLAY_OPTS="-display none -vga $VGA"
+    ;;
+  "none" )
+    DISPLAY_OPTS="-display none -vga none"
+    ;;
+  *)
+    DISPLAY_OPTS="-display $DISPLAY -vga $VGA"
+    ;;
+esac
+
+if [[ "$GPU" != [Yy1]* || "$ARCH" != "amd64" ]]; then
+  return 0
+fi
+
+CPU_VENDOR=$(lscpu | awk '/Vendor ID/{print $3}')
+
+if [[ "$CPU_VENDOR" != "GenuineIntel" ]]; then
+  return 0
+fi
+
+msg="Configuring display drivers..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
+
+[[ "${VGA,,}" == "virtio" ]] && VGA="virtio-vga-gl"
+DISPLAY_OPTS="-display egl-headless,rendernode=$RENDERNODE"
+DISPLAY_OPTS+=" -device $VGA"
+
+[[ "${DISPLAY,,}" == "vnc" ]] && DISPLAY_OPTS+=" -vnc :$port"
+[[ "${DISPLAY,,}" == "web" ]] && DISPLAY_OPTS+=" -vnc :$port,websocket=$WSS_PORT"
+
+[ ! -d /dev/dri ] && mkdir -m 755 /dev/dri
+
+# Extract the card number from the render node
+CARD_NUMBER=$(echo "$RENDERNODE" | grep -oP '(?<=renderD)\d+')
+CARD_DEVICE="/dev/dri/card$((CARD_NUMBER - 128))"
+
+if [ ! -c "$CARD_DEVICE" ]; then
+  if mknod "$CARD_DEVICE" c 226 $((CARD_NUMBER - 128)); then
+    chmod 666 "$CARD_DEVICE"
+  fi
+fi
+
+if [ ! -c "$RENDERNODE" ]; then
+  if mknod "$RENDERNODE" c 226 "$CARD_NUMBER"; then
+    chmod 666 "$RENDERNODE"
+  fi
+fi
+
+addPackage "xserver-xorg-video-intel" "Intel GPU drivers"
+addPackage "qemu-system-modules-opengl" "OpenGL module"

src/entry.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+: "${APP:="QEMU"}"
+: "${PLATFORM:="x64"}"
+: "${SUPPORT:="https://github.com/qemus/qemu"}"
+
+cd /run
+
+. start.sh      # Placeholder
+. utils.sh      # Load functions
+. reset.sh      # Initialize system
+. define.sh     # Define images
+. install.sh    # Download image
+. disk.sh       # Initialize disks
+. display.sh    # Initialize graphics
+. network.sh    # Initialize network
+. boot.sh       # Configure boot
+. proc.sh       # Initialize processor
+. config.sh     # Configure arguments
+
+trap - ERR
+
+version=$(qemu-system-x86_64 --version | head -n 1 | cut -d '(' -f 1 | awk '{ print $NF }')
+info "Booting image${BOOT_DESC} using QEMU v$version..."
+
+exec qemu-system-x86_64 ${ARGS:+ $ARGS}

src/install.sh

@@ -0,0 +1,458 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+getBase() {
+
+  local base="${1%%\?*}"
+  base=$(basename "$base")
+  base="${base//+/ }"
+  printf -v base '%b' "${base//%/\\x}"
+  base="${base//[!A-Za-z0-9._-]/_}"
+
+  echo "$base"
+  return 0
+}
+
+getFolder() {
+
+  local base=""
+  local result="$1"
+
+  if [[ "$result" != *"."* ]]; then
+
+    result="${result,,}"
+
+  else
+
+    base=$(getBase "$result")
+    result="${base%.*}"
+
+    case "${base,,}" in
+
+      *".gz" | *".gzip" | *".xz" | *".7z" | *".zip" | *".rar" | *".lzma" | *".bz" | *".bz2" )
+
+        [[ "$result" == *"."* ]] && result="${result%.*}" ;;
+
+    esac
+
+  fi
+
+  [ -z "$result" ] && result="unknown"
+  echo "$result"
+
+  return 0
+}
+
+moveFile() {
+
+  local file="$1"
+  local ext="${file##*.}"
+  local dest="$STORAGE/boot.$ext"
+
+  if [[ "$file" == "$dest" ]]; then
+    BOOT="$file"
+    return 0
+  fi
+
+  if [[ "${file,,}" == "/boot.${ext,,}" || "${file,,}" == "/custom.${ext,,}" ]]; then
+    BOOT="$file"
+    return 0
+  fi
+
+  if ! mv -f "$file" "$dest"; then
+    error "Failed to move $file to $dest !"
+    return 1
+  fi
+
+  BOOT="$dest"
+  return 0
+}
+
+detectType() {
+
+  local file="$1"
+  local result=""
+
+  [ ! -f "$file" ] && return 1
+  [ ! -s "$file" ] && return 1
+
+  case "${file,,}" in
+    *".iso" | *".img" | *".raw" | *".qcow2" ) ;;
+    * ) return 1 ;;
+  esac
+
+  if [ -n "$BOOT_MODE" ] || [[ "${file,,}" == *".qcow2" ]]; then
+    moveFile "$file" && return 0
+    return 1
+  fi
+
+  if [[ "${file,,}" == *".iso" ]]; then
+
+    result=$(head -c 512 "$file" | tail -c 2 | xxd -p)
+
+    if [[ "$result" != "0000" ]]; then
+      [ -z "${HYBRID:-}" ] && HYBRID="Y"
+    fi
+
+    if [[ "${HYBRID:-}" != [Yy]* ]]; then
+
+      result=$(isoinfo -f -i "$file" 2>/dev/null)
+
+      if [ -z "$result" ]; then
+        error "Failed to read ISO file, invalid format!"
+        return 1
+      fi
+
+      result=$(echo "${result^^}" | grep "^/EFI")
+      [ -z "$result" ] && BOOT_MODE="legacy"
+
+      moveFile "$file" && return 0
+      return 1
+
+    fi
+  fi
+
+  result=$(fdisk -l "$file" 2>/dev/null)
+  [[ "${result^^}" != *"EFI "* ]] && BOOT_MODE="legacy"
+
+  moveFile "$file" && return 0
+  return 1
+}
+
+delay() {
+
+  local i
+  local delay="$1"
+  local msg="Retrying failed download in X seconds..."
+
+  info "${msg/X/$delay}"
+
+  for i in $(seq "$delay" -1 1); do
+    html "${msg/X/$i}"
+    sleep 1
+  done
+
+  return 0
+}
+
+downloadFile() {
+
+  local url="$1"
+  local base="$2"
+  local name="$3"
+  local msg rc total size progress
+
+  local dest="$STORAGE/$base"
+
+  # Check if running with interactive TTY or redirected to docker log
+  if [ -t 1 ]; then
+    progress="--progress=bar:noscroll"
+  else
+    progress="--progress=dot:giga"
+  fi
+
+  if [ -z "$name" ]; then
+    msg="Downloading image"
+    info "Downloading $base..."
+  else
+    msg="Downloading $name"
+    info "Downloading $name..."
+  fi
+
+  html "$msg..."
+
+  /run/progress.sh "$dest" "0" "$msg ([P])..." &
+
+  { wget "$url" -O "$dest" --continue -q --timeout=30 --no-http-keep-alive --show-progress "$progress"; rc=$?; } || :
+
+  fKill "progress.sh"
+
+  if (( rc == 0 )) && [ -f "$dest" ]; then
+    total=$(stat -c%s "$dest")
+    size=$(formatBytes "$total")
+    if [ "$total" -lt 100000 ]; then
+      error "Invalid image file: is only $size ?" && return 1
+    fi
+    html "Download finished successfully..."
+    return 0
+  fi
+
+  msg="Failed to download $url"
+  (( rc == 3 )) && error "$msg , cannot write file (disk full?)" && return 1
+  (( rc == 4 )) && error "$msg , network failure!" && return 1
+  (( rc == 8 )) && error "$msg , server issued an error response!" && return 1
+
+  error "$msg , reason: $rc"
+  return 1
+}
+
+convertImage() {
+
+  local source_file=$1
+  local source_fmt=$2
+  local dst_file=$3
+  local dst_fmt=$4
+  local dir base fs fa space space_gb
+  local cur_size cur_gb src_size disk_param
+
+  [ -f "$dst_file" ] && error "Conversion failed, destination file $dst_file already exists?" && return 1
+  [ ! -f "$source_file" ] && error "Conversion failed, source file $source_file does not exists?" && return 1
+
+  if [[ "${source_fmt,,}" == "${dst_fmt,,}" ]]; then
+    mv -f "$source_file" "$dst_file"
+    return 0
+  fi
+
+  local tmp_file="$dst_file.tmp"
+  dir=$(dirname "$tmp_file")
+
+  rm -f "$tmp_file"
+
+  if [ -n "$ALLOCATE" ] && [[ "$ALLOCATE" != [Nn]* ]]; then
+
+    # Check free diskspace
+    src_size=$(qemu-img info "$source_file" -f "$source_fmt" | grep '^virtual size: ' | sed 's/.*(\(.*\) bytes)/\1/')
+    space=$(df --output=avail -B 1 "$dir" | tail -n 1)
+
+    if (( src_size > space )); then
+      space_gb=$(formatBytes "$space")
+      error "Not enough free space to convert image in $dir, it has only $space_gb available..." && return 1
+    fi
+  fi
+
+  base=$(basename "$source_file")
+  info "Converting $base..."
+  html "Converting image..."
+
+  local conv_flags="-p"
+
+  if [ -z "$ALLOCATE" ] || [[ "$ALLOCATE" == [Nn]* ]]; then
+    disk_param="preallocation=off"
+  else
+    disk_param="preallocation=falloc"
+  fi
+
+  fs=$(stat -f -c %T "$dir")
+  [[ "${fs,,}" == "btrfs" ]] && disk_param+=",nocow=on"
+
+  if [[ "$dst_fmt" != "raw" ]]; then
+    if [ -z "$ALLOCATE" ] || [[ "$ALLOCATE" == [Nn]* ]]; then
+      conv_flags+=" -c"
+    fi
+    [ -n "${DISK_FLAGS:-}" ] && disk_param+=",$DISK_FLAGS"
+  fi
+
+  # shellcheck disable=SC2086
+  if ! qemu-img convert -f "$source_fmt" $conv_flags -o "$disk_param" -O "$dst_fmt" -- "$source_file" "$tmp_file"; then
+    rm -f "$tmp_file"
+    error "Failed to convert image in $dir, is there enough space available?" && return 1
+  fi
+
+  if [[ "$dst_fmt" == "raw" ]]; then
+    if [ -n "$ALLOCATE" ] && [[ "$ALLOCATE" != [Nn]* ]]; then
+      # Work around qemu-img bug
+      cur_size=$(stat -c%s "$tmp_file")
+      cur_gb=$(formatBytes "$cur_size")
+      if ! fallocate -l "$cur_size" "$tmp_file" &>/dev/null; then
+        if ! fallocate -l -x "$cur_size" "$tmp_file"; then
+          error "Failed to allocate $cur_gb for image!"
+        fi
+      fi
+    fi
+  fi
+
+  rm -f "$source_file"
+  mv "$tmp_file" "$dst_file"
+
+  if [[ "${fs,,}" == "btrfs" ]]; then
+    fa=$(lsattr "$dst_file")
+    if [[ "$fa" != *"C"* ]]; then
+      error "Failed to disable COW for image on ${fs^^} filesystem!"
+    fi
+  fi
+
+  html "Conversion completed..."
+  return 0
+}
+
+findFile() {
+
+  local dir file
+  local base="$1"
+  local ext="$2"
+  local fname="${base}.${ext}"
+
+  dir=$(find / -maxdepth 1 -type d -iname "$fname" -print -quit)
+  [ ! -d "$dir" ] && dir=$(find "$STORAGE" -maxdepth 1 -type d -iname "$fname" -print -quit)
+
+  if [ -d "$dir" ]; then
+    if hasDisk; then
+      BOOT="none"
+      return 0
+    fi
+    error "The bind $dir maps to a file that does not exist!" && exit 37
+  fi
+
+  file=$(find / -maxdepth 1 -type f -iname "$fname" -print -quit)
+  [ ! -s "$file" ] && file=$(find "$STORAGE" -maxdepth 1 -type f -iname "$fname" -print -quit)
+
+  detectType "$file" && return 0
+
+  return 1
+}
+
+findFile "boot" "img" && return 0
+findFile "boot" "raw" && return 0
+findFile "boot" "iso" && return 0
+findFile "boot" "qcow2" && return 0
+findFile "custom" "iso" && return 0
+
+if hasDisk; then
+  BOOT="none"
+  return 0
+fi
+
+if [[ "${BOOT}" == \"*\" || "${BOOT}" == \'*\' ]]; then
+  VERSION="${BOOT:1:-1}"
+fi
+
+BOOT=$(expr "$BOOT" : "^\ *\(.*[^ ]\)\ *$")
+
+if [ -z "$BOOT" ] || [[ "$BOOT" == *"example.com/"* ]]; then
+
+  BOOT="alpine"
+  warn "no value specified for the BOOT variable, defaulting to \"${BOOT}\"."
+
+fi
+
+folder=$(getFolder "$BOOT")
+STORAGE="$STORAGE/$folder"
+
+if [ -d "$STORAGE" ]; then
+
+  findFile "boot" "img" && return 0
+  findFile "boot" "raw" && return 0
+  findFile "boot" "iso" && return 0
+  findFile "boot" "qcow2" && return 0
+  findFile "custom" "iso" && return 0
+
+  if hasDisk; then
+    BOOT="none"
+    return 0
+  fi
+
+fi
+
+name=$(getURL "$BOOT" "name") || exit 34
+
+if [ -n "$name" ]; then
+
+  msg="Retrieving latest $name version..."
+  info "$msg" && html "$msg..."
+
+  url=$(getURL "$BOOT" "url") || exit 34
+
+  [ -n "$url" ] && BOOT="$url"
+
+fi
+
+if [[ "$BOOT" != *"."* ]]; then
+  if [ -z "$BOOT" ]; then
+    error "No BOOT value specified!"
+  else
+    error "Invalid BOOT value specified, option \"$BOOT\" is not recognized!"
+  fi
+  exit 64
+fi
+
+if [[ "${BOOT,,}" != "http"* ]]; then
+  error "Invalid BOOT value specified, \"$BOOT\" is not a valid URL!" && exit 64
+fi
+
+mkdir -p "$STORAGE"
+
+find "$STORAGE" -maxdepth 1 -type f \( -iname '*.rom' -or -iname '*.vars' \) -delete
+find "$STORAGE" -maxdepth 1 -type f \( -iname 'data.*' -or -iname 'qemu.*' \) -delete
+
+base=$(getBase "$BOOT")
+
+rm -f "$STORAGE/$base"
+
+if ! downloadFile "$BOOT" "$base" "$name"; then
+  delay 5
+  if ! downloadFile "$BOOT" "$base" "$name"; then
+    delay 10
+    if ! downloadFile "$BOOT" "$base" "$name"; then
+      rm -f "$STORAGE/$base" && exit 60
+    fi
+  fi
+fi
+
+case "${base,,}" in
+  *".gz" | *".gzip" | *".xz" | *".7z" | *".zip" | *".rar" | *".lzma" | *".bz" | *".bz2" )
+    info "Extracting $base..."
+    html "Extracting image..." ;;
+esac
+
+case "${base,,}" in
+  *".gz" | *".gzip" )
+
+    gzip -dc "$STORAGE/$base" > "$STORAGE/${base%.*}"
+    rm -f "$STORAGE/$base"
+    base="${base%.*}"
+
+    ;;
+  *".xz" )
+
+    xz -dc "$STORAGE/$base" > "$STORAGE/${base%.*}"
+    rm -f "$STORAGE/$base"
+    base="${base%.*}"
+
+    ;;
+  *".7z" | *".zip" | *".rar" | *".lzma" | *".bz" | *".bz2" )
+
+    tmp="$STORAGE/extract"
+    rm -rf "$tmp"
+    mkdir -p "$tmp"
+    7z x "$STORAGE/$base" -o"$tmp" > /dev/null
+
+    rm -f "$STORAGE/$base"
+    base="${base%.*}"
+
+    if [ ! -s "$tmp/$base" ]; then
+      rm -rf "$tmp"
+      error "Cannot find file \"${base}\" in .${BOOT/*./} archive!" && exit 32
+    fi
+
+    mv "$tmp/$base" "$STORAGE/$base"
+    rm -rf "$tmp"
+
+    ;;
+esac
+
+case "${base,,}" in
+  *".iso" | *".img" | *".raw" | *".qcow2" )
+    detectType "$STORAGE/$base" && return 0
+    error "Cannot read file \"${base}\"" && exit 63 ;;
+esac
+
+target_ext="img"
+target_fmt="${DISK_FMT:-}"
+[ -z "$target_fmt" ] && target_fmt="raw"
+[[ "$target_fmt" != "raw" ]] && target_ext="qcow2"
+
+case "${base,,}" in
+  *".vdi" ) source_fmt="vdi" ;;
+  *".vhd" ) source_fmt="vpc" ;;
+  *".vhdx" ) source_fmt="vpc" ;;
+  *".vmdk" ) source_fmt="vmdk" ;;
+  * ) error "Unknown file extension, type \".${base/*./}\" is not recognized!" && exit 33 ;;
+esac
+
+dst="$STORAGE/${base%.*}.$target_ext"
+
+! convertImage "$STORAGE/$base" "$source_fmt" "$dst" "$target_fmt" && exit 35
+
+base=$(basename "$dst")
+detectType "$STORAGE/$base" && return 0
+error "Cannot convert file \"${base}\"" && exit 36

src/network.sh

@@ -0,0 +1,828 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+
+: "${MAC:=""}"
+: "${MTU:=""}"
+: "${DHCP:="N"}"
+: "${NETWORK:="Y"}"
+: "${HOST_PORTS:=""}"
+: "${USER_PORTS:=""}"
+: "${ADAPTER:="virtio-net-pci"}"
+
+: "${VM_NET_IP:=""}"
+: "${VM_NET_DEV:=""}"
+: "${VM_NET_TAP:="qemu"}"
+: "${VM_NET_MAC:="$MAC"}"
+: "${VM_NET_HOST:="$APP"}"
+: "${VM_NET_BRIDGE:="docker"}"
+: "${VM_NET_MASK:="255.255.255.0"}"
+
+: "${PASST:="passt"}"
+: "${PASST_OPTS:=""}"
+: "${PASST_DEBUG:=""}"
+
+: "${DNSMASQ_OPTS:=""}"
+: "${DNSMASQ_DEBUG:=""}"
+: "${DNSMASQ:="/usr/sbin/dnsmasq"}"
+: "${DNSMASQ_CONF_DIR:="/etc/dnsmasq.d"}"
+
+ADD_ERR="Please add the following setting to your container:"
+
+# ######################################
+#  Functions
+# ######################################
+
+configureDHCP() {
+
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring MACVTAP networking..."
+
+  # Create the necessary file structure for /dev/vhost-net
+  if [ ! -c /dev/vhost-net ]; then
+    if mknod /dev/vhost-net c 10 238; then
+      chmod 660 /dev/vhost-net
+    fi
+  fi
+
+  # Create a macvtap network for the VM guest
+  { msg=$(ip link add link "$VM_NET_DEV" name "$VM_NET_TAP" address "$VM_NET_MAC" type macvtap mode bridge 2>&1); rc=$?; } || :
+
+  case "$msg" in
+    "RTNETLINK answers: File exists"* )
+      while ! ip link add link "$VM_NET_DEV" name "$VM_NET_TAP" address "$VM_NET_MAC" type macvtap mode bridge; do
+        info "Waiting for macvtap interface to become available.."
+        sleep 5
+      done  ;;
+    "RTNETLINK answers: Invalid argument"* )
+      error "Cannot create macvtap interface. Please make sure that the network type of the container is 'macvlan' and not 'ipvlan'."
+      return 1 ;;
+    "RTNETLINK answers: Operation not permitted"* )
+      error "No permission to create macvtap interface. Please make sure that your host kernel supports it and that the NET_ADMIN capability is set."
+      return 1 ;;
+    *)
+      [ -n "$msg" ] && echo "$msg" >&2
+      if (( rc != 0 )); then
+        error "Cannot create macvtap interface."
+        return 1
+      fi ;;
+  esac
+
+  if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
+    if ! ip link set dev "$VM_NET_TAP" mtu "$MTU"; then
+      warn "Failed to set MTU size to $MTU."
+    fi
+  fi
+
+  while ! ip link set "$VM_NET_TAP" up; do
+    info "Waiting for MAC address $VM_NET_MAC to become available..."
+    info "If you cloned this machine, please delete the '$PROCESS.mac' file to generate a different MAC address."
+    sleep 2
+  done
+
+  local TAP_NR TAP_PATH MAJOR MINOR
+  TAP_NR=$(</sys/class/net/"$VM_NET_TAP"/ifindex)
+  TAP_PATH="/dev/tap${TAP_NR}"
+
+  # Create dev file (there is no udev in container: need to be done manually)
+  IFS=: read -r MAJOR MINOR < <(cat /sys/devices/virtual/net/"$VM_NET_TAP"/tap*/dev)
+  (( MAJOR < 1)) && error "Cannot find: sys/devices/virtual/net/$VM_NET_TAP" && return 1
+
+  [[ ! -e "$TAP_PATH" && -e "/dev0/${TAP_PATH##*/}" ]] && ln -s "/dev0/${TAP_PATH##*/}" "$TAP_PATH"
+
+  if [[ ! -e "$TAP_PATH" ]]; then
+    { mknod "$TAP_PATH" c "$MAJOR" "$MINOR" ; rc=$?; } || :
+    (( rc != 0 )) && error "Cannot mknod: $TAP_PATH ($rc)" && return 1
+  fi
+
+  { exec 30>>"$TAP_PATH"; rc=$?; } 2>/dev/null || :
+
+  if (( rc != 0 )); then
+    error "Cannot create TAP interface ($rc). $ADD_ERR --device-cgroup-rule='c *:* rwm'" && return 1
+  fi
+
+  { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
+
+  if (( rc != 0 )); then
+    error "VHOST can not be found ($rc). $ADD_ERR --device=/dev/vhost-net" && return 1
+  fi
+
+  NET_OPTS="-netdev tap,id=hostnet0,vhost=on,vhostfd=40,fd=30"
+
+  return 0
+}
+
+configureDNS() {
+
+  local if="$1"
+  local ip="$2"
+  local mac="$3"
+  local host="$4"
+  local mask="$5"
+  local gateway="$6"
+
+  [[ "${DNSMASQ_DISABLE:-}" == [Yy1]* ]] && return 0
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Starting dnsmasq daemon..."
+
+  local log="/var/log/dnsmasq.log"
+  rm -f "$log"
+
+  case "${NETWORK,,}" in
+    "nat" | "tap" | "tun" | "tuntap" | "y" )
+
+      # Create lease file for faster resolve
+      echo "0 $mac $ip $host 01:$mac" > /var/lib/misc/dnsmasq.leases
+      chmod 644 /var/lib/misc/dnsmasq.leases
+
+      # dnsmasq configuration:
+      DNSMASQ_OPTS+=" --dhcp-authoritative"
+
+      # Set DHCP range and host
+      DNSMASQ_OPTS+=" --dhcp-range=$ip,$ip"
+      DNSMASQ_OPTS+=" --dhcp-host=$mac,,$ip,$host,infinite"
+
+      # Set DNS server and gateway
+      DNSMASQ_OPTS+=" --dhcp-option=option:netmask,$mask"
+      DNSMASQ_OPTS+=" --dhcp-option=option:router,$gateway"
+      DNSMASQ_OPTS+=" --dhcp-option=option:dns-server,$gateway"
+
+  esac
+
+  # Set interfaces
+  DNSMASQ_OPTS+=" --interface=$if"
+  DNSMASQ_OPTS+=" --bind-interfaces"
+
+  # Add DNS entry for container
+  DNSMASQ_OPTS+=" --address=/host.lan/$gateway"
+
+  # Set local dns resolver to dnsmasq when needed
+  [ -f /etc/resolv.dnsmasq ] && DNSMASQ_OPTS+=" --resolv-file=/etc/resolv.dnsmasq"
+
+  # Enable logging to file
+  DNSMASQ_OPTS+=" --log-facility=$log"
+
+  DNSMASQ_OPTS=$(echo "$DNSMASQ_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//')
+  [[ "$DEBUG" == [Yy1]* ]] && printf "Dnsmasq arguments:\n\n%s\n\n" "${DNSMASQ_OPTS// -/$'\n-'}"
+
+  if ! $DNSMASQ ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS}; then
+
+    local msg="Failed to start Dnsmasq, reason: $?"
+    [ -f "$log" ] && cat "$log"
+    error "$msg"
+
+    return 1
+  fi
+
+  if [[ "$DNSMASQ_DEBUG" == [Yy1]* ]]; then
+    tail -fn +0 "$log" &
+  fi
+
+  return 0
+}
+
+getUserPorts() {
+
+  local args=""
+  local list=$1
+  local ssh="22"
+
+  [[ "${BOOT_MODE:-}" == "windows"* ]] && ssh="3389"
+  [ -z "$list" ] && list="$ssh" || list+=",$ssh"
+
+  list="${list//,/ }"
+  list="${list## }"
+  list="${list%% }"
+
+  for port in $list; do
+    proto="tcp"
+    num="$port"
+
+    if [[ "$port" == */udp ]]; then
+      proto="udp"
+      num="${port%/udp}"
+    elif [[ "$port" == */tcp ]]; then
+      proto="tcp"
+      num="${port%/tcp}"
+    fi
+
+    args+="hostfwd=$proto::$num-$VM_NET_IP:$num,"
+  done
+
+  echo "${args%?}"
+  return 0
+}
+
+getHostPorts() {
+
+  local list="$1"
+  list=$(echo "${list// /}" | sed 's/,*$//g')
+
+  if [[ "${DISPLAY,,}" == "web" ]]; then
+    [ -z "$list" ] && list="$WSS_PORT" || list+=",$WSS_PORT"
+  fi
+
+  if [[ "${DISPLAY,,}" == "vnc" || "${DISPLAY,,}" == "web" ]]; then
+    [ -z "$list" ] && list="$VNC_PORT" || list+=",$VNC_PORT"
+  fi
+
+  [ -z "$list" ] && list="$MON_PORT" || list+=",$MON_PORT"
+
+  if [[ "${WEB:-}" != [Nn]* ]]; then
+    [ -z "$list" ] && list="$WEB_PORT" || list+=",$WEB_PORT"
+  fi
+
+  if [[ "${NETWORK,,}" == "passt" ]]; then
+
+    local DNS_PORT="53"
+    local SAMBA_PORT="445"
+
+    if [[ "${DNSMASQ_DISABLE:-}" != [Yy1]* ]]; then
+      [ -z "$list" ] && list="$DNS_PORT" || list+=",$DNS_PORT"
+    fi
+
+    if [[ "${BOOT_MODE:-}" == "windows"* ]]; then
+      if [[ "${SAMBA:-}" != [Nn]* ]]; then
+        [ -z "$list" ] && list="$SAMBA_PORT" || list+=",$SAMBA_PORT"
+      fi
+    fi
+
+  fi
+
+  echo "$list"
+  return 0
+}
+
+compat() {
+
+  local gateway="$1"
+  local interface="$2"
+  local samba="20.20.20.1"
+
+  [[ "$samba" == "$gateway" ]] && return 0
+  [[ "${BOOT_MODE:-}" != "windows"* ]] && return 0
+
+  if [[ "$interface" != "${interface:0:8}" ]]; then
+    error "Bridge name too long!" && return 1
+  fi
+
+  # Backwards compatibility with old installations
+  if ip address add dev "$interface" "$samba/24" label "$interface:compat"; then
+    SAMBA_INTERFACE="$samba"
+  else
+    warn "failed to configure IP alias!"
+  fi
+
+  return 0
+}
+
+configureSlirp() {
+
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring slirp networking..."
+
+  local ip="$IP"
+  [ -n "$VM_NET_IP" ] && ip="$VM_NET_IP"
+  local base="${ip%.*}."
+  [ "${ip/$base/}" -lt "4" ] && ip="${ip%.*}.4"
+  local gateway="${ip%.*}.1"
+
+  # Backwards compatibility
+  ! compat "$gateway" "$VM_NET_DEV" && exit 24
+
+  local ipv6=""
+  [ -n "$IP6" ] && ipv6="ipv6=on,"
+
+  NET_OPTS="-netdev user,id=hostnet0,ipv4=on,host=$gateway,net=${gateway%.*}.0/24,dhcpstart=$ip,${ipv6}hostname=$VM_NET_HOST"
+
+  local forward
+  forward=$(getUserPorts "${USER_PORTS:-}")
+  [ -n "$forward" ] && NET_OPTS+=",$forward"
+
+  if [[ "${DNSMASQ_DISABLE:-}" != [Yy1]* ]]; then
+    cp /etc/resolv.conf /etc/resolv.dnsmasq
+    echo -e "nameserver 127.0.0.1\nsearch .\noptions ndots:0" >/etc/resolv.conf
+    configureDNS "lo" "$ip" "$VM_NET_MAC" "$VM_NET_HOST" "$VM_NET_MASK" "$gateway" || return 1
+  fi
+
+  VM_NET_IP="$ip"
+  return 0
+}
+
+configurePasst() {
+
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring user-mode networking..."
+
+  local log="/var/log/passt.log"
+  rm -f "$log"
+
+  local pid="/var/run/dnsmasq.pid"
+  [ -s "$pid" ] && pKill "$(<"$pid")"
+
+  local ip="$IP"
+  [ -n "$VM_NET_IP" ] && ip="$VM_NET_IP"
+
+  local gateway=""
+  if [[ "$ip" != *".1" ]]; then
+    gateway="${ip%.*}.1"
+  else
+    gateway="${ip%.*}.2"
+  fi
+
+  # Backwards compatibility
+  ! compat "$gateway" "$VM_NET_DEV" && exit 24
+
+  # passt configuration:
+  [ -z "$IP6" ] && PASST_OPTS+=" -4"
+
+  PASST_OPTS+=" -a $ip"
+  PASST_OPTS+=" -g $gateway"
+  PASST_OPTS+=" -n $VM_NET_MASK"
+
+  exclude=$(getHostPorts "$HOST_PORTS")
+
+  if [ -z "$exclude" ]; then
+    exclude="all"
+  else
+    exclude="~${exclude//,/,~}"
+  fi
+
+  PASST_OPTS+=" -t $exclude"
+  PASST_OPTS+=" -u $exclude"
+  PASST_OPTS+=" -H $VM_NET_HOST"
+  PASST_OPTS+=" -M $GATEWAY_MAC"
+  PASST_OPTS+=" -P /var/run/passt.pid"
+  PASST_OPTS+=" -l $log"
+  PASST_OPTS+=" -q"
+
+  if [[ "${DNSMASQ_DISABLE:-}" != [Yy1]* ]]; then
+    cp /etc/resolv.conf /etc/resolv.dnsmasq
+    echo -e "nameserver 127.0.0.1\nsearch .\noptions ndots:0" >/etc/resolv.conf
+  fi
+
+  PASST_OPTS=$(echo "$PASST_OPTS" | sed 's/\t/ /g' | tr -s ' ' | sed 's/^ *//')
+  [[ "$DEBUG" == [Yy1]* ]] && printf "Passt arguments:\n\n%s\n\n" "${PASST_OPTS// -/$'\n-'}"
+
+  if ! $PASST ${PASST_OPTS:+ $PASST_OPTS} >/dev/null 2>&1; then
+    local msg="Failed to start passt, reason: $?"
+    [ -f "$log" ] && cat "$log"
+    error "$msg"
+    return 1
+  fi
+
+  if [[ "$PASST_DEBUG" == [Yy1]* ]]; then
+    tail -fn +0 "$log" &
+  else
+    if [[ "$DEBUG" == [Yy1]* ]]; then
+      [ -f "$log" ] && cat "$log" && echo ""
+    fi
+  fi
+
+  NET_OPTS="-netdev stream,id=hostnet0,server=off,addr.type=unix,addr.path=/tmp/passt_1.socket"
+
+  configureDNS "lo" "$ip" "$VM_NET_MAC" "$VM_NET_HOST" "$VM_NET_MASK" "$gateway" || return 1
+
+  VM_NET_IP="$ip"
+  return 0
+}
+
+configureNAT() {
+
+  local tuntap="TUN device is missing. $ADD_ERR --device /dev/net/tun"
+  local tables="the 'ip_tables' kernel module is not loaded. Try this command: sudo modprobe ip_tables iptable_nat"
+
+  [[ "$DEBUG" == [Yy1]* ]] && echo "Configuring NAT networking..."
+
+  # Create the necessary file structure for /dev/net/tun
+  if [ ! -c /dev/net/tun ]; then
+    [[ "$PODMAN" == [Yy1]* ]] && return 1
+    [ ! -d /dev/net ] && mkdir -m 755 /dev/net
+    if mknod /dev/net/tun c 10 200; then
+      chmod 666 /dev/net/tun
+    fi
+  fi
+
+  if [ ! -c /dev/net/tun ]; then
+    warn "$tuntap" && return 1
+  fi
+
+  # Check port forwarding flag
+  if [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
+    { sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1; rc=$?; } || :
+    if (( rc != 0 )) || [[ $(< /proc/sys/net/ipv4/ip_forward) -eq 0 ]]; then
+      warn "IP forwarding is disabled. $ADD_ERR --sysctl net.ipv4.ip_forward=1"
+      return 1
+    fi
+  fi
+
+  local ip base
+  base=$(echo "$IP" | sed -r 's/([^.]*.){2}//')
+  if [[ "$IP" != "172.30."* ]]; then
+    ip="172.30.$base"
+  else
+    ip="172.31.$base"
+  fi
+  
+  [ -n "$VM_NET_IP" ] && ip="$VM_NET_IP"
+
+  local gateway=""
+  if [[ "$ip" != *".1" ]]; then
+    gateway="${ip%.*}.1"
+  else
+    gateway="${ip%.*}.2"
+  fi
+
+  # Create a bridge with a static IP for the VM guest
+  { ip link add dev "$VM_NET_BRIDGE" type bridge ; rc=$?; } || :
+
+  if (( rc != 0 )); then
+    warn "failed to create bridge. $ADD_ERR --cap-add NET_ADMIN" && return 1
+  fi
+
+  if ! ip address add "$gateway/24" broadcast "${ip%.*}.255" dev "$VM_NET_BRIDGE"; then
+    warn "failed to add IP address pool!" && return 1
+  fi
+
+  # Backwards compatibility
+  ! compat "$gateway" "$VM_NET_BRIDGE" && exit 24
+
+  while ! ip link set "$VM_NET_BRIDGE" up; do
+    info "Waiting for IP address to become available..."
+    sleep 2
+  done
+
+  # QEMU Works with taps, set tap to the bridge created
+  if ! ip tuntap add dev "$VM_NET_TAP" mode tap; then
+    warn "$tuntap" && return 1
+  fi
+
+  if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
+    if ! ip link set dev "$VM_NET_TAP" mtu "$MTU"; then
+      warn "failed to set MTU size to $MTU."
+    fi
+  fi
+
+  if ! ip link set dev "$VM_NET_TAP" address "$GATEWAY_MAC"; then
+    warn "failed to set gateway MAC address.."
+  fi
+
+  while ! ip link set "$VM_NET_TAP" up promisc on; do
+    info "Waiting for TAP to become available..."
+    sleep 2
+  done
+
+  if ! ip link set dev "$VM_NET_TAP" master "$VM_NET_BRIDGE"; then
+    warn "failed to set master bridge!" && return 1
+  fi
+
+  if grep -wq "nf_tables" /proc/modules; then
+    update-alternatives --set iptables /usr/sbin/iptables-nft > /dev/null
+    update-alternatives --set ip6tables /usr/sbin/ip6tables-nft > /dev/null
+  else
+    update-alternatives --set iptables /usr/sbin/iptables-legacy > /dev/null
+    update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy > /dev/null
+  fi
+
+  exclude=$(getHostPorts "$HOST_PORTS")
+
+  if [ -n "$exclude" ]; then
+    if [[ "$exclude" != *","* ]]; then
+      exclude=" ! --dport $exclude"
+    else
+      exclude=" -m multiport ! --dports $exclude"
+    fi
+  fi
+
+  if ! iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE; then
+    warn "$tables" && return 1
+  fi
+
+  # shellcheck disable=SC2086
+  if ! iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp${exclude} -j DNAT --to "$ip"; then
+    warn "failed to configure IP tables!" && return 1
+  fi
+
+  if ! iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p udp -j DNAT --to "$ip"; then
+    warn "failed to configure IP tables!" && return 1
+  fi
+
+  if (( KERNEL > 4 )); then
+    # Hack for guest VMs complaining about "bad udp checksums in 5 packets"
+    iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill > /dev/null 2>&1 || true
+  fi
+
+  NET_OPTS="-netdev tap,id=hostnet0,ifname=$VM_NET_TAP"
+
+  if [ -c /dev/vhost-net ]; then
+    { exec 40>>/dev/vhost-net; rc=$?; } 2>/dev/null || :
+    (( rc == 0 )) && NET_OPTS+=",vhost=on,vhostfd=40"
+  fi
+
+  NET_OPTS+=",script=no,downscript=no"
+
+  configureDNS "$VM_NET_BRIDGE" "$ip" "$VM_NET_MAC" "$VM_NET_HOST" "$VM_NET_MASK" "$gateway" || return 1
+
+  VM_NET_IP="$ip"
+  return 0
+}
+
+closeBridge() {
+
+  local pid="/var/run/dnsmasq.pid"
+  [ -s "$pid" ] && pKill "$(<"$pid")"
+  rm -f "$pid"
+
+  pid="/var/run/passt.pid"
+  [ -s "$pid" ] && pKill "$(<"$pid")"
+  rm -f "$pid"
+
+  case "${NETWORK,,}" in
+    "user"* | "passt" | "slirp" ) return 0 ;;
+  esac
+
+  ip link set "$VM_NET_TAP" down promisc off &> null || true
+  ip link delete "$VM_NET_TAP" &> null || true
+
+  ip link set "$VM_NET_BRIDGE" down &> null || true
+  ip link delete "$VM_NET_BRIDGE" &> null || true
+
+  return 0
+}
+
+closeNetwork() {
+
+  if [[ "${WEB:-}" != [Nn]* ]]; then
+
+    # Shutdown nginx
+    nginx -s stop 2> /dev/null
+    fWait "nginx"
+
+  fi
+
+  [[ "$NETWORK" == [Nn]* ]] && return 0
+
+  exec 30<&- || true
+  exec 40<&- || true
+
+  if [[ "$DHCP" != [Yy1]* ]]; then
+
+    closeBridge
+    return 0
+
+  fi
+
+  ip link set "$VM_NET_TAP" down || true
+  ip link delete "$VM_NET_TAP" || true
+
+  return 0
+}
+
+cleanUp() {
+
+  # Clean up old files
+  rm -f /etc/resolv.dnsmasq
+  rm -f /var/run/passt.pid
+  rm -f /var/run/dnsmasq.pid
+
+  if [[ -d "/sys/class/net/$VM_NET_TAP" ]]; then
+    info "Lingering interface will be removed..."
+    ip link delete "$VM_NET_TAP" || true
+  fi
+
+  return 0
+}
+
+checkOS() {
+
+  local kernel
+  local os=""
+  local if="macvlan"
+  kernel=$(uname -a)
+
+  [[ "${kernel,,}" == *"darwin"* ]] && os="$ENGINE Desktop for macOS"
+  [[ "${kernel,,}" == *"microsoft"* ]] && os="$ENGINE Desktop for Windows"
+
+  if [[ "$DHCP" == [Yy1]* ]]; then
+    if="macvtap"
+    [[ "${kernel,,}" == *"synology"* ]] && os="Synology Container Manager"
+  fi
+
+  if [ -n "$os" ]; then
+    warn "you are using $os which does not support $if, please revert to bridge networking!"
+  fi
+
+  return 0
+}
+
+getInfo() {
+
+  if [ -z "$VM_NET_DEV" ]; then
+    # Give Kubernetes priority over the default interface
+    [ -d "/sys/class/net/net0" ] && VM_NET_DEV="net0"
+    [ -d "/sys/class/net/net1" ] && VM_NET_DEV="net1"
+    [ -d "/sys/class/net/net2" ] && VM_NET_DEV="net2"
+    [ -d "/sys/class/net/net3" ] && VM_NET_DEV="net3"
+    # Automaticly detect the default network interface
+    [ -z "$VM_NET_DEV" ] && VM_NET_DEV=$(awk '$2 == 00000000 { print $1 }' /proc/net/route)
+    [ -z "$VM_NET_DEV" ] && VM_NET_DEV="eth0"
+  fi
+
+  if [ ! -d "/sys/class/net/$VM_NET_DEV" ]; then
+    error "Network interface '$VM_NET_DEV' does not exist inside the container!"
+    error "$ADD_ERR -e \"VM_NET_DEV=NAME\" to specify another interface name." && exit 26
+  fi
+
+  GATEWAY=$(ip route list dev "$VM_NET_DEV" | awk ' /^default/ {print $3}' | head -n 1)
+  IP=$(ip address show dev "$VM_NET_DEV" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/ | head -n 1)
+  IP6=""
+
+  # shellcheck disable=SC2143
+  if [ -f /proc/net/if_inet6 ] && [ -n "$(ifconfig -a | grep inet6)" ]; then
+    IP6=$(ip -6 addr show dev "$VM_NET_DEV" scope global up)
+    [ -n "$IP6" ] && IP6=$(echo "$IP6" | sed -e's/^.*inet6 \([^ ]*\)\/.*$/\1/;t;d' | head -n 1)
+  fi
+
+  local result nic bus
+  result=$(ethtool -i "$VM_NET_DEV")
+  nic=$(grep -m 1 -i 'driver:' <<< "$result" | awk '{print $(2)}')
+  bus=$(grep -m 1 -i 'bus-info:' <<< "$result" | awk '{print $(2)}')
+
+  if [[ "${bus,,}" != "" && "${bus,,}" != "n/a" && "${bus,,}" != "tap" ]]; then
+    [[ "$DEBUG" == [Yy1]* ]] && info "Detected BUS: $bus"
+    error "This container does not support host mode networking!"
+    exit 29
+  fi
+
+  if [[ "$DHCP" == [Yy1]* ]]; then
+
+    checkOS
+
+    if [[ "${nic,,}" == "ipvlan" ]]; then
+      error "This container does not support IPVLAN networking when DHCP=Y."
+      exit 29
+    fi
+
+    if [[ "${nic,,}" != "macvlan" ]]; then
+      [[ "$DEBUG" == [Yy1]* ]] && info "Detected NIC: $nic"
+      error "The container needs to be in a MACVLAN network when DHCP=Y."
+      exit 29
+    fi
+
+  else
+
+    if [[ "$IP" != "172."* && "$IP" != "10.8"* && "$IP" != "10.9"* ]]; then
+      checkOS
+    fi
+
+  fi
+
+  local mtu=""
+
+  if [ -f "/sys/class/net/$VM_NET_DEV/mtu" ]; then
+    mtu=$(< "/sys/class/net/$VM_NET_DEV/mtu")
+  fi
+
+  [ -z "$MTU" ] && MTU="$mtu"
+  [ -z "$MTU" ] && MTU="0"
+
+  if [ "$MTU" -gt "1500" ]; then
+    [[ "$DEBUG" == [Yy1]* ]] && echo "MTU size is too large: $MTU, ignoring..."
+    MTU="0"
+  fi
+
+  if [[ "${ADAPTER,,}" != "virtio-net-pci" ]]; then
+    if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
+      warn "MTU size is $MTU, but cannot be set for $ADAPTER adapters!" && MTU="0"
+    fi
+  fi
+
+  if [[ "${BOOT_MODE:-}" == "windows_legacy" ]]; then
+    if [[ "$MTU" != "0" && "$MTU" != "1500" ]]; then
+      warn "MTU size is $MTU, but cannot be set for legacy Windows versions!" && MTU="0"
+    fi
+  fi
+
+  if [ -z "$MAC" ]; then
+    local file="$STORAGE/$PROCESS.mac"
+    [ -s "$file" ] && MAC=$(<"$file")
+    MAC="${MAC//[![:print:]]/}"
+    if [ -z "$MAC" ]; then
+      # Generate MAC address based on Docker container ID in hostname
+      MAC=$(echo "$HOST" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')
+      echo "${MAC^^}" > "$file"
+    fi
+  fi
+
+  VM_NET_MAC="${MAC^^}"
+  VM_NET_MAC="${VM_NET_MAC//-/:}"
+
+  if [[ ${#VM_NET_MAC} == 12 ]]; then
+    m="$VM_NET_MAC"
+    VM_NET_MAC="${m:0:2}:${m:2:2}:${m:4:2}:${m:6:2}:${m:8:2}:${m:10:2}"
+  fi
+
+  if [[ ${#VM_NET_MAC} != 17 ]]; then
+    error "Invalid MAC address: '$VM_NET_MAC', should be 12 or 17 digits long!" && exit 28
+  fi
+
+  GATEWAY_MAC=$(echo "$VM_NET_MAC" | md5sum | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/')
+
+  if [[ "$PODMAN" == [Yy1]* && "$DHCP" != [Yy1]* ]]; then
+    if [ -z "$NETWORK" ] || [[ "${NETWORK^^}" == "Y" ]]; then
+      # By default Podman has no permissions for NAT networking
+      NETWORK="user"
+    fi
+  fi
+
+  if [[ "$DEBUG" == [Yy1]* ]]; then
+    line="Host: $HOST  IP: $IP  Gateway: $GATEWAY  Interface: $VM_NET_DEV  MAC: $VM_NET_MAC  MTU: $mtu"
+    [[ "$MTU" != "0" && "$MTU" != "$mtu" ]] && line+=" ($MTU)"
+    info "$line"
+    if [ -f /etc/resolv.conf ]; then
+      nameservers=$(grep '^nameserver*' /etc/resolv.conf | head -c -1 | sed 's/nameserver //g;' | sed -z 's/\n/, /g')
+      [ -n "$nameservers" ] && info "Nameservers: $nameservers"
+    fi
+    echo
+  fi
+
+  return 0
+}
+
+# ######################################
+#  Configure Network
+# ######################################
+
+if [[ "$NETWORK" == [Nn]* ]]; then
+  NET_OPTS=""
+  return 0
+fi
+
+msg="Initializing network..."
+html "$msg"
+[[ "$DEBUG" == [Yy1]* ]] && echo "$msg"
+
+getInfo
+cleanUp
+
+if [[ "$DHCP" == [Yy1]* ]]; then
+
+  # Configure for macvtap interface
+  configureDHCP || exit 20
+
+else
+
+  case "${NETWORK,,}" in
+    "user"* | "passt" | "slirp" ) ;;
+    "nat" | "tap" | "tun" | "tuntap" | "y" )
+
+      # Configure tap interface
+      if ! configureNAT; then
+
+        closeBridge
+        NETWORK="user"
+        msg="falling back to user-mode networking!"
+        msg="failed to setup NAT networking, $msg"
+
+      fi ;;
+
+  esac
+
+  if [[ "${NETWORK,,}" == "user"* ]]; then
+    if [[ "${ADAPTER,,}" != "rtl8139" ]]; then
+      NETWORK="passt"
+    else
+      NETWORK="slirp"
+    fi
+  fi
+
+  case "${NETWORK,,}" in
+    "nat" | "tap" | "tun" | "tuntap" | "y" ) ;;
+    "passt" )
+
+      # Configure for user-mode networking (passt)
+      if ! configurePasst; then
+        error "Failed to configure user-mode networking!"
+        exit 24
+      fi ;;
+
+    "slirp" )
+
+      # Configure for user-mode networking (slirp)
+      if ! configureSlirp; then
+        error "Failed to configure user-mode networking!"
+        exit 24
+      fi
+
+      if [ -z "$USER_PORTS" ]; then
+        info "Notice: slirp networking is active, so when you want to expose ports, you will need to map them using this variable: \"USER_PORTS=80,443\"."
+      fi ;;
+
+    *)
+      error "Unrecognized NETWORK value: \"$NETWORK\"" && exit 24 ;;
+  esac
+
+fi
+
+NET_OPTS+=" -device $ADAPTER,id=net0,netdev=hostnet0,romfile=,mac=$VM_NET_MAC"
+[[ "$MTU" != "0" && "$MTU" != "1500" ]] && NET_OPTS+=",host_mtu=$MTU"
+
+html "Initialized network successfully..."
+return 0

src/proc.sh

@@ -0,0 +1,214 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Docker environment variables
+
+: "${HV="Y"}"
+: "${KVM:="Y"}"
+: "${VMX:="N"}"
+: "${CPU_FLAGS:=""}"
+: "${CPU_MODEL:=""}"
+
+[[ "$DEBUG" == [Yy1]* ]] && echo "Configuring KVM..."
+
+if [[ "$KVM" == [Nn]* ]]; then
+  warn "KVM acceleration is disabled, this will cause the machine to run about 10 times slower!"
+else
+  if [[ "${ARCH,,}" != "amd64" ]]; then
+    KVM="N"
+    warn "your CPU architecture is ${ARCH^^} and cannot provide KVM acceleration for x64 instructions, so the machine will run about 10 times slower."
+  fi
+fi
+
+if [[ "$KVM" != [Nn]* ]]; then
+
+  KVM_ERR=""
+
+  if [ ! -e /dev/kvm ]; then
+    KVM_ERR="(/dev/kvm is missing)"
+  else
+    if ! sh -c 'echo -n > /dev/kvm' &> /dev/null; then
+      KVM_ERR="(/dev/kvm is unwriteable)"
+    else
+      flags=$(sed -ne '/^flags/s/^.*: //p' /proc/cpuinfo)
+      if ! grep -qw "vmx\|svm" <<< "$flags"; then
+        KVM_ERR="(not enabled in BIOS)"
+      fi
+    fi
+  fi
+
+  if [ -n "$KVM_ERR" ]; then
+    KVM="N"
+    if [[ "$OSTYPE" =~ ^darwin ]]; then
+      warn "you are using macOS which has no KVM support, so the machine will run about 10 times slower."
+    else
+      kernel=$(uname -a)
+      case "${kernel,,}" in
+        *"microsoft"* )
+          error "Please bind '/dev/kvm' as a volume in the optional container settings when using Docker Desktop." ;;
+        *"synology"* )
+          error "Please make sure that Synology VMM (Virtual Machine Manager) is installed and that '/dev/kvm' is binded to this container." ;;
+        *)
+          error "KVM acceleration is not available $KVM_ERR, this will cause the machine to run about 10 times slower."
+          error "See the FAQ for possible causes, or disable acceleration by adding the \"KVM=N\" variable (not recommended)." ;;
+      esac
+      [[ "$DEBUG" != [Yy1]* ]] && exit 88
+    fi
+  fi
+
+fi
+
+vendor=$(lscpu | awk '/Vendor ID/{print $3}')
+
+if [[ "$KVM" != [Nn]* ]]; then
+
+  CPU_FEATURES="kvm=on,l3-cache=on,+hypervisor"
+  KVM_OPTS=",accel=kvm -enable-kvm -global kvm-pit.lost_tick_policy=discard"
+
+  if [ -z "$CPU_MODEL" ]; then
+    CPU_MODEL="host"
+    CPU_FEATURES+=",migratable=no"
+  fi
+
+  if [[ "$VMX" == [Nn]* && "${BOOT_MODE,,}" == "windows"* ]]; then
+    # Prevents a crash caused by a certain Windows update
+    CPU_FEATURES+=",-vmx"
+  fi
+
+  if [[ "$vendor" == "AuthenticAMD" ]]; then
+
+    # AMD processor
+    if grep -qw "tsc_scale" <<< "$flags"; then
+      CPU_FEATURES+=",+invtsc"
+    fi
+
+    if [[ "${BOOT_MODE,,}" == "windows"* ]]; then
+      CPU_FEATURES+=",arch_capabilities=off"
+    fi
+
+  else
+
+    # Intel processor
+    vmx=$(sed -ne '/^vmx flags/s/^.*: //p' /proc/cpuinfo)
+
+    if grep -qw "tsc_scaling" <<< "$vmx"; then
+      CPU_FEATURES+=",+invtsc"
+    fi
+
+  fi
+
+  if [[ "${BOOT_MODE,,}" == "windows"* && "$HV" != [Nn]* ]]; then
+
+    HV_FEATURES="hv_passthrough"
+
+    if [[ "$vendor" == "AuthenticAMD" ]]; then
+
+      # AMD processor
+      if ! grep -qw "avic" <<< "$flags"; then
+        HV_FEATURES+=",-hv-avic"
+      fi
+
+      HV_FEATURES+=",-hv-evmcs"
+
+    else
+
+      # Intel processor
+      if ! grep -qw "apicv" <<< "$vmx"; then
+        HV_FEATURES+=",-hv-apicv,-hv-evmcs"
+      else
+        if [[ "$CPU" == "Intel Atom "* || "$CPU" == "Intel Celeron "* || "$CPU" == "Intel Pentium "* ]]; then
+          # Prevent eVMCS version range error on budget CPU's
+          HV_FEATURES+=",-hv-evmcs"
+        fi
+      fi
+
+    fi
+
+    [ -n "$CPU_FEATURES" ] && CPU_FEATURES+=","
+    CPU_FEATURES+="${HV_FEATURES}"
+
+  fi
+
+else
+
+  KVM_OPTS=""
+  CPU_FEATURES="l3-cache=on,+hypervisor"
+
+  if [[ "$ARCH" == "amd64" ]]; then
+    KVM_OPTS=" -accel tcg,thread=multi"
+  fi
+
+  if [ -z "$CPU_MODEL" ]; then
+    if [[ "$ARCH" == "amd64" ]]; then
+
+     if [[ "${BOOT_MODE,,}" != "windows"* ]]; then
+
+       CPU_MODEL="max"
+       CPU_FEATURES+=",migratable=no"
+
+     else
+       if [[ "$vendor" == "AuthenticAMD" ]]; then
+
+         # AMD processor
+         CPU_MODEL="EPYC"
+         CPU_FEATURES+=",svm=off,arch_capabilities=off,-fxsr-opt,-misalignsse,-osvw,-topoext,-nrip-save,-xsavec,check"
+
+       else
+
+         # Intel processor
+         CPU_MODEL="Skylake-Client-v4"
+         CPU_FEATURES+=",vmx=off,-pcid,-tsc-deadline,-invpcid,-spec-ctrl,-xsavec,-xsaves,check"
+
+       fi
+     fi
+
+    else
+
+      # Intel processor
+      CPU_MODEL="Skylake-Client-v4"
+      CPU_FEATURES+=",vmx=off,-pcid,-tsc-deadline,-invpcid,-spec-ctrl,-xsavec,-xsaves,check"
+
+    fi
+  fi
+
+fi
+
+if [[ "$ARGUMENTS" == *"-cpu host,"* ]]; then
+
+  args="${ARGUMENTS} "
+  prefix="${args/-cpu host,*/}"
+  suffix="${args/*-cpu host,/}"
+  param="${suffix%% *}"
+  suffix="${suffix#* }"
+  args="${prefix}${suffix}"
+  ARGUMENTS="${args::-1}"
+
+  if [ -z "$CPU_FLAGS" ]; then
+    CPU_FLAGS="$param"
+  else
+    CPU_FLAGS+=",$param"
+  fi
+
+else
+
+  if [[ "$ARGUMENTS" == *"-cpu host"* ]]; then
+    ARGUMENTS="${ARGUMENTS//-cpu host/}"
+  fi
+
+fi
+
+if [ -z "$CPU_FLAGS" ]; then
+  if [ -z "$CPU_FEATURES" ]; then
+    CPU_FLAGS="$CPU_MODEL"
+  else
+    CPU_FLAGS="$CPU_MODEL,$CPU_FEATURES"
+  fi
+else
+  if [ -z "$CPU_FEATURES" ]; then
+    CPU_FLAGS="$CPU_MODEL,$CPU_FLAGS"
+  else
+    CPU_FLAGS="$CPU_MODEL,$CPU_FEATURES,$CPU_FLAGS"
+  fi
+fi
+
+return 0

src/progress.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+escape () {
+    local s
+    s=${1//&/\&}
+    s=${s//</\&lt;}
+    s=${s//>/\&gt;}
+    s=${s//'"'/\&quot;}
+    printf -- %s "$s"
+    return 0
+}
+
+file="$1"
+total="$2"
+body=$(escape "$3")
+info="/run/shm/msg.html"
+
+if [[ "$body" == *"..." ]]; then
+  body="<p class=\"loading\">${body/.../}</p>"
+fi
+
+while true
+do
+  if [ -s "$file" ]; then
+    bytes=$(du -sb "$file" | cut -f1)
+    if (( bytes > 1000 )); then
+      if [ -z "$total" ] || [[ "$total" == "0" ]]; then
+        size=$(numfmt --to=iec --suffix=B "$bytes" | sed -r 's/([A-Z])/ \1/')
+      else
+        size="$(echo "$bytes" "$total" | awk '{printf "%.1f", $1 * 100 / $2}')"
+        size="$size%"
+      fi
+      echo "${body//(\[P\])/($size)}"> "$info"
+    fi
+  fi
+  sleep 1 & wait $!
+done

src/reset.sh

@@ -0,0 +1,213 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+trap 'error "Status $? while: $BASH_COMMAND (line $LINENO/$BASH_LINENO)"' ERR
+[[ "${TRACE:-}" == [Yy1]* ]] && set -o functrace && trap 'echo "# $BASH_COMMAND" >&2' DEBUG
+
+[ ! -f "/run/entry.sh" ] && error "Script must be run inside the container!" && exit 11
+[ "$(id -u)" -ne "0" ] && error "Script must be executed with root privileges." && exit 12
+
+# Docker environment variables
+
+: "${BOOT:=""}"            # Path of ISO file
+: "${DEBUG:="N"}"          # Disable debugging
+: "${MACHINE:="q35"}"      # Machine selection
+: "${ALLOCATE:=""}"        # Preallocate diskspace
+: "${ARGUMENTS:=""}"       # Extra QEMU parameters
+: "${CPU_CORES:="2"}"      # Amount of CPU cores
+: "${RAM_SIZE:="2G"}"      # Maximum RAM amount
+: "${RAM_CHECK:="Y"}"      # Check available RAM
+: "${DISK_SIZE:="64G"}"    # Initial data disk size
+: "${BOOT_MODE:=""}"       # Boot system with UEFI
+: "${BOOT_INDEX:="9"}"     # Boot index of CD drive
+: "${STORAGE:="/storage"}" # Storage folder location
+
+# Helper variables
+
+PODMAN="N"
+ENGINE="Docker"
+PROCESS="${APP,,}"
+PROCESS="${PROCESS// /-}"
+
+if [ -f "/run/.containerenv" ]; then
+  PODMAN="Y"
+  ENGINE="Podman"
+fi
+
+echo "❯ Starting $APP for $ENGINE v$(</run/version)..."
+echo "❯ For support visit $SUPPORT"
+
+INFO="/run/shm/msg.html"
+PAGE="/run/shm/index.html"
+TEMPLATE="/var/www/index.html"
+FOOTER1="$APP for $ENGINE v$(</run/version)"
+FOOTER2="<a href='$SUPPORT'>$SUPPORT</a>"
+
+CPU=$(cpu)
+SYS=$(uname -r)
+HOST=$(hostname -s)
+KERNEL=$(echo "$SYS" | cut -b 1)
+MINOR=$(echo "$SYS" | cut -d '.' -f2)
+ARCH=$(dpkg --print-architecture)
+CORES=$(grep -c '^processor' /proc/cpuinfo)
+
+if ! grep -qi "socket(s)" <<< "$(lscpu)"; then
+  SOCKETS=1
+else
+  SOCKETS=$(lscpu | grep -m 1 -i 'socket(s)' | awk '{print $(2)}')
+fi
+
+CPU_CORES="${CPU_CORES// /}"
+[[ "${CPU_CORES,,}" == "max" ]] && CPU_CORES="$CORES"
+[ -n "${CPU_CORES//[0-9 ]}" ] && error "Invalid amount of CPU_CORES: $CPU_CORES" && exit 15
+
+if [ "$CPU_CORES" -gt "$CORES" ]; then
+  warn "The amount for CPU_CORES (${CPU_CORES}) exceeds the amount of physical cores, so will be limited to ${CORES}."
+  CPU_CORES="$CORES"
+fi
+
+# Check system
+
+if [ ! -d "/dev/shm" ]; then
+  error "Directory /dev/shm not found!" && exit 14
+else
+  [ ! -d "/run/shm" ] && ln -s /dev/shm /run/shm
+fi
+
+# Check folder
+
+if [[ "${COMMIT:-}" == [Yy1]* ]]; then
+  STORAGE="/local"
+  mkdir -p "$STORAGE"
+fi
+
+if [ ! -d "$STORAGE" ]; then
+  error "Storage folder ($STORAGE) not found!" && exit 13
+fi
+
+if [ ! -w "$STORAGE" ]; then
+  error "Storage folder ($STORAGE) is not writeable!" && exit 13
+fi
+
+# Read memory
+RAM_SPARE=500000000
+RAM_AVAIL=$(free -b | grep -m 1 Mem: | awk '{print $7}')
+RAM_TOTAL=$(free -b | grep -m 1 Mem: | awk '{print $2}')
+
+RAM_SIZE="${RAM_SIZE// /}"
+[ -z "$RAM_SIZE" ] && error "RAM_SIZE not specified!" && exit 16
+
+if [[ "${RAM_SIZE,,}" == "max" ]]; then
+  RAM_WANTED=$(( RAM_AVAIL - RAM_SPARE - RAM_SPARE ))
+  RAM_WANTED=$(( RAM_WANTED / 1073741825 ))
+  RAM_SIZE="${RAM_WANTED}G"
+fi
+
+if [ -z "${RAM_SIZE//[0-9. ]}" ]; then
+  [ "${RAM_SIZE%%.*}" -lt "130" ] && RAM_SIZE="${RAM_SIZE}G" || RAM_SIZE="${RAM_SIZE}M"
+fi
+
+RAM_SIZE=$(echo "${RAM_SIZE^^}" | sed 's/MB/M/g;s/GB/G/g;s/TB/T/g')
+! numfmt --from=iec "$RAM_SIZE" &>/dev/null && error "Invalid RAM_SIZE: $RAM_SIZE" && exit 16
+RAM_WANTED=$(numfmt --from=iec "$RAM_SIZE")
+[ "$RAM_WANTED" -lt "136314880 " ] && error "RAM_SIZE is too low: $RAM_SIZE" && exit 16
+
+# Print system info
+SYS="${SYS/-generic/}"
+FS=$(stat -f -c %T "$STORAGE")
+FS="${FS/UNKNOWN //}"
+FS="${FS/ext2\/ext3/ext4}"
+FS=$(echo "$FS" | sed 's/[)(]//g')
+SPACE=$(df --output=avail -B 1 "$STORAGE" | tail -n 1)
+SPACE_GB=$(formatBytes "$SPACE" "down")
+AVAIL_MEM=$(formatBytes "$RAM_AVAIL" "down")
+TOTAL_MEM=$(formatBytes "$RAM_TOTAL" "up")
+
+echo "❯ CPU: ${CPU} | RAM: ${AVAIL_MEM/ GB/}/$TOTAL_MEM | DISK: $SPACE_GB (${FS}) | KERNEL: ${SYS}..."
+echo
+
+# Check compatibilty
+
+if [[ "${FS,,}" == "ecryptfs" || "${FS,,}" == "tmpfs" ]]; then
+  DISK_IO="threads"
+  DISK_CACHE="writeback"
+fi
+
+if [[ "${BOOT_MODE:-}" == "windows"* ]]; then
+  if [[ "${FS,,}" == "btrfs" ]]; then
+    warn "you are using the BTRFS filesystem for /storage, this might introduce issues with Windows Setup!"
+  fi
+fi
+
+# Check available memory
+
+if [[ "$RAM_CHECK" != [Nn]* ]] && (( (RAM_WANTED + RAM_SPARE) > RAM_AVAIL )); then
+  AVAIL_MEM=$(formatBytes "$RAM_AVAIL")
+  msg="Your configured RAM_SIZE of ${RAM_SIZE/G/ GB} is too high for the $AVAIL_MEM of memory available, please set a lower value."
+  [[ "${FS,,}" != "zfs" ]] && error "$msg" && exit 17
+  info "$msg"
+fi
+
+addPackage() {
+  local pkg=$1
+  local desc=$2
+
+  if apt-mark showinstall | grep -qx "$pkg"; then
+    return 0
+  fi
+
+  MSG="Installing $desc..."
+  info "$MSG" && html "$MSG"
+
+  DEBIAN_FRONTEND=noninteractive apt-get -qq update
+  DEBIAN_FRONTEND=noninteractive apt-get -qq --no-install-recommends -y install "$pkg" > /dev/null
+
+  return 0
+}
+
+: "${VNC_PORT:="5900"}"    # VNC port
+: "${MON_PORT:="7100"}"    # Monitor port
+: "${WEB_PORT:="8006"}"    # Webserver port
+: "${WSS_PORT:="5700"}"    # Websockets port
+
+if (( VNC_PORT < 5900 )); then
+  warn "VNC port cannot be set lower than 5900, ignoring value $VNC_PORT."
+  VNC_PORT="5900"
+fi
+
+cp -r /var/www/* /run/shm
+html "Starting $APP for $ENGINE..."
+
+if [[ "${WEB:-}" != [Nn]* ]]; then
+
+  mkdir -p /etc/nginx/sites-enabled
+  cp /etc/nginx/default.conf /etc/nginx/sites-enabled/web.conf
+
+  user="admin"
+  [ -n "${USER:-}" ] && user="${USER:-}"
+
+  if [ -n "${PASS:-}" ]; then
+
+    # Set password
+    echo "$user:{PLAIN}${PASS:-}" > /etc/nginx/.htpasswd
+
+    sed -i "s/auth_basic off/auth_basic \"NoVNC\"/g" /etc/nginx/sites-enabled/web.conf
+
+  fi
+
+  sed -i "s/listen 8006 default_server;/listen $WEB_PORT default_server;/g" /etc/nginx/sites-enabled/web.conf
+  sed -i "s/proxy_pass http:\/\/127.0.0.1:5700\/;/proxy_pass http:\/\/127.0.0.1:$WSS_PORT\/;/g" /etc/nginx/sites-enabled/web.conf
+
+  # shellcheck disable=SC2143
+  if [ -f /proc/net/if_inet6 ] && [ -n "$(ifconfig -a | grep inet6)" ]; then
+
+    sed -i "s/listen $WEB_PORT default_server;/listen [::]:$WEB_PORT default_server ipv6only=off;/g" /etc/nginx/sites-enabled/web.conf
+
+  fi
+
+  # Start webserver
+  nginx -e stderr
+
+fi
+
+return 0

src/start.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Override this placeholder file using a Docker bind to execute a script during startup!

src/utils.sh

@@ -0,0 +1,162 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Helper functions
+
+info () { printf "%b%s%b" "\E[1;34m❯ \E[1;36m" "${1:-}" "\E[0m\n"; }
+error () { printf "%b%s%b" "\E[1;31m❯ " "ERROR: ${1:-}" "\E[0m\n" >&2; }
+warn () { printf "%b%s%b" "\E[1;31m❯ " "Warning: ${1:-}" "\E[0m\n" >&2; }
+
+formatBytes() {
+  local result
+  result=$(numfmt --to=iec --suffix=B "$1" | sed -r 's/([A-Z])/ \1/' | sed 's/ B/ bytes/g;')
+  local unit="${result//[0-9. ]}"
+  result="${result//[a-zA-Z ]/}"
+  if [[ "${2:-}" == "up" ]]; then
+    if [[ "$result" == *"."* ]]; then
+      result="${result%%.*}"
+      result=$((result+1))
+    fi
+  else
+    if [[ "${2:-}" == "down" ]]; then
+      result="${result%%.*}"
+    fi
+  fi
+  echo "$result $unit"
+  return 0
+}
+
+isAlive() {
+  local pid="$1"
+
+  if kill -0 "$pid" 2>/dev/null; then
+    return 0
+  fi
+
+  return 1
+}
+
+pKill() {
+  local pid="$1"
+
+  { kill -15 "$pid" || true; } 2>/dev/null
+
+  while isAlive "$pid"; do
+    sleep 0.2
+  done
+
+  return 0
+}
+
+fWait() {
+  local name="$1"
+
+  while pgrep -f -l "$name" >/dev/null; do
+    sleep 0.2
+  done
+
+  return 0
+}
+
+fKill() {
+  local name="$1"
+
+  { pkill -f "$name" || true; } 2>/dev/null
+  fWait "$name"
+
+  return 0
+}
+
+escape () {
+  local s
+  s=${1//&/\&}
+  s=${s//</\&lt;}
+  s=${s//>/\&gt;}
+  s=${s//'"'/\&quot;}
+  printf -- %s "$s"
+  return 0
+}
+
+html() {
+  local title
+  local body
+  local script
+  local footer
+
+  title=$(escape "$APP")
+  title="<title>$title</title>"
+  footer=$(escape "$FOOTER1")
+
+  body=$(escape "$1")
+  if [[ "$body" == *"..." ]]; then
+    body="<p class=\"loading\">${body/.../}</p>"
+  fi
+
+  [ -n "${2:-}" ] && script="$2" || script=""
+
+  local HTML
+  HTML=$(<"$TEMPLATE")
+  HTML="${HTML/\[1\]/$title}"
+  HTML="${HTML/\[2\]/$script}"
+  HTML="${HTML/\[3\]/$body}"
+  HTML="${HTML/\[4\]/$footer}"
+  HTML="${HTML/\[5\]/$FOOTER2}"
+
+  echo "$HTML" > "$PAGE"
+  echo "$body" > "$INFO"
+
+  return 0
+}
+
+cpu() {
+  local ret
+  local cpu=""
+
+  ret=$(lscpu)
+
+  if grep -qi "model name" <<< "$ret"; then
+    cpu=$(echo "$ret" | grep -m 1 -i 'model name' | cut -f 2 -d ":" | awk '{$1=$1}1' | sed 's# @.*##g' | sed s/"(R)"//g | sed 's/[^[:alnum:] ]\+/ /g' | sed 's/  */ /g')
+  fi
+
+  if [ -z "${cpu// /}" ] && grep -qi "model:" <<< "$ret"; then
+    cpu=$(echo "$ret" | grep -m 1 -i 'model:' | cut -f 2 -d ":" | awk '{$1=$1}1' | sed 's# @.*##g' | sed s/"(R)"//g | sed 's/[^[:alnum:] ]\+/ /g' | sed 's/  */ /g')
+  fi
+
+  cpu="${cpu// CPU/}"
+  cpu="${cpu// [0-9] Core}"
+  cpu="${cpu// [0-9][0-9] Core}"
+  cpu="${cpu// [0-9][0-9][0-9] Core}"
+  cpu="${cpu//[0-9]th Gen }"
+  cpu="${cpu//[0-9][0-9]th Gen }"
+  cpu="${cpu// Processor/}"
+  cpu="${cpu// Quad core/}"
+  cpu="${cpu// Dual core/}"
+  cpu="${cpu// Octa core/}"
+  cpu="${cpu// Hexa core/}"
+  cpu="${cpu// Core TM/ Core}"
+  cpu="${cpu// with Radeon Graphics/}"
+  cpu="${cpu// with Radeon Vega Graphics/}"
+  cpu="${cpu// with Radeon Vega Mobile Gfx/}"
+  cpu="${cpu// w Radeon [0-9][0-9][0-9]M Graphics/}"
+
+  [ -z "${cpu// /}" ] && cpu="Unknown"
+
+  echo "$cpu"
+  return 0
+}
+
+hasDisk() {
+
+  [ -b "/disk" ] && return 0
+  [ -b "/disk1" ] && return 0
+  [ -b "/dev/disk1" ] && return 0
+  [ -b "${DEVICE:-}" ] && return 0
+
+  [ -z "${DISK_NAME:-}" ] && DISK_NAME="data"
+  [ -s "$STORAGE/$DISK_NAME.img" ]  && return 0
+  [ -s "$STORAGE/$DISK_NAME.qcow2" ] && return 0
+
+  return 1
+}
+
+return 0

web/conf/defaults.json

@@ -0,0 +1,4 @@
+{
+  "resize": "scale",
+  "reconnect_delay": 3000
+}

web/conf/mandatory.json

@@ -0,0 +1,4 @@
+{
+  "reconnect": true,
+  "autoconnect": true
+}

web/conf/nginx.conf

@@ -0,0 +1,60 @@
+server {
+
+    listen 8006 default_server;
+
+    autoindex on;
+    tcp_nodelay on;
+    server_tokens off;
+    absolute_redirect off;
+
+    error_log /dev/null;
+    access_log /dev/null;
+
+    auth_basic off;
+    auth_basic_user_file /etc/nginx/.htpasswd;
+
+    include /etc/nginx/mime.types;
+
+    gzip on;
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 5;
+    gzip_min_length 500;
+    gzip_disable "msie6";
+    gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
+
+    add_header Cache-Control "no-cache";
+
+    location / {
+
+      root /run/shm;
+
+      if ( -f /run/shm/index.html) {
+        break;
+      }
+
+      try_files /index.html @vnc;
+    }
+
+    location @vnc {
+
+      root /usr/share/novnc;
+      index vnc.html;
+
+    }
+
+    location /websockify {
+
+      proxy_http_version 1.1;
+
+      proxy_set_header Connection 'upgrade';
+      proxy_set_header Upgrade $http_upgrade;
+
+      proxy_buffering off;
+      proxy_read_timeout 3600s;
+      proxy_send_timeout 3600s;
+
+      proxy_pass http://127.0.0.1:5700/;
+    }
+
+}

web/css/style.css

@@ -0,0 +1,167 @@
+body {
+	color: white;
+	background-color: #125bdb;
+	font-smoothing: antialiased;
+	-webkit-font-smoothing: antialiased;
+	-moz-osx-font-smoothing: grayscale;
+	font-family: Verdana, Geneva, sans-serif;
+}
+
+#info {
+	text-shadow: 1px 1px 1px rgba(0, 0, 0, 0.25);
+}
+
+#content {
+	text-align: center;
+	padding: 20px;
+	margin-top: 50px;
+}
+
+footer {
+	width: 98%;
+	position: fixed;
+	bottom: 0px;
+	height: 40px;
+	text-align: center;
+	color: #0c8aeb;
+	text-shadow: 0 0 1px #0c8aeb;
+}
+
+#empty {
+	height: 40px;
+	/* Same height as footer */
+}
+
+a,
+a:hover,
+a:active,
+a:visited {
+	color: white;
+}
+
+footer a:link,
+footer a:visited,
+footer a:active {
+	color: #0c8aeb;
+}
+
+footer a:hover {
+	color: #73e6ff;
+}
+
+.loading:after {
+	content: " .";
+	animation: dots 1s steps(5, end) infinite;
+}
+
+@keyframes dots {
+
+	0%,
+	20% {
+		color: rgba(0, 0, 0, 0);
+		text-shadow: 0.25em 0 0 rgba(0, 0, 0, 0), 0.5em 0 0 rgba(0, 0, 0, 0);
+	}
+
+	40% {
+		color: white;
+		text-shadow: 0.25em 0 0 rgba(0, 0, 0, 0), 0.5em 0 0 rgba(0, 0, 0, 0);
+	}
+
+	60% {
+		text-shadow: 0.25em 0 0 white, 0.5em 0 0 rgba(0, 0, 0, 0);
+	}
+
+	80%,
+	100% {
+		text-shadow: 0.25em 0 0 white, 0.5em 0 0 white;
+	}
+}
+
+.spinner_LWk7 {
+	animation: spinner_GWy6 1.2s linear infinite, spinner_BNNO 1.2s linear infinite
+}
+
+.spinner_yOMU {
+	animation: spinner_GWy6 1.2s linear infinite, spinner_pVqn 1.2s linear infinite;
+	animation-delay: .15s
+}
+
+.spinner_KS4S {
+	animation: spinner_GWy6 1.2s linear infinite, spinner_6uKB 1.2s linear infinite;
+	animation-delay: .3s
+}
+
+.spinner_zVee {
+	animation: spinner_GWy6 1.2s linear infinite, spinner_Qw4x 1.2s linear infinite;
+	animation-delay: .45s
+}
+
+@keyframes spinner_GWy6 {
+
+	0%,
+	50% {
+		width: 9px;
+		height: 9px
+	}
+
+	10% {
+		width: 11px;
+		height: 11px
+	}
+}
+
+@keyframes spinner_BNNO {
+
+	0%,
+	50% {
+		x: 1.5px;
+		y: 1.5px
+	}
+
+	10% {
+		x: .5px;
+		y: .5px
+	}
+}
+
+@keyframes spinner_pVqn {
+
+	0%,
+	50% {
+		x: 13.5px;
+		y: 1.5px
+	}
+
+	10% {
+		x: 12.5px;
+		y: .5px
+	}
+}
+
+@keyframes spinner_6uKB {
+
+	0%,
+	50% {
+		x: 13.5px;
+		y: 13.5px
+	}
+
+	10% {
+		x: 12.5px;
+		y: 12.5px
+	}
+}
+
+@keyframes spinner_Qw4x {
+
+	0%,
+	50% {
+		x: 1.5px;
+		y: 13.5px
+	}
+
+	10% {
+		x: .5px;
+		y: 12.5px
+	}
+}

web/index.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+
+    <head>
+        [1]
+        <meta http-equiv="Cache-Control" content="no-cache" />
+        <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+        <link rel="stylesheet" type="text/css" href="css/style.css" />
+        <link rel="icon" href="img/favicon.svg" type="image/x-icon">
+        [2]
+    </head>
+
+    <body>
+        <div id="page">
+            <div id="content">
+                <svg id="spinner" width="64" height="64" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+                    <rect class="spinner_LWk7" fill="#0c8aeb" x="1.5" y="1.5" rx="1" width="9" height="9"/>
+                    <rect class="spinner_yOMU" fill="#0c8aeb" x="13.5" y="1.5" rx="1" width="9" height="9"/>
+                    <rect class="spinner_KS4S" fill="#0c8aeb" x="13.5" y="13.5" rx="1" width="9" height="9"/>
+                    <rect class="spinner_zVee" fill="#0c8aeb" x="1.5" y="13.5" rx="1" width="9" height="9"/>
+                </svg>
+                <h1 id="info">[3]</h1>
+            </div>
+            <div id="empty">
+            </div>
+            <footer id="footer">
+                [4]<br />
+                [5]
+            </footer>
+        </div>
+        <script type="text/javascript" src="js/script.js"></script>
+    </body>
+
+</html>

web/js/script.js

@@ -0,0 +1,136 @@
+var request;
+var interval = 1000;
+
+var webSocketFactory = {
+    connect: function(url) {
+
+        var ws = new WebSocket(url);
+
+        ws.addEventListener("open", e => {
+            ws.close();
+            document.location.reload();
+        });
+
+        ws.addEventListener("error", e => {
+            if (e.target.readyState === 3) {
+                setTimeout(() => this.connect(url), 1000);
+            }
+        });
+    }
+};
+
+function getInfo() {
+
+    var url = "msg.html";
+
+    try {
+        if (window.XMLHttpRequest) {
+            request = new XMLHttpRequest();
+        } else {
+            throw "XMLHttpRequest not available!";
+        }
+
+        request.onreadystatechange = processInfo;
+        request.open("GET", url, true);
+        request.send();
+
+    } catch (e) {
+        var err = "Error: " + e.message;
+        console.log(err);
+        setError(err);
+    }
+}
+
+function processInfo() {
+    try {
+
+        if (request.readyState != 4) {
+            return true;
+        }
+
+        var msg = request.responseText;
+        if (msg == null || msg.length == 0) {
+            setError("Lost connection");
+            schedule();
+            return false;
+        }
+
+        var notFound = (request.status == 404);
+
+        if (request.status == 200) {
+            if (msg.toLowerCase().indexOf("<html>") !== -1) {
+                notFound = true;
+            } else {
+                setInfo(msg);
+                schedule();
+                return true;
+            }
+        }
+
+        if (notFound) {
+            setInfo("Connecting to VNC", true);
+
+            var protocol = window.location.protocol === "https:" ? "wss:" : "ws:";
+            var path = window.location.pathname.replace(/[^/]*$/, '').replace(/\/$/, '');
+            var wsUrl = protocol + "//" + window.location.host + path + "/websockify";
+            var webSocket = webSocketFactory.connect(wsUrl);
+
+            return true;
+        }
+
+        setError("Error: Received statuscode " + request.status);
+        schedule();
+        return false;
+
+    } catch (e) {
+        var err = "Error: " + e.message;
+        console.log(err);
+        setError(err);
+        return false;
+    }
+}
+
+function setInfo(msg, loading, error) {
+    try {
+
+        if (msg == null || msg.length == 0) {
+            return false;
+        }
+
+        var el = document.getElementById("spinner");
+
+        error = !!error;
+        if (!error) {
+            el.style.visibility = 'visible';
+        } else {
+            el.style.visibility = 'hidden';
+        }
+
+        loading = !!loading;
+        if (loading) {
+            msg = "<p class=\"loading\">" + msg + "</p>";
+        }
+
+        el = document.getElementById("info");
+
+        if (el.innerHTML != msg) {
+            el.innerHTML = msg;
+        }
+
+        return true;
+
+    } catch (e) {
+        console.log("Error: " + e.message);
+        return false;
+    }
+}
+
+function setError(text) {
+    return setInfo(text, false, true);
+}
+
+function schedule() {
+    setTimeout(getInfo, interval);
+}
+
+schedule();