all: move _mkosi to _ops/awwan-test

This is to group all containers into one directory.

20 files changed, 355 insertions, 0 deletions

diff --git a/_ops/awwan-test/mkosi.builddir/.gitignore b/_ops/awwan-test/mkosi.builddir/.gitignore
new file mode 100644
index 0000000..120f485
--- /dev/null
+++ b/_ops/awwan-test/mkosi.builddir/.gitignore
@@ -0,0 +1,2 @@
+*
+!/.gitignore
diff --git a/_ops/awwan-test/mkosi.cache/.gitignore b/_ops/awwan-test/mkosi.cache/.gitignore
new file mode 100644
index 0000000..120f485
--- /dev/null
+++ b/_ops/awwan-test/mkosi.cache/.gitignore
@@ -0,0 +1,2 @@
+*
+!/.gitignore
diff --git a/_ops/awwan-test/mkosi.conf b/_ops/awwan-test/mkosi.conf
new file mode 100644
index 0000000..2f535e8
--- /dev/null
+++ b/_ops/awwan-test/mkosi.conf
@@ -0,0 +1,11 @@
+[Output]
+Format=tar
+Output=awwan-test
+OutputDirectory=/data/awwan/
+
+[Content]
+Bootable=no
+CleanPackageMetadata=false
+
+[Host]
+Incremental=yes
diff --git a/_ops/awwan-test/mkosi.conf.d/archlinux.conf b/_ops/awwan-test/mkosi.conf.d/archlinux.conf
new file mode 100644
index 0000000..2b2bd41
--- /dev/null
+++ b/_ops/awwan-test/mkosi.conf.d/archlinux.conf
@@ -0,0 +1,14 @@
+[Match]
+Distribution=arch
+
+[Content]
+SkeletonTrees=/var/lib/pacman/sync:/var/lib/pacman/sync
+Packages=
+	systemd
+	bash
+	shadow
+	sudo
+	openssh
+	ca-certificates
+	make
+	go
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ecdsa_key b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ecdsa_key
new file mode 100644
index 0000000..4c84aa4
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ecdsa_key
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQT7S60hruhfa16IQnYc37bJDHKBgRDH
+I26Du3CoMLRGDRZFmFFHdZ7r8v5tLsgEL6XvyOLZiUw1w2vAhONc4E2DAAAAqIaKFjWGih
+Y1AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohC
+dhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTY
+MAAAAhAP84kEfvH5BsCNq+N+5R5NZxfIyzm+Utyq/cE3kQLBDLAAAAD3Jvb3RAYXd3YW4t
+dGVzdA==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub
new file mode 100644
index 0000000..268f2e6
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ecdsa_key.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM= root@awwan-test
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ed25519_key b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ed25519_key
new file mode 100644
index 0000000..5613dbc
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ed25519_key
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEAAAAJiq/vlwqv75
+cAAAAAtzc2gtZWQyNTUxOQAAACBsXuBVZwXij+tW08TqrDJ7ZAgb45M5NK2RS99pfZeNEA
+AAAECQJtEe3tM08NBhUIP03r+vDQ7vTkQA0uqF4KbS6Thhamxe4FVnBeKP61bTxOqsMntk
+CBvjkzk0rZFL32l9l40QAAAAD3Jvb3RAYXd3YW4tdGVzdAECAwQFBg==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub
new file mode 100644
index 0000000..4b588a3
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_ed25519_key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q root@awwan-test
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_rsa_key b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_rsa_key
new file mode 100644
index 0000000..3cd073e
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_rsa_key
@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAyQPHy2DJlH/QwMILv10bf1MmHZQJY+dPBCRhRz8UnWLedGqUyZFY
+z33Q4Vkz+jUxLOoO7H5SYeo9iW8wbNoPBg/G7J8yf9nAxn68cRXRmM6C5YE8ZR4HbVMIs0
+htPgHfZVENKeDTXoHTcy3/rxaSTeBOxBpzzPtaBerIlzDA0aucPCOPv22WclD4cKrcoAsz
+yebLVPqS3iiegVdp4a7cJMaG0nn+GcqA2FhWn3XCxC5PklXn57+jJhUCa3Fm0CkUXu5+CL
+5tnDfFILm/Xu7wel5yka6y/n+zUAE7vQspkl2mo2rKUQCk5Yev4UREmfETnnNeSgaWT+jF
+EqxpkhQzst8Glxrrljfxjng6Z8ubixxp7/vZ4BJZI7rDknvH03Zg8IYDr9VcFF4klr62Jg
+6EK7ISqHnXbveQFRRwPkepgav60l5+XIuRPdf+kokbv5tHSZ6smrywEUIYsJNDkMKhT9nl
+ZHpmoz4PqgtP/e1eRoXZj9++8fJQa2k/twEht9rfAAAFiDtmriw7Zq4sAAAAB3NzaC1yc2
+EAAAGBAMkDx8tgyZR/0MDCC79dG39TJh2UCWPnTwQkYUc/FJ1i3nRqlMmRWM990OFZM/o1
+MSzqDux+UmHqPYlvMGzaDwYPxuyfMn/ZwMZ+vHEV0ZjOguWBPGUeB21TCLNIbT4B32VRDS
+ng016B03Mt/68Wkk3gTsQac8z7WgXqyJcwwNGrnDwjj79tlnJQ+HCq3KALM8nmy1T6kt4o
+noFXaeGu3CTGhtJ5/hnKgNhYVp91wsQuT5JV5+e/oyYVAmtxZtApFF7ufgi+bZw3xSC5v1
+7u8HpecpGusv5/s1ABO70LKZJdpqNqylEApOWHr+FERJnxE55zXkoGlk/oxRKsaZIUM7Lf
+Bpca65Y38Y54OmfLm4scae/72eASWSO6w5J7x9N2YPCGA6/VXBReJJa+tiYOhCuyEqh512
+73kBUUcD5HqYGr+tJeflyLkT3X/pKJG7+bR0merJq8sBFCGLCTQ5DCoU/Z5WR6ZqM+D6oL
+T/3tXkaF2Y/fvvHyUGtpP7cBIbfa3wAAAAMBAAEAAAGAMxcb48wwz+aAl016kOPIRl9K07
++5d0PmKGZatzIIOkxTwAEK2gRwLySKP4xdkp2MZx8CNgeRRsOzakfxZekyYlcGN0PrIOWm
+gozZtmBWSmFKkax8PjMYriepkW+6HEV7kxO7pcY30tBqft7VGppBCzwUqPEUN6g25EQdQZ
+gpmeDlL7/WHFBtKZb83h3/P0o5mnpneazKQV7Pko42Ih9AYrR2te49sC5w+wvQ0Gys2RHw
+NYBSFev2Ooqid8511DhsOmPd25YlzetPxl9pkf5W1uD+QJHOhT2Y6Yx1zkrgX2kfZpWrig
+49FgcAFqBcOpuECGFqeXBW1RlRVgrML0RfgKTeOorjOkjAqUqudjgtFqW8jxgsF7zAzDqp
+HdfFA7EHMwLZ5cqIh2PqrZ9Sip87MGlX5gOoNsRk6LYvxwPXtyB3K5FenlxaZSYibYBeUd
+DWiFIwV2n5SgvSl+t6t0ughvoztl/UqQzmn4BJ5f8eaHVocdSFEagOy30wzji1m/sxAAAA
+wHHzn9Y72W+M8xB+wYsFOY/qtsLoiis6o422MhTDFdVtHjDkuV+uwtgm9Dq3ZDvLlvFrTn
+AgbyQFmqvVOn6SWZtspnZhAYLFfGhzlAHU05asCyx2u0pB6FLZDHEiUc+F22CXs8vRvBU2
+Du9U/ULMdCkP2Bu1PJN/b98DkyfpErtG/EhUmoPR6GR+Ulpdg+c6KcothUi9rEIu83Hmg0
+sG7OeqcBqOtj5jgifARnHmiS4e1eUfIMSjkO5jfWw4xwvZiAAAAMEA9KtDKbEZr9pnGQPA
+2VeuoMnoJ4271UzqufuIE2/uWmXSG3NgBAWnNwcby6cpJdhdnM7u9C7CWFaB3Ay/cGZ64H
+U6k4txA/XgGjW0j8H/cBF7S7a3alhJ6SlkfHiyVhuO5jx5ZyJbN/CyyKgd1H3JfTCPd11/
+eyKINWkX2hDuCs2ha87j68cTbUEZK+1Zs/AMqIZoPFlu34PUDf5wxfGxq8aEFo1NLY9E79
+1X6xE/3l7KrHi2d146XnSTJZaX8YQnAAAAwQDSUvbDwbzMu9RQaxo127pySdCkUIfnli/0
+gS+CUBz7yop5Cssk+oMoFZvptpNkm8xHDotLKh/WMBBaI6JK29UN6n+IKWL6NrYdsmWd5w
+pVjgqN4bXRgydL+UpsJCUJMiQAgwlj8RLQKAG6BDYU1LV2M457hLnI0hHM5wPnyvwnDhSb
+3g8IgVkyxfZT3IpsMtbGZkEOHGyE20pHiOcZGaI/yEboOMKUwAaFgvvVrQmeg+c7mu98e3
+VMececaZKSDokAAAAPcm9vdEBhd3dhbi10ZXN0AQIDBA==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub
new file mode 100644
index 0000000..9c58598
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/ssh_host_rsa_key.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8= root@awwan-test
diff --git a/_ops/awwan-test/mkosi.extra/etc/ssh/sshd_config b/_ops/awwan-test/mkosi.extra/etc/ssh/sshd_config
new file mode 100644
index 0000000..f8e2ed6
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/ssh/sshd_config
@@ -0,0 +1,117 @@
+# Include drop-in configurations
+Include /etc/ssh/sshd_config.d/*.conf
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Port 10022
+AddressFamily inet
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#KbdInteractiveAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the KbdInteractiveAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via KbdInteractiveAuthentication may bypass
+# the setting of "PermitRootLogin prohibit-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and KbdInteractiveAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/_ops/awwan-test/mkosi.extra/etc/sudoers.d/awwan b/_ops/awwan-test/mkosi.extra/etc/sudoers.d/awwan
new file mode 100644
index 0000000..b6a96ed
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/etc/sudoers.d/awwan
@@ -0,0 +1,5 @@
+awwan ALL=(ALL:ALL) ALL
+awwanssh ALL=(ALL:ALL) NOPASSWD: ALL
+
+## Always ask for password.
+Defaults:awwan timestamp_timeout=0,passwd_tries=1
diff --git a/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/id_ed25519 b/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/id_ed25519
new file mode 100644
index 0000000..b55b87f
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/id_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+QAAAJgeYYttHmGL
+bQAAAAtzc2gtZWQyNTUxOQAAACCki7C9UqKewWme1AdJTeS+jzoICL8tSkXUvqLNN/aq+Q
+AAAEB1EDYm+eeuejaJJt12dn0ST9VxINRY1v9YslT9cSuEfqSLsL1Sop7BaZ7UB0lN5L6P
+OggIvy1KRdS+os039qr5AAAAEGF3d2FuQGF3d2FuLXRlc3QBAgMEBQ==
+-----END OPENSSH PRIVATE KEY-----
diff --git a/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/id_ed25519.pub b/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/id_ed25519.pub
new file mode 100644
index 0000000..6b83dfd
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test
diff --git a/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/known_hosts b/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/known_hosts
new file mode 100644
index 0000000..b34db2d
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/home/awwan/.ssh/known_hosts
@@ -0,0 +1,3 @@
+[127.0.0.1]:10022 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGxe4FVnBeKP61bTxOqsMntkCBvjkzk0rZFL32l9l40Q
+[127.0.0.1]:10022 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDJA8fLYMmUf9DAwgu/XRt/UyYdlAlj508EJGFHPxSdYt50apTJkVjPfdDhWTP6NTEs6g7sflJh6j2JbzBs2g8GD8bsnzJ/2cDGfrxxFdGYzoLlgTxlHgdtUwizSG0+Ad9lUQ0p4NNegdNzLf+vFpJN4E7EGnPM+1oF6siXMMDRq5w8I4+/bZZyUPhwqtygCzPJ5stU+pLeKJ6BV2nhrtwkxobSef4ZyoDYWFafdcLELk+SVefnv6MmFQJrcWbQKRRe7n4Ivm2cN8Ugub9e7vB6XnKRrrL+f7NQATu9CymSXaajaspRAKTlh6/hRESZ8ROec15KBpZP6MUSrGmSFDOy3waXGuuWN/GOeDpny5uLHGnv+9ngElkjusOSe8fTdmDwhgOv1VwUXiSWvrYmDoQrshKoeddu95AVFHA+R6mBq/rSXn5ci5E91/6SiRu/m0dJnqyavLARQhiwk0OQwqFP2eVkemajPg+qC0/97V5GhdmP377x8lBraT+3ASG32t8=
+[127.0.0.1]:10022 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtLrSGu6F9rXohCdhzftskMcoGBEMcjboO7cKgwtEYNFkWYUUd1nuvy/m0uyAQvpe/I4tmJTDXDa8CE41zgTYM=
diff --git a/_ops/awwan-test/mkosi.extra/home/awwanssh/.ssh/authorized_keys b/_ops/awwan-test/mkosi.extra/home/awwanssh/.ssh/authorized_keys
new file mode 100644
index 0000000..6b83dfd
--- /dev/null
+++ b/_ops/awwan-test/mkosi.extra/home/awwanssh/.ssh/authorized_keys
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSLsL1Sop7BaZ7UB0lN5L6POggIvy1KRdS+os039qr5 awwan@awwan-test
diff --git a/_ops/awwan-test/mkosi.finalize.chroot b/_ops/awwan-test/mkosi.finalize.chroot
new file mode 100755
index 0000000..84db413
--- /dev/null
+++ b/_ops/awwan-test/mkosi.finalize.chroot
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+systemctl enable sshd.service
+
+chmod 0600 /etc/ssh/*_key
+chown -R awwan:awwan /home/awwan/
+chown -R awwanssh:awwanssh /home/awwanssh/
diff --git a/_ops/awwan-test/mkosi.nspawn b/_ops/awwan-test/mkosi.nspawn
new file mode 100644
index 0000000..f701c4a
--- /dev/null
+++ b/_ops/awwan-test/mkosi.nspawn
@@ -0,0 +1,9 @@
+[Files]
+Bind=/data/awwan/src:/home/awwan/src:idmap
+Bind=/data/awwan/gocache:/home/awwan/.cache/go-build:idmap
+Bind=/data/awwan/gomodcache:/home/awwan/go/pkg/mod:idmap
+
+[Network]
+Private = yes
+VirtualEthernet = yes
+Zone = awwan
diff --git a/_ops/awwan-test/mkosi.prepare.chroot b/_ops/awwan-test/mkosi.prepare.chroot
new file mode 100755
index 0000000..0c401fb
--- /dev/null
+++ b/_ops/awwan-test/mkosi.prepare.chroot
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+set -x
+
+## User testing sudo with password prompt.
+## The UID of user in container must equal with UID in host, for
+## better compatibility.
+## The password is "awwan".
+useradd --create-home --user-group \
+	--uid $MKOSI_UID \
+	--password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \
+	awwan
+
+## User testing with ssh.
+useradd --create-home --user-group --groups wheel \
+	--uid $((MKOSI_UID+1)) \
+	--password '$2a$10$XVhjfOB4Un5DJE4TQEBPrOHfBVGVWP4iA3ElUMzcbJ7jdc2zZPgZ2' \
+	awwanssh
diff --git a/_ops/awwan-test/mkosi.skeleton/etc/pacman.conf b/_ops/awwan-test/mkosi.skeleton/etc/pacman.conf
new file mode 100644
index 0000000..e288913
--- /dev/null
+++ b/_ops/awwan-test/mkosi.skeleton/etc/pacman.conf
@@ -0,0 +1,101 @@
+#
+# /etc/pacman.conf
+#
+# See the pacman.conf(5) manpage for option and repository directives
+
+#
+# GENERAL OPTIONS
+#
+[options]
+# The following paths are commented out with their default values listed.
+# If you wish to use different paths, uncomment and update the paths.
+#RootDir     = /
+#DBPath      = /var/lib/pacman/
+CacheDir    = /home/var/cache/pacman/pkg/
+#LogFile     = /var/log/pacman.log
+#GPGDir      = /etc/pacman.d/gnupg/
+#HookDir     = /etc/pacman.d/hooks/
+HoldPkg     = pacman glibc
+#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
+#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
+CleanMethod = KeepInstalled
+Architecture = auto
+
+# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
+IgnorePkg   = go
+#IgnoreGroup =
+
+#NoUpgrade   =
+#NoExtract   =
+
+# Misc options
+#UseSyslog
+#Color
+#NoProgressBar
+CheckSpace
+VerbosePkgLists
+#ParallelDownloads = 5
+ILoveCandy
+
+# By default, pacman accepts packages signed by keys that its local keyring
+# trusts (see pacman-key and its man page), as well as unsigned packages.
+SigLevel    = Required DatabaseOptional
+LocalFileSigLevel = Optional
+#RemoteFileSigLevel = Required
+
+# NOTE: You must run `pacman-key --init` before first using pacman; the local
+# keyring can then be populated with the keys of all official Arch Linux
+# packagers with `pacman-key --populate archlinux`.
+
+#
+# REPOSITORIES
+#   - can be defined here or included from another file
+#   - pacman will search repositories in the order defined here
+#   - local/custom mirrors can be added here or in separate files
+#   - repositories listed first will take precedence when packages
+#     have identical names, regardless of version number
+#   - URLs will have $repo replaced by the name of the current repo
+#   - URLs will have $arch replaced by the name of the architecture
+#
+# Repository entries are of the format:
+#       [repo-name]
+#       Server = ServerName
+#       Include = IncludePath
+#
+# The header [repo-name] is crucial - it must be present and
+# uncommented to enable the repo.
+#
+
+# The testing repositories are disabled by default. To enable, uncomment the
+# repo name header and Include lines. You can add preferred servers immediately
+# after the header, and they will be used before the default mirrors.
+
+#[core-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[core]
+Server = https://mirror.0x.sg/archlinux/$repo/os/$arch
+
+#[extra-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+[extra]
+Server = https://mirror.0x.sg/archlinux/$repo/os/$arch
+
+# If you want to run 32 bit applications on your x86_64 system,
+# enable the multilib repositories as required here.
+
+#[multilib-testing]
+#Include = /etc/pacman.d/mirrorlist
+
+#[multilib]
+#Include = /etc/pacman.d/mirrorlist
+
+# An example of a custom package repository.  See the pacman manpage for
+# tips on creating your own repositories.
+#[custom]
+#SigLevel = Optional TrustAll
+#Server = file:///home/custompkgs
+
+[build.kilabit.info]
+Server = https://build.kilabit.info/aur