feat(www): add post systemd-nspawn.

13 files changed, 229 insertions, 16 deletions

diff --git a/.editorconfig b/.editorconfig
index beab7a9..d28b4e3 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -13,6 +13,7 @@ tab_width = 8
 
 [*.md]
 indent_size = 2
+max_line_length = 80
 
 [*.{html,css,js,ts}]
 indent_size = 2
diff --git a/dictionary.txt b/dictionary.txt
index 7688382..139dee0 100644
--- a/dictionary.txt
+++ b/dictionary.txt
@@ -2,6 +2,7 @@
 crupest
 Yuqian
 Yang
+fxxking
 
 # self-hosted services
 2fauth
@@ -21,6 +22,7 @@ gerrit
 esmtp
 tini
 healthcheck
+nspawn
 
 # vim/nvim
 nvim
@@ -46,6 +48,8 @@ kmod
 nproc
 sourceware
 zstd
+btrfs
+pacman
 
 # hurd
 gnumach
diff --git a/store/home/config/aichat/roles/blogger.md b/store/home/config/aichat/roles/blogger.md
new file mode 100644
index 0000000..b2ebb65
--- /dev/null
+++ b/store/home/config/aichat/roles/blogger.md
@@ -0,0 +1,4 @@
+model: deepseek:deepseek-chat
+
+---
+You are DeepSeek, an AI assistant specialized in English writing. Your task is to refine my writings and explain the changes to help me improve my English writing skills.
diff --git a/store/home/config/aichat/roles/coder.md b/store/home/config/aichat/roles/coder.md
new file mode 100644
index 0000000..ae5458b
--- /dev/null
+++ b/store/home/config/aichat/roles/coder.md
@@ -0,0 +1,5 @@
+model: deepseek:deepseek-chat
+temperature: 0
+
+---
+You are an AI programming assistant. Help users write, debug, and optimize code. Provide clear, well-commented examples, explain concepts simply, and suggest multiple solutions when possible. Prioritize best practices like readability, efficiency, and security. Ask clarifying questions if the request is unclear.
diff --git a/store/home/config/nvim/lazy-lock.json b/store/home/config/nvim/lazy-lock.json
index 985a07d..8a1a878 100644
--- a/store/home/config/nvim/lazy-lock.json
+++ b/store/home/config/nvim/lazy-lock.json
@@ -3,15 +3,15 @@
   "cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
   "cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" },
   "cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
-  "gitsigns.nvim": { "branch": "main", "commit": "011dc6718bcebdf92a5336bb0da79189c3afe621" },
+  "gitsigns.nvim": { "branch": "main", "commit": "7010000889bfb6c26065e0b0f7f1e6aa9163edd9" },
   "lazy.nvim": { "branch": "main", "commit": "6c3bda4aca61a13a9c63f1c1d1b16b9d3be90d7a" },
-  "lualine.nvim": { "branch": "master", "commit": "f4f791f67e70d378a754d02da068231d2352e5bc" },
+  "lualine.nvim": { "branch": "master", "commit": "97b2e8b9b2e24dd1eb0663a56f065151d503cc03" },
   "nvim-autopairs": { "branch": "master", "commit": "68f0e5c3dab23261a945272032ee6700af86227a" },
-  "nvim-cmp": { "branch": "main", "commit": "c27370703e798666486e3064b64d59eaf4bdc6d5" },
-  "nvim-lint": { "branch": "master", "commit": "6e9dd545a1af204c4022a8fcd99727ea41ffdcc8" },
-  "nvim-lspconfig": { "branch": "master", "commit": "8a1529e46eef5efc86c34c8d9bdd313abc2ecba0" },
+  "nvim-cmp": { "branch": "main", "commit": "1e1900b0769324a9675ef85b38f99cca29e203b3" },
+  "nvim-lint": { "branch": "master", "commit": "936197073214c26a347fb933c9459c8766376b23" },
+  "nvim-lspconfig": { "branch": "master", "commit": "185b2af444b27d6541c02d662b5b68190e5cf0c4" },
   "nvim-tree.lua": { "branch": "master", "commit": "c09ff35de503a41fa62465c6b4ae72d96e7a7ce4" },
-  "nvim-web-devicons": { "branch": "master", "commit": "ab4cfee554e501f497bce0856788d43cf2eb93d7" },
+  "nvim-web-devicons": { "branch": "master", "commit": "4c3a5848ee0b09ecdea73adcd2a689190aeb728c" },
   "plenary.nvim": { "branch": "master", "commit": "857c5ac632080dba10aae49dba902ce3abf91b35" },
-  "telescope.nvim": { "branch": "master", "commit": "814f102cd1da3dc78c7d2f20f2ef3ed3cdf0e6e4" }
+  "telescope.nvim": { "branch": "master", "commit": "a4ed82509cecc56df1c7138920a1aeaf246c0ac5" }
 }
diff --git a/store/home/gitconfig b/store/home/gitconfig
index b343ab3..4b88c56 100644
--- a/store/home/gitconfig
+++ b/store/home/gitconfig
@@ -8,3 +8,4 @@
 	helper = /usr/lib/git-core/git-credential-libsecret
 [alias]
 	lg = log --decorate --oneline --graph
+	pap = push --all --prune
diff --git a/www/assets/res/css/base.css b/www/assets/res/css/base.css
index c6d9347..14e2819 100644
--- a/www/assets/res/css/base.css
+++ b/www/assets/res/css/base.css
@@ -57,10 +57,10 @@ table  {
 }
 
 .chroma {
-  overflow-x: scroll;
+  overflow-x: auto;
   padding-left: 1px;
   padding-right: 4px;
-  border-radius: 3px;
+  border-radius: 6px;
 }
 
 nav {
@@ -140,7 +140,7 @@ html[data-theme="dark"] {
   }
 
   & :is(.chroma,.chroma *) {
-    background-color: hsl(0, 0%, 1.5%);
+    background-color: hsl(0, 0%, 3%);
 
     & .n {
       color: var(--fg-color);
diff --git a/www/config/_default/hugo.yaml b/www/config/_default/hugo.yaml
index 2479f6e..b913177 100644
--- a/www/config/_default/hugo.yaml
+++ b/www/config/_default/hugo.yaml
@@ -32,4 +32,3 @@ params:
     minify: false
     sourceMap: ""
 
-  timeline: "https://timeline.crupest.life"
\ No newline at end of file
diff --git a/www/content/hurd/todos.md b/www/content/hurd/todos.md
index d95bfb9..f8273fb 100644
--- a/www/content/hurd/todos.md
+++ b/www/content/hurd/todos.md
@@ -34,7 +34,7 @@ debian: <https://salsa.debian.org/debian/abseil>
 
 {{< link-group >}}
 mail
-<https://lists.debian.org/debian-hurd/2025/02/msg00011.html>\
+<https://lists.debian.org/debian-hurd/2025/02/msg00011.html>
 <https://lists.debian.org/debian-hurd/2025/02/msg00035.html>
 {{< /link-group >}}
 
diff --git a/www/content/posts/c-func-ext.md b/www/content/posts/c-func-ext.md
new file mode 100644
index 0000000..f5ab8fb
--- /dev/null
+++ b/www/content/posts/c-func-ext.md
@@ -0,0 +1,23 @@
+---
+title: "Libc/POSIX Function \"Extensions\""
+date: 2025-03-04T13:40:33+08:00
+lastmod: 2025-03-04T13:40:33+08:00
+categories: coding
+tags:
+  - c
+  - posix
+---
+
+Recently, I've been working on porting libraries to GNU/Hurd. The maintainers of GNU/Hurd
+have a strong belief that [`*_MAX` macros on POSIX system interfaces](https://pubs.opengroup.org/onlinepubs/9699919799.2008edition/nframe.html)
+are very evil things. This is indeed true as a lot of (old) libraries relying on those macros
+to determine the buffer size. In modern programming world, it is definitely a bad
+idea to use fixed values for buffer sizes without considering possible overflow, unless
+you are certain that size is sufficient.
+
+When you get rid of some old things, you will always meet compatibility problems. In these
+case, old source codes using these macros just do not compile now. So here are some
+
+<!--more-->
+
+
diff --git a/www/content/posts/nspawn.md b/www/content/posts/nspawn.md
new file mode 100644
index 0000000..8dc06f3
--- /dev/null
+++ b/www/content/posts/nspawn.md
@@ -0,0 +1,176 @@
+---
+title: "Use systemd-nspawn to Create a Development Sandbox"
+date: 2025-03-04T23:22:23+08:00
+lastmod: 2025-03-27T01:32:40+08:00
+---
+
+*systemd-nspawn* is a great tool for creating development sandboxes. Compared to
+other similar technologies, it's lightweight, flexible, and easy to use. In this
+blog, I'll present a simple guide to using it.
+
+<!--more-->
+
+## Advantages
+
+I've been using traditional VMs and Docker for creating development
+environments. While both work fine, regardless of the performance, they suffer
+from being overly isolated. Two big headaches for me are host network sharing in
+traditional VMs and the immutability of Docker container ports and mounts.
+
+*systemd-nspawn* is much more flexible. Every feature can be configured
+granularly and dynamically. For example, filesystem sharing can be configured to
+work like bind mounts, and network isolation can be disabled entirely, which
+exactly solves the two headaches mentioned above. Additionally, being part of
+*systemd*, it has the same excellent design as other *systemd* components.
+
+Debian has a similar powerful tool called *schroot*. It is the official tool for
+automatic package building. Unfortunately, it seems to be a tool specific to
+Debian.
+
+## Usage
+
+I'll demonstrate how to create a *Ubuntu 20.04* VM on Arch Linux as an example.
+You should adjust the commands based on your own situation.
+
+*systemd-nspawn* consists of two parts that work together to achieve its VM
+functionality:
+1. The program `systemd-nspawn`, which runs other programs in an isolated
+   environment with user-specified settings. Each running VM is essentially a
+   group of processes launched via `systemd-nspawn`.
+2. Components for defining and managing VMs, possibly utilizing
+   `systemd-nspawn`.
+
+*systemd-nspawn* has similar usage to *systemd service*:
+
+- `[name].service` => `[name].nspawn`: VM definitions.
+  - Should be placed in `/etc/systemd/nspawn/`, where `machinectl` scans for VM
+    definitions.
+  - `[name]` serves as the VM's name and should be used to specify the VM when
+    calling `machinectl`. Note: You'd better use the VM's hostname as its value
+    (avoid illegal characters like `.`) to prevent weird issues caused by the
+    inconsistency.
+  - The options available roughly mirror `systemd-nspawn`'s CLI arguments, with
+    some adjustments to better fit VM semantics.
+  - Isolation-related options are usually prefixed with `Private` (e.g.,
+    `PrivateUsers=`).
+- `systemctl` => `machinectl`: VM management.
+  - `enable`/`disable`: Set whether the VM starts automatically at system boot.
+  - `start`/`poweroff`/`reboot`/`terminate`/`kill`: Control the VM's running
+    state.
+  - `login`/`shell`: Do things inside the VM.
+
+### Create Root Filesystem
+
+The root filesystem of a distribution can be created using a special tool from
+its **package manager**. For Debian-based distributions, it's `debootstrap`. If
+your OS uses a different package manager ecosystem, the target distribution's
+one and its keyrings (which might reside somewhere else) need to be installed
+first.
+
+```bash-session
+# pacman -S debootstrap debian-archive-keyring ubuntu-keyring
+```
+
+Regular directories work perfectly as root filesystems, but other directory-like
+things should work, too, such as `btrfs` subvolume and snapshot.
+
+```bash-session
+# btrfs subvolume create /var/lib/machines/ubuntu204
+```
+
+Now, run `debootstrap` to create a minimal filesystem. The following command
+should be modified with the target distribution's codename and one of its
+mirrors selected by you.
+
+```bash-session
+# debootstrap --include=dbus,libpam-systemd focal \
+    /var/lib/machines/ubuntu204 https://mirrors.ustc.edu.cn/ubuntu/
+```
+
+At this point, the filesystem contains only the distribution's essential
+packages, much like a base Docker image (e.g., `debian`), so you can customize
+it in a similar way.
+
+### Configure and Customize
+
+I'll present my personal configuration here as a reference. You can create a new
+one based on it or from scratch.
+
+1. Disable user isolation: `[Exec] PrivateUsers=no`
+2. Disable network isolation: `[Network] Private=no`
+3. Create a user with the same username, group name, UID and GIDs: should be
+   done inside the VM.
+4. Only bind a subdirectory under *home*: `[Files] Bind=/home/crupest/codes`
+5. Set the hostname: `Hostname=[xxx]`
+
+I disable user isolation because it's implemented using the kernel's user
+namespace, which adds many inconveniences due to UID/GID mapping.
+
+So, the final `.nspawn` file is like:
+
+```systemd
+/etc/systemd/nspawn/ubuntu204.nspawn
+---
+[Exec]
+PrivateUsers=no
+Hostname=crupest-arch-ubuntu204
+
+[Files]
+Bind=/home/crupest/codes
+
+[Network]
+Private=no
+```
+
+If `machinectl` can already start the VM, you can log in to customize it
+further. Otherwise, you can use `systemd-nspawn` directly to enter the VM and
+run commands inside it. `--resolv-conf=bind-host` binds the host's
+`/etc/resolv.conf` file to make the network work.
+
+```bash-session
+# systemd-nspawn --resolv-conf=bind-host -D /var/lib/machines/ubuntu204
+```
+
+Now, inside the VM, you can do whatever you like. In my configuration, a correct
+user must be created manually.
+
+```bash-session
+# apt install locales sudo nano vim less man bash-completion curl wget \
+    build-essential git
+# dpkg-reconfigure locales
+
+# useradd -m -G sudo -s /usr/bin/bash crupest
+# passwd crupest
+```
+
+Some setup may need to be done manually, especially those usually handled by the
+distribution's installer.
+
+```plain
+/etc/hostname
+---
+crupest-arch-ubuntu204
+```
+
+```plain
+/etc/hosts
+---
+127.0.0.1       localhost crupest-arch-ubuntu204
+::1             localhost ip6-localhost ip6-loopback
+ff02::1         ip6-allnodes
+ff02::2         ip6-allrouters
+```
+
+**Ubuntu 20.04 specific:** Due to [a bug in
+systemd](https://github.com/systemd/systemd/issues/22234), the backport source
+has to be added.
+
+```plain
+/etc/apt/sources.list
+---
+deb https://mirrors.ustc.edu.cn/ubuntu focal main
+deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main
+deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main
+deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main
+```
+
diff --git a/www/content/posts/pattern-in-cpp.md b/www/content/posts/pattern-in-cpp.md
index be921fd..1709ad4 100644
--- a/www/content/posts/pattern-in-cpp.md
+++ b/www/content/posts/pattern-in-cpp.md
@@ -1,9 +1,9 @@
 ---
 title: "Pattern in C++"
 date: 2022-01-24T15:57:34+08:00
-categories: Coding
+categories: coding
 tags:
-  - C++
+  - c++
 description: The secret ingredient of secret ingredient soup is ...
 ---
 
diff --git a/www/content/posts/use-paddleocr.md b/www/content/posts/use-paddleocr.md
index f4eae32..806df41 100644
--- a/www/content/posts/use-paddleocr.md
+++ b/www/content/posts/use-paddleocr.md
@@ -2,10 +2,10 @@
 title: "Use PaddleOCR"
 date: 2022-11-30T13:25:36+08:00
 description: Simple steps to use PaddleOCR.
-categories: Coding
+categories: coding
 tags:
   - AI
-  - Python
+  - python
   - OCR
 ---