Add Getting Started

2025-12-22 00:19:31 +00:00 · 2025-12-22 00:19:31 +00:00 · 8c8f07fb16
commit 8c8f07fb16
1 changed files with 358 additions and 0 deletions
--- a/Getting-Started.md
+++ b/Getting-Started.md
@ -0,0 +1,358 @@
 # 🚀 MNMIVM-SE — Getting Started
 This guide walks through **installing dependencies**, **building MNMIVM-SE**, and **basic CLI usage** on a fresh system.
 MNMIVM-SE is intentionally simple: no services, no installers, no background daemons.  
 If the host is ready, the binary just runs.
 ---
 ## 🧱 Prerequisites
 Before building or running MNMIVM-SE, your host must support **KVM virtualization** and **bridged networking**.
 ### Hardware requirements
 - x86_64 CPU
 - Hardware virtualization enabled (Intel VT-x / AMD-V)
 - Wired Ethernet (Wi-Fi cannot be bridged)
 ---
 ## 📦 Installing Dependencies
 ### Debian 12+ (Recommended)
 ```bash
 sudo apt update
 sudo apt install -y \
  qemu-system-x86 \
  qemu-utils \
  qemu-bridge-helper \
  cloud-image-utils \
  genisoimage \
  bridge-utils \
  iproute2 \
  iptables \
  curl \
  ca-certificates \
  git \
  build-essential
 ````
 Optional (but useful):
 ```bash
 sudo apt install -y cpu-checker
 kvm-ok
 ```
 Verify KVM is available:
 ```bash
 ls -l /dev/kvm
 ```
 ---
 ### Alpine Linux 3.22+
 Alpine does not ship a hypervisor stack by default.
 ```bash
 apk add \
  qemu-system-x86_64 \
  qemu-img \
  qemu-hw-display-virtio-vga \
  bridge-utils \
  cdrkit \
  go \
  git
 ```
 Notes:
 * `cdrkit` provides `genisoimage`
 * No libvirt or system services are required
 * OpenRC is sufficient
 ---
 ## 🔌 Required Kernel Modules
 MNMIVM-SE requires **TUN/TAP** for bridged networking.
 Check:
 ```bash
 ls -l /dev/net/tun
 ```
 If missing:
 ```bash
 sudo modprobe tun
 ```
 Persist on boot:
 ### Debian
 ```bash
 echo tun | sudo tee /etc/modules-load.d/tun.conf
 ```
 ### Alpine
 ```bash
 echo tun | sudo tee -a /etc/modules
 ```
 ---
 ## 🌐 Bridge Setup (Required)
 MNMIVM-SE expects a Linux bridge named **`br0`**.
 ### Example (Debian `/etc/network/interfaces`)
 ```ini
 auto lo
 iface lo inet loopback
 auto ens18
 iface ens18 inet manual
 auto br0
 iface br0 inet static
    address 192.168.86.10
    netmask 255.255.255.0
    gateway 192.168.86.1
    dns-nameservers 1.1.1.1 8.8.8.8
    bridge_ports ens18
    bridge_stp off
    bridge_fd 0
 ```
 Rules:
 * Host IP lives on `br0`
 * Physical NIC has **no IP**
 * Wi-Fi cannot be bridged
 ---
 ## 🔥 Disable Bridge Netfilter (CRITICAL)
 If this is enabled, VMs will boot but be unreachable.
 ```bash
 cat /proc/sys/net/bridge/bridge-nf-call-iptables
 # must be 0
 ```
 Fix (runtime):
 ```bash
 sudo sysctl -w net.bridge.bridge-nf-call-iptables=0
 sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=0
 sudo sysctl -w net.bridge.bridge-nf-call-arptables=0
 ```
 Persist:
 ```ini
 # /etc/sysctl.d/99-bridge.conf
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-arptables = 0
 ```
 ---
 ## 🔐 Allow QEMU to Use the Bridge
 Create or edit:
 ```bash
 sudo nano /etc/qemu/bridge.conf
 ```
 ```ini
 allow br0
 ```
 Verify helper exists:
 ```bash
 ls -l /usr/lib/qemu/qemu-bridge-helper
 ```
 ---
 ## 🛠 Building MNMIVM-SE
 Clone the repository:
 ```bash
 git clone https://mentalnet.xyz/forgejo/markmental/mnmivm-se.git
 cd mnmivm-se
 ```
 Build the binary:
 ```bash
 ./build.sh
 ```
 This produces:
 ```bash
 ./mnmivm-se
 ```
 (Optional) Install system-wide:
 ```bash
 sudo install -m 755 mnmivm-se /usr/local/bin/mnmivm-se
 ```
 ---
 ## ⚙️ Configuration (Code-Level)
 MNMIVM-SE is configured **in code** for predictability.
 Edit constants in `main.go`:
 ```go
 // Networking
 bridgeName = "br0"
 lanCIDR    = "192.168.86.0/24"
 lanGW      = "192.168.86.1"
 lanDNS1    = "192.168.86.1"
 lanDNS2    = "8.8.8.8"
 // VM sizing
 baseDiskSize = "12G"
 memMB        = "1024"
 cpus         = "1"
 ```
 Rebuild after changes:
 ```bash
 ./build.sh
 ```
 ---
 ## 🧰 CLI Usage
 ### Create a VM
 ```bash
 sudo mnmivm-se create vm1 \
  --os debian \
  --pubkey-path ~/.ssh/id_ed25519.pub \
  --ip 192.168.86.53
 ```
 This will:
 * Download the cloud image (if missing)
 * Create a QCOW2 disk
 * Generate a cloud-init seed
 * Pin MAC, IP, and SSH key
 ---
 ### Start the VM
 ```bash
 sudo mnmivm-se start vm1
 ```
 ---
 ### SSH Into the VM
 ```bash
 ssh debian@192.168.86.53
 ```
 SSH is **key-only**.
 No passwords are enabled.
 ---
 ### Stop the VM
 ```bash
 sudo mnmivm-se stop vm1
 ```
 ---
 ### Update Cloud-Init (Key or IP)
 ```bash
 sudo mnmivm-se update-cloud vm1 \
  --pubkey-path newkey.pub \
  --ip 192.168.86.54
 ```
 Changes apply on next boot.
 ---
 ### List VMs
 ```bash
 sudo mnmivm-se list
 ```
 ---
 ### Delete a VM
 ```bash
 sudo mnmivm-se delete vm1
 ```
 Requires typing `YES` to confirm.
 ---
 ## 🔑 Security Notes
 * SSH key–only access
 * No password authentication
 * No root login
 * Static IP assignment
 * VNC console for recovery only
 Security is **intentional by default**.
 ---
 ## 🧠 Final Notes
 * MNMIVM-SE does not manage host firewalls
 * IPv4 is used for predictable internal networking
 * IPv6 may be present depending on your router
 * If IPv6 is enabled, it is assumed you understand its exposure model
 If something breaks, it’s almost always:
 * bridge config
 * kernel sysctls
 * missing `tun` module
 That’s not a bug.
 That’s infrastructure.
 ---
 Happy launching! 🚀