See nspawn for more details of configuring systemd-nspawn containers. See Arch Linux specific tips if you have Arch Linux as host machine. For clean builds, you can install sbuild inside your container or setup sbuild on host and use the shared home option to access packaging files.

Install required packages and enable networking service

Install systemd-container and debootstrap packages

sudo apt install systemd-container debootstrap

Setup the root filesystem using debootstrap

sudo debootstrap --include=systemd-container,auto-apt-proxy,sudo unstable /var/lib/machines/debian-sid

If you already have apt-cacher-ng setup, then speed up the setup by running

sudo auto-apt-proxy debootstrap --include=systemd-container,auto-apt-proxy,sudo unstable /var/lib/machines/debian-sid

Enable systemd-networkd

sudo systemctl enable systemd-networkd
sudo systemctl start systemd-networkd

Basic configuration of the container

Use bind option to share home directory for <username>,

sudo systemd-nspawn --bind=/home/<username> -D /var/lib/machines/debian-sid --machine debian-sid

For root access (use machinectl login in multiple terminals), setup a root password and create a normal user with sudo access (--uid option can be skipped if the <username> is first user on the host, ie, uid 1000)

root@debian-sid:~# adduser --uid <uid on host for username> <username>
root@debian-sid:~# gpasswd -a <username> sudo
root@debian-sid:~# passwd

Enable systemd-networkd inside the container,

root@debian-sid:~# sudo systemctl enable systemd-networkd

Optional: Setup hostname in /etc/hostname (use your favorite editor)


and /etc/hosts

pravi@debian-sid:~$ cat /etc/hosts       localhost debian-sid
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

Press Control+D to exit.

Start and use the container

If you have the same user id for <username> in host and container, you can use the following command to have a writeable home directory. If the userids are not matching, you can edit the userid in /etc/password inside the container to match the value of user id in host.

Option 1

sudo systemd-nspawn --boot --bind=/home/<username> -D /var/lib/machines/debian-sid --machine debian-sid

Option 2

The same options can be added to debian-sid.nspawn file in /etc/systemd/nspawn/debian-sid.nspawn and use machinectl start. See man 5 systemd.nspawn for more options you can add to this file.

$ sudo mkdir -p /etc/systemd/nspawn

Create /etc/systemd/nspawn/debian-sid.nspawn and add the following lines




sudo machinectl start debian-sid

Login to the container

Use login or shell options of machinectl to connect to your container

sudo machinectl login debian-sid


sudo machinectl shell debian-sid

Note 1: You can use machinectl login debian-sid on a different terminal if you want more login shells.

Note 2: machinectl shell with su - <username> avoids entering passwords and also gives you the same terminal as host (mcahinectl login only give vt220 by default and you may face issues with some programs, for example End key don't work in micro).

Press ^] three times within 1s to exit from the virtual terminal of the container after you logout (Control + D).

To stop the container, run:

sudo machinectl stop debian-sid