container=dev volumegroup=algol users=( jrayhawk lars andrew ) # you probably want something like this in /etc/network/interfaces #auto br0 #iface br0 inet static # bridge_ports eth1 # bridge_fd 0 # address 192.168.1.10 # netmask 255.255.255.0 mkdir -p /srv/lxc/ lvcreate -L 1G -n $container $volumegroup mkfs.xfs /dev/$volumegroup/$container mkdir /srv/lxc/$container echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab mount /srv/lxc/$container /usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container addr=11 while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do addr=$(($addr+1)) done echo >> /srv/lxc/$container/config echo '# networking' >> /srv/lxc/$container/config echo lxc.utsname = $container >> /srv/lxc/$container/config echo lxc.network.type = veth >> /srv/lxc/$container/config echo lxc.network.flags = up >> /srv/lxc/$container/config echo lxc.network.link = br0 >> /srv/lxc/$container/config echo lxc.network.ipv4 = 192.168.1.$addr/24 >> /srv/lxc/$container/config echo lxc.network.hwaddr = 00:16:53:00:01:$addr >> /srv/lxc/$container/config lxc-create -n $container -f /srv/lxc/$container/config echo > /srv/lxc/$container/rootfs/etc/network/interfaces # why god why are chroots necessary for a paradigm that seeks to replace chroots chroot /srv/lxc/$container/rootfs/ passwd -l root chroot /srv/lxc/$container/rootfs/ apt-get update chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales for newuser in "${users[@]}"; do chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/ done ( grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config echo "PermitRootLogin no" echo "PasswordAuthentication no" ) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config