blob: 6e64160e1d4eb59f3840f7469dbf9f05020a1412 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
container=build
volumegroup=algol
users=(
jrayhawk
lars
andrew
)
mkdir -p /srv/lxc/
lvcreate -L 50G -n $container $volumegroup
mkfs.xfs /dev/$volumegroup/$container
mkdir /srv/lxc/$container
echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab
mount /srv/lxc/$container
/usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container
addr=11
while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do
addr=$(($addr+1))
done
echo >> /srv/lxc/$container/config
echo '# networking' >> /srv/lxc/$container/config
echo lxc.utsname = $container >> /srv/lxc/$container/config
echo lxc.network.type = veth >> /srv/lxc/$container/config
echo lxc.network.flags = up >> /srv/lxc/$container/config
echo lxc.network.link = br0 >> /srv/lxc/$container/config
echo lxc.network.ipv4 = 192.168.1.$addr/24 >> /srv/lxc/$container/config
echo lxc.network.hwaddr = 00:16:53:00:01:$addr >> /srv/lxc/$container/config
lxc-create -n $container -f /srv/lxc/build/config
echo > /srv/lxc/$container/rootfs/etc/network/interfaces
# why god why are chroots necessary for a paradigm that seeks to replace chroots
chroot /srv/lxc/$container/rootfs/ passwd -l root
chroot /srv/lxc/$container/rootfs/ apt-get update
chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim
echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers
chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales
for newuser in "${users[@]}"; do
chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser
chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser
chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo
tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/
done
( grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config
echo "PermitRootLogin no"
echo "PasswordAuthentication no" ) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config
|