blob: eff8d96276c6f8835b79199923d7e18d0c57670f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
container=dev
volumegroup=algol
users=(
jrayhawk
lars
andrew
)
# you probably want something like this in /etc/network/interfaces
#auto br0
#iface br0 inet static
# bridge_ports eth1
# bridge_fd 0
# address 192.168.1.10
# netmask 255.255.255.0
mkdir -p /srv/lxc/
lvcreate -L 1G -n $container $volumegroup
mkfs.xfs /dev/$volumegroup/$container
mkdir /srv/lxc/$container
echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab
mount /srv/lxc/$container
/usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container
addr=11
while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do
addr=$(($addr+1))
done
echo >> /srv/lxc/$container/config
echo '# networking' >> /srv/lxc/$container/config
echo lxc.utsname = $container >> /srv/lxc/$container/config
echo lxc.network.type = veth >> /srv/lxc/$container/config
echo lxc.network.flags = up >> /srv/lxc/$container/config
echo lxc.network.link = br0 >> /srv/lxc/$container/config
echo lxc.network.ipv4 = 192.168.1.$addr/24 >> /srv/lxc/$container/config
echo lxc.network.hwaddr = 00:16:53:00:01:$addr >> /srv/lxc/$container/config
lxc-create -n $container -f /srv/lxc/$container/config
echo > /srv/lxc/$container/rootfs/etc/network/interfaces
# why god why are chroots necessary for a paradigm that seeks to replace chroots
chroot /srv/lxc/$container/rootfs/ passwd -l root
chroot /srv/lxc/$container/rootfs/ apt-get update
chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim
echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers
chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales
for newuser in "${users[@]}"; do
chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser
chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser
chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo
tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/
done
( grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config
echo "PermitRootLogin no"
echo "PasswordAuthentication no" ) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config
|