notes/lxc_setup.sh.txt


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

container=dev
volumegroup=algol
users=(
  jrayhawk
  lars
  andrew
)

# you probably want something like this in /etc/network/interfaces
#auto br0
#iface br0 inet static
#       bridge_ports eth1
#       bridge_fd 0
#       address 192.168.1.10
#       netmask 255.255.255.0

mkdir -p /srv/lxc/
lvcreate -L 1G -n $container $volumegroup
mkfs.xfs /dev/$volumegroup/$container
mkdir /srv/lxc/$container
echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab
mount /srv/lxc/$container
/usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container

addr=11
while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do
  addr=$(($addr+1))
done

(
  echo
  echo '# networking'
  echo lxc.utsname = $container
  echo lxc.network.type = veth
  echo lxc.network.flags = up
  echo lxc.network.link = br0
  echo lxc.network.ipv4 = 192.168.1.$addr/24
  echo lxc.network.hwaddr = 00:16:53:00:01:$addr
) >> /srv/lxc/$container/config

echo > /srv/lxc/$container/rootfs/etc/network/interfaces

# why god why are chroots necessary for a paradigm that seeks to replace chroots

chroot /srv/lxc/$container/rootfs/ passwd -l root
chroot /srv/lxc/$container/rootfs/ apt-get update
chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim
echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers
chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales

for newuser in "${users[@]}"; do
  chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser
  chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser
  chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo
  tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/
done

(
  grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config
  echo PermitRootLogin no
  echo PasswordAuthentication no
) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config

( 
  grep -v ^exit /srv/lxc/$container/rootfs/etc/rc.local
  echo ip route add default via 192.168.1.1
) | sponge /srv/lxc/$container/rootfs/etc/rc.local

(
  echo 127.0.0.1 localhost
  echo 192.168.1.$addr $container
) > /srv/lxc/$container/rootfs/etc/hosts

echo 'APT::Install-Recommends "false";' > /srv/lxc/$container/rootfs/etc/apt/apt.conf

lxc-create -n $container -f /srv/lxc/$container/config