summaryrefslogtreecommitdiff
path: root/notes/lxc_setup.sh.txt
blob: 9aa8d45e8a7179b1f144b3b1d843e0f2e807529d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

container=build
volumegroup=algol
users=(
  jrayhawk
  lars
  andrew
)

# you probably want something like this in /etc/network/interfaces
#auto br0
#iface br0 inet static
#       bridge_ports eth1
#       bridge_fd 0
#       address 192.168.1.10
#       netmask 255.255.255.0

mkdir -p /srv/lxc/
lvcreate -L 1G -n $container $volumegroup
mkfs.xfs /dev/$volumegroup/$container
mkdir /srv/lxc/$container
echo /dev/$volumegroup/$container /srv/lxc/$container xfs relatime 0 2 >> /etc/fstab
mount /srv/lxc/$container
/usr/lib/lxc/templates/lxc-debian -p /srv/lxc/$container

addr=11
while cat /srv/lxc/*/config | grep -q 'lxc\.network\.ipv4 = 192\.168\.1\.'$addr; do
  addr=$(($addr+1))
done

echo >> /srv/lxc/$container/config
echo '# networking' >> /srv/lxc/$container/config
echo lxc.utsname = $container >> /srv/lxc/$container/config
echo lxc.network.type = veth >> /srv/lxc/$container/config
echo lxc.network.flags = up >> /srv/lxc/$container/config
echo lxc.network.link = br0 >> /srv/lxc/$container/config
echo lxc.network.ipv4 = 192.168.1.$addr/24 >> /srv/lxc/$container/config
echo lxc.network.hwaddr = 00:16:53:00:01:$addr >> /srv/lxc/$container/config

lxc-create -n $container -f /srv/lxc/build/config

echo > /srv/lxc/$container/rootfs/etc/network/interfaces

# why god why are chroots necessary for a paradigm that seeks to replace chroots

chroot /srv/lxc/$container/rootfs/ passwd -l root
chroot /srv/lxc/$container/rootfs/ apt-get update
chroot /srv/lxc/$container/rootfs/ apt-get install sudo locales less vim
echo '%sudo ALL=(ALL) ALL' >> /srv/lxc/$container/rootfs/etc/sudoers
chroot /srv/lxc/$container/rootfs/ dpkg-reconfigure locales

for newuser in "${users[@]}"; do
  chroot /srv/lxc/$container/rootfs/ adduser --disabled-password --gecos "$(getent passwd $newuser | cut -d : -f 5)" $newuser
  chroot /srv/lxc/$container/rootfs/ usermod -p "$(getent shadow $newuser | cut -d : -f 2)" $newuser
  chroot /srv/lxc/$container/rootfs/ adduser $newuser sudo
  tar -cvvC /home/$newuser/ .ssh | chroot /srv/lxc/$container/rootfs/ tar -xvvC /home/$newuser/
done

( grep -v PermitRootLogin\\\|PasswordAuthentication /srv/lxc/$container/rootfs/etc/ssh/sshd_config
echo "PermitRootLogin no"
echo "PasswordAuthentication no" ) | sponge /srv/lxc/$container/rootfs/etc/ssh/sshd_config
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 07:24:12 +0000