mooooore stuffs

home/home.nix

@@ -26,6 +26,25 @@
     netcat
     neovim
     firefox
-  ];
+  ]
+      ++ (
+      with lib; let
+        # this function extracts the base file name from a path.
+        basename = path: lib.lists.last (lib.strings.splitString "/" (toString path));
+
+        files = lib.filesystem.listFilesRecursive ./scripts;
+      in
+        # for each script found, create a derivation installed in $PATH
+        lib.lists.forEach files (
+          file: let
+            scriptName = strings.removeSuffix ".sh" (basename file);
+          in
+            pkgs.writeScriptBin
+            # (basename file) # the new package's name
+            scriptName
+            (builtins.readFile file)
+        )
+    );
+
 
 }

home/scripts/lxc/lab-create.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+USER="$1"
+KEYFILE="$2"
+CONTAINER="lxc-${USER}"
+
+echo "Creating LXC container ${CONTAINER}..."
+lxc-create -n "$CONTAINER" -t download -- -d ubuntu -r noble -a amd64
+
+# start it
+lxc-start -n "$CONTAINER"
+
+# wait for networking
+sleep 5
+
+# set root password, install SSH, inject key
+lxc-attach -n "$CONTAINER" -- bash -c "
+  apt-get update && apt-get install -y openssh-server
+  mkdir -p /root/.ssh
+  chmod 700 /root/.ssh
+  sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+  systemctl enable ssh
+  systemctl restart ssh
+"
+
+# push the key in
+cat "$KEYFILE" | lxc-attach -n "$CONTAINER" -- tee /root/.ssh/authorized_keys > /dev/null
+lxc-attach -n "$CONTAINER" -- chmod 600 /root/.ssh/authorized_keys
+
+# auto-start on boot
+echo "lxc.start.auto = 1" >> "/var/lib/lxc/${CONTAINER}/config"
+
+# get container IP
+CONTAINER_IP=$(lxc-info -n "$CONTAINER" -iH | head -1)
+
+# create host user that maps to this container
+useradd -m -s /bin/bash -G labmates "$USER" 2>/dev/null || true
+mkdir -p "/home/${USER}/.ssh"
+cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys"
+chown -R "${USER}:${USER}" "/home/${USER}/.ssh"
+chmod 700 "/home/${USER}/.ssh"
+
+# store mapping
+echo "$CONTAINER" > "/home/${USER}/.lxc-container"
+
+echo "Done. ${USER} SSH -> root@${CONTAINER} (${CONTAINER_IP})"

home/scripts/lxc/lab-delete.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -euo pipefail
+USER="$1"
+CONTAINER=$(cat "/home/${USER}/.lxc-container" 2>/dev/null)
+# [[ -n "$CONTAINER" ]] && lxc-stop -n "$CONTAINER" 2>/dev/null; lxc-destroy -n "$CONTAINER"
+if [[ -n "$CONTAINER" ]]; then
+  lxc-stop -n "$CONTAINER" 2>/dev/null
+  lxc-destroy -n "$CONTAINER"
+fi
+userdel -r "$USER" 2>/dev/null || true
+echo "Removed ${USER} and ${CONTAINER}"

home/scripts/lxc/lab-list.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+printf "%-15s %-20s %-16s %s\n" "USER" "CONTAINER" "IP" "STATE"
+for f in /home/*/.lxc-container; do
+  [[ -f "$f" ]] || continue
+  U=$(basename "$(dirname "$f")")
+  C=$(cat "$f")
+  IP=$(lxc-info -n "$C" -iH 2>/dev/null | head -1)
+  STATE=$(lxc-info -n "$C" -sH 2>/dev/null)
+  printf "%-15s %-20s %-16s %s\n" "$U" "$C" "${IP:-n/a}" "${STATE:-n/a}"
+done

home/scripts/lxc/lxc-login.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+# CONTAINER=$(cat "/home/${USER}/.lxc-container" 2>/dev/null)
+CONTAINER=$(cat "/home/$(whoami)/.lxc-container" 2>/dev/null)
+
+if [[ -z "$CONTAINER" ]]; then
+  echo "No container assigned. Contact admin."
+  exit 1
+fi
+
+# ensure running
+lxc-start -n "$CONTAINER" 2>/dev/null || true
+
+if [[ -n "$SSH_ORIGINAL_COMMAND" ]]; then
+  exec lxc-attach -n "$CONTAINER" -- bash -c "$SSH_ORIGINAL_COMMAND"
+else
+  exec lxc-attach -n "$CONTAINER" -- login -f root
+fi