mooooore stuffs

home/scripts/lxc/lab-create.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+USER="$1"
+KEYFILE="$2"
+CONTAINER="lxc-${USER}"
+
+echo "Creating LXC container ${CONTAINER}..."
+lxc-create -n "$CONTAINER" -t download -- -d ubuntu -r noble -a amd64
+
+# start it
+lxc-start -n "$CONTAINER"
+
+# wait for networking
+sleep 5
+
+# set root password, install SSH, inject key
+lxc-attach -n "$CONTAINER" -- bash -c "
+  apt-get update && apt-get install -y openssh-server
+  mkdir -p /root/.ssh
+  chmod 700 /root/.ssh
+  sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
+  systemctl enable ssh
+  systemctl restart ssh
+"
+
+# push the key in
+cat "$KEYFILE" | lxc-attach -n "$CONTAINER" -- tee /root/.ssh/authorized_keys > /dev/null
+lxc-attach -n "$CONTAINER" -- chmod 600 /root/.ssh/authorized_keys
+
+# auto-start on boot
+echo "lxc.start.auto = 1" >> "/var/lib/lxc/${CONTAINER}/config"
+
+# get container IP
+CONTAINER_IP=$(lxc-info -n "$CONTAINER" -iH | head -1)
+
+# create host user that maps to this container
+useradd -m -s /bin/bash -G labmates "$USER" 2>/dev/null || true
+mkdir -p "/home/${USER}/.ssh"
+cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys"
+chown -R "${USER}:${USER}" "/home/${USER}/.ssh"
+chmod 700 "/home/${USER}/.ssh"
+
+# store mapping
+echo "$CONTAINER" > "/home/${USER}/.lxc-container"
+
+echo "Done. ${USER} SSH -> root@${CONTAINER} (${CONTAINER_IP})"