lxc patch 12
This commit is contained in:
@@ -17,7 +17,7 @@ lxc-create -n "$CONTAINER" -f /etc/lxc/default.conf -t download -- -d ubuntu -r
|
|||||||
|
|
||||||
# write resolv.conf into rootfs before boot
|
# write resolv.conf into rootfs before boot
|
||||||
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc"
|
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc"
|
||||||
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf" # remove if symlink
|
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
|
||||||
echo "nameserver 8.8.8.8" > "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
|
echo "nameserver 8.8.8.8" > "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
|
||||||
|
|
||||||
# assign static IP via LXC config (host-side, always works)
|
# assign static IP via LXC config (host-side, always works)
|
||||||
@@ -27,9 +27,6 @@ lxc.net.0.ipv4.gateway = 10.100.0.1
|
|||||||
lxc.start.auto = 1
|
lxc.start.auto = 1
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# write resolv.conf into rootfs before boot
|
|
||||||
# echo "nameserver 8.8.8.8" > "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
|
|
||||||
|
|
||||||
# disable any in-container networking that might fight us
|
# disable any in-container networking that might fight us
|
||||||
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/"*.yaml 2>/dev/null || true
|
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/"*.yaml 2>/dev/null || true
|
||||||
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan"
|
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan"
|
||||||
@@ -46,10 +43,20 @@ EOF
|
|||||||
lxc-start -n "$CONTAINER"
|
lxc-start -n "$CONTAINER"
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
||||||
# install SSH, inject key
|
# install SSH + VSCode Remote prerequisites
|
||||||
lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
|
lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
|
||||||
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||||
apt-get update && apt-get install -y openssh-server
|
apt-get update && apt-get install -y \
|
||||||
|
openssh-server \
|
||||||
|
curl wget ca-certificates \
|
||||||
|
git \
|
||||||
|
tar gzip \
|
||||||
|
procps \
|
||||||
|
locales
|
||||||
|
# generate a UTF-8 locale (VSCode expects this)
|
||||||
|
sed -i 's/# en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen
|
||||||
|
locale-gen
|
||||||
|
# SSH config
|
||||||
mkdir -p /root/.ssh
|
mkdir -p /root/.ssh
|
||||||
chmod 700 /root/.ssh
|
chmod 700 /root/.ssh
|
||||||
sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
|
sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
|
||||||
@@ -64,8 +71,6 @@ cat "$KEYFILE" | lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
|
|||||||
"
|
"
|
||||||
|
|
||||||
# create host user
|
# create host user
|
||||||
# useradd -m -s /bin/bash -G labmates "$USER" 2>/dev/null || true
|
|
||||||
# useradd -m -s /bin/bash -G labmates -U "$USER" 2>/dev/null || true
|
|
||||||
useradd -m -s /run/current-system/sw/bin/bash -G labmates -U "$USER" 2>/dev/null || true
|
useradd -m -s /run/current-system/sw/bin/bash -G labmates -U "$USER" 2>/dev/null || true
|
||||||
mkdir -p "/home/${USER}/.ssh"
|
mkdir -p "/home/${USER}/.ssh"
|
||||||
cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys"
|
cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys"
|
||||||
|
|||||||
@@ -1,5 +1,4 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
# CONTAINER=$(cat "/home/${USER}/.lxc-container" 2>/dev/null)
|
|
||||||
CONTAINER=$(cat "/home/$(whoami)/.lxc-container" 2>/dev/null)
|
CONTAINER=$(cat "/home/$(whoami)/.lxc-container" 2>/dev/null)
|
||||||
|
|
||||||
if [[ -z "$CONTAINER" ]]; then
|
if [[ -z "$CONTAINER" ]]; then
|
||||||
@@ -10,8 +9,28 @@ fi
|
|||||||
# ensure running
|
# ensure running
|
||||||
lxc-start -n "$CONTAINER" 2>/dev/null || true
|
lxc-start -n "$CONTAINER" 2>/dev/null || true
|
||||||
|
|
||||||
|
# --- build env flags to forward into the container ---
|
||||||
|
ENV_ARGS=()
|
||||||
|
ENV_ARGS+=(--keep-env) # start from the SSH session env instead of wiping it
|
||||||
|
|
||||||
|
# always override these inside the container
|
||||||
|
ENV_ARGS+=(-v "HOME=/root")
|
||||||
|
ENV_ARGS+=(-v "USER=root")
|
||||||
|
ENV_ARGS+=(-v "SHELL=/bin/bash")
|
||||||
|
ENV_ARGS+=(-v "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
|
||||||
|
|
||||||
|
# forward TERM (fixes color/ncurses)
|
||||||
|
[[ -n "$TERM" ]] && ENV_ARGS+=(-v "TERM=$TERM")
|
||||||
|
# forward locale
|
||||||
|
[[ -n "$LANG" ]] && ENV_ARGS+=(-v "LANG=$LANG")
|
||||||
|
[[ -n "$LC_ALL" ]] && ENV_ARGS+=(-v "LC_ALL=$LC_ALL")
|
||||||
|
# forward COLORTERM (used by modern terminals & vscode)
|
||||||
|
[[ -n "$COLORTERM" ]] && ENV_ARGS+=(-v "COLORTERM=$COLORTERM")
|
||||||
|
|
||||||
if [[ -n "$SSH_ORIGINAL_COMMAND" ]]; then
|
if [[ -n "$SSH_ORIGINAL_COMMAND" ]]; then
|
||||||
exec sudo lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; $SSH_ORIGINAL_COMMAND"
|
exec sudo lxc-attach "${ENV_ARGS[@]}" -n "$CONTAINER" -- \
|
||||||
|
/bin/bash -lc "$SSH_ORIGINAL_COMMAND"
|
||||||
else
|
else
|
||||||
exec sudo lxc-attach --clear-env -n "$CONTAINER" -- /bin/login -f root
|
exec sudo lxc-attach "${ENV_ARGS[@]}" -n "$CONTAINER" -- \
|
||||||
|
/bin/login -f root
|
||||||
fi
|
fi
|
||||||
|
|||||||
+4
-2
@@ -1,4 +1,3 @@
|
|||||||
# system/lxc.nix
|
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
virtualisation.lxc = {
|
virtualisation.lxc = {
|
||||||
enable = true;
|
enable = true;
|
||||||
@@ -10,6 +9,7 @@
|
|||||||
commands = [
|
commands = [
|
||||||
{ command = "/run/current-system/sw/bin/lxc-attach"; options = [ "NOPASSWD" ]; }
|
{ command = "/run/current-system/sw/bin/lxc-attach"; options = [ "NOPASSWD" ]; }
|
||||||
{ command = "/run/current-system/sw/bin/lxc-start"; options = [ "NOPASSWD" ]; }
|
{ command = "/run/current-system/sw/bin/lxc-start"; options = [ "NOPASSWD" ]; }
|
||||||
|
{ command = "/run/current-system/sw/bin/lxc-info"; options = [ "NOPASSWD" ]; }
|
||||||
];
|
];
|
||||||
}];
|
}];
|
||||||
|
|
||||||
@@ -84,12 +84,13 @@
|
|||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
lxc
|
lxc
|
||||||
# lxc-templates
|
|
||||||
wget
|
wget
|
||||||
gnupg
|
gnupg
|
||||||
debootstrap
|
debootstrap
|
||||||
bridge-utils
|
bridge-utils
|
||||||
(writeShellScriptBin "lxc-login" (builtins.readFile ../home/scripts/lxc/lxc-login.sh))
|
(writeShellScriptBin "lxc-login" (builtins.readFile ../home/scripts/lxc/lxc-login.sh))
|
||||||
|
(writeShellScriptBin "lab-mount" (builtins.readFile ../home/scripts/lxc/lab-mount.sh))
|
||||||
|
(writeShellScriptBin "lab-addkey" (builtins.readFile ../home/scripts/lxc/lab-addkey.sh))
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.etc."lxc/default.conf".text = ''
|
environment.etc."lxc/default.conf".text = ''
|
||||||
@@ -103,3 +104,4 @@
|
|||||||
environment.etc."local/bin/lxc-login".source = ../home/scripts/lxc/lxc-login.sh;
|
environment.etc."local/bin/lxc-login".source = ../home/scripts/lxc/lxc-login.sh;
|
||||||
environment.etc."local/bin/lxc-login".mode = "0755";
|
environment.etc."local/bin/lxc-login".mode = "0755";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user