synchronous/nixos-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lxc patch 3

Browse Source
This commit is contained in:
Jake Ginesin
2026-04-11 10:06:29 -04:00
parent 47d7995b13
commit b08808d63a
1 changed files with 25 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
home/scripts/lxc/lab-create.sh
+25 -22
View File
@@ -5,31 +5,43 @@ USER="$1"
KEYFILE="$2" KEYFILE="$2"
CONTAINER="lxc-${USER}" CONTAINER="lxc-${USER}"
echo "Creating LXC container ${CONTAINER}..." # pick next available IP
# lxc-create -n "$CONTAINER" -t download -- -d ubuntu -r noble -a amd64 LAST=$(grep -rh 'lxc.net.0.ipv4.address' /var/lib/lxc/*/config 2>/dev/null \
| grep -oP '10\.100\.0\.\K\d+' | sort -n | tail -1)
NEXT_OCTET=$(( ${LAST:-9} + 1 ))
CONTAINER_IP="10.100.0.${NEXT_OCTET}"
echo "Creating LXC container ${CONTAINER} (${CONTAINER_IP})..."
lxc-create -n "$CONTAINER" -f /etc/lxc/default.conf -t download -- -d ubuntu -r noble -a amd64 lxc-create -n "$CONTAINER" -f /etc/lxc/default.conf -t download -- -d ubuntu -r noble -a amd64
# assign static IP via LXC config (host-side, always works)
cat >> "/var/lib/lxc/${CONTAINER}/config" <<EOF
lxc.net.0.ipv4.address = ${CONTAINER_IP}/24
lxc.net.0.ipv4.gateway = 10.100.0.1
lxc.start.auto = 1
EOF
# configure DHCP before first boot # write resolv.conf into rootfs before boot
echo "nameserver 8.8.8.8" > "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
# disable any in-container networking that might fight us
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/"*.yaml 2>/dev/null
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan" mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan"
cat > "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/10-dhcp.yaml" <<EOF cat > "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/10-lxc.yaml" <<EOF
network: network:
version: 2 version: 2
renderer: networkd
ethernets: ethernets:
eth0: eth0:
dhcp4: true dhcp4: false
nameservers:
addresses: [8.8.8.8, 1.1.1.1]
EOF EOF
# start it # start it
lxc-start -n "$CONTAINER" lxc-start -n "$CONTAINER"
# wait for networking
sleep 5 sleep 5
# set root password, install SSH, inject key # install SSH, inject key
lxc-attach -n "$CONTAINER" -- /bin/bash -c " lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
apt-get update && apt-get install -y openssh-server apt-get update && apt-get install -y openssh-server
mkdir -p /root/.ssh mkdir -p /root/.ssh
@@ -39,27 +51,18 @@ lxc-attach -n "$CONTAINER" -- /bin/bash -c "
systemctl restart ssh systemctl restart ssh
" "
# push the key in cat "$KEYFILE" | lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
cat "$KEYFILE" | lxc-attach -n "$CONTAINER" -- /bin/bash -c "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
tee /root/.ssh/authorized_keys > /dev/null tee /root/.ssh/authorized_keys > /dev/null
chmod 600 /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys
" "
# auto-start on boot # create host user
echo "lxc.start.auto = 1" >> "/var/lib/lxc/${CONTAINER}/config"
# get container IP
CONTAINER_IP=$(lxc-info -n "$CONTAINER" -iH | head -1)
# create host user that maps to this container
useradd -m -s /bin/bash -G labmates "$USER" 2>/dev/null || true useradd -m -s /bin/bash -G labmates "$USER" 2>/dev/null || true
mkdir -p "/home/${USER}/.ssh" mkdir -p "/home/${USER}/.ssh"
cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys" cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys"
chown -R "${USER}:${USER}" "/home/${USER}/.ssh" chown -R "${USER}:${USER}" "/home/${USER}/.ssh"
chmod 700 "/home/${USER}/.ssh" chmod 700 "/home/${USER}/.ssh"
# store mapping
echo "$CONTAINER" > "/home/${USER}/.lxc-container" echo "$CONTAINER" > "/home/${USER}/.lxc-container"
echo "Done. ${USER} SSH -> root@${CONTAINER} (${CONTAINER_IP})" echo "Done. ${USER} SSH -> root@${CONTAINER} (${CONTAINER_IP})"