synchronous/nixos-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4c6022202b8644d69cc4a936dc556ea8ed0d5b82
nixos-server/home/scripts/lxc/lab-create.sh
T
synchronous 4c6022202b lxc patch 7
2026-04-11 10:31:16 -04:00

76 lines
2.5 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
USER="$1"
KEYFILE="$2"
CONTAINER="lxc-${USER}"
# pick next available IP
LAST=$(grep -rh 'lxc.net.0.ipv4.address' /var/lib/lxc/*/config 2>/dev/null \
| grep -oP '10\.100\.0\.\K\d+' | sort -n | tail -1 || true)
NEXT_OCTET=$(( ${LAST:-9} + 1 ))
CONTAINER_IP="10.100.0.${NEXT_OCTET}"
echo "Creating LXC container ${CONTAINER} (${CONTAINER_IP})..."
lxc-create -n "$CONTAINER" -f /etc/lxc/default.conf -t download -- -d ubuntu -r noble -a amd64
# write resolv.conf into rootfs before boot
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc"
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf" # remove if symlink
echo "nameserver 8.8.8.8" > "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
# assign static IP via LXC config (host-side, always works)
cat >> "/var/lib/lxc/${CONTAINER}/config" <<EOF
lxc.net.0.ipv4.address = ${CONTAINER_IP}/24
lxc.net.0.ipv4.gateway = 10.100.0.1
lxc.start.auto = 1
EOF
# write resolv.conf into rootfs before boot
# echo "nameserver 8.8.8.8" > "/var/lib/lxc/${CONTAINER}/rootfs/etc/resolv.conf"
# disable any in-container networking that might fight us
rm -f "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/"*.yaml 2>/dev/null || true
mkdir -p "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan"
cat > "/var/lib/lxc/${CONTAINER}/rootfs/etc/netplan/10-lxc.yaml" <<EOF
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: false
EOF
# start it
lxc-start -n "$CONTAINER"
sleep 5
# install SSH, inject key
lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
apt-get update && apt-get install -y openssh-server
mkdir -p /root/.ssh
chmod 700 /root/.ssh
sed -i 's/#PermitRootLogin.*/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
systemctl enable ssh
systemctl restart ssh
"
cat "$KEYFILE" | lxc-attach --clear-env -n "$CONTAINER" -- /bin/bash -c "
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
tee /root/.ssh/authorized_keys > /dev/null
chmod 600 /root/.ssh/authorized_keys
"
# create host user
# useradd -m -s /bin/bash -G labmates "$USER" 2>/dev/null || true
useradd -m -s /bin/bash -G labmates -U "$USER" 2>/dev/null || true
mkdir -p "/home/${USER}/.ssh"
cp "$KEYFILE" "/home/${USER}/.ssh/authorized_keys"
chown -R "${USER}:" "/home/${USER}/.ssh"
chmod 700 "/home/${USER}/.ssh"
echo "$CONTAINER" > "/home/${USER}/.lxc-container"
echo "Done. ${USER} SSH -> root@${CONTAINER} (${CONTAINER_IP})"
Reference in New Issue View Git Blame Copy Permalink