Created
July 6, 2012 07:04
-
-
Save wereHamster/3058536 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
RELEASE="precise" | |
VOLUME="volume" | |
HOSTNAME="$1" | |
MIRROR="http://ipv6.archive.ubuntu.com/ubuntu" | |
if ! test -d "$VOLUME"; then | |
btrfs subvol create "$VOLUME" | |
debootstrap --verbose --arch=amd64 --include=apt,vim,ssh "$RELEASE" "$VOLUME" "$MIRROR" | |
>"$VOLUME/etc/resolvconf/resolv.conf.d/original" | |
>"$VOLUME/run/resolvconf/resolv.conf" | |
cat <<EOF > "$VOLUME/etc/network/interfaces" | |
auto lo | |
iface lo inet loopback | |
auto eth0 | |
iface eth0 inet6 manual | |
dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844 | |
EOF | |
cat <<EOF > "$VOLUME/etc/rc.local" | |
echo 0 > /proc/sys/net/ipv6/conf/all/forwarding | |
EOF | |
chroot $VOLUME useradd --create-home -s /bin/bash -G sudo gaia | |
echo "gaia:gaia" | chroot $VOLUME chpasswd | |
cat > "$VOLUME/etc/apt/sources.list" << EOF | |
deb $MIRROR $RELEASE main restricted universe | |
deb $MIRROR $RELEASE-updates main restricted universe | |
deb $MIRROR $RELEASE-security main restricted universe | |
EOF | |
chroot "$VOLUME" apt-get update | |
chroot "$VOLUME" apt-get dist-upgrade -y | |
fi | |
BASE="/srv/lxc/$HOSTNAME" | |
ROOT="$BASE/rootfs" | |
mkdir -p "$BASE" | |
btrfs subvol snapshot "$VOLUME" "$BASE" | |
mv "$BASE/volume" "$ROOT" | |
cat <<EOF > $ROOT/etc/hostname | |
$HOSTNAME | |
EOF | |
cat <<EOF > $ROOT/etc/hosts | |
127.0.0.1 localhost $HOSTNAME | |
::1 localhost $HOSTNAME | |
EOF | |
cat <<EOF > $BASE/config | |
lxc.network.type = veth | |
lxc.network.flags = up | |
lxc.network.link = lxc | |
lxc.network.name = eth0 | |
lxc.network.mtu = 1500 | |
lxc.network.hwaddr = 00163e$(openssl rand -hex 3) | |
lxc.arch = amd64 | |
lxc.utsname = $HOSTNAME | |
lxc.devttydir = lxc | |
lxc.tty = 4 | |
lxc.pts = 1024 | |
lxc.rootfs = $ROOT | |
lxc.mount = $BASE/fstab | |
lxc.cap.drop = sys_module mac_admin mac_override | |
lxc.cgroup.devices.deny = a | |
# Allow any mknod (but not using the node) | |
lxc.cgroup.devices.allow = c *:* m | |
lxc.cgroup.devices.allow = b *:* m | |
lxc.cgroup.devices.allow = c 1:3 rwm # /dev/null | |
lxc.cgroup.devices.allow = c 1:5 rwm # /dev/zero | |
lxc.cgroup.devices.allow = c 1:7 rwm # /dev/full | |
lxc.cgroup.devices.allow = c 1:8 rwm # /dev/random | |
lxc.cgroup.devices.allow = c 1:9 rwm # /dev/urandom | |
lxc.cgroup.devices.allow = c 4:0 rwm # /dev/tty0 | |
lxc.cgroup.devices.allow = c 4:1 rwm # /dev/tty1 | |
lxc.cgroup.devices.allow = c 5:0 rwm # /dev/tty | |
lxc.cgroup.devices.allow = c 5:1 rwm # /dev/console | |
lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx | |
lxc.cgroup.devices.allow = c 10:229 rwm # /dev/fuse | |
lxc.cgroup.devices.allow = c 10:200 rwm # /dev/tun | |
lxc.cgroup.devices.allow = c 10:228 rwm # /dev/hpet | |
lxc.cgroup.devices.allow = c 10:232 rwm # /dev/kvm | |
lxc.cgroup.devices.allow = c 136:* rwm # /dev/{0,1,2,3,4} | |
lxc.cgroup.devices.allow = c 254:0 rwm # /dev/rtc0 | |
EOF | |
cat <<EOF > $BASE/fstab | |
proc $ROOT/proc proc nodev,noexec,nosuid 0 0 | |
sysfs $ROOT/sys sysfs defaults 0 0 | |
EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment