Last active
July 13, 2023 06:37
-
-
Save orazdow/5c0dc7757d488e0893c9df1947f422f7 to your computer and use it in GitHub Desktop.
lxc setup script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh -e | |
| # ---lxc setup script--- | |
| addline(){ | |
| grep -q "${1}\|${3}\?" "$2" || echo "\n$1" | sudo tee -a "$2" > /dev/null | |
| } | |
| uname=$(id -u -n) | |
| uid=$(id -u) | |
| if [ ! -d /etc/lxc ]; then | |
| echo "/etc/lxc not found\ncheck installation (apt install lxc)"; | |
| exit 0; | |
| elif [ $uid -eq 0 ]; then | |
| echo "run script as non-root"; | |
| exit 0; | |
| fi | |
| mkdir -p ~/.config/lxc | |
| touch ~/.config/lxc/default.conf | |
| conf="lxc.idmap = u 0 100000 1000\n\ | |
| lxc.idmap = g 0 100000 1000\n\ | |
| lxc.idmap = u ${uid} 1000 1\n\ | |
| lxc.idmap = g ${uid} 1000 1\n\ | |
| raw.idmap = u ${uid} 1000 1\n\ | |
| raw.idmap = g ${uid} 1000 1\n\ | |
| lxc.net.0.type = veth\n\ | |
| lxc.net.0.link = lxcbr0\n\ | |
| lxc.net.0.flags = up" | |
| sudo touch /etc/subuid | |
| sudo touch /etc/subguid | |
| sudo touch /etc/lxc/default.conf | |
| echo $conf > ~/.config/lxc/default.conf | |
| echo "set: $HOME/.config/lxc/default.conf" | |
| addline "${uname}:100000:65536" /etc/subuid $uname | |
| addline "${uname}:100000:65536" /etc/subguid $uname | |
| echo "set: /etc/subuid /etc/subguid" | |
| addline "lxc.default.config = ~/.config/lxc/default.conf" /etc/lxc/default.conf | |
| addline "${uname} veth lxcbr0 2" /etc/lxc/lxc-usernet | |
| echo "set: /etc/lxc/lxc-usernet" | |
| setfacl -m u:100000:x ~ | |
| setfacl -m u:100000:x ~/.local | |
| setfacl -m u:100000:x ~/.local/share | |
| echo "set: facl $HOME/.local $HOME/.local/share" | |
| <<comment | |
| the above settings will enable unprivileged containers | |
| the containers will be in: ~/.local/share/lxc/ | |
| otherwise privileged containers are in /var/lib/lxc and require root to use | |
| lxc commands: | |
| create container: lxc-create -t download -n (name) | |
| start container: lxc-start (name) | |
| shell: lxc-console (name) (ct+a q exits the console) | |
| stop: lxc-stop (name) | |
| destroy: lxc-destroy (name) | |
| list: lxc-ls (-f / --fancy for status info) | |
| on first start: | |
| lxc-attach -n (name) (no arg: root shell) | |
| adduser (username) -set up user / pwd | |
| usermod -aG sudo (username) | |
| exit | |
| to bind-mount a folder to the host: | |
| edit: ~/.local/share/lxc/(name)/config | |
| lxc.mount.entry = (host dir to mount)/ ~/.local/share/lxc/(name)/rootfs/(dir to mount) none bind 0 0 | |
| the host will still need to chown files created by the container | |
| comment |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment