Skip to content

Instantly share code, notes, and snippets.

@zentala
Last active February 15, 2024 19:11
Show Gist options
  • Save zentala/d0d0da88b7e229336ce432eabc1e455e to your computer and use it in GitHub Desktop.
Save zentala/d0d0da88b7e229336ce432eabc1e455e to your computer and use it in GitHub Desktop.
Create LXC Ubuntu Bionic privileged container, with SSH server, new passwordless sudo user, with ZSH and oh-my-zsh
#!/bin/bash
# Usage:
# $ chmod +x lxc_create_container.sh
# $ ./lxc_create_container.sh <container-name>
# What this script is doing?
# * Creating new LXC container
# * Making it privileged (giving root permissions)
# * Creating new user (you can configure login and pass below)
# * Adding your SSH key to authorized_keys (you can configure keys below)
# * Allow him to execute commands as root without providing password
# * Configuring SSH daemon, so you can connect with container via SSH
# * Installing ZSH, oh-my-zsh and making ZSH default shell
# Tested with LXC 3.0.3 and Ubuntu 18.04 Desktop
BOLD=$(tput bold)
NORMAL=$(tput sgr0)
COMMAND="\033[0;31m"
NAME=$1
USER=zentala # replace with your username here
PASS=testpass # replace with your password here
SSH_KEY_PUB_CONTENT=`cat ~/.ssh/containers.pub` # replace with path to the public SSH key
SSH_KEY_PRIV_PATH=~/.ssh/containers # replace with path to the private SSH key
echo -e "${BOLD}=> Creating container ${NAME}...${NORMAL}"
lxc launch ubuntu:bionic $NAME
echo -e "${BOLD}=> Making container privileged...${NORMAL}"
lxc config set $NAME security.privileged true
echo -e "${BOLD}=> Creating and pre-configure new user ${USER}...${NORMAL}"
lxc exec $NAME -- useradd -p $(openssl passwd -1 $PASS) $USER
lxc exec $NAME -- mkdir -p /home/$USER/.ssh/
lxc exec $NAME -- touch /home/$USER/.ssh/authorized_keys
lxc exec $NAME -- bash -c "echo $SSH_KEY_PUB_CONTENT >> /home/$USER/.ssh/authorized_keys"
lxc exec $NAME -- chown -R $USER:$USER /home/$USER/
lxc exec $NAME -- usermod -aG sudo $USER
lxc exec $NAME -- bash -c "echo '$USER ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers"
echo -e "${BOLD}=> Configuring SSH daemon${NORMAL}"
lxc exec $NAME -- bash -c 'cat <<EOM >/etc/ssh/sshd_config
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
PasswordAuthentication yes
MaxAuthTries 30
EOM'
lxc exec $NAME -- systemctl restart ssh
echo -e "${BOLD}=> Checking container IP...${NORMAL}"
IP=`lxc exec $NAME -- ip addr show eth0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1 | awk '{print $1}'`
echo -e "${BOLD}Your container IP is ${BOLD}$IP${NORMAL}"
echo -e "${BOLD}=> Installing ZSH...${NORMAL}"
ssh -q \
-o "StrictHostKeyChecking no" \
-i $SSH_KEY_PRIV_PATH \
$USER@$IP \
"sudo apt -y -qq install zsh"
echo -e "${BOLD}=> Installing oh-my-zsh for user $USER${NORMAL}"
ssh -q \
-o "StrictHostKeyChecking no" \
-i $SSH_KEY_PRIV_PATH \
$USER@$IP << EOT
wget https://github.com/robbyrussell/oh-my-zsh/raw/master/tools/install.sh
sed -i.tmp 's:env zsh::g' install.sh
sed -i.tmp 's:chsh -s .*$::g' install.sh
sh install.sh
EOT
echo -e "${BOLD}=> Setting ZSH as default shell of $USER user${NORMAL}"
lxc exec $NAME -- chsh -s /bin/zsh $USER
echo -e "${BOLD}=> Container created!${NORMAL}"
echo -e "${BOLD}Now, you can connect via SSH: ssh $USER@$IP -i $SSH_KEY_PRIV_PATH${NORMAL}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment