tools

- collection of tools for supernets sysadmins
git clone git://git.acid.vegas/tools.git
Log | Files | Refs | Archive

irclxc (4142B)

      1 #!/bin/sh
      2 # LXC Container Setup - developed by acidvegas (https://git.acid.vegas/supertools)
      3 
      4 # Configuration
      5 SSH_PORT=1337
      6 USER_NAME="supernets"
      7 CONTAINER_NAME="ircd"
      8 
      9 setup_root() {
     10 	# Secure DNS (TEMP)
     11 	printf "nameserver 208.67.222.222\nnameserver 208.67.220.220\nnameserver 2620:119:35::35\nnameserver 2620:119:53::53\n" > /etc/resolv.conf
     12 	chattr +i /etc/resolv.conf
     13 
     14 	# Update & Install Packages
     15 	apt-get update && apt-get upgrade
     16 	apt-get install bridge-utils dirmngr htop gpg lxc man net-tools uidmap screen unattended-upgrades
     17 
     18 	# Wipe the journal and only use RAM storage
     19 	journalctl --vacuum-time=1d
     20 	printf "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K\n" > /etc/systemd/journald.conf
     21 	systemctl restart systemd-journald
     22 
     23 	# Install & setup dropbear
     24 	apt-get install -y dropbear
     25 	{
     26 		echo "NO_START=0"
     27 		echo "DROPBEAR_PORT=$SSH_PORT"
     28 		echo "DROPBEAR_EXTRA_ARGS=\"-K 0\""
     29 		echo "DROPBEAR_BANNER=\"\""
     30 		echo "DROPBEAR_ED25519KEY=\"/etc/dropbear/dropbear_ed25519_host_key\""
     31 		echo "DROPBEAR_RECEIVE_WINDOW=65536"
     32 	} > /etc/default/dropbear
     33 	systemctl restart dropbear && systemctl enable dropbear
     34 
     35 	# Remove OpenSSH
     36 	apt remove openssh-server && apt remove openssh-client
     37 	apt purge openssh-server && apt purge openssh-client
     38 	apt autoremove && apt autoclean
     39 	systemctl stop ssh && systemctl disable ssh
     40 
     41 	# Disable history, logs, & IPv6
     42 	printf "\nHISTSIZE=0\nHISTFILESIZE=0\nunset HISTFILE\n" >> /etc/bash.bashrc
     43 	>/var/log/lastlog && chattr +i /var/log/lastlog
     44 	sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="ipv6.disable=1"/' /etc/default/grub && update-grub
     45 
     46 	# Set locales
     47 	echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
     48 
     49 	# Add a new user
     50 	useradd -m -s /bin/bash $USER_NAME && passwd $USER_NAME
     51 
     52 	# Change hostname
     53 	nano /etc/hostname
     54 
     55 	# Enable user-level services
     56 	loginctl enable-linger $USER_NAME
     57 
     58 	# Configure NAT
     59 	iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
     60 	echo "1" > /proc/sys/net/ipv4/ip_forward
     61 	printf "\nnet.ipv4.ip_forward=1\n" > /etc/sysctl.conf
     62 
     63 	# Create a runtime directory with the correct permissions
     64 	mkdir -p /run/user/$(id -u $USER_NAME)
     65     chown $USER_NAME:$USER_NAME /run/user/$(id -u $USER_NAME)
     66     chmod 700 /run/user/$(id -u $USER_NAME)
     67 
     68 	# Set the subordinate UID/GID
     69     echo "$USER_NAME:100000:65536" > /etc/subuid
     70     echo "$USER_NAME:100000:65536" > /etc/subgid
     71 
     72 	# Create bridge (usually done automatically, see `ip addr` output for lxcbr0)
     73 	#brctl addbr lxcbr0
     74 	#ip addr add 192.168.1.10/24 dev lxcbr0
     75 	#ip link set dev lxcbr0 up
     76 
     77 	# Restart the LXC service
     78 	systemctl restart lxc
     79 }
     80 
     81 setup_user() {
     82 	# Add dropbear public key
     83 	mkdir -p $HOME/.ssh
     84 	printf "ssh-ed25519 loldongs acidvegas@blackhole" > $HOME/.ssh/authorized_keys
     85 	chmod 700 $HOME/.ssh
     86 	chown -R $USER $HOME/.ssh
     87 	chmod 400 $HOME/.ssh/authorized_keys
     88 	chattr +i $HOME/.ssh
     89 	chattr +i $HOME/.ssh/authorized_keys
     90 
     91 	# Setup LXC configuration
     92 	mkdir -p ~/.config/lxc
     93 	{
     94 		echo "lxc.idmap = u 0 100000 65536"
     95 		echo "lxc.idmap = g 0 100000 65536"
     96 		echo "lxc.net.0.type = veth"
     97 		echo "lxc.net.0.link = lxcbr0"
     98 		echo "lxc.net.0.flags = up"
     99 		echo "lxc.start.auto = 1"
    100 		echo "lxc.start.delay = 5"
    101 	} > $HOME/.config/lxc/default.conf
    102 
    103 	# Setup runtime directory
    104 	echo 'export XDG_RUNTIME_DIR=/run/user/$(id -u $USER)' >> ~/.bashrc
    105 	export XDG_RUNTIME_DIR=/run/user/$(id -u $USER)
    106 
    107 	# Create a systemd user service
    108 	mkdir -p $HOME/.config/systemd/user
    109 	{
    110 		echo "[Unit]"
    111 		echo "Description=LXC Container %I"
    112 		echo "After=network.target"
    113 		echo ""
    114 		echo "[Service]"
    115 		echo "Type=forking"
    116 		echo "ExecStart=/usr/bin/lxc-start -n %i"
    117 		echo "ExecStop=/usr/bin/lxc-stop -n %i"
    118 		echo "Restart=on-failure"
    119 		echo ""
    120 		echo "[Install]"
    121 		echo "WantedBy=default.target"
    122 	} > $HOME/.config/systemd/user/lxc-container@.service
    123 
    124 	# Create a container
    125 	lxc-create -n $container -t download -- --dist debian --release bullseye --arch amd64
    126 
    127 	# Start & enable the service
    128 	systemctl --user enable lxc-container@${container}.service
    129 	systemctl --user start  lxc-container@${container}.service
    130 }
    131 
    132 setup_container() {
    133 	# TODO: Provision container for services
    134 	return
    135 }
    136 
    137 #setup_root
    138 #setup_user