4
mirror of git://git.acid.vegas/tools.git synced 2024-12-22 22:36:36 +00:00
tools/help/irclxc
2024-01-25 23:06:20 -05:00

139 lines
4.0 KiB
Bash
Executable File

#!/bin/sh
# LXC Container Setup - developed by acidvegas (https://git.acid.vegas/supertools)
# Configuration
SSH_PORT=1337
USER_NAME="supernets"
CONTAINER_NAME="ircd"
setup_root() {
# Secure DNS (TEMP)
printf "nameserver 208.67.222.222\nnameserver 208.67.220.220\nnameserver 2620:119:35::35\nnameserver 2620:119:53::53\n" > /etc/resolv.conf
chattr +i /etc/resolv.conf
# Update & Install Packages
apt-get update && apt-get upgrade
apt-get install bridge-utils dirmngr htop gpg lxc man net-tools uidmap screen unattended-upgrades
# Wipe the journal and only use RAM storage
journalctl --vacuum-time=1d
printf "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K\n" > /etc/systemd/journald.conf
systemctl restart systemd-journald
# Install & setup dropbear
apt-get install -y dropbear
{
echo "NO_START=0"
echo "DROPBEAR_PORT=$SSH_PORT"
echo "DROPBEAR_EXTRA_ARGS=\"-K 0\""
echo "DROPBEAR_BANNER=\"\""
echo "DROPBEAR_ED25519KEY=\"/etc/dropbear/dropbear_ed25519_host_key\""
echo "DROPBEAR_RECEIVE_WINDOW=65536"
} > /etc/default/dropbear
systemctl restart dropbear && systemctl enable dropbear
# Remove OpenSSH
apt remove openssh-server && apt remove openssh-client
apt purge openssh-server && apt purge openssh-client
apt autoremove && apt autoclean
systemctl stop ssh && systemctl disable ssh
# Disable history, logs, & IPv6
printf "\nHISTSIZE=0\nHISTFILESIZE=0\nunset HISTFILE\n" >> /etc/bash.bashrc
>/var/log/lastlog && chattr +i /var/log/lastlog
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="ipv6.disable=1"/' /etc/default/grub && update-grub
# Set locales
echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && locale-gen
# Add a new user
useradd -m -s /bin/bash $USER_NAME && passwd $USER_NAME
# Change hostname
nano /etc/hostname
# Enable user-level services
loginctl enable-linger $USER_NAME
# Configure NAT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo "1" > /proc/sys/net/ipv4/ip_forward
printf "\nnet.ipv4.ip_forward=1\n" > /etc/sysctl.conf
# Create a runtime directory with the correct permissions
mkdir -p /run/user/$(id -u $USER_NAME)
chown $USER_NAME:$USER_NAME /run/user/$(id -u $USER_NAME)
chmod 700 /run/user/$(id -u $USER_NAME)
# Set the subordinate UID/GID
echo "$USER_NAME:100000:65536" > /etc/subuid
echo "$USER_NAME:100000:65536" > /etc/subgid
# Create bridge (usually done automatically, see `ip addr` output for lxcbr0)
#brctl addbr lxcbr0
#ip addr add 192.168.1.10/24 dev lxcbr0
#ip link set dev lxcbr0 up
# Restart the LXC service
systemctl restart lxc
}
setup_user() {
# Add dropbear public key
mkdir -p $HOME/.ssh
printf "ssh-ed25519 loldongs acidvegas@blackhole" > $HOME/.ssh/authorized_keys
chmod 700 $HOME/.ssh
chown -R $USER $HOME/.ssh
chmod 400 $HOME/.ssh/authorized_keys
chattr +i $HOME/.ssh
chattr +i $HOME/.ssh/authorized_keys
# Setup LXC configuration
mkdir -p ~/.config/lxc
{
echo "lxc.idmap = u 0 100000 65536"
echo "lxc.idmap = g 0 100000 65536"
echo "lxc.net.0.type = veth"
echo "lxc.net.0.link = lxcbr0"
echo "lxc.net.0.flags = up"
echo "lxc.start.auto = 1"
echo "lxc.start.delay = 5"
} > $HOME/.config/lxc/default.conf
# Setup runtime directory
echo 'export XDG_RUNTIME_DIR=/run/user/$(id -u $USER)' >> ~/.bashrc
export XDG_RUNTIME_DIR=/run/user/$(id -u $USER)
# Create a systemd user service
mkdir -p $HOME/.config/systemd/user
{
echo "[Unit]"
echo "Description=LXC Container %I"
echo "After=network.target"
echo ""
echo "[Service]"
echo "Type=forking"
echo "ExecStart=/usr/bin/lxc-start -n %i"
echo "ExecStop=/usr/bin/lxc-stop -n %i"
echo "Restart=on-failure"
echo ""
echo "[Install]"
echo "WantedBy=default.target"
} > $HOME/.config/systemd/user/lxc-container@.service
# Create a container
lxc-create -n $container -t download -- --dist debian --release bullseye --arch amd64
# Start & enable the service
systemctl --user enable lxc-container@${container}.service
systemctl --user start lxc-container@${container}.service
}
setup_container() {
# TODO: Provision container for services
return
}
#setup_root
#setup_user