ThinGuy · September 3, 2024 04:10
diff --git a/lxd-snap-store-proxy.yaml b/lxd-snap-store-proxy.yaml
 #Make sure variables are correct and paste this into terminal on a server where LXD has been initialized
 export AIRSTACK_DHCP=true
 export AIRSTACK_IPV4_CIDR=
 export AIRSTACK_IPV4_GW=
 export AIRSTACK_DNS=
 export AIRSTACK_DOMAIN=orangebox.me
 export AIRSTACK_TZ=$(cat /etc/timezone)
 export AIRSTACK_LANG=en_US.UTF-8
 export AIRSTACK_USE_BRIDGE=br0
 export AIRSTACK_STORAGE_POOL=local
 export AIRSTACK_DIR=/srv/airstack
 export AIRSTACK_APT_URI=http://ubuntu-archive.orangebox.me/ubuntu
 export AIRSTACK_APT_SEC_URI=http://ubuntu-archive.orangebox.me/ubuntu
 export AIRSTACK_PKG_LIST="build-essential,jq,nginx,tree,nfs-kernel-server,uml-utilities,ipcalc,apt-transport-https,bridge-utils,debian-goodies,iputils-arping"
 export AIRSTACK_MAAS_SUBNET=172.27.20.0/23
 export AIRSTACK_SERVER_CRT=/home/ubuntu/ssl/orangebox.me/wc-orangebox.me.pem
 export AIRSTACK_SERVER_KEY=/home/ubuntu/ssl/orangebox.me/wc-orangebox.me.key
 export AIRSTACK_CA_CRT=/home/ubuntu/ssl/orangebox.me/orangebox.me_CA.crt
 export AIRSTACK_CA_KEY=/home/ubuntu/ssl/orangebox.me/orangebox.me_CA.key
 export AIRSTACK_SNAP_PROXY_NAME=resource-server
 lxc 2>/dev/null profile create ${AIRSTACK_SNAP_PROXY_NAME}
 cat <<-EOF|sed '/^$/d'|lxc profile edit ${AIRSTACK_SNAP_PROXY_NAME}
 config:
  migration.incremental.memory: "true"
  raw.lxc: |-
    lxc.cgroup.devices.allow = c 10:237 rwm
    lxc.apparmor.profile = unconfined
    lxc.cgroup.devices.allow = b 7:* rwm
  security.nesting: "true"
  security.privileged: "true"
  user.network-config: |
    version: 2
    ethernets:
      eth0:
        dhcp4: false
        dhcp6: false
    bridges:
      br0:
        interfaces: [eth0]
        dhcp4: true
        dhcp6: false
        optional: true
        parameters:
          priority: 1
          stp: False
          forward-delay: 0
  user.user-data: |
    #cloud-config
    timezone: America/Los_Angeles
    locale: en_US.UTF-8
    final_message: "${AIRSTACK_SNAP_PROXY_NAME} installation complete"
    package_update: true
    package_upgrade: true
    packages: [postgresql,squashfuse,expect,geoclue-ubuntu-geoip,geoipupdate,geoip-bin,geoip-database,geoip-database-extra]
    apt:
      primary:
        - arches: [amd64]
          uri: http://ubuntu-archive.orangebox.me/ubuntu
      security:
        - arches: [amd64]
          uri: http://ubuntu-archive.orangebox.me/ubuntu
      sources_list: |
        deb \$PRIMARY \$RELEASE main universe restricted multiverse
        deb \$PRIMARY \$RELEASE-updates main universe restricted multiverse
        deb \$PRIMARY \$RELEASE-backports main universe restricted multiverse
        deb \$SECURITY \$RELEASE-security main universe restricted multiverse
    snap:
      commands:
        00: [install, core, --edge]
        01: [install, snap-store-proxy, --edge]
    bootcmd:
      - cloud-init-per once bc0 set -x
      - cloud-init-per once bc1 export DEBIAN_FRONTEND=noninteractive 
      - cloud-init-per once bc2 apt update -qq
      - cloud-init-per once bc3 apt install squashfuse -yqq
      - cloud-init-per once bc4 apt purge lxd\* -yqq
      - cloud-init-per once bc5 apt autoremove -yq
    runcmd:
     - set -x
     - su postgres -c 'cd /var/lib/postgresql;psql -c "CREATE ROLE root PASSWORD '"'"'snAppr0xy'"'"' SUPERUSER CREATEDB CREATEROLE LOGIN REPLICATION"'
     - sed 's|PATH="|PATH="/snap/bin:|g' -i /etc/environment
     - "export PATH=/snap/bin:\$PATH"
     - snap install core --edge
     - snap install snap-store-proxy --edge
     - snap-proxy config proxy.domain="${AIRSTACK_SNAP_PROXY_NAME}.orangebox.me"
     - snap-proxy generate-keys
     - snap-proxy create-database "postgresql://root:snAppr0xy@localhost:5432/root"
     - snap-proxy check-connections
     - snap-proxy config proxy.cache.size=8192
 $(printf '    ssh_authorized_keys:\n';(find 2>/dev/null ~/.ssh -iname "*.pub"|xargs -n1 -P1 bash -c 'printf -- '"'"'  - %s\n'"'"' "$(cat $0)"'|awk '!seen[$0]++')|sed 's/^/      &/g')
 description: LXD profile for Snap-Store-Proxy
 devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
  root:
    path: /
    pool: ${AIRSTACK_STORAGE_POOL:-$(lxc 2>/dev/null storage list|awk '!/+|NAME/{print $2;exit}')}
    type: disk
 EOF
	#Make sure variables are correct and paste this into terminal on a server where LXD has been initialized
	export AIRSTACK_DHCP=true
	export AIRSTACK_IPV4_CIDR=
	export AIRSTACK_IPV4_GW=
	export AIRSTACK_DNS=
	export AIRSTACK_DOMAIN=orangebox.me
	export AIRSTACK_TZ=$(cat /etc/timezone)
	export AIRSTACK_LANG=en_US.UTF-8
	export AIRSTACK_USE_BRIDGE=br0
	export AIRSTACK_STORAGE_POOL=local
	export AIRSTACK_DIR=/srv/airstack
	export AIRSTACK_APT_URI=http://ubuntu-archive.orangebox.me/ubuntu
	export AIRSTACK_APT_SEC_URI=http://ubuntu-archive.orangebox.me/ubuntu
	export AIRSTACK_PKG_LIST="build-essential,jq,nginx,tree,nfs-kernel-server,uml-utilities,ipcalc,apt-transport-https,bridge-utils,debian-goodies,iputils-arping"
	export AIRSTACK_MAAS_SUBNET=172.27.20.0/23
	export AIRSTACK_SERVER_CRT=/home/ubuntu/ssl/orangebox.me/wc-orangebox.me.pem
	export AIRSTACK_SERVER_KEY=/home/ubuntu/ssl/orangebox.me/wc-orangebox.me.key
	export AIRSTACK_CA_CRT=/home/ubuntu/ssl/orangebox.me/orangebox.me_CA.crt
	export AIRSTACK_CA_KEY=/home/ubuntu/ssl/orangebox.me/orangebox.me_CA.key
	export AIRSTACK_SNAP_PROXY_NAME=resource-server
	lxc 2>/dev/null profile create ${AIRSTACK_SNAP_PROXY_NAME}
	cat <<-EOF\|sed '/^$/d'\|lxc profile edit ${AIRSTACK_SNAP_PROXY_NAME}
	config:
	migration.incremental.memory: "true"
	raw.lxc: \|-
	lxc.cgroup.devices.allow = c 10:237 rwm
	lxc.apparmor.profile = unconfined
	lxc.cgroup.devices.allow = b 7:* rwm
	security.nesting: "true"
	security.privileged: "true"
	user.network-config: \|
	version: 2
	ethernets:
	eth0:
	dhcp4: false
	dhcp6: false
	bridges:
	br0:
	interfaces: [eth0]
	dhcp4: true
	dhcp6: false
	optional: true
	parameters:
	priority: 1
	stp: False
	forward-delay: 0
	user.user-data: \|
	#cloud-config
	timezone: America/Los_Angeles
	locale: en_US.UTF-8
	final_message: "${AIRSTACK_SNAP_PROXY_NAME} installation complete"
	package_update: true
	package_upgrade: true
	packages: [postgresql,squashfuse,expect,geoclue-ubuntu-geoip,geoipupdate,geoip-bin,geoip-database,geoip-database-extra]
	apt:
	primary:
	- arches: [amd64]
	uri: http://ubuntu-archive.orangebox.me/ubuntu
	security:
	- arches: [amd64]
	uri: http://ubuntu-archive.orangebox.me/ubuntu
	sources_list: \|
	deb \$PRIMARY \$RELEASE main universe restricted multiverse
	deb \$PRIMARY \$RELEASE-updates main universe restricted multiverse
	deb \$PRIMARY \$RELEASE-backports main universe restricted multiverse
	deb \$SECURITY \$RELEASE-security main universe restricted multiverse
	snap:
	commands:
	00: [install, core, --edge]
	01: [install, snap-store-proxy, --edge]
	bootcmd:
	- cloud-init-per once bc0 set -x
	- cloud-init-per once bc1 export DEBIAN_FRONTEND=noninteractive
	- cloud-init-per once bc2 apt update -qq
	- cloud-init-per once bc3 apt install squashfuse -yqq
	- cloud-init-per once bc4 apt purge lxd\* -yqq
	- cloud-init-per once bc5 apt autoremove -yq
	runcmd:
	- set -x
	- su postgres -c 'cd /var/lib/postgresql;psql -c "CREATE ROLE root PASSWORD '"'"'snAppr0xy'"'"' SUPERUSER CREATEDB CREATEROLE LOGIN REPLICATION"'
	- sed 's\|PATH="\|PATH="/snap/bin:\|g' -i /etc/environment
	- "export PATH=/snap/bin:\$PATH"
	- snap install core --edge
	- snap install snap-store-proxy --edge
	- snap-proxy config proxy.domain="${AIRSTACK_SNAP_PROXY_NAME}.orangebox.me"
	- snap-proxy generate-keys
	- snap-proxy create-database "postgresql://root:snAppr0xy@localhost:5432/root"
	- snap-proxy check-connections
	- snap-proxy config proxy.cache.size=8192
	$(printf ' ssh_authorized_keys:\n';(find 2>/dev/null ~/.ssh -iname "*.pub"\|xargs -n1 -P1 bash -c 'printf -- '"'"' - %s\n'"'"' "$(cat $0)"'\|awk '!seen[$0]++')\|sed 's/^/ &/g')
	description: LXD profile for Snap-Store-Proxy
	devices:
	eth0:
	name: eth0
	nictype: bridged
	parent: br0
	type: nic
	root:
	path: /
	pool: ${AIRSTACK_STORAGE_POOL:-$(lxc 2>/dev/null storage list\|awk '!/+\|NAME/{print $2;exit}')}
	type: disk
	EOF