fwyzard · October 7, 2016 09:43
diff --git a/lxd-user-profile.sh b/lxd-user-profile.sh
 #! /bin/bash

 # to launch a container using this profile:
 # lxc launch <container> -p default -p $USER

 set -eu
 #UID=$(id -u)
 GID=$(id -g)
 SUBUID=root:$UID:1
 SUBGID=root:$GID:1

 # give lxd permission to map your user/group id through
 grep $SUBUID /etc/subuid -qs || sudo usermod --add-subuids ${UID}-${UID} --add-subgids ${GID}-${GID} root
 UID_OFFSET=$(grep 'root:.*:65536' /etc/subuid | head -1 | awk -F: '{ print $2 }')
 GID_OFFSET=$(grep 'root:.*:65536' /etc/subgid | head -1 | awk -F: '{ print $2 }')

 # set up a separate key to make sure we can log in automatically via ssh
 # with $HOME mounted
 KEY=$HOME/.ssh/id_lxd_$USER
 PUBKEY=$KEY.pub
 AUTHORIZED_KEYS=$HOME/.ssh/authorized_keys
 [ -f $PUBKEY ] || ssh-keygen -f $KEY -N '' -C "ssh key for lxd containers"
 grep "$(cat $PUBKEY)" $AUTHORIZED_KEYS -qs || cat $PUBKEY >> $AUTHORIZED_KEYS

 # create a profile to control this, name it after $USER
 lxc profile create $USER &> /dev/null || true

 # configure profile
 # this will rewrite the whole profile
 cat << EOF | lxc profile edit $USER
 name: $USER
 description: allow home dir mounting for $USER
 config:
  # map the special uid/gid in the container to the correct host uid/gid
  raw.lxc: |
    lxc.id_map =
    lxc.id_map = u 0 $UID_OFFSET $(($UID - 1))
    lxc.id_map = g 0 $GID_OFFSET $(($GID - 1))
    lxc.id_map = u $UID 1000 1
    lxc.id_map = g $GID 1000 1
    lxc.id_map = u $(($UID + 1)) $(($UID_OFFSET + $UID + 1)) $((65536 - $UID - 1))
    lxc.id_map = g $(($GID + 1)) $(($GID_OFFSET + $GID + 1)) $((65536 - $GID - 1))
  user.vendor-data: |
    # give sudo rights to the user
    users:
      - name: $USER
        groups: sudo
        shell: $SHELL
        sudo: ['ALL=(ALL) NOPASSWD:ALL']
    # ensure users shell is installed
    packages:
      - $(dpkg -S $(readlink -m $SHELL) | cut -d: -f1)
 # mount the \$HOME directory into the container
 devices:
  home:
    type: disk
    source: $HOME
    path: $HOME
 EOF
	#! /bin/bash

	# to launch a container using this profile:
	# lxc launch <container> -p default -p $USER

	set -eu
	#UID=$(id -u)
	GID=$(id -g)
	SUBUID=root:$UID:1
	SUBGID=root:$GID:1

	# give lxd permission to map your user/group id through
	grep $SUBUID /etc/subuid -qs \|\| sudo usermod --add-subuids ${UID}-${UID} --add-subgids ${GID}-${GID} root
	UID_OFFSET=$(grep 'root:.*:65536' /etc/subuid \| head -1 \| awk -F: '{ print $2 }')
	GID_OFFSET=$(grep 'root:.*:65536' /etc/subgid \| head -1 \| awk -F: '{ print $2 }')

	# set up a separate key to make sure we can log in automatically via ssh
	# with $HOME mounted
	KEY=$HOME/.ssh/id_lxd_$USER
	PUBKEY=$KEY.pub
	AUTHORIZED_KEYS=$HOME/.ssh/authorized_keys
	[ -f $PUBKEY ] \|\| ssh-keygen -f $KEY -N '' -C "ssh key for lxd containers"
	grep "$(cat $PUBKEY)" $AUTHORIZED_KEYS -qs \|\| cat $PUBKEY >> $AUTHORIZED_KEYS

	# create a profile to control this, name it after $USER
	lxc profile create $USER &> /dev/null \|\| true

	# configure profile
	# this will rewrite the whole profile
	cat << EOF \| lxc profile edit $USER
	name: $USER
	description: allow home dir mounting for $USER
	config:
	# map the special uid/gid in the container to the correct host uid/gid
	raw.lxc: \|
	lxc.id_map =
	lxc.id_map = u 0 $UID_OFFSET $(($UID - 1))
	lxc.id_map = g 0 $GID_OFFSET $(($GID - 1))
	lxc.id_map = u $UID 1000 1
	lxc.id_map = g $GID 1000 1
	lxc.id_map = u $(($UID + 1)) $(($UID_OFFSET + $UID + 1)) $((65536 - $UID - 1))
	lxc.id_map = g $(($GID + 1)) $(($GID_OFFSET + $GID + 1)) $((65536 - $GID - 1))
	user.vendor-data: \|
	# give sudo rights to the user
	users:
	- name: $USER
	groups: sudo
	shell: $SHELL
	sudo: ['ALL=(ALL) NOPASSWD:ALL']
	# ensure users shell is installed
	packages:
	- $(dpkg -S $(readlink -m $SHELL) \| cut -d: -f1)
	# mount the \$HOME directory into the container
	devices:
	home:
	type: disk
	source: $HOME
	path: $HOME
	EOF
No results found