-
-
Save grantseltzer/36261daeb03b828373d8eddacc7e95dc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # configure LXD profile for dual nic macOS/vmware fusion set up https://gist.github.com/earnubs/eec3c6aa1e091c0a898c | |
| set -eu | |
| _UID=$(id -u) | |
| GID=$(id -g) | |
| GROUP=$(id -gn) | |
| SUBUID=root:$_UID:1 | |
| SUBGID=root:$GID:1 | |
| # give lxd permission to map your user/group id through | |
| grep $SUBUID /etc/subuid -qs || sudo usermod --add-subuids ${_UID}-${_UID} --add-subgids ${GID}-${GID} root | |
| UID_OFFSET=$(grep 'root:.*:65536' /etc/subuid | head -1 | awk -F: '{ print $2 }') | |
| GID_OFFSET=$(grep 'root:.*:65536' /etc/subgid | head -1 | awk -F: '{ print $2 }') | |
| # create a profile to control this, name it after $USER | |
| lxc profile create $USER &> /dev/null || true | |
| # configure profile | |
| # this will rewrite the whole profile | |
| cat << EOF | lxc profile edit $USER | |
| name: $USER | |
| description: allow home dir mounting for $USER | |
| config: | |
| # this part maps the special uid/gid in the container to the correct host uid/gid | |
| raw.lxc: | | |
| lxc.id_map = | |
| lxc.id_map = u 0 $UID_OFFSET $(($_UID - 1)) | |
| lxc.id_map = g 0 $GID_OFFSET $(($GID - 1)) | |
| lxc.id_map = u $_UID 1000 1 | |
| lxc.id_map = g $GID 1000 1 | |
| lxc.id_map = u $(($_UID + 1)) $(($UID_OFFSET + $_UID + 1)) $((65536 - $_UID - 1)) | |
| lxc.id_map = g $(($GID + 1)) $(($GID_OFFSET + $GID + 1)) $((65536 - $GID - 1)) | |
| user.vendor-data: | | |
| #cloud-config | |
| write_files: | |
| - path: /etc/network/interfaces.d/eth1.cfg | |
| content: | | |
| auto eth1 | |
| iface eth1 inet dhcp | |
| - path: /etc/avahi/avahi-daemon.conf | |
| content: | | |
| [server] | |
| allow-interfaces=eth1 | |
| deny-interfaces=eth0 | |
| ratelimit-interval-usec=1000000 | |
| ratelimit-burst=1000 | |
| [rlimits] | |
| #rlimit-as= | |
| rlimit-core=0 | |
| rlimit-data=4194304 | |
| rlimit-fsize=0 | |
| rlimit-nofile=768 | |
| rlimit-stack=4194304 | |
| # https://github.com/lxc/lxc/issues/25 | |
| # rlimit-nproc=3 | |
| runcmd: | |
| - ifdown eth0 eth1 | |
| - ifup eth0 eth1 | |
| - service avahi-daemon restart | |
| users: | |
| - name: $USER | |
| groups: sudo | |
| shell: $SHELL | |
| sudo: ['ALL=(ALL) NOPASSWD:ALL'] | |
| # ensure users shell is installed | |
| packages: | |
| - $(dpkg -S $(readlink -m $SHELL) | cut -d: -f1) | |
| - avahi-daemon | |
| # this section adds your \$HOME directory into the container. This is useful for vim, bash and ssh config, and such like. | |
| devices: | |
| home: | |
| type: disk | |
| source: $HOME | |
| path: $HOME | |
| eth0: | |
| name: eth0 | |
| nictype: bridged | |
| parent: br0 | |
| type: nic | |
| eth1: | |
| name: eth1 | |
| nictype: bridged | |
| parent: br1 | |
| type: nic | |
| EOF | |
| # create an ssh key on the macOS host and copy to ubuntu host with ssh-copy-id | |
| # to launch a container using this profile: | |
| # lxc launch ubuntu: -p default -p $USER | |
| # to add an additional bind mount | |
| # lxc config device add <container> <device name> disk source=/path/on/host path=path/in/container |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment