lxdnix.sh

lxdnix.sh

#!/bin/sh

# Installs the Nix package manager (https://nixos.org/nix/) inside an LXD
# container.

#set -o xtrace

image=images:ubuntu/jammy

if [ "$#" -eq 1 ]
then
  container=$1

  # Create a container from the given image and assign it the name from the
  # script argument.
  lxc init $image $container > /dev/null
else
  # Create a container from the given image and extract the random container
  # name that LXD assigns.
  container=`lxc init $image | grep "Instance name" | sed 's/^.* \(.*\)$/\1/'`
fi

echo "Created container $container."

# Enable nested security on the container.
# See https://github.com/NixOS/nix/issues/2649#issuecomment-518045796.
lxc config set $container security.nesting true

# Start the container.
lxc start $container

sleep 30

lxc exec $container -- apt update

# Inside the container, install packages curl, gnupg2, man, rsync, and xz-utils.
lxc exec $container -- apt install --yes curl gnupg2 man-db rsync xz-utils openssh-server zsh
lxc exec $container -- chsh -s /usr/bin/zsh ubuntu
# Inside the container, install the Nix package manager as user "ubuntu".
# (see https://discuss.linuxcontainers.org/t/useful-lxc-command-aliases/2547/4)
# because root may not perform a single-user Nix installation
# (see https://github.com/NixOS/nix/issues/1559).
lxc exec $container -- sudo --user ubuntu --login sh -c "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install"

lxc exec $container -- sudo --user ubuntu --login sh -c "mkdir -p ~/.ssh"
lxc exec $container -- sudo --user ubuntu --login sh -c "chmod 700 ~/.ssh"
lxc exec $container -- sudo --user ubuntu --login sh -c "curl https://github.com/bketelsen.keys >> ~/.ssh/authorized_keys"
lxc exec $container -- sudo --user ubuntu --login sh -c "chmod 600 ~/.ssh/authorized_keys"

# Stop the container.
#lxc stop $container