✨ feat: Zjednodušená inštalácia Ubuntu LXC s výberom užívateľov
- Nový jednoduchý wizard: hostname, IP, resources, výber užívateľov - config/users.json: databáza užívateľov s SSH kľúčmi - Whiptail checkbox pre výber užívateľov pri inštalácii - Užívatelia sa vytvárajú s náhodným heslom a sudo NOPASSWD - SSH hardening: PermitRootLogin no, PasswordAuthentication no - Balíčky: mc, wget, git, curl, openssh-server - Defaults: 4 CPU, 4 GB RAM, 32 GB disk Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
martin
9
config/users.json
Normal file
9
config/users.json
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
[
|
||||||
|
{
|
||||||
|
"username": "martin",
|
||||||
|
"ssh_keys": [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAAbhoySAszm9rtDlkxt1odZyFv4C5rljjKdEUXlcYjh martin@i9"
|
||||||
|
],
|
||||||
|
"sudo": true
|
||||||
|
}
|
||||||
|
]
|
||||||
184
ct/ubuntu.sh
184
ct/ubuntu.sh
@@ -1,24 +1,28 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
source <(curl -fsSL https://git.inbox.sk/proxmox/Ubuntu24_LXC/raw/branch/main/misc/build.func)
|
source <(curl -fsSL https://git.inbox.sk/proxmox/Ubuntu24_LXC/raw/branch/main/misc/build.func)
|
||||||
# Copyright (c) 2021-2026 tteck
|
# Vlastný skript pre Ubuntu 24.04 LXC kontajner
|
||||||
# Author: tteck (tteckster)
|
# Zdroj: https://git.inbox.sk/proxmox/Ubuntu24_LXC
|
||||||
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
|
||||||
# Source: https://ubuntu.com/
|
|
||||||
|
|
||||||
APP="Ubuntu"
|
APP="Ubuntu"
|
||||||
var_tags="${var_tags:-os}"
|
var_tags="${var_tags:-os}"
|
||||||
var_cpu="${var_cpu:-1}"
|
var_cpu="${var_cpu:-4}"
|
||||||
var_ram="${var_ram:-512}"
|
var_ram="${var_ram:-4096}"
|
||||||
var_disk="${var_disk:-2}"
|
var_disk="${var_disk:-32}"
|
||||||
var_os="${var_os:-ubuntu}"
|
var_os="${var_os:-ubuntu}"
|
||||||
var_version="${var_version:-24.04}"
|
var_version="${var_version:-24.04}"
|
||||||
var_unprivileged="${var_unprivileged:-1}"
|
var_unprivileged="${var_unprivileged:-1}"
|
||||||
|
|
||||||
|
# URL pre stiahnutie users.json
|
||||||
|
USERS_JSON_URL="https://git.inbox.sk/proxmox/Ubuntu24_LXC/raw/branch/main/config/users.json"
|
||||||
|
|
||||||
header_info "$APP"
|
header_info "$APP"
|
||||||
variables
|
variables
|
||||||
color
|
color
|
||||||
catch_errors
|
catch_errors
|
||||||
|
|
||||||
|
# =============================================================================
|
||||||
|
# update_script() - aktualizácia existujúceho kontajnera
|
||||||
|
# =============================================================================
|
||||||
function update_script() {
|
function update_script() {
|
||||||
header_info
|
header_info
|
||||||
check_container_storage
|
check_container_storage
|
||||||
@@ -35,7 +39,171 @@ function update_script() {
|
|||||||
exit
|
exit
|
||||||
}
|
}
|
||||||
|
|
||||||
start
|
# =============================================================================
|
||||||
|
# simple_install() - zjednodušená inštalácia s výberom užívateľov
|
||||||
|
# =============================================================================
|
||||||
|
simple_install() {
|
||||||
|
pve_check
|
||||||
|
shell_check
|
||||||
|
root_check
|
||||||
|
arch_check
|
||||||
|
|
||||||
|
NEXTID=$(pvesh get /cluster/nextid)
|
||||||
|
|
||||||
|
# Timezone
|
||||||
|
if command -v timedatectl >/dev/null 2>&1; then
|
||||||
|
timezone=$(timedatectl show --value --property=Timezone 2>/dev/null || echo "UTC")
|
||||||
|
elif [ -f /etc/timezone ]; then
|
||||||
|
timezone=$(cat /etc/timezone)
|
||||||
|
else
|
||||||
|
timezone="UTC"
|
||||||
|
fi
|
||||||
|
|
||||||
|
header_info
|
||||||
|
|
||||||
|
# --- KROK 1: Hostname ---
|
||||||
|
HN=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "HOSTNAME" \
|
||||||
|
--inputbox "\nZadaj hostname pre kontajner:" 10 58 "ubuntu" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
HN=$(echo "${HN,,}" | tr -d ' ')
|
||||||
|
[[ -z "$HN" ]] && HN="ubuntu"
|
||||||
|
|
||||||
|
# --- KROK 2: IP adresa ---
|
||||||
|
local ip_input
|
||||||
|
ip_input=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "IP ADRESA" \
|
||||||
|
--inputbox "\nZadaj statickú IP adresu s maskou\n(napr. 192.168.1.100/24)\n\nAlebo nechaj prázdne pre DHCP:" 12 58 "" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
|
||||||
|
if [[ -n "$ip_input" ]]; then
|
||||||
|
NET="$ip_input"
|
||||||
|
# Gateway
|
||||||
|
local default_gw
|
||||||
|
default_gw=$(echo "$ip_input" | cut -d'/' -f1 | sed 's/\.[0-9]*$/.1/')
|
||||||
|
GATE=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "GATEWAY" \
|
||||||
|
--inputbox "\nZadaj gateway:" 10 58 "$default_gw" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
[[ -z "$GATE" ]] && GATE="$default_gw"
|
||||||
|
else
|
||||||
|
NET="dhcp"
|
||||||
|
GATE=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# --- KROK 3: Resources ---
|
||||||
|
DISK_SIZE=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "DISK" \
|
||||||
|
--inputbox "\nVeľkosť disku v GB:" 10 58 "$var_disk" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
[[ -z "$DISK_SIZE" ]] && DISK_SIZE="$var_disk"
|
||||||
|
|
||||||
|
RAM_SIZE=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "RAM" \
|
||||||
|
--inputbox "\nVeľkosť RAM v MB:" 10 58 "$var_ram" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
[[ -z "$RAM_SIZE" ]] && RAM_SIZE="$var_ram"
|
||||||
|
|
||||||
|
CORE_COUNT=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "CPU" \
|
||||||
|
--inputbox "\nPočet CPU jadier:" 10 58 "$var_cpu" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
[[ -z "$CORE_COUNT" ]] && CORE_COUNT="$var_cpu"
|
||||||
|
|
||||||
|
# --- KROK 4: Výber užívateľov z users.json ---
|
||||||
|
msg_info "Sťahujem zoznam užívateľov"
|
||||||
|
local users_json
|
||||||
|
users_json=$(curl -fsSL "$USERS_JSON_URL") || {
|
||||||
|
msg_error "Nepodarilo sa stiahnuť users.json"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
msg_ok "Zoznam užívateľov stiahnutý"
|
||||||
|
|
||||||
|
# Parsovanie užívateľov pre whiptail checklist
|
||||||
|
local user_count
|
||||||
|
user_count=$(echo "$users_json" | jq length)
|
||||||
|
|
||||||
|
if [[ "$user_count" -eq 0 ]]; then
|
||||||
|
msg_warn "Žiadni užívatelia v users.json"
|
||||||
|
SELECTED_USERS=""
|
||||||
|
else
|
||||||
|
local checklist_args=()
|
||||||
|
for i in $(seq 0 $((user_count - 1))); do
|
||||||
|
local uname
|
||||||
|
uname=$(echo "$users_json" | jq -r ".[$i].username")
|
||||||
|
local key_count
|
||||||
|
key_count=$(echo "$users_json" | jq ".[$i].ssh_keys | length")
|
||||||
|
checklist_args+=("$uname" "${key_count} SSH kľúč(ov)" "ON")
|
||||||
|
done
|
||||||
|
|
||||||
|
SELECTED_USERS=$(whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "UŽÍVATELIA" \
|
||||||
|
--checklist "\nVyber užívateľov na vytvorenie:\n(SPACE = zaškrtni, ENTER = potvrď)" \
|
||||||
|
$((user_count + 10)) 58 "$user_count" \
|
||||||
|
"${checklist_args[@]}" \
|
||||||
|
3>&1 1>&2 2>&3) || exit_script
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Export pre install skript
|
||||||
|
export SELECTED_USERS
|
||||||
|
export USERS_JSON="$users_json"
|
||||||
|
|
||||||
|
# --- Nastavenie premenných pre build_container ---
|
||||||
|
CT_TYPE="$var_unprivileged"
|
||||||
|
CT_ID="$NEXTID"
|
||||||
|
BRG="${var_brg:-vmbr0}"
|
||||||
|
MAC=""
|
||||||
|
VLAN=""
|
||||||
|
MTU=""
|
||||||
|
SD=""
|
||||||
|
NS=""
|
||||||
|
IPV6_METHOD="auto"
|
||||||
|
IPV6_ADDR=""
|
||||||
|
IPV6_GATE=""
|
||||||
|
SSH="no"
|
||||||
|
SSH_AUTHORIZED_KEY=""
|
||||||
|
APT_CACHER=""
|
||||||
|
APT_CACHER_IP=""
|
||||||
|
ENABLE_FUSE="no"
|
||||||
|
ENABLE_TUN="no"
|
||||||
|
ENABLE_GPU="no"
|
||||||
|
ENABLE_NESTING="1"
|
||||||
|
ENABLE_KEYCTL="0"
|
||||||
|
ENABLE_MKNOD="0"
|
||||||
|
PROTECT_CT="no"
|
||||||
|
CT_TIMEZONE="$timezone"
|
||||||
|
TAGS="community-script;${var_tags:-}"
|
||||||
|
PW=""
|
||||||
|
VERBOSE="no"
|
||||||
|
METHOD="simple"
|
||||||
|
DIAGNOSTICS="no"
|
||||||
|
|
||||||
|
# Zobraz súhrn
|
||||||
|
header_info
|
||||||
|
echo -e "${DEFAULT}${BOLD}${BL}Ubuntu LXC - Inštalácia${CL}"
|
||||||
|
echo -e "${TAB}${HOSTNAME}${YW} Hostname: ${GN}${HN}${CL}"
|
||||||
|
echo -e "${TAB}${NETWORK}${YW} IP: ${GN}${NET}${CL}"
|
||||||
|
if [[ -n "$GATE" ]]; then
|
||||||
|
echo -e "${TAB}${GATEWAY}${YW} Gateway: ${GN}${GATE}${CL}"
|
||||||
|
fi
|
||||||
|
echo -e "${TAB}${DISKSIZE}${YW} Disk: ${GN}${DISK_SIZE}GB${CL}"
|
||||||
|
echo -e "${TAB}${RAMSIZE}${YW} RAM: ${GN}${RAM_SIZE}MB${CL}"
|
||||||
|
echo -e "${TAB}${CPUCORE}${YW} CPU: ${GN}${CORE_COUNT} jadier${CL}"
|
||||||
|
if [[ -n "$SELECTED_USERS" ]]; then
|
||||||
|
echo -e "${TAB}${ROOTSSH}${YW} Užívatelia: ${GN}${SELECTED_USERS}${CL}"
|
||||||
|
fi
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
# Potvrdenie
|
||||||
|
if ! whiptail --backtitle "Ubuntu LXC Setup" \
|
||||||
|
--title "POTVRDENIE" \
|
||||||
|
--yesno "Pokračovať s inštaláciou?" 8 58; then
|
||||||
|
exit_script
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Spustenie
|
||||||
|
simple_install
|
||||||
build_container
|
build_container
|
||||||
description
|
description
|
||||||
|
|
||||||
|
|||||||
@@ -1,9 +1,6 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
# Inštalačný skript pre Ubuntu 24.04 LXC kontajner
|
||||||
# Copyright (c) 2021-2026 tteck
|
# Beží VNÚTRI kontajnera po jeho vytvorení
|
||||||
# Author: tteck (tteckster)
|
|
||||||
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
|
||||||
# Source: https://ubuntu.com/
|
|
||||||
|
|
||||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||||
color
|
color
|
||||||
@@ -13,6 +10,84 @@ setting_up_container
|
|||||||
network_check
|
network_check
|
||||||
update_os
|
update_os
|
||||||
|
|
||||||
|
# =============================================================================
|
||||||
|
# Inštalácia balíčkov
|
||||||
|
# =============================================================================
|
||||||
|
msg_info "Inštalujem dodatočné balíčky"
|
||||||
|
$STD apt-get install -y mc wget git curl openssh-server
|
||||||
|
msg_ok "Balíčky nainštalované"
|
||||||
|
|
||||||
|
# =============================================================================
|
||||||
|
# Vytvorenie užívateľov z USERS_JSON + SELECTED_USERS
|
||||||
|
# =============================================================================
|
||||||
|
if [[ -n "${USERS_JSON:-}" && -n "${SELECTED_USERS:-}" ]]; then
|
||||||
|
msg_info "Vytváram užívateľov"
|
||||||
|
|
||||||
|
# Parsovanie SELECTED_USERS (whiptail vracia "user1" "user2" formát)
|
||||||
|
selected_list=$(echo "$SELECTED_USERS" | tr -d '"')
|
||||||
|
|
||||||
|
user_count=$(echo "$USERS_JSON" | jq length)
|
||||||
|
for i in $(seq 0 $((user_count - 1))); do
|
||||||
|
username=$(echo "$USERS_JSON" | jq -r ".[$i].username")
|
||||||
|
has_sudo=$(echo "$USERS_JSON" | jq -r ".[$i].sudo")
|
||||||
|
|
||||||
|
# Kontrola, či bol užívateľ vybraný
|
||||||
|
if ! echo "$selected_list" | grep -qw "$username"; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Vytvorenie užívateľa s náhodným heslom
|
||||||
|
random_pw=$(openssl rand -base64 16)
|
||||||
|
useradd -m -s /bin/bash "$username"
|
||||||
|
echo "${username}:${random_pw}" | chpasswd
|
||||||
|
|
||||||
|
# SSH kľúče
|
||||||
|
user_home="/home/${username}"
|
||||||
|
mkdir -p "${user_home}/.ssh"
|
||||||
|
chmod 700 "${user_home}/.ssh"
|
||||||
|
|
||||||
|
key_count=$(echo "$USERS_JSON" | jq ".[$i].ssh_keys | length")
|
||||||
|
for k in $(seq 0 $((key_count - 1))); do
|
||||||
|
key=$(echo "$USERS_JSON" | jq -r ".[$i].ssh_keys[$k]")
|
||||||
|
echo "$key" >> "${user_home}/.ssh/authorized_keys"
|
||||||
|
done
|
||||||
|
|
||||||
|
chmod 600 "${user_home}/.ssh/authorized_keys"
|
||||||
|
chown -R "${username}:${username}" "${user_home}/.ssh"
|
||||||
|
|
||||||
|
# Sudo bez hesla
|
||||||
|
if [[ "$has_sudo" == "true" ]]; then
|
||||||
|
echo "${username} ALL=(ALL) NOPASSWD: ALL" > "/etc/sudoers.d/${username}"
|
||||||
|
chmod 440 "/etc/sudoers.d/${username}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
msg_ok "Užívateľ vytvorený: ${username}"
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
# =============================================================================
|
||||||
|
# SSH Hardening
|
||||||
|
# =============================================================================
|
||||||
|
msg_info "Konfigurujem SSH"
|
||||||
|
|
||||||
|
# Záloha pôvodnej konfigurácie
|
||||||
|
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
|
||||||
|
|
||||||
|
# Zakázať root login a prihlásenie heslom
|
||||||
|
sed -i 's/^#\?PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config
|
||||||
|
sed -i 's/^#\?PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
|
||||||
|
sed -i 's/^#\?PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
|
||||||
|
sed -i 's/^#\?ChallengeResponseAuthentication.*/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
|
||||||
|
|
||||||
|
# Reštart SSH
|
||||||
|
systemctl enable ssh
|
||||||
|
systemctl restart ssh
|
||||||
|
|
||||||
|
msg_ok "SSH nakonfigurované (len kľúče, root zakázaný)"
|
||||||
|
|
||||||
|
# =============================================================================
|
||||||
|
# Štandardné dokončenie
|
||||||
|
# =============================================================================
|
||||||
motd_ssh
|
motd_ssh
|
||||||
customize
|
customize
|
||||||
cleanup_lxc
|
cleanup_lxc
|
||||||
|
|||||||
Reference in New Issue
Block a user