From e612bf8f42a7ad61134ffed43b09b1aa19b6eddb Mon Sep 17 00:00:00 2001
From: Bram Prieshof <brammp@noreply.bprieshof.nl>
Date: Thu, 20 May 2021 12:58:19 +0000
Subject: [PATCH] Add 'debian10-LXC.md'

---
 debian10-LXC.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 debian10-LXC.md

diff --git a/debian10-LXC.md b/debian10-LXC.md
new file mode 100644
index 0000000..7eda027
--- /dev/null
+++ b/debian10-LXC.md
@@ -0,0 +1,51 @@
+# Setup LXC on debian 10
+
+Install packages and add unprivileged user
+```
+apt install lxc libvirt0 libpam-cgfs bridge-utils uidmap
+useradd -r lxcuser
+cat /etc/s*id|grep lxcuser
+```
+
+Put the following in /etc/default/lxc-net 
+```
+USE_LXC_BRIDGE="true"
+ 
+#### /etc/lxc/default.conf 
+lxc.idmap = u 0 <Replace with output of cat> <Replace with output of cat>
+lxc.idmap = g 0 <Replace with output of cat> <Replace with output of cat>
+lxc.mount.auto = proc:mixed sys:ro cgroup:mixed
+lxc.apparmor.profile = unconfined
+lxc.apparmor.allow_nesting = 1
+lxc.net.0.type = veth
+lxc.net.0.link = lxcbr0
+lxc.net.0.flags = up
+lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
+```
+
+Give root acces to unprivileged user space
+```
+echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subuid
+echo "root:<Replace with output of cat>:<Replace with output of cat>" >> /etc/subgid 
+```
+
+Enable and start lxc network service 
+```
+systemctl enable --now lxc-net
+```
+enable unprivileged user namespaces for kernels < 5.10
+```
+echo kernel.unprivileged_userns_clone=1 >> /etc/sysctl.conf
+sysctl -p
+```
+
+
+# Extra config KB
+* Create Container `lxc-create -t download -n <CTName> -- -d debian -r buster -a amd64`
+* Container config `/var/lib/lxc/<CTName>/config`
+* add to Container config to start on boot `lxc.start.auto = 1`
+* add to Container config for static ip
+```
+lxc.net.0.ipv4.address = 10.0.3.<IP>/24
+lxc.net.0.ipv4.gateway = 10.0.3.1
+```