<!-- | Goal | Create an LXC container for SSL certificate management.| |-----------|------| | Rationale | Have a manageable, flexible, transferable, and secure platform for the functional software to be installed on.| | Nuance |Containerization is optional as, functionally, any [Debian 9 (Stretch)][1] OS setup, along with the required file shares, should do.| ## Procedure --> <ol> <li> <p>Create a btrfs backed container populated with a Debian stretch root filesystem downloaded from a template:</p> <pre><code class="language-shell">lxc-create -B btrfs -n certs -t download -- -d Debian -r Stretch -a $(uname -m)</code></pre> <blockquote> <blockquote> <blockquote> <p>Using BTRFS as a container's backing store requires an underlying host's block device (partition) that is BTRFS formatted too!</p> </blockquote> </blockquote> </blockquote> </li> </ol> <!-- `-B` defines the backing store's file system; `BTRFS` in this case to enable incremental snapshotting. `-n` defines the name of the container; `certs` in this case. `-t` defines the template to use; `download` in this case to use a predefined one. `-d` defines the distribution; `Debian` in this case. `-r` defines the release; `Stretch` in this case. `-a` defines the architecture; `$(uname -m)` in this case, as it resolves to the architecture of the system it is issued on. --> <ol start="2"> <li> <p>Start the container to enable using / shaping its internals in later steps:</p> <pre><code class="language-shell">lxc-start -n certs</code></pre> </li> <li> <p>Create a 'certs' directory within the container to provide the (future) proxyserver and mailserver with a directory that they can mount to gain access to the certificates:</p> <pre><code class="language-shell">lxc-attach -n certs -- sh -c "mkdir /etc/dehydrated/certs"</code></pre> </li> <li> <p>Upgrade all packages in the container and install the 'dbus' package within the container to enable easy hostname change:</p> <pre><code class="language-shell">lxc-attach -n certs -- sh -c "apt update && apt upgrade -y && apt install -y dbus rsyslog"</code></pre> </li> <li> <p>Set the container's hostname according to its function for easy identification:</p> <pre><code class="language-shell">lxc-attach -n certs -- hostnamectl set-hostname certs</code></pre> </li> </ol> <blockquote> <blockquote> <blockquote> <blockquote> <blockquote> <p>Containerization is optional. Basically any platform setup will do, as long as it provides a <a href="https://www.debian.org/releases/stretch/">Debian 9 (Stretch)</a> or derivative OS along with the required file shares to work with (whether it regards one single bare metal machine or several distributed / virtualized ones).</p> </blockquote> </blockquote> </blockquote> </blockquote> </blockquote> <!-- REFERENCES -->