Containerization

<!-- | Goal | Create an LXC container for mail handling.| |-----------|------| | Rationale | Have a manageable, flexible, transferable, and secure platform for the functional software to be installed on.| | Nuance |Containerization is optional as, functionally, any [Debian 9 (Stretch)][1] OS setup, along with the required file shares, should do.| ## Procedure --> <ol> <li> <p>Create a btrfs backed container populated with a Debian stretch root filesystem downloaded from a template:</p> <pre><code class="language-shell">lxc-create -B btrfs -n mailserver -t download -- -d Debian -r Stretch -a $(uname -m)</code></pre> <blockquote> <blockquote> <blockquote> <p>Using BTRFS as a container's backing store requires an underlying host's block device (partition) that is BTRFS formatted too!</p> </blockquote> </blockquote> </blockquote> </li> </ol> <!-- `-B` defines the backing store's file system; `BTRFS` in this case to enable incremental snapshotting. `-n` defines the name of the container; `mailserver` in this case. `-t` defines the template to use; `download` in this case to use a predefined one. `-d` defines the distribution; `Debian` in this case. `-r` defines the release; `Stretch` in this case. `-a` defines the architecture; `$(uname -m)` in this case, as it resolves to the architecture of the system it is issued on. --> <ol start="2"> <li> <p>Adapt this container's config file as such that a mount-point targets the certs' container 'certs' directory to have SSL certificates available in this container:</p> <pre><code class="language-shell">echo -e "\n\n# Mount configuration" &gt;&gt; $(lxc-config lxc.lxcpath)/mailserver/config echo -e "lxc.mount.entry = $(lxc-config lxc.lxcpath)/certs/rootfs/etc/dehydrated/certs etc/certs none bind,ro,create=dir 0 0" &gt;&gt; $(lxc-config lxc.lxcpath)/mailserver/config</code></pre> <blockquote> <p><code>$(lxc-config lxc.lxcpath)</code> resolves to the LXC-base path.</p> <p><code>create=dir</code> creates the directory (mount point) if it does not exist in the mailserver container yet.</p> </blockquote> </li> </ol> <!-- !!! Add step giving the container a static IP via config file --> <ol start="3"> <li> <p>Start the container to enable using / shaping its internals in later steps:</p> <pre><code class="language-shell">lxc-start -n mailserver</code></pre> </li> <li> <p>Upgrade all packages in the container and install the 'dbus' package within the container to enable easy hostname change:</p> <pre><code class="language-shell">lxc-attach -n mailserver -- sh -c "apt update &amp;&amp; apt upgrade -y &amp;&amp; apt install -y dbus rsyslog"</code></pre> </li> <li> <p>Set the container's hostname according to its function for easy identification:</p> <pre><code class="language-shell">lxc-attach -n mailserver -- hostnamectl set-hostname mailserver</code></pre> </li> </ol> <!-- REFERENCES -->