#update core packages apt update && apt upgrade -y #apply all the packages I need apt install -y ca-certificates curl ethtool iptables-persistent git htop #Enable IP Forwarding (Persistent) sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf grep -qF "net.ipv4.ip_forward=1" /etc/sysctl.conf || echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl -p # Add the "Catch-All" NAT rule for eth0 # "If traffic leaves eth0, masquerade it (make it look like the LXC's IP)" # This works for ANY internal Docker subnet (172.x, 192.x, 10.x) iptables -C POSTROUTING -t nat -o eth0 -j MASQUERADE 2>/dev/null || \ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Save the rules (Requires iptables-persistent / netfilter-persistent installed) netfilter-persistent save #change the virtio settings and Apply checksum fix immediately if ! grep -q "post-up /sbin/ethtool" /etc/network/interfaces; then sed -i '/gateway/a \ post-up /sbin/ethtool -K eth0 tx off rx off' /etc/network/interfaces fi ethtool -K eth0 tx off rx off #Enable Root SSH Login sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config grep -q "^PermitRootLogin yes" /etc/ssh/sshd_config || echo "PermitRootLogin yes" >> /etc/ssh/sshd_config systemctl restart ssh #install the keyring for the docker repo install -m 0755 -d /etc/apt/keyrings curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: tee /etc/apt/sources.list.d/docker.sources < /root/.docker/config.json #sanitize the LXC systemctl stop docker rm -f /etc/docker/key.json rm -f /etc/ssh/ssh_host_* truncate -s 0 /etc/machine-id rm -f /var/lib/dbus/machine-id ln -s /etc/machine-id /var/lib/dbus/machine-id #Clean Apt Cache & Logs apt clean rm -rf /var/lib/apt/lists/* rm -rf /var/log/*.log rm -rf /var/log/journal/* #Clear Command History history -c && history -w #shutdown and convert to template shutdown now