resolver gateway tail instead of head

README.md

@@ -63,7 +63,10 @@ Nested container test drive
 * CONTAINER=nested
 * lxc-miaou-create $CONTAINER -o sameuser,nesting
 * lxc sameuser $CONTAINER
+* # EITHER:
   * /opt/miaou/lib/install.sh dev
+  * # OR
+  * EMAIL=<your email> /opt/miaou/lib/install.sh dev
 
 Hardening server
 ----------------

lib/functions.sh

@@ -641,6 +641,7 @@ function prepare_toolbox() {
 function install_mandatory_commands() {
     local PREFIX="mandatory:commands"
 
+    echo "installing various mandatory commands"
     sudo /opt/miaou-bash/tools/idem_apt_install dnsutils build-essential curl mariadb-client postgresql-client
 
     if ! exist_command tera; then

lib/harden.sh

@@ -217,7 +217,7 @@ function disable_systemd_resolved() {
     sudo systemctl stop systemd-resolved.service
     sudo systemctl disable systemd-resolved.service
     sudo rm /etc/resolv.conf
-    cat <<EOF | sudo tee /etc/resolv.conf
+    sudo tee /etc/resolv.conf &>/dev/null <<EOF
 nameserver 1.1.1.1
 EOF
     echo "OK"

lib/install.sh

@@ -40,8 +40,10 @@ function prepare_lxd {
     fi
 
     sudo /opt/miaou-bash/tools/idem_apt_install lxd btrfs-progs
+}
 
-    override_lxd_service
+function configure_lxd {
+    local PREFIX="lxd:configure"
 
     # test lxdbr0 FIXME: preseed too much repetitions!!!!
     if ! lxc network info lxdbr0 &>/dev/null; then
@@ -178,14 +180,14 @@ EOF
 
         echo -n "set environment container_hostname to <$env_container_hostname> ... "
         sg $NEW_GROUP -c "lxc profile set default environment.container_hostname \"$env_container_hostname\""
-        PREFIX="" echoinfo OK
+        PREFIX="" echoinfo DONE
     else
         echo "environment container_hostname <$env_container_hostname> already defined!"
     fi
 
     if ! grep -q "root:$(id -u):1" /etc/subuid; then
-        echo -n "subuid, subgid allowing <$(whoami)> ..."
-        printf "root:$(id -u):1\n" | sudo tee -a /etc/subuid /etc/subgid
+        echo -n "saving subuid, subgid permissions for <$(whoami)> ..."
+        printf "root:$(id -u):1\n" | sudo tee -a /etc/subuid /etc/subgid &>/dev/null
         PREFIX="" echoinfo DONE
     else
         echo "subuid, subgid allowing <$(whoami)> already done!"
@@ -215,7 +217,7 @@ function set_alias {
     if ! lxc alias list -f csv | grep -q "^$name,"; then
         echo -n "defining new lxc alias <$name> ..."
         lxc alias add "$name" "$command"
-        PREFIX="" echoinfo OK
+        PREFIX="" echoinfo DONE
     else
         echo "lxc alias <$name> already defined!"
     fi
@@ -226,7 +228,7 @@ function miaou_evalfrombashrc() {
     local PREFIX="miaou:bashrc"
     output=$(
         /opt/miaou-bash/tools/append_or_replace \
-            "^eval \"\\$\($MIAOU_BASEDIR/lib/install.sh shellenv\)\"$" \
+            "^eval \"\\$\(.*miaou/lib/install.sh shellenv\)\"$" \
             "eval \"\$($MIAOU_BASEDIR/lib/install.sh shellenv)\"" \
             "$HOME/.bashrc"
     )
@@ -353,12 +355,13 @@ function miaou_resolver() {
         fi
     else
         if ! grep -q "nameserver $bridge" /etc/resolv.conf; then
-            echo "customize resolv.conf from scratch (SERVER)..."
+            echo -n "customize resolv.conf from scratch with bridge=<$bridge>, gatewary=<$gateway> ..."
             sudo tee /etc/resolv.conf &>/dev/null <<EOF
-nameserver $bridge
-nameserver $gateway
+# generated by miaou            
+nameserver $bridge # LXD bridge
+nameserver $gateway # gateway
 EOF
-            PREFIX="" echoinfo OK
+            PREFIX="" echoinfo DONE
         else
             echo "customize resolv.conf already already defined!"
         fi
@@ -376,14 +379,14 @@ function override_lxd_service {
     if [[ ! -d /etc/systemd/system/lxd.service.d ]]; then
         echo -n "override lxd service..."
         sudo mkdir -p /etc/systemd/system/lxd.service.d
-        cat <<EOF | sudo tee /etc/systemd/system/lxd.service.d/override.conf
+        sudo tee /etc/systemd/system/lxd.service.d/override.conf &>/dev/null <<EOF
 [Service]                                                                                                                                                                        
 ExecStartPost=systemctl reload nftables.service
 Environment=LANGUAGE=en:en_US
 EOF
         sudo systemctl daemon-reload
         sudo systemctl restart lxd.service
-        PREFIX="" echo "OK"
+        PREFIX="" echoinfo "DONE"
     else
         echo "lxd service already overridden!"
     fi
@@ -472,6 +475,8 @@ else
     add_toolbox_sudoers
     prepare_nftables
     prepare_lxd
+    override_lxd_service
+    configure_lxd
     preload_bookworm_image
     miaou_resolver
     miaou_evalfrombashrc

scripts/miaou

@@ -368,11 +368,13 @@ function prepare_dmz_container() {
 
 function check_resolv_conf() {
     local bridge_gw resolver
+
     bridge_gw=$(lxc network get lxdbr0 ipv4.address | cut -d'/' -f1)
-    resolver=$(grep nameserver /etc/resolv.conf | head -n1 | cut -d ' ' -f2)
+    PREFIX="resolver:check" echo "container bridge is <$bridge_gw>"
 
+    resolver=$(grep nameserver /etc/resolv.conf | tail -n1 | cut -d ' ' -f2)
     PREFIX="resolver:check" echo "container resolver is <$resolver>"
-    PREFIX="resolver:check" echo "container bridge is <$bridge_gw>"
+
     [[ "$bridge_gw" != "$resolver" ]] && return 21
     return 0
 }