2023-07-23 17:26:46 +03:00
|
|
|
# proxmox-utils (EXPERIMENTAL)
|
|
|
|
|
|
|
|
|
|
A set of scripts for automating setup and tasks in proxmox.
|
|
|
|
|
|
2024-01-04 01:47:12 +03:00
|
|
|
## TODO
|
2024-01-04 02:52:44 +03:00
|
|
|
- revise defaults
|
2024-01-11 02:41:00 +03:00
|
|
|
- separate templates/assets into distribution and user directories
|
|
|
|
|
...this is needed to allow the user to change the configs without the
|
|
|
|
|
fear of them being overwritten by git (similar to how config is handlerd)
|
|
|
|
|
- automate:
|
|
|
|
|
- create/destory -- DONE
|
|
|
|
|
- updates
|
|
|
|
|
- backup/restore
|
2023-07-23 17:26:46 +03:00
|
|
|
- basic infrastructure CT's
|
2024-01-11 02:41:00 +03:00
|
|
|
- ns -- DONE
|
|
|
|
|
- gate / reverse proxy -- DONE
|
2023-07-23 17:26:46 +03:00
|
|
|
- basic service CT's
|
2024-01-11 02:41:00 +03:00
|
|
|
- syncthing -- DONE
|
|
|
|
|
- git -- DONE
|
|
|
|
|
- nextcloud -- DONE
|
|
|
|
|
- vpn -- DONE
|
|
|
|
|
- ssh -- DONE
|
|
|
|
|
- mail
|
2023-07-23 17:26:46 +03:00
|
|
|
- basic recurent tasks
|
|
|
|
|
- backups
|
|
|
|
|
- archiving
|
|
|
|
|
- updates
|
|
|
|
|
- ...
|
|
|
|
|
|
|
|
|
|
|
2024-01-14 17:40:13 +03:00
|
|
|
## Architecture
|
|
|
|
|
|
|
|
|
|
XXX service structure
|
|
|
|
|
|
|
|
|
|
XXX network
|
|
|
|
|
|
|
|
|
|
In general `proxmox-utils` splits the configuration into two levels:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### CT level
|
|
|
|
|
|
|
|
|
|
This level is handled by the `Makefile` and is almost completely automated
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Host level
|
|
|
|
|
|
|
|
|
|
This level depends on the host setup and is currently done manually
|
|
|
|
|
depending on existing host configuration.
|
|
|
|
|
|
|
|
|
|
XXX clean setup scripts...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
## Prerequisites
|
|
|
|
|
|
|
|
|
|
### Proxmox
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
sudo apt update && sudo apt upgrade
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
sudo apt install git make
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Network Bridges
|
|
|
|
|
|
|
|
|
|
`proxmox-utils` expects there to be at least three bridges:
|
2024-01-14 17:40:13 +03:00
|
|
|
- `WAN` - connected to the port that faces the external network (either
|
2024-01-13 00:04:09 +03:00
|
|
|
directly of via a router)
|
2024-01-14 17:40:13 +03:00
|
|
|
- `LAN` - a virtual bridge, not connected to any physical interfaces
|
|
|
|
|
- `ADMIN` - connected to a second physical interface used for
|
2024-01-13 00:04:09 +03:00
|
|
|
administrative purposes.
|
|
|
|
|
|
|
|
|
|
Note their numbers (i.e. the number in `vmbr#`), this will be needed for
|
|
|
|
|
setup.
|
|
|
|
|
|
2024-01-17 15:12:04 +03:00
|
|
|
Note, if the device has more that two ports it is recommended to assign
|
|
|
|
|
first/last ports to wan/admin respectively and clearly mark them as such.
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
|
|
|
|
|
### DNS
|
|
|
|
|
|
|
|
|
|
Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1`
|
|
|
|
|
but before whatever external DNS you are using.
|
|
|
|
|
|
|
|
|
|
|
2024-01-14 17:40:13 +03:00
|
|
|
### Firewall
|
|
|
|
|
|
|
|
|
|
Make sure to allow at least `ssh` access to the host node from the `ADMIN`
|
|
|
|
|
interface to allow admin CT's access to the host if needed, this is mostly
|
|
|
|
|
needed to allow VPN/ssh administration from outside.
|
|
|
|
|
|
|
|
|
|
For Proxmox firewall configuration see:
|
|
|
|
|
https://pve.proxmox.com/wiki/Firewall
|
|
|
|
|
|
|
|
|
|
|
2024-01-17 15:12:04 +03:00
|
|
|
### Recovery strategies
|
|
|
|
|
|
|
|
|
|
ns/gate as separate nodes for redundancy
|
|
|
|
|
|
|
|
|
|
ssh facing lan to avoid a single point of failure with gate
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
## Setup
|
|
|
|
|
|
|
|
|
|
```shell
|
|
|
|
|
sudo make all
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
2024-01-20 19:00:22 +03:00
|
|
|
## Post-setup
|
|
|
|
|
|
|
|
|
|
XXX test conections
|
|
|
|
|
XXX change proxmox ip/network
|
|
|
|
|
|
|
|
|
|
|
2024-01-13 00:04:09 +03:00
|
|
|
|
2023-07-23 17:26:46 +03:00
|
|
|
|
