diff --git a/README.md b/README.md index 493892b..cc7f9c1 100644 --- a/README.md +++ b/README.md @@ -41,33 +41,55 @@ Goals: and administration of all the related components at the cost of a heavier CT transparently integrating multiple related services -XXX service structure +``` + Internet Admin + v v + +----|----------------------------------------------------|-----+ + | | | | + | (wan) (lan) (admin) | + | | | | | + | | | pve --+ | + | | | | | + | | +--------------------------------+ | + | | / | | | + | +--($WAN_SSH_IP)- ssh ---------------+ | | + | | ^ | | | + | | (ssh:22) | | | + | | . | | | + | | . +------------------------(nat)--+ | + | | ./ | | | + | +------($WAN_IP)- gate ------(nat)---+ | | + | . | | | + | . +-- ns ---------+ | + | . | | | + | + - (udp:51820)-> +-- wireguard | | + | . | | | + | + - (ssh/https)-> +-- gitea | | + | . | | | + | + - - - (https)-> +-- nextcloud | | + | | | | + | +-- syncthing --+ | + | | + +---------------------------------------------------------------+ +``` XXX network -In general `proxmox-utils` splits the configuration into two levels: - - -### CT level - -This level is handled by the `Makefile` and is almost completely automated - - -### Host level - -This level depends on the host setup and is currently done manually -depending on existing host configuration. +XXX service structure -## Prerequisites +## Setup + +### Prerequisites Install Proxmox and connect it to your network. -## Semi-automated setup -This will download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it: +### Semi-automated setup + +Download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it: ```shell curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash ``` @@ -78,7 +100,7 @@ This will: - Run `make bootstrap` on the repo After the basic setup is done connect the device to the network via the -selcted WAN port and it is reccomended to disconnect the admin PORT. +selcted WAN port and **disconnect** the ADMIN port. The WAN interface exposes two IPs: - Main server (config: `DFL_WAN_IP` / `WAN_IP`) @@ -87,10 +109,10 @@ The WAN interface exposes two IPs: - Fail-safe ssh (config: `DFL_WAN_SSH_IP` / `WAN_SSH_IP`) - ssh:22 + The Proxmox administrative interface is available behind the Wireguard proxy or on the ADMIN port, both on https://10.0.0.254:8006. - To finalize the setup run: ```shell make finalize @@ -105,12 +127,16 @@ This will after rule review. -### Accessing the host +*Note that the ADMIN port is configured for direct connections only (DHCP), +connecting it to a configured network can lead to unexpected behavior.* + + +#### Accessing the host XXX -### Setup additional services +#### Setup additional services XXX @@ -137,16 +163,16 @@ make gitea ``` -### Setup and configure custom services +#### Setup and configure custom services XXX traefik rules -## Manual setup +### Manual setup -### Bootstrapping +#### Bootstrapping Since all the internal traffic is routed through the `gate` we need both the bridges and it setup for things to work, thus we first bootstrap the @@ -179,7 +205,7 @@ only for administration and recovory cases. -### Network Bridges +#### Network Bridges `proxmox-utils` expects there to be at least three bridges: - `WAN` (`vmbr_wan`) - connected to the port that faces the external @@ -209,7 +235,7 @@ first/last ports to wan/admin respectively and clearly mark them as such. -### DNS +#### DNS Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1` but before whatever external DNS you are using. @@ -225,7 +251,7 @@ make host-bootstrap ``` -### Firewall +#### Firewall Make sure to allow at least `ssh` access to the host node from the `ADMIN` interface to allow admin CT's access to the host if needed, this is mostly