flynx/proxmox-utils
1
0
Fork 0
mirror of https://github.com/flynx/proxmox-utils.git synced 2025-10-30 11:40:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

added network diagram...

Browse Source 
Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
This commit is contained in:
Alex A. Naanou 2024-10-19 23:17:24 +03:00
parent d27f8e762d
commit 5aca94ed2f
1 changed files with 52 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
README.md
View File

@ -41,33 +41,55 @@ Goals:
and administration of all the related components at the cost of a and administration of all the related components at the cost of a
heavier CT transparently integrating multiple related services heavier CT transparently integrating multiple related services
XXX service structure ```
Internet Admin
v v
+----|----------------------------------------------------|-----+
| | | |
| (wan) (lan) (admin) |
| | | | |
| | | pve --+ |
| | | | |
| | +--------------------------------+ |
| | / | | |
| +--($WAN_SSH_IP)- ssh ---------------+ | |
| | ^ | | |
| | (ssh:22) | | |
| | . | | |
| | . +------------------------(nat)--+ |
| | ./ | | |
| +------($WAN_IP)- gate ------(nat)---+ | |
| . | | |
| . +-- ns ---------+ |
| . | | |
| + - (udp:51820)-> +-- wireguard | |
| . | | |
| + - (ssh/https)-> +-- gitea | |
| . | | |
| + - - - (https)-> +-- nextcloud | |
| | | |
| +-- syncthing --+ |
| |
+---------------------------------------------------------------+
```
XXX network XXX network
In general `proxmox-utils` splits the configuration into two levels: XXX service structure
### CT level
This level is handled by the `Makefile` and is almost completely automated
### Host level
This level depends on the host setup and is currently done manually
depending on existing host configuration.
## Prerequisites ## Setup
### Prerequisites
Install Proxmox and connect it to your network. Install Proxmox and connect it to your network.
## Semi-automated setup
This will download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it: ### Semi-automated setup
Download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it:
```shell ```shell
curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash
``` ```
@ -78,7 +100,7 @@ This will:
- Run `make bootstrap` on the repo - Run `make bootstrap` on the repo
After the basic setup is done connect the device to the network via the After the basic setup is done connect the device to the network via the
selcted WAN port and it is reccomended to disconnect the admin PORT. selcted WAN port and **disconnect** the ADMIN port.
The WAN interface exposes two IPs: The WAN interface exposes two IPs:
- Main server (config: `DFL_WAN_IP` / `WAN_IP`) - Main server (config: `DFL_WAN_IP` / `WAN_IP`)
@ -87,10 +109,10 @@ The WAN interface exposes two IPs:
- Fail-safe ssh (config: `DFL_WAN_SSH_IP` / `WAN_SSH_IP`) - Fail-safe ssh (config: `DFL_WAN_SSH_IP` / `WAN_SSH_IP`)
- ssh:22 - ssh:22
The Proxmox administrative interface is available behind the Wireguard The Proxmox administrative interface is available behind the Wireguard
proxy or on the ADMIN port, both on https://10.0.0.254:8006. proxy or on the ADMIN port, both on https://10.0.0.254:8006.
To finalize the setup run: To finalize the setup run:
```shell ```shell
make finalize make finalize
@ -105,12 +127,16 @@ This will
after rule review. after rule review.
### Accessing the host *Note that the ADMIN port is configured for direct connections only (DHCP),
connecting it to a configured network can lead to unexpected behavior.*
#### Accessing the host
XXX XXX
### Setup additional services #### Setup additional services
XXX XXX
@ -137,16 +163,16 @@ make gitea
``` ```
### Setup and configure custom services #### Setup and configure custom services
XXX traefik rules XXX traefik rules
## Manual setup ### Manual setup
### Bootstrapping #### Bootstrapping
Since all the internal traffic is routed through the `gate` we need both Since all the internal traffic is routed through the `gate` we need both
the bridges and it setup for things to work, thus we first bootstrap the the bridges and it setup for things to work, thus we first bootstrap the
@ -179,7 +205,7 @@ only for administration and recovory cases.
### Network Bridges #### Network Bridges
`proxmox-utils` expects there to be at least three bridges: `proxmox-utils` expects there to be at least three bridges:
- `WAN` (`vmbr_wan`) - connected to the port that faces the external - `WAN` (`vmbr_wan`) - connected to the port that faces the external
@ -209,7 +235,7 @@ first/last ports to wan/admin respectively and clearly mark them as such.
### DNS #### DNS
Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1` Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1`
but before whatever external DNS you are using. but before whatever external DNS you are using.
@ -225,7 +251,7 @@ make host-bootstrap
``` ```
### Firewall #### Firewall
Make sure to allow at least `ssh` access to the host node from the `ADMIN` Make sure to allow at least `ssh` access to the host node from the `ADMIN`
interface to allow admin CT's access to the host if needed, this is mostly interface to allow admin CT's access to the host if needed, this is mostly