added network diagram...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
2025-10-31 12:10:07 +00:00 · 2024-10-19 23:17:24 +03:00 · 2024-10-19 23:17:24 +03:00 · 5aca94ed2f
commit 5aca94ed2f
parent d27f8e762d
1 changed files with 52 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -41,33 +41,55 @@ Goals:
  and administration of all the related components at the cost of a 
  heavier CT transparently integrating multiple related services

-XXX service structure
+```
+    Internet                                              Admin 
+       v                                                    v
+  +----|----------------------------------------------------|-----+  
+  |    |                                                    |     |  
+  |  (wan)                                (lan)          (admin)  |  
+  |    |                                    |               |     |  
+  |    |                                    |         pve --+     |  
+  |    |                                    |               |     |  
+  |    |                   +--------------------------------+     |  
+  |    |                  /                 |               |     |  
+  |    +--($WAN_SSH_IP)- ssh ---------------+               |     |  
+  |    |                  ^                 |               |     |  
+  |    |              (ssh:22)              |               |     |  
+  |    |                  .                 |               |     |  
+  |    |                  . +------------------------(nat)--+     |  
+  |    |                  ./                |               |     |  
+  |    +------($WAN_IP)- gate ------(nat)---+               |     |  
+  |                       .                 |               |     |  
+  |                       .                 +-- ns ---------+     |  
+  |                       .                 |               |     |  
+  |                       + - (udp:51820)-> +-- wireguard   |     |  
+  |                       .                 |               |     |  
+  |                       + - (ssh/https)-> +-- gitea       |     |  
+  |                       .                 |               |     |  
+  |                       + - - - (https)-> +-- nextcloud   |     |  
+  |                                         |               |     |  
+  |                                         +-- syncthing --+     |  
+  |                                                               |  
+  +---------------------------------------------------------------+  
+```

 XXX network

-In general `proxmox-utils` splits the configuration into two levels:
-
-
-### CT level  
-
-This level is handled by the `Makefile` and is almost completely automated
-
-
-### Host level
-
-This level depends on the host setup and is currently done manually 
-depending on existing host configuration.
+XXX service structure



-## Prerequisites
+## Setup
+
+### Prerequisites

 Install Proxmox and connect it to your network.


-## Semi-automated setup

-This will download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it:
+### Semi-automated setup
+
+Download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it:
 ```shell
 curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash
 ```
@ -78,7 +100,7 @@ This will:
 - Run `make bootstrap` on the repo

 After the basic setup is done connect the device to the network via the 
-selcted WAN port and it is reccomended to disconnect the admin PORT.
+selcted WAN port and **disconnect** the ADMIN port.

 The WAN interface exposes two IPs:
 - Main server (config: `DFL_WAN_IP` / `WAN_IP`)
@ -87,10 +109,10 @@ The WAN interface exposes two IPs:
 - Fail-safe ssh (config: `DFL_WAN_SSH_IP` / `WAN_SSH_IP`)
  - ssh:22

+
 The Proxmox administrative interface is available behind the Wireguard 
 proxy or on the ADMIN port, both on https://10.0.0.254:8006.

-
 To finalize the setup run:
 ```shell
 make finalize
@ -105,12 +127,16 @@ This will
  after rule review.
  

-### Accessing the host
+*Note that the ADMIN port is configured for direct connections only (DHCP), 
+connecting it to a configured network can lead to unexpected behavior.*
+
+
+#### Accessing the host

 XXX


-### Setup additional services
+#### Setup additional services

 XXX

@ -137,16 +163,16 @@ make gitea
 ```


-### Setup and configure custom services
+#### Setup and configure custom services

 XXX traefik rules



-## Manual setup
+### Manual setup


-### Bootstrapping
+#### Bootstrapping

 Since all the internal traffic is routed through the `gate` we need both 
 the bridges and it setup for things to work, thus we first bootstrap the
@ -179,7 +205,7 @@ only for administration and recovory cases.



-### Network Bridges
+#### Network Bridges

 `proxmox-utils` expects there to be at least three bridges:
 - `WAN` (`vmbr_wan`) - connected to the port that faces the external 
@ -209,7 +235,7 @@ first/last ports to wan/admin respectively and clearly mark them as such.



-### DNS
+#### DNS

 Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1`
 but before whatever external DNS you are using.
@ -225,7 +251,7 @@ make host-bootstrap
 ```


-### Firewall
+#### Firewall

 Make sure to allow at least `ssh` access to the host node from the `ADMIN` 
 interface to allow admin CT's access to the host if needed, this is mostly