flynx/proxmox-utils
1
0
Fork 0
mirror of https://github.com/flynx/proxmox-utils.git synced 2025-12-17 09:01:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs...

Browse Source 
Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
This commit is contained in:
Alex A. Naanou 2024-10-19 20:05:30 +03:00
parent 2df81dcf01
commit cf0aba1338
3 changed files with 111 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.pct-helpers
View File

@ -10,7 +10,7 @@ CT_DIR=${CT_DIR:=/etc/pve/lxc/}
# XXX # XXX
EDITOR=${EDITOR:-vim} EDITOR=${EDITOR:-nano}

142
README.md
View File

@ -64,38 +64,123 @@ XXX clean setup scripts...
## Prerequisites ## Prerequisites
### Proxmox Install Proxmox and connect it to your network.
## Semi-automated setup
This will download the [`bootstrap.sh`](./bootstrap.sh) script and execute it:
```shell ```shell
sudo apt update && sudo apt upgrade curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/bootstrap.sh' | sudo bash
``` ```
```shell This will:
sudo apt install git make - Install basic dependencies
``` - Clone this repo
- Run `make bootstrap` on the repo
After the basic setup is done connect the device to the network via the
selcted WAN port and it is reccomended to disconnect the admin PORT.
The WAN interface exposes two IPs:
- Main server (config: `DFL_WAN_IP` / `WAN_IP`)
- ssh:23
- wireguard:51820
- Fail-safe ssh (config: `DFL_WAN_SSH_IP` / `WAN_SSH_IP`)
- ssh:22
The Proxmox administrative interface is available behind the Wireguard
proxy or on the ADMIN port, both on https://10.0.0.254:8006.
XXX setup additional CTs...
XXX configuration / administration...
## Manual setup
### Bootstrapping
Since all the internal traffic is routed through the `gate` we need both
the bridges and it setup for things to work, thus we first bootstrap the
bridges, create the basic infrastructure and then finalize the setup.
Bootsrapping is done in three stages:
1. Bootstrap:
```shell
make bootstrap
```
- Create the needed bridges
- Create the infrastructure CT's (`gate`, `ns`, `ssh`, ...)
2. Cleanup:
```shell
make bootstrap-clean
```
- Route the `host` through the `gate`
3. Finalize:
```shell
make finalise
```
- disconnect the `host` from the non-ADMIN networks
After the final stage two physical ports will be active, the ADMIN port
and the WAN port, the former is by default the same port set by Proxmox
setup, the WAN port is the port selected during the stup stage. All the
services will be listening on the WAN port while the admin port is used
only for administration and recovory cases.
### Network Bridges ### Network Bridges
`proxmox-utils` expects there to be at least three bridges: `proxmox-utils` expects there to be at least three bridges:
- `WAN` - connected to the port that faces the external network (either - `WAN` (`vmbr_wan`) - connected to the port that faces the external
directly of via a router) network (either directly of via a router)
- `LAN` - a virtual bridge, not connected to any physical interfaces - `LAN` (`vmbr_lan`) - a virtual bridge, not connected to any physical
- `ADMIN` - connected to a second physical interface used for interfaces
administrative purposes. - `ADMIN` (`vmbr_admin`) - connected to a second physical interface used
for administrative purposes.
Note their numbers (i.e. the number in `vmbr#`), this will be needed for Created via:
setup. ```shell
make host-bootstrap
```
Note, if the device has more that two ports it is recommended to assign Updated by:
```shell
make host-bootstrap-clean
```
and:
```shell
make finalize
```
If the device has more that two ports it is recommended to assign
first/last ports to wan/admin respectively and clearly mark them as such. first/last ports to wan/admin respectively and clearly mark them as such.
### DNS ### DNS
Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1` Add `10.1.1.1` to the DNS on the Proxmox host node after the `127.0.0.1`
but before whatever external DNS you are using. but before whatever external DNS you are using.
Donw via:
```shell
make host
```
or:
```shell
make host-bootstrap
```
### Firewall ### Firewall
@ -103,6 +188,16 @@ Make sure to allow at least `ssh` access to the host node from the `ADMIN`
interface to allow admin CT's access to the host if needed, this is mostly interface to allow admin CT's access to the host if needed, this is mostly
needed to allow VPN/ssh administration from outside. needed to allow VPN/ssh administration from outside.
Donw via:
```shell
make host
```
or:
```shell
make host-bootstrap
```
For Proxmox firewall configuration see: For Proxmox firewall configuration see:
https://pve.proxmox.com/wiki/Firewall https://pve.proxmox.com/wiki/Firewall
@ -117,32 +212,13 @@ XXX emergency access points: ssh and wireguard
## Setup ## Misc
Get the code:
```shell
git clone https://github.com/flynx/proxmox-utils.git
```
or:
```shell
git clone git@github.com:flynx/proxmox-utils.git
```
For host setup:
```shell
sudo make host
```
Be carefull as this may overwrite existing configuration.
Install CT's: Install CT's:
```shell ```shell
sudo make all sudo make all
``` ```
Install gitea (optional): Install gitea (optional):
```shell ```shell
sudo make dev sudo make dev

6
bootstrap.sh
View File

@ -4,13 +4,9 @@
#PROXMOX_UTILS=git@github.com:flynx/proxmox-utils.git #PROXMOX_UTILS=git@github.com:flynx/proxmox-utils.git
PROXMOX_UTILS=${PROXMOX_UTILS:-https://github.com/flynx/proxmox-utils.git} PROXMOX_UTILS=${PROXMOX_UTILS:-https://github.com/flynx/proxmox-utils.git}
# XXX do we need to update the system here?
apt update
apt upgrade
# keep this to the minimum, at this point... # keep this to the minimum, at this point...
apt install \ apt install \
git make wget vim git make wget
git clone $PROXMOX_UTILS git clone $PROXMOX_UTILS