mirror of
https://github.com/flynx/proxmox-utils.git
synced 2025-10-28 10:40:07 +00:00
minor cleanup to ns...
Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
This commit is contained in:
parent
c3ccb5eb0c
commit
ed943f754b
42
README.md
42
README.md
@ -34,17 +34,17 @@ Fun.
|
|||||||
|
|
||||||
### Goals
|
### Goals
|
||||||
|
|
||||||
- Separate concerns
|
- _Separate concerns_
|
||||||
Preferably one service/role per CT
|
Preferably one service/role per CT
|
||||||
- Keep things as light as possible
|
- _Keep things as light as possible_
|
||||||
This for the most part rules out Docker as a nested virtualization
|
This for the most part rules out Docker as a nested virtualization
|
||||||
layer under Proxmox while preferring light distributions like Alpine
|
layer under Proxmox, and preferring light distributions like Alpine
|
||||||
Linux
|
Linux
|
||||||
- Pragmatic simplicity
|
- _Pragmatic simplicity_
|
||||||
This goal yields some compromises to previous goals, for example [TKL]()
|
This goal yields some compromises to previous goals, for example [TKL]()
|
||||||
is used as a base for [Nextcloud]() effectively simplifying the setup
|
is used as a base for [Nextcloud]() effectively simplifying the setup
|
||||||
and administration of all the related components at the cost of a
|
and administration of all the related components at the cost of a
|
||||||
heavier CT transparently integrating multiple related services
|
heavier CT, transparently integrating multiple related services
|
||||||
|
|
||||||
|
|
||||||
### Network
|
### Network
|
||||||
@ -108,9 +108,9 @@ The `gate` and `ns` CT's are only accessible for administration from the
|
|||||||
host (i.e. via `lxc-attach ..`).
|
host (i.e. via `lxc-attach ..`).
|
||||||
|
|
||||||
Three ways of access to the ADMIN network are provided:
|
Three ways of access to the ADMIN network are provided:
|
||||||
- `ssh` service (CT) via the `gate` reverse proxy
|
- `wireguard` VPN (CT) via `gate` reverse proxy,
|
||||||
- `wireguard` VPN (CT) via `gate` reverse proxy
|
- `ssh` service (CT) via the `gate` reverse proxy,
|
||||||
- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe)
|
- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe).
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -131,7 +131,7 @@ This setup will use three IP addresses:
|
|||||||
will not be used after setup is done,
|
will not be used after setup is done,
|
||||||
2. WAN IP address to be used for the main set of applications, this is
|
2. WAN IP address to be used for the main set of applications, this is
|
||||||
the address that all the requests will be routed from to various
|
the address that all the requests will be routed from to various
|
||||||
services internally,
|
services on the LAN network,
|
||||||
3. Fail-safe ssh IP address, this is the connection used for recovery
|
3. Fail-safe ssh IP address, this is the connection used for recovery
|
||||||
in case the internal routing fails.
|
in case the internal routing fails.
|
||||||
|
|
||||||
@ -139,9 +139,9 @@ This setup will use three IP addresses:
|
|||||||
|
|
||||||
### Semi-automated setup
|
### Semi-automated setup
|
||||||
|
|
||||||
Open a terminal on the host (`ssh` or via the UI).
|
Open a terminal on the host, either `ssh` (recommended) or via the UI.
|
||||||
|
|
||||||
Optionally, set a desired default editor via:
|
Optionally, set a desired default editor (default: `nano`) via:
|
||||||
```shell
|
```shell
|
||||||
export EDITOR=nano
|
export EDITOR=nano
|
||||||
```
|
```
|
||||||
@ -151,22 +151,20 @@ Download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it:
|
|||||||
curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash
|
curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash
|
||||||
```
|
```
|
||||||
|
|
||||||
|
_It is recommended to review the script/code before starting._
|
||||||
|
|
||||||
This will:
|
This will:
|
||||||
- Install basic dependencies
|
- Install basic dependencies,
|
||||||
- Clone this repo
|
- Clone this repo,
|
||||||
- Run `make bootstrap` on the repo
|
- Run `make bootstrap` on the repo.
|
||||||
|
|
||||||
After the basic setup is done connect the device to the network via the
|
At this point WAN interface exposes two IPs:
|
||||||
selcted WAN port and **disconnect** the ADMIN port.
|
|
||||||
|
|
||||||
The WAN interface exposes two IPs:
|
|
||||||
- Main server (config: `$DFL_WAN_IP` / `$WAN_IP`)
|
- Main server (config: `$DFL_WAN_IP` / `$WAN_IP`)
|
||||||
- ssh:23
|
- ssh:23
|
||||||
- wireguard:51820
|
- wireguard:51820
|
||||||
- Fail-safe ssh (config: `$DFL_WAN_SSH_IP` / `$WAN_SSH_IP`)
|
- Fail-safe ssh (config: `$DFL_WAN_SSH_IP` / `$WAN_SSH_IP`)
|
||||||
- ssh:22
|
- ssh:22
|
||||||
|
|
||||||
|
|
||||||
The Proxmox administrative interface is available behind the Wireguard
|
The Proxmox administrative interface is available behind the Wireguard
|
||||||
proxy or on the ADMIN port, both on https://10.0.0.254:8006.
|
proxy or on the ADMIN port, both on https://10.0.0.254:8006.
|
||||||
|
|
||||||
@ -187,9 +185,9 @@ This will break the ssh connection when done, reconnect via the WAN port
|
|||||||
to continue (see: [Accessing the host](#accessing-the-host)), or connect
|
to continue (see: [Accessing the host](#accessing-the-host)), or connect
|
||||||
directly to the ADMIN port (DHCP) and ssh into `$HOST_ADMIN_IP` (default: 10.0.0.254).
|
directly to the ADMIN port (DHCP) and ssh into `$HOST_ADMIN_IP` (default: 10.0.0.254).
|
||||||
|
|
||||||
|
_Note that the ADMIN port is configured for direct connections only,
|
||||||
_Note that the ADMIN port is configured for direct connections only (DHCP),
|
connecting it to a configured network can lead to unexpected behavior --
|
||||||
connecting it to a configured network can lead to unexpected behavior._
|
DHCP races, IP clashes... etc._
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -43,12 +43,16 @@ dhcp-range=interface:admin,10.0.0.20,10.0.0.200,12h
|
|||||||
dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h
|
dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h
|
||||||
|
|
||||||
# ns
|
# ns
|
||||||
address=/${CTHOSTNAME}/${ADMIN_IPn}
|
|
||||||
address=/${CTHOSTNAME}/${LAN_IPn}
|
address=/${CTHOSTNAME}/${LAN_IPn}
|
||||||
|
address=/${CTHOSTNAME}.srv/${LAN_IPn}
|
||||||
|
#address=/${CTHOSTNAME}/${ADMIN_IPn}
|
||||||
|
address=/${CTHOSTNAME}.adm/${ADMIN_IPn}
|
||||||
|
|
||||||
# gate
|
# gate
|
||||||
address=/${GATE_HOSTNAME}/${GATE_ADMIN_IPn}
|
|
||||||
address=/${GATE_HOSTNAME}/${LAN_GATE}
|
address=/${GATE_HOSTNAME}/${LAN_GATE}
|
||||||
|
address=/${GATE_HOSTNAME}.srv/${LAN_GATE}
|
||||||
|
#address=/${GATE_HOSTNAME}/${GATE_ADMIN_IPn}
|
||||||
|
address=/${GATE_HOSTNAME}.adm/${GATE_ADMIN_IPn}
|
||||||
dhcp-option=admin,option:router,${GATE_ADMIN_IPn}
|
dhcp-option=admin,option:router,${GATE_ADMIN_IPn}
|
||||||
dhcp-option=lan,option:router,${LAN_GATE}
|
dhcp-option=lan,option:router,${LAN_GATE}
|
||||||
dhcp-host=admin,gate,${GATE_ADMIN_IPn},infinite
|
dhcp-host=admin,gate,${GATE_ADMIN_IPn},infinite
|
||||||
@ -56,6 +60,7 @@ dhcp-host=lan,gate,${LAN_GATE},infinite
|
|||||||
|
|
||||||
# pve
|
# pve
|
||||||
address=/pve/10.0.0.254
|
address=/pve/10.0.0.254
|
||||||
|
address=/pve.adm/10.0.0.254
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user