docs...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

README.md

@@ -174,10 +174,52 @@ This will
 connecting it to a configured network can lead to unexpected behavior.*
 
 
+
 #### Accessing the host
 
+The simplest way is to connect to `wireguard` VPN and open http://pve.adm:8006 
+in a browser.
+
+The second approach is to `ssh` to either:
+
+```shell
+ssh -p 23 <user>@<WAN_IP>
+```
+
+or:
+```shell
+ssh <user>@<WAN_SSH_IP>
+```
+
+The later will also work if the `gate` CT is down or not accessible.
+
+
+And from the `ssh` CT:
+```shell
+ssh root@pve
+```
+
+_WARNING: NEVER store any ssh keys on the `ssh` CT, use `ssh-agent` instead!_
+
+
+
+#### Configuration
+
 XXX
 
+The following CT's interfaces can not be configured in the Proxmox UI:
+- `gate`
+- `ns`
+- `nextcloud`
+- `wireguard`
+
+This is done mostly to keep Proxmox from touching the `hostname $(hostname)`
+directive (used by the DNS server to assigned predefined IP's) and in 
+the case of `gate` and `wireguard` to keep it from touching the additional 
+bridges or interfaces defined.  
+(XXX this restriction may be lifted in the future)
+
+
 
 #### Setup additional services
 
@@ -212,6 +254,8 @@ XXX traefik rules
 
 
 
+
+
 ### Manual setup
 
 

config.global.example

@@ -1,4 +1,4 @@
-#------------------------------------------------------------------------
+#----------------------------------------------------------------------
 #
 # Global config file
 #
@@ -16,7 +16,68 @@
 # It is not recomended to set passwords here or in other config files.
 #
 #
-#------------------------------------------------------------------------
+#----------------------------------------------------------------------
+# These options need to be revised or changed... 
+# (remove "DFL_" prefix to disable promting)
+#
+
+# Domain and email configuration
+#
+DFL_DOMAIN=example.com
+DFL_EMAIL=user@example.com
+
+
+# Network configuration...
+#
+# NOTE: it is simpler to statically assign these than to configure DHCP
+# 	plus port forewarding to the dynamically assigned IP.
+# NOTE: if installing on a different network than the target, these can 
+# 	be changed for target deployment in:
+# 	- gate CT's /etc/network/interfaces (NOT in the Proxmox UI)
+# 	- ssh CT's network configuration (Proxmox UI)
+DFL_WAN_IP=192.168.1.101/24
+DFL_WAN_GATE=192.168.1.252
+
+# IP used for fail-safe conection to the ADMIN network
+DFL_WAN_SSH_IP=192.168.1.102/24
+
+
+# Web app/service domain configuration
+#
+# Here two optional variables are provided per service:
+# - <SERVICE>_DOMAIN=...
+# 	Overrides the $DOMAIN option above for <SERVICE>
+# - <SERVICE>_SUBDOMAIN=...
+# 	Sets the subdomain of $DOMAIN (or $<SERVICE>_DOMAIN) for <SERVICE>
+
+# Nextcloud
+#NEXTCLOUD_DOMAIN=
+NEXTCLOUD_SUBDOMAIN=nc.
+
+# Gitea
+#GITEA_DOMAIN=
+#GITEA_SUBDOMAIN=git.
+
+
+# Extra options passed to each CT when created.
+#
+# This can be used for passing in ssh keys, etc...
+#
+# see: 
+# 	man pct
+#
+# Example:
+# 	DFL_PCT_EXTRA="--ssh-public-keys /path/to/autohrized_keys"
+#
+DFL_PCT_EXTRA=SKIP
+
+
+
+#----------------------------------------------------------------------
+#
+# Options afetr this point are sane defaults and in the general case 
+# can be left as-is.
+#
 
 # Bootsrap configuration...
 #
@@ -37,70 +98,21 @@ BOOTSTRAP_BRIDGE=0
 # 	bridges with numbers greater than X (10 in the example below)
 #
 # Example:
-# 	WAN_BRIDGE=0
-#	ADMIN_BRIDGE=3
-#	LAN_BRIDGE=10
+#	ADMIN_BRIDGE=_admin
+# 	WAN_BRIDGE=_wan
+#	LAN_BRIDGE=_lan
 #
 ADMIN_BRIDGE=_admin
 WAN_BRIDGE=_wan
 LAN_BRIDGE=_lan
 
 
-# NOTE: it is simpler to statically assign these than to configure dhcp
-# 	plus port forewarding to the dynamically assigned IP.
-DFL_WAN_IP=192.168.1.101/24
-DFL_WAN_GATE=192.168.1.252
-
-DFL_WAN_SSH_IP=192.168.1.102/24
-
-
-# Domain and email configuration
-#
-DOMAIN=example.com
-EMAIL=user@example.com
-
-
-# Web app/service domain configuration
-#
-# Here two optional variables are provided per service:
-# - <SERVICE>_DOMAIN=...
-# 	Overrides the $DOMAIN option above for <SERVICE>
-# - <SERVICE>_SUBDOMAIN=...
-# 	Sets the subdomain of $DOMAIN (or $<SERVICE>_DOMAIN) for <SERVICE>
-#
-
-# Nextcloud
-#NEXTCLOUD_DOMAIN=
-NEXTCLOUD_SUBDOMAIN=nc.
-
-# Gitea
-#GITEA_DOMAIN=
-#GITEA_SUBDOMAIN=git.
-
-
-# Extra options passed to each CT created.
-#
-# This can be used for passing in ssh keys, etc...
-#
-# see: 
-# 	man pct
-#
-# Example:
-# 	DFL_PCT_EXTRA="--ssh-public-keys /path/to/autohrized_keys"
-#
-DFL_PCT_EXTRA=SKIP
-
-
-
-#------------------------------------------------------------------------
-#
-# Options afetr this point are sane defaults and in the general case 
-# can be left as-is.
-#
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 
 # host
 HOST_ADMIN_IP=10.0.0.254/24
 
+
 # Nameserver
 NS_HOSTNAME=ns
 NS_ID=100
@@ -110,6 +122,7 @@ NS_LAN_IP=10.1.1.1/24
 RESERVE_NS_ID=101
 TEMPLATE_NS_ID=200
 
+
 # Gateway / Reverse proxy
 GATE_HOSTNAME=gate
 GATE_ID=110
@@ -120,4 +133,5 @@ RESERVE_GATE_ID=111
 TEMPLATE_GATE_ID=210
 
 
-#------------------------------------------------------------------------
+
+#----------------------------------------------------------------------

gate-traefik/make.sh

@@ -25,8 +25,8 @@ RAM=128
 SWAP=$RAM
 DRIVE=0.5
 
-DFL_WAN_IP=${DFL_WAN_IP}
-DFL_WAN_GATE=${DFL_WAN_GATE}
+#DFL_WAN_IP=${DFL_WAN_IP}
+#DFL_WAN_GATE=${DFL_WAN_GATE}
 
 # XXX revise...
 DFL_ADMIN_IP=${GATE_ADMIN_IP:=${DFL_ADMIN_IP:=10.0.0.2/24}}

ssh/make.sh

@@ -24,10 +24,10 @@ readConfig
 DFL_ID=${DFL_ID:=120}
 DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=ssh}
 
-DFL_CORES=${DFL_CORES:=1}
-DFL_RAM=${DFL_RAM:=1024}
-DFL_SWAP=${DFL_SWAP:=${DFL_RAM}}
-DFL_DRIVE=${DFL_DRIVE:=16}
+DFL_CORES=${DFL_SSH_CORES:=1}
+DFL_RAM=${DFL_SSH_RAM:=512}
+DFL_SWAP=${DFL_SSH_SWAP:=${RAM}}
+DFL_DRIVE=${DFL_SSH_DRIVE:=16}
 
 WAN_IP=SKIP
 WAN_GATE=SKIP