From ee2f88bf0b3a7cf32a2ce8ddad9c2e02c4ae8d95 Mon Sep 17 00:00:00 2001 From: "Alex A. Naanou" Date: Mon, 21 Oct 2024 15:58:03 +0300 Subject: [PATCH] docs... Signed-off-by: Alex A. Naanou --- README.md | 44 +++++++++++++++ config.global.example | 128 +++++++++++++++++++++++------------------- gate-traefik/make.sh | 4 +- ssh/make.sh | 8 +-- 4 files changed, 121 insertions(+), 63 deletions(-) diff --git a/README.md b/README.md index 1ed2267..2a833e3 100644 --- a/README.md +++ b/README.md @@ -174,10 +174,52 @@ This will connecting it to a configured network can lead to unexpected behavior.* + #### Accessing the host +The simplest way is to connect to `wireguard` VPN and open http://pve.adm:8006 +in a browser. + +The second approach is to `ssh` to either: + +```shell +ssh -p 23 @ +``` + +or: +```shell +ssh @ +``` + +The later will also work if the `gate` CT is down or not accessible. + + +And from the `ssh` CT: +```shell +ssh root@pve +``` + +_WARNING: NEVER store any ssh keys on the `ssh` CT, use `ssh-agent` instead!_ + + + +#### Configuration + XXX +The following CT's interfaces can not be configured in the Proxmox UI: +- `gate` +- `ns` +- `nextcloud` +- `wireguard` + +This is done mostly to keep Proxmox from touching the `hostname $(hostname)` +directive (used by the DNS server to assigned predefined IP's) and in +the case of `gate` and `wireguard` to keep it from touching the additional +bridges or interfaces defined. +(XXX this restriction may be lifted in the future) + + #### Setup additional services @@ -212,6 +254,8 @@ XXX traefik rules + + ### Manual setup diff --git a/config.global.example b/config.global.example index 52f7783..fac9161 100644 --- a/config.global.example +++ b/config.global.example @@ -1,4 +1,4 @@ -#------------------------------------------------------------------------ +#---------------------------------------------------------------------- # # Global config file # @@ -16,7 +16,68 @@ # It is not recomended to set passwords here or in other config files. # # -#------------------------------------------------------------------------ +#---------------------------------------------------------------------- +# These options need to be revised or changed... +# (remove "DFL_" prefix to disable promting) +# + +# Domain and email configuration +# +DFL_DOMAIN=example.com +DFL_EMAIL=user@example.com + + +# Network configuration... +# +# NOTE: it is simpler to statically assign these than to configure DHCP +# plus port forewarding to the dynamically assigned IP. +# NOTE: if installing on a different network than the target, these can +# be changed for target deployment in: +# - gate CT's /etc/network/interfaces (NOT in the Proxmox UI) +# - ssh CT's network configuration (Proxmox UI) +DFL_WAN_IP=192.168.1.101/24 +DFL_WAN_GATE=192.168.1.252 + +# IP used for fail-safe conection to the ADMIN network +DFL_WAN_SSH_IP=192.168.1.102/24 + + +# Web app/service domain configuration +# +# Here two optional variables are provided per service: +# - _DOMAIN=... +# Overrides the $DOMAIN option above for +# - _SUBDOMAIN=... +# Sets the subdomain of $DOMAIN (or $_DOMAIN) for + +# Nextcloud +#NEXTCLOUD_DOMAIN= +NEXTCLOUD_SUBDOMAIN=nc. + +# Gitea +#GITEA_DOMAIN= +#GITEA_SUBDOMAIN=git. + + +# Extra options passed to each CT when created. +# +# This can be used for passing in ssh keys, etc... +# +# see: +# man pct +# +# Example: +# DFL_PCT_EXTRA="--ssh-public-keys /path/to/autohrized_keys" +# +DFL_PCT_EXTRA=SKIP + + + +#---------------------------------------------------------------------- +# +# Options afetr this point are sane defaults and in the general case +# can be left as-is. +# # Bootsrap configuration... # @@ -37,70 +98,21 @@ BOOTSTRAP_BRIDGE=0 # bridges with numbers greater than X (10 in the example below) # # Example: -# WAN_BRIDGE=0 -# ADMIN_BRIDGE=3 -# LAN_BRIDGE=10 +# ADMIN_BRIDGE=_admin +# WAN_BRIDGE=_wan +# LAN_BRIDGE=_lan # ADMIN_BRIDGE=_admin WAN_BRIDGE=_wan LAN_BRIDGE=_lan -# NOTE: it is simpler to statically assign these than to configure dhcp -# plus port forewarding to the dynamically assigned IP. -DFL_WAN_IP=192.168.1.101/24 -DFL_WAN_GATE=192.168.1.252 - -DFL_WAN_SSH_IP=192.168.1.102/24 - - -# Domain and email configuration -# -DOMAIN=example.com -EMAIL=user@example.com - - -# Web app/service domain configuration -# -# Here two optional variables are provided per service: -# - _DOMAIN=... -# Overrides the $DOMAIN option above for -# - _SUBDOMAIN=... -# Sets the subdomain of $DOMAIN (or $_DOMAIN) for -# - -# Nextcloud -#NEXTCLOUD_DOMAIN= -NEXTCLOUD_SUBDOMAIN=nc. - -# Gitea -#GITEA_DOMAIN= -#GITEA_SUBDOMAIN=git. - - -# Extra options passed to each CT created. -# -# This can be used for passing in ssh keys, etc... -# -# see: -# man pct -# -# Example: -# DFL_PCT_EXTRA="--ssh-public-keys /path/to/autohrized_keys" -# -DFL_PCT_EXTRA=SKIP - - - -#------------------------------------------------------------------------ -# -# Options afetr this point are sane defaults and in the general case -# can be left as-is. -# +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # host HOST_ADMIN_IP=10.0.0.254/24 + # Nameserver NS_HOSTNAME=ns NS_ID=100 @@ -110,6 +122,7 @@ NS_LAN_IP=10.1.1.1/24 RESERVE_NS_ID=101 TEMPLATE_NS_ID=200 + # Gateway / Reverse proxy GATE_HOSTNAME=gate GATE_ID=110 @@ -120,4 +133,5 @@ RESERVE_GATE_ID=111 TEMPLATE_GATE_ID=210 -#------------------------------------------------------------------------ + +#---------------------------------------------------------------------- diff --git a/gate-traefik/make.sh b/gate-traefik/make.sh index 8ff7a92..3050c1f 100755 --- a/gate-traefik/make.sh +++ b/gate-traefik/make.sh @@ -25,8 +25,8 @@ RAM=128 SWAP=$RAM DRIVE=0.5 -DFL_WAN_IP=${DFL_WAN_IP} -DFL_WAN_GATE=${DFL_WAN_GATE} +#DFL_WAN_IP=${DFL_WAN_IP} +#DFL_WAN_GATE=${DFL_WAN_GATE} # XXX revise... DFL_ADMIN_IP=${GATE_ADMIN_IP:=${DFL_ADMIN_IP:=10.0.0.2/24}} diff --git a/ssh/make.sh b/ssh/make.sh index c9d9a5e..247ae5c 100755 --- a/ssh/make.sh +++ b/ssh/make.sh @@ -24,10 +24,10 @@ readConfig DFL_ID=${DFL_ID:=120} DFL_CTHOSTNAME=${DFL_CTHOSTNAME:=ssh} -DFL_CORES=${DFL_CORES:=1} -DFL_RAM=${DFL_RAM:=1024} -DFL_SWAP=${DFL_SWAP:=${DFL_RAM}} -DFL_DRIVE=${DFL_DRIVE:=16} +DFL_CORES=${DFL_SSH_CORES:=1} +DFL_RAM=${DFL_SSH_RAM:=512} +DFL_SWAP=${DFL_SSH_SWAP:=${RAM}} +DFL_DRIVE=${DFL_SSH_DRIVE:=16} WAN_IP=SKIP WAN_GATE=SKIP