Makefile

@@ -62,7 +62,6 @@ FORCE:
 
 %: config %/make.sh FORCE
 	$*/make.sh
-	@echo
 
 
 %.config: %/config.example

README.md

@@ -3,17 +3,9 @@
 A set of scripts for automating setup and tasks in proxmox.
 
 ## TODO
-- CT updates / upgrades  
-  Right now the simplest way to update the infrastructure CT's if the 
-  sources changed is to simply rebuild them -- add rebuild command.
-    - backup
-    - build (new reserve)
-    - destroy
-    - clone
-    - cleanup
+- CT updates
 - backup/restore
-- config manager -- save/use/..
-- mail server
+- mail
 - which is better?
   - Makefile (a-la ./wireguard/templates/root/Makefile)
   - shell (a-la ./shadow/templates/root/update-shadowsocks.sh)
@@ -35,24 +27,22 @@ functionality in Ansible.
 _NOTE: for a fair assessment of viability of further development an 
 Ansible version will be implemented next as a direct comparison._
 
-Fun.
-
 
 ## Architecture
 
 ### Goals
 
-- _Separate concerns_  
+- Separate concerns  
   Preferably one service/role per CT
-- _Keep things as light as possible_  
+- Keep things as light as possible  
   This for the most part rules out Docker as a nested virtualization
-  layer under Proxmox, and preferring light distributions like Alpine
+  layer under Proxmox while preferring light distributions like Alpine
   Linux
-- _Pragmatic simplicity_  
+- Pragmatic simplicity  
   This goal yields some compromises to previous goals, for example [TKL]()
   is used as a base for [Nextcloud]() effectively simplifying the setup 
   and administration of all the related components at the cost of a 
-  heavier CT, transparently integrating multiple related services
+  heavier CT transparently integrating multiple related services
 
 
 ### Network
@@ -116,13 +106,13 @@ The `gate` and `ns` CT's are only accessible for administration from the
 host (i.e. via `lxc-attach ..`).
 
 Three ways of access to the ADMIN network are provided:
-- `wireguard` VPN (CT) via `gate` reverse proxy,
-- `ssh` service (CT) via the `gate` reverse proxy,
-- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe).
+- `ssh` service (CT) via the `gate` reverse proxy
+- `wireguard` VPN (CT) via `gate` reverse proxy
+- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe)
 
 
 
-## Getting started
+## Setup
 
 ### Prerequisites
 
@@ -139,17 +129,17 @@ This setup will use three IP addresses:
   will not be used after setup is done,
 2. WAN IP address to be used for the main set of applications, this is 
   the address that all the requests will be routed from to various 
-  services on the LAN network,
+  services internally,
 3. Fail-safe ssh IP address, this is the connection used for recovery 
   in case the internal routing fails.
 
 
 
-### Setup
+### Semi-automated setup
 
-Open a terminal on the host, either `ssh` (recommended) or via the UI.
+Open a terminal on the host (`ssh` or via the UI).
 
-Optionally, set a desired default editor (default: `nano`) via:
+Optionally, set a desired default editor via:
 ```shell
 export EDITOR=nano
 ```
@@ -159,20 +149,22 @@ Download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it:
 curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash
 ```
 
-_It is recommended to review the script/code before starting._
-
 This will:
-- Install basic dependencies,
-- Clone this repo,
-- Run `make bootstrap` on the repo.
+- Install basic dependencies
+- Clone this repo
+- Run `make bootstrap` on the repo
 
-At this point WAN interface exposes two IPs:
+After the basic setup is done connect the device to the network via the 
+selcted WAN port and **disconnect** the ADMIN port.
+
+The WAN interface exposes two IPs:
 - Main server (config: `$DFL_WAN_IP` / `$WAN_IP`)
   - ssh:23
   - wireguard:51820
 - Fail-safe ssh (config: `$DFL_WAN_SSH_IP` / `$WAN_SSH_IP`)
   - ssh:22
 
+
 The Proxmox administrative interface is available behind the Wireguard 
 proxy or on the ADMIN port, both on https://10.0.0.254:8006.
 
@@ -193,9 +185,9 @@ This will break the ssh connection when done, reconnect via the WAN port
 to continue (see: [Accessing the host](#accessing-the-host)), or connect 
 directly to the ADMIN port (DHCP) and ssh into `$HOST_ADMIN_IP` (default: 10.0.0.254).
 
-_Note that the ADMIN port is configured for direct connections only, 
-connecting it to a configured network can lead to unexpected behavior -- 
-DHCP races, IP clashes... etc._
+
+_Note that the ADMIN port is configured for direct connections only (DHCP), 
+connecting it to a configured network can lead to unexpected behavior._
 
 
 
@@ -246,7 +238,7 @@ bridges or interfaces defined.
 
 
 
-## Services
+#### Setup additional services
 
 XXX
 
@@ -259,42 +251,28 @@ make dev
 ```
 
 
-### Syncthing
+Or individually:
+```shell
+make nextcloud
+```
 
 ```shell
 make syncthing
 ```
 
-XXX
-
-
-### Nextcloud
-
-```shell
-make nextcloud
-```
-
-XXX
-
-
-### Gitea
-
 ```shell
 make gitea
 ```
 
-XXX
 
-
-
-### Custom services
+#### Setup and configure custom services
 
 XXX traefik rules
 
 
 
 
-<!--
+
 ### Manual setup
 
 
@@ -425,7 +403,6 @@ sudo make dev
 XXX test conections
 XXX change proxmox ip/network
 XXX firewall
--->
 
 
 ## Extending
@@ -433,14 +410,11 @@ XXX firewall
 ### Directory structure
 
 ```
-proxmox-utils/
+/
 +- <ct-type>/
 |   +- templates/
-|   |   +- ...
 |   +- assets/
-|   |   +- ...
 |   +- staging/
-|   |   +- ...
 |   +- make.sh
 |   +- config
 |   +- config.last-run

ns/templates/etc/dnsmasq.conf

@@ -43,16 +43,12 @@ dhcp-range=interface:admin,10.0.0.20,10.0.0.200,12h
 dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h
 
 # ns
+address=/${CTHOSTNAME}/${ADMIN_IPn}
 address=/${CTHOSTNAME}/${LAN_IPn}
-address=/${CTHOSTNAME}.srv/${LAN_IPn}
-#address=/${CTHOSTNAME}/${ADMIN_IPn}
-address=/${CTHOSTNAME}.adm/${ADMIN_IPn}
 
 # gate
+address=/${GATE_HOSTNAME}/${GATE_ADMIN_IPn}
 address=/${GATE_HOSTNAME}/${LAN_GATE}
-address=/${GATE_HOSTNAME}.srv/${LAN_GATE}
-#address=/${GATE_HOSTNAME}/${GATE_ADMIN_IPn}
-address=/${GATE_HOSTNAME}.adm/${GATE_ADMIN_IPn}
 dhcp-option=admin,option:router,${GATE_ADMIN_IPn}
 dhcp-option=lan,option:router,${LAN_GATE}
 dhcp-host=admin,gate,${GATE_ADMIN_IPn},infinite
@@ -60,7 +56,6 @@ dhcp-host=lan,gate,${LAN_GATE},infinite
 
 # pve
 address=/pve/10.0.0.254
-address=/pve.adm/10.0.0.254