...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>

Makefile

@@ -62,6 +62,7 @@ FORCE:
 
 %: config %/make.sh FORCE
 	$*/make.sh
+	@echo
 
 
 %.config: %/config.example

README.md

@@ -3,9 +3,17 @@
 A set of scripts for automating setup and tasks in proxmox.
 
 ## TODO
-- CT updates
+- CT updates / upgrades  
+  Right now the simplest way to update the infrastructure CT's if the 
+  sources changed is to simply rebuild them -- add rebuild command.
+    - backup
+    - build (new reserve)
+    - destroy
+    - clone
+    - cleanup
 - backup/restore
-- mail
+- config manager -- save/use/..
+- mail server
 - which is better?
   - Makefile (a-la ./wireguard/templates/root/Makefile)
   - shell (a-la ./shadow/templates/root/update-shadowsocks.sh)
@@ -27,22 +35,24 @@ functionality in Ansible.
 _NOTE: for a fair assessment of viability of further development an 
 Ansible version will be implemented next as a direct comparison._
 
+Fun.
+
 
 ## Architecture
 
 ### Goals
 
-- Separate concerns  
+- _Separate concerns_  
   Preferably one service/role per CT
-- Keep things as light as possible  
+- _Keep things as light as possible_  
   This for the most part rules out Docker as a nested virtualization
-  layer under Proxmox while preferring light distributions like Alpine
+  layer under Proxmox, and preferring light distributions like Alpine
   Linux
-- Pragmatic simplicity  
+- _Pragmatic simplicity_  
   This goal yields some compromises to previous goals, for example [TKL]()
   is used as a base for [Nextcloud]() effectively simplifying the setup 
   and administration of all the related components at the cost of a 
-  heavier CT transparently integrating multiple related services
+  heavier CT, transparently integrating multiple related services
 
 
 ### Network
@@ -106,13 +116,13 @@ The `gate` and `ns` CT's are only accessible for administration from the
 host (i.e. via `lxc-attach ..`).
 
 Three ways of access to the ADMIN network are provided:
-- `ssh` service (CT) via the `gate` reverse proxy
+- `wireguard` VPN (CT) via `gate` reverse proxy,
-- `wireguard` VPN (CT) via `gate` reverse proxy
+- `ssh` service (CT) via the `gate` reverse proxy,
-- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe)
+- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe).
 
 
 
-## Setup
+## Getting started
 
 ### Prerequisites
 
@@ -129,17 +139,17 @@ This setup will use three IP addresses:
   will not be used after setup is done,
 2. WAN IP address to be used for the main set of applications, this is 
   the address that all the requests will be routed from to various 
-  services internally,
+  services on the LAN network,
 3. Fail-safe ssh IP address, this is the connection used for recovery 
   in case the internal routing fails.
 
 
 
-### Semi-automated setup
+### Setup
 
-Open a terminal on the host (`ssh` or via the UI).
+Open a terminal on the host, either `ssh` (recommended) or via the UI.
 
-Optionally, set a desired default editor via:
+Optionally, set a desired default editor (default: `nano`) via:
 ```shell
 export EDITOR=nano
 ```
@@ -149,22 +159,20 @@ Download the [`bootstrap.sh`](./scripts/bootstrap.sh) script and execute it:
 curl 'https://raw.githubusercontent.com/flynx/proxmox-utils/refs/heads/master/scripts/bootstrap.sh' | sudo bash
 ```
 
+_It is recommended to review the script/code before starting._
+
 This will:
-- Install basic dependencies
+- Install basic dependencies,
-- Clone this repo
+- Clone this repo,
-- Run `make bootstrap` on the repo
+- Run `make bootstrap` on the repo.
 
-After the basic setup is done connect the device to the network via the 
+At this point WAN interface exposes two IPs:
-selcted WAN port and **disconnect** the ADMIN port.
-
-The WAN interface exposes two IPs:
 - Main server (config: `$DFL_WAN_IP` / `$WAN_IP`)
   - ssh:23
   - wireguard:51820
 - Fail-safe ssh (config: `$DFL_WAN_SSH_IP` / `$WAN_SSH_IP`)
   - ssh:22
 
-
 The Proxmox administrative interface is available behind the Wireguard 
 proxy or on the ADMIN port, both on https://10.0.0.254:8006.
 
@@ -185,9 +193,9 @@ This will break the ssh connection when done, reconnect via the WAN port
 to continue (see: [Accessing the host](#accessing-the-host)), or connect 
 directly to the ADMIN port (DHCP) and ssh into `$HOST_ADMIN_IP` (default: 10.0.0.254).
 
-
+_Note that the ADMIN port is configured for direct connections only, 
-_Note that the ADMIN port is configured for direct connections only (DHCP), 
+connecting it to a configured network can lead to unexpected behavior -- 
-connecting it to a configured network can lead to unexpected behavior._
+DHCP races, IP clashes... etc._
 
 
 
@@ -238,7 +246,7 @@ bridges or interfaces defined.
 
 
 
-#### Setup additional services
+## Services
 
 XXX
 
@@ -251,28 +259,42 @@ make dev
 ```
 
 
-Or individually:
+### Syncthing
-```shell
-make nextcloud
-```
 
 ```shell
 make syncthing
 ```
 
+XXX
+
+
+### Nextcloud
+
+```shell
+make nextcloud
+```
+
+XXX
+
+
+### Gitea
+
 ```shell
 make gitea
 ```
 
+XXX
 
-#### Setup and configure custom services
+
+
+### Custom services
 
 XXX traefik rules
 
 
 
 
-
+<!--
 ### Manual setup
 
 
@@ -403,6 +425,7 @@ sudo make dev
 XXX test conections
 XXX change proxmox ip/network
 XXX firewall
+-->
 
 
 ## Extending
@@ -410,11 +433,14 @@ XXX firewall
 ### Directory structure
 
 ```
-/
+proxmox-utils/
 +- <ct-type>/
 |   +- templates/
+|   |   +- ...
 |   +- assets/
+|   |   +- ...
 |   +- staging/
+|   |   +- ...
 |   +- make.sh
 |   +- config
 |   +- config.last-run

ns/templates/etc/dnsmasq.conf

@@ -43,12 +43,16 @@ dhcp-range=interface:admin,10.0.0.20,10.0.0.200,12h
 dhcp-range=interface:lan,10.1.1.20,10.1.1.200,12h
 
 # ns
-address=/${CTHOSTNAME}/${ADMIN_IPn}
 address=/${CTHOSTNAME}/${LAN_IPn}
+address=/${CTHOSTNAME}.srv/${LAN_IPn}
+#address=/${CTHOSTNAME}/${ADMIN_IPn}
+address=/${CTHOSTNAME}.adm/${ADMIN_IPn}
 
 # gate
-address=/${GATE_HOSTNAME}/${GATE_ADMIN_IPn}
 address=/${GATE_HOSTNAME}/${LAN_GATE}
+address=/${GATE_HOSTNAME}.srv/${LAN_GATE}
+#address=/${GATE_HOSTNAME}/${GATE_ADMIN_IPn}
+address=/${GATE_HOSTNAME}.adm/${GATE_ADMIN_IPn}
 dhcp-option=admin,option:router,${GATE_ADMIN_IPn}
 dhcp-option=lan,option:router,${LAN_GATE}
 dhcp-host=admin,gate,${GATE_ADMIN_IPn},infinite
@@ -56,6 +60,7 @@ dhcp-host=lan,gate,${LAN_GATE},infinite
 
 # pve
 address=/pve/10.0.0.254
+address=/pve.adm/10.0.0.254