A set of scripts for automating setup and tasks in proxmox.
- revise defaults
- separate templates/assets into distribution and user directories ...this is needed to allow the user to change the configs without the fear of them being overwritten by git (similar to how config is handlerd)
- might be a good idea to export a specific ct script that can be used for updates for that ct
- which is better?
- Makefile (a-la wireguard)
- shell (a-la shadow)
- ct updates
- backup/restore
This was simply faster to implement than learning and writing the same functionality in Ansible.
NOTE: for a fair assessment of viability of further development an Ansible version will be implemented next as a direct comparison.
Goals:
- Separate concerns
Preferably one service/role per CT - Keep things as light as possible
This for the most part rules out Docker as a nested virtualization layer under Proxmox while preferring light distributions like Alpine Linux - Pragmatic simplicity
This goal yields some compromises to previous goals, for example TKL is used as a base for Nextcloud effectively simplifying the setup and administration of all the related components at the cost of a heavier CT transparently integrating multiple related services
XXX service structure
XXX network
In general proxmox-utils
splits the configuration into two levels:
This level is handled by the Makefile
and is almost completely automated
This level depends on the host setup and is currently done manually depending on existing host configuration.
XXX clean setup scripts...
sudo apt update && sudo apt upgrade
sudo apt install git make
proxmox-utils
expects there to be at least three bridges:
WAN
- connected to the port that faces the external network (either directly of via a router)LAN
- a virtual bridge, not connected to any physical interfacesADMIN
- connected to a second physical interface used for administrative purposes.
Note their numbers (i.e. the number in vmbr#
), this will be needed for
setup.
Note, if the device has more that two ports it is recommended to assign first/last ports to wan/admin respectively and clearly mark them as such.
Add 10.1.1.1
to the DNS on the Proxmox host node after the 127.0.0.1
but before whatever external DNS you are using.
Make sure to allow at least ssh
access to the host node from the ADMIN
interface to allow admin CT's access to the host if needed, this is mostly
needed to allow VPN/ssh administration from outside.
For Proxmox firewall configuration see: https://pve.proxmox.com/wiki/Firewall
XXX ns/gate are separate nodes for redundancy
XXX ssh facing lan to avoid a single point of failure with gate
XXX emergency access points: ssh and wireguard
Get the code:
git clone https://github.com/flynx/proxmox-utils.git
or:
git clone git@github.com:flynx/proxmox-utils.git
For host setup:
sudo make host
Be carefull as this may overwrite existing configuration.
Install CT's:
sudo make all
Install gitea (optional):
sudo make dev
XXX test conections XXX change proxmox ip/network XXX firewall
/
+- <ct-type>/
| +- templates/
| +- assets/
| +- staging/
| +- make.sh
| +- config
| +- config.last-run
+- ...
+- Makefile
+- config.global
+- config.global.example