10 KiB
10 KiB
type, created, updated
| type | created | updated |
|---|---|---|
| topic | 2024-01-06T01:25:36.042Z | 2024-01-06T01:25:36.042Z |
Proxmox
apt-get update
apt-get upgrade
nano /etc/resolv.conf
ls -l /etc/network
nano /etc/network/interfaces
apt-get install links unzip ufw
ufw allow from 192.168.0.0/24 to any port 22 comment "01) SSH"
ufw allow from 192.168.1.0/24 to any port 22 comment "02) SSH"
ufw allow to 0.0.0.0/0 port 80 comment "03) HTTP"
ufw allow to 0.0.0.0/0 port 443 comment "04) HTTPS"
ufw status numbered
timedatectl set-timezone America/Phoenix
timedatectl
nano /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.56 pve.home pve
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
apt-get install nano nginx git -y
nano /etc/hosts
nano /etc/nginx/sites-available/default
echo >/etc/nginx/sites-available/default && nano /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
server {
ssl_certificate 'localhost.crt';
ssl_certificate_key 'localhost.key';
listen 443 ssl http2;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
listen [::]:443 ssl http2;
server_name ~^(?<subdomain>.+)\.pve\.home;
proxy_redirect off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
if ($subdomain = "gogs") {
proxy_pass http://localhost:3000;
}
if ($subdomain = "syncthing") {
proxy_pass http://localhost:8384;
}
if ($subdomain = "proxmox") {
proxy_pass https://localhost:8006;
}
if ($subdomain = "") {
proxy_pass http://localhost:80;
}
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}
}
nano /root/localhost.conf
echo >/root/localhost.conf && nano /root/localhost.conf
[req]
default_bits = 2048
default_keyfile = localhost.key
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_ca
[req_distinguished_name]
countryName = Country Name (2 letter code)
countryName_default = US
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Arizona
localityName = Locality Name (eg, city)
localityName_default = Anthem
organizationName = Organization Name (eg, company)
organizationName_default = Phares
organizationalUnitName = organizationalunit
organizationalUnitName_default = Development
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_default = pve.home
commonName_max = 64
[req_ext]
subjectAltName = @alt_names
[v3_ca]
subjectAltName = @alt_names
[alt_names]
DNS.1 = pve.home
DNS.2 = gogs.pve.home
DNS.3 = Trigkey.Proxmox
DNS.4 = proxmox.pve.home
DNS.5 = pi-hole.pve.home
DNS.6 = syncthing.pve.home
DNS.7 = localhost
DNS.8 = 127.0.0.1
rm /etc/nginx/localhost.key
rm /etc/nginx/localhost.crt
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/localhost.key -out /etc/nginx/localhost.crt -config /root/localhost.conf
nginx -t
systemctl restart nginx
nginx -s reload
ls /etc/nginx
# https://pve.home/#
# https://gogs.pve.home/#
# https://syncthing.pve.home/#
adduser gogs
cd /home/gogs
wget https://dl.gogs.io/0.13.0/gogs_0.13.0_linux_amd64.tar.gz
tar -xvzf gogs_0.13.0_linux_amd64.tar.gz
rm gogs_0.13.0_linux_amd64.tar.gz
cd /home/gogs/gogs
./gogs web
mkdir /home/gogs/gogs-repositories
chown gogs /home/gogs -R
chgrp gogs /home/gogs -R
nano /etc/systemd/system/gogs-daemon.service
[Unit]
Description=Gogs
After=syslog.target
After=network.target
[Service]
# Modify these two values and uncomment them if you have
# repos with lots of files and get an HTTP error 500 because
# of that
###
#LimitMEMLOCK=infinity
#LimitNOFILE=65535
Type=simple
User=gogs
Group=gogs
WorkingDirectory=/home/gogs/gogs
ExecStart=/home/gogs/gogs/gogs web
Restart=always
Environment=USER=gogs HOME=/home/gogs
# Some distributions may not support these hardening directives
# If you cannot start the service due
# to an unknown option, comment out the ones not supported by your version of systemd.
ProtectSystem=full
PrivateDevices=yes
PrivateTmp=yes
NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
nano /home/gogs/gogs/custom/conf/app.ini
BRAND_NAME = Gogs
RUN_USER = gogs
RUN_MODE = prod
[database]
TYPE = sqlite3
HOST = 127.0.0.1:3306
NAME = gogs
SCHEMA = public
USER = gogs
PASSWORD = 1178
SSL_MODE = disable
PATH = data/gogs.db
[repository]
ROOT = /home/gogs/gogs-repositories
DEFAULT_BRANCH = master
[server]
DOMAIN = localhost
HTTP_PORT = 3000
EXTERNAL_URL = https://asdf@pve.home/
DISABLE_SSH = false
SSH_PORT = 22
START_SSH_SERVER = false
OFFLINE_MODE = false
[mailer]
ENABLED = false
[auth]
REQUIRE_EMAIL_CONFIRMATION = false
DISABLE_REGISTRATION = false
ENABLE_REGISTRATION_CAPTCHA = true
REQUIRE_SIGNIN_VIEW = false
[user]
ENABLE_EMAIL_NOTIFICATION = false
[picture]
DISABLE_GRAVATAR = false
ENABLE_FEDERATED_AVATAR = false
[session]
PROVIDER = file
[log]
MODE = file
LEVEL = Info
ROOT_PATH = /home/gogs/gogs/log
[security]
INSTALL_LOCK = true
SECRET_KEY = czo27vBeXWU7HTi
systemctl enable gogs-daemon
systemctl start gogs-daemon
systemctl status gogs-daemon.service
systemctl daemon-reload
journalctl -fu gogs-daemon.service
journalctl --rotate
journalctl --vacuum-time=1s
cd /home/gogs
git clone https://github.com/Kos-M/GogsThemes
ufw allow from 192.168.0.0/26 to any port 3000 comment "05) gogs"
ufw allow from 192.168.1.0/26 to any port 3000 comment "06) gogs"
ufw status numbered
exit
cp ~/.bash_history /home/gogs/bash-history-2023-12-03.txt
chown gogs /home/gogs -R
chgrp gogs /home/gogs -R
exit
apt-get install syncthing
apt-get install apt-transport-https
adduser syncthing
cat /etc/passwd | cut -d: -f1
systemctl enable syncthing@syncthing.service
systemctl start syncthing@syncthing.service
systemctl status syncthing@syncthing.service
journalctl -e -u syncthing@syncthing.service
nano /home/syncthing/.config/syncthing/config.xml
<address>0.0.0.0:8384</address>
systemctl restart syncthing@syncthing.service
chown syncthing /home/syncthing -R
chgrp syncthing /home/syncthing -R
ufw allow from 192.168.0.0/26 to any port 8384 comment "07) syncthing"
ufw allow from 192.168.1.0/26 to any port 8384 comment "08) syncthing"
ufw status numbered
192.168.0.62 pve.home
192.168.0.62 gogs.pve.home
192.168.0.62 proxmox.pve.home
192.168.0.62 pie-hole.pve.home
192.168.0.62 syncthing.pve.home
nano /root/.ssh/authorized_keys
apt-get install ssh-import-id
ssh-import-id gh:mikepharesjr
systemctl restart ssh
adduser pi-hole
To Do ...
cd /home/pi-hole
# curl -sSL https://install.pi-hole.net | bash
nano /etc/network/interfaces
auto lo
iface lo inet loopback
iface enp4s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.1.61/26
gateway 192.168.1.1
bridge-ports enp4s0
bridge-stp off
bridge-fd 0
source /etc/network/interfaces.d/*
nano /etc/apt/sources.list
deb http://ftp.debian.org/debian bookworm main contrib
deb http://ftp.debian.org/debian bookworm-updates main contrib
# Proxmox VE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use
deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
# security updates
deb http://security.debian.org/debian-security bookworm-security main contrib
nano /etc/apt/sources.list.d/pve-enterprise.list
# deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
nano /etc/apt/sources.list.d/ceph.list
# deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
deb http://download.proxmox.com/debian/ceph-reef bookworm no-subscription
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/haos-vm.sh)"
bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
# https://www.firsttiger.com/cheatsheets/setting-up-xterm-js-for-proxmox/
sudo systemctl enable serial-getty@ttyS0.service
sudo systemctl start serial-getty@ttyS0.service
# https://devopstales.github.io/virtualization/proxmox-xtermjs-enable/
qm set [vmid] -serial0 socket
nano /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty1"
GRUB_CMDLINE_LINUX=""
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
echo 'GRUB_CMDLINE_LINUX="quiet console=tty0 console=ttyS0,115200"' >> /tmp/grub
nano /etc/default/grub
# Debian/Ubuntu etc.
update-grub
# RHEL/CentOS/Fedora
grub2-mkconfig --output=/boot/grub2/grub.cfg
mkdir -p /etc/systemd/system/serial-getty@ttyS0.service.d/
nano /etc/systemd/system/serial-getty@ttyS0.service.d/override.conf
[Service]
ExecStart=
ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 %I $TERM
systemctl daemon-reload
systemctl restart serial-getty@ttyS0.service
systemctl enable serial-getty@ttyS0.service
init 6
ps -ef | grep ttyS0
systemctl status serial-getty@ttyS0.service
# https://silicon.blog/2023/01/12/how-to-enable-copy-and-paste-function-on-your-proxmox-web-console-without-install-additional-software-in-your-vm/
sudo -i
nano /etc/default/grub
GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS0,115200"
update-grub
reboot