2024-06-03

2024-06-03 07:04:29 -07:00
commit a6071a4073
273 changed files with 16707 additions and 0 deletions
--- a/_-Review/proxmox.md
+++ b/_-Review/proxmox.md
@ -0,0 +1,448 @@
+---
+type: "topic"
+created: "2024-01-06T01:25:36.042Z"
+updated: "2024-01-06T01:25:36.042Z"
+---
+
+# Proxmox
+
+```bash
+apt-get update
+apt-get upgrade
+nano /etc/resolv.conf
+ls -l /etc/network
+nano /etc/network/interfaces
+apt-get install links unzip ufw
+ufw allow from 192.168.0.0/24 to any port 22 comment "01) SSH"
+ufw allow from 192.168.1.0/24 to any port 22 comment "02) SSH"
+ufw allow to 0.0.0.0/0 port 80 comment "03) HTTP"
+ufw allow to 0.0.0.0/0 port 443 comment "04) HTTPS"
+ufw status numbered
+timedatectl set-timezone America/Phoenix
+timedatectl
+nano /etc/hosts
+```
+
+```conf
+127.0.0.1 localhost.localdomain localhost
+192.168.0.56 pve.home pve
+
+# The following lines are desirable for IPv6 capable hosts
+
+::1     ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters
+ff02::3 ip6-allhosts
+```
+
+```bash
+apt-get install nano nginx git -y
+nano /etc/hosts
+nano /etc/nginx/sites-available/default
+echo >/etc/nginx/sites-available/default && nano /etc/nginx/sites-available/default
+```
+
+```conf
+server {
+    listen 80;
+    listen [::]:80;
+    root /var/www/html;
+    index index.html index.htm index.nginx-debian.html;
+    server_name _;
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}
+server {
+    ssl_certificate 'localhost.crt';
+    ssl_certificate_key 'localhost.key';
+    listen 443 ssl http2;
+    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+    listen [::]:443 ssl http2;
+    server_name ~^(?<subdomain>.+)\.pve\.home;
+    proxy_redirect off;
+    location / {
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        if ($subdomain = "gogs") {
+            proxy_pass http://localhost:3000;
+        }
+        if ($subdomain = "syncthing") {
+            proxy_pass http://localhost:8384;
+        }
+        if ($subdomain = "proxmox") {
+            proxy_pass https://localhost:8006;
+        }
+        if ($subdomain = "") {
+            proxy_pass http://localhost:80;
+        }
+        proxy_buffering off;
+        client_max_body_size 0;
+        proxy_connect_timeout  3600s;
+        proxy_read_timeout  3600s;
+        proxy_send_timeout  3600s;
+        send_timeout  3600s;
+    }
+}
+```
+
+```bash
+nano /root/localhost.conf
+echo >/root/localhost.conf && nano /root/localhost.conf
+```
+
+```conf
+[req]
+default_bits       = 2048
+default_keyfile    = localhost.key
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+x509_extensions    = v3_ca
+
+[req_distinguished_name]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = Arizona
+localityName                = Locality Name (eg, city)
+localityName_default        = Anthem
+organizationName            = Organization Name (eg, company)
+organizationName_default    = Phares
+organizationalUnitName      = organizationalunit
+organizationalUnitName_default = Development
+commonName                  = Common Name (e.g. server FQDN or YOUR name)
+commonName_default          = pve.home
+commonName_max              = 64
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1   = pve.home
+DNS.2   = gogs.pve.home
+DNS.3   = Trigkey.Proxmox
+DNS.4   = proxmox.pve.home
+DNS.5   = pi-hole.pve.home
+DNS.6   = syncthing.pve.home
+DNS.7   = localhost
+DNS.8   = 127.0.0.1
+```
+
+```bash
+rm /etc/nginx/localhost.key
+rm /etc/nginx/localhost.crt
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/localhost.key -out /etc/nginx/localhost.crt -config /root/localhost.conf
+```
+
+```bash
+nginx -t
+systemctl restart nginx
+nginx -s reload
+ls /etc/nginx
+# https://pve.home/#
+# https://gogs.pve.home/#
+# https://syncthing.pve.home/#
+```
+
+```bash
+adduser gogs
+```
+
+```bash
+cd /home/gogs
+wget https://dl.gogs.io/0.13.0/gogs_0.13.0_linux_amd64.tar.gz
+tar -xvzf gogs_0.13.0_linux_amd64.tar.gz
+rm gogs_0.13.0_linux_amd64.tar.gz
+cd /home/gogs/gogs
+./gogs web
+```
+
+```bash
+mkdir /home/gogs/gogs-repositories
+chown gogs /home/gogs -R
+chgrp gogs /home/gogs -R
+```
+
+```bash
+nano /etc/systemd/system/gogs-daemon.service
+```
+
+```conf
+[Unit]
+Description=Gogs
+After=syslog.target
+After=network.target
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+Type=simple
+User=gogs
+Group=gogs
+WorkingDirectory=/home/gogs/gogs
+ExecStart=/home/gogs/gogs/gogs web
+Restart=always
+Environment=USER=gogs HOME=/home/gogs
+
+# Some distributions may not support these hardening directives
+# If you cannot start the service due
+# to an unknown option, comment out the ones not supported by your version of systemd.
+ProtectSystem=full
+PrivateDevices=yes
+PrivateTmp=yes
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
+```
+
+```bash
+nano /home/gogs/gogs/custom/conf/app.ini
+```
+
+```conf
+BRAND_NAME = Gogs
+RUN_USER   = gogs
+RUN_MODE   = prod
+
+[database]
+TYPE     = sqlite3
+HOST     = 127.0.0.1:3306
+NAME     = gogs
+SCHEMA   = public
+USER     = gogs
+PASSWORD = 1178
+SSL_MODE = disable
+PATH     = data/gogs.db
+
+[repository]
+ROOT           = /home/gogs/gogs-repositories
+DEFAULT_BRANCH = master
+
+[server]
+DOMAIN           = localhost
+HTTP_PORT        = 3000
+EXTERNAL_URL     = https://asdf@pve.home/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+START_SSH_SERVER = false
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[auth]
+REQUIRE_EMAIL_CONFIRMATION  = false
+DISABLE_REGISTRATION        = false
+ENABLE_REGISTRATION_CAPTCHA = true
+REQUIRE_SIGNIN_VIEW         = false
+
+[user]
+ENABLE_EMAIL_NOTIFICATION = false
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = Info
+ROOT_PATH = /home/gogs/gogs/log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY   = czo27vBeXWU7HTi
+```
+
+```bash
+systemctl enable gogs-daemon
+systemctl start gogs-daemon
+systemctl status gogs-daemon.service
+systemctl daemon-reload
+journalctl -fu gogs-daemon.service
+journalctl --rotate
+journalctl --vacuum-time=1s
+cd /home/gogs
+git clone https://github.com/Kos-M/GogsThemes
+ufw allow from 192.168.0.0/26 to any port 3000 comment "05) gogs"
+ufw allow from 192.168.1.0/26 to any port 3000 comment "06) gogs"
+ufw status numbered
+exit
+cp ~/.bash_history /home/gogs/bash-history-2023-12-03.txt
+chown gogs /home/gogs -R
+chgrp gogs /home/gogs -R
+exit
+```
+
+```bash
+apt-get install syncthing
+apt-get install apt-transport-https
+adduser syncthing
+```
+
+```bash
+cat /etc/passwd | cut -d: -f1
+systemctl enable syncthing@syncthing.service
+systemctl start syncthing@syncthing.service
+systemctl status syncthing@syncthing.service
+journalctl -e -u syncthing@syncthing.service
+nano /home/syncthing/.config/syncthing/config.xml
+```
+
+```xml
+<address>0.0.0.0:8384</address>
+```
+
+```bash
+systemctl restart syncthing@syncthing.service
+chown syncthing /home/syncthing -R
+chgrp syncthing /home/syncthing -R
+ufw allow from 192.168.0.0/26 to any port 8384 comment "07) syncthing"
+ufw allow from 192.168.1.0/26 to any port 8384 comment "08) syncthing"
+ufw status numbered
+```
+
+```conf Windows
+192.168.0.62 pve.home
+192.168.0.62 gogs.pve.home
+192.168.0.62 proxmox.pve.home
+192.168.0.62 pie-hole.pve.home
+192.168.0.62 syncthing.pve.home
+```
+
+```bash
+nano /root/.ssh/authorized_keys
+apt-get install ssh-import-id
+ssh-import-id gh:mikepharesjr
+systemctl restart ssh
+```
+
+```bash
+adduser pi-hole
+```
+
+## To Do ...
+
+```bash
+cd /home/pi-hole
+# curl -sSL https://install.pi-hole.net | bash
+```
+
+```bash Thu Jan 04 2024 18:47:05 GMT-0700 (Mountain Standard Time)
+nano /etc/network/interfaces
+```
+
+```conf
+auto lo
+iface lo inet loopback
+
+iface enp4s0 inet manual
+
+auto vmbr0
+iface vmbr0 inet static
+        address 192.168.1.61/26
+        gateway 192.168.1.1
+        bridge-ports enp4s0
+        bridge-stp off
+        bridge-fd 0
+
+
+source /etc/network/interfaces.d/*
+```
+
+- https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_package_repositories
+
+```bash
+nano /etc/apt/sources.list
+```
+
+```conf
+deb http://ftp.debian.org/debian bookworm main contrib
+deb http://ftp.debian.org/debian bookworm-updates main contrib
+
+# Proxmox VE pve-no-subscription repository provided by proxmox.com,
+# NOT recommended for production use
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+
+# security updates
+deb http://security.debian.org/debian-security bookworm-security main contrib
+```
+
+```bash
+nano /etc/apt/sources.list.d/pve-enterprise.list
+```
+
+```conf
+# deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise
+```
+
+```bash
+nano /etc/apt/sources.list.d/ceph.list
+```
+
+```conf
+# deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise
+
+deb http://download.proxmox.com/debian/ceph-reef bookworm no-subscription
+```
+
+- https://smarthomescene.com/guides/how-to-install-home-assistant-on-proxmox-the-easy-way/
+
+```bash
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/haos-vm.sh)"
+bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"
+```
+
+```bash
+# https://www.firsttiger.com/cheatsheets/setting-up-xterm-js-for-proxmox/
+sudo systemctl enable serial-getty@ttyS0.service
+sudo systemctl start serial-getty@ttyS0.service
+# https://devopstales.github.io/virtualization/proxmox-xtermjs-enable/
+qm set [vmid] -serial0 socket
+nano /etc/default/grub
+GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty1"
+GRUB_CMDLINE_LINUX=""
+GRUB_TERMINAL="serial console"
+GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
+echo 'GRUB_CMDLINE_LINUX="quiet console=tty0 console=ttyS0,115200"' >> /tmp/grub
+
+nano /etc/default/grub
+# Debian/Ubuntu etc.
+update-grub
+# RHEL/CentOS/Fedora
+grub2-mkconfig --output=/boot/grub2/grub.cfg
+mkdir -p /etc/systemd/system/serial-getty@ttyS0.service.d/
+nano /etc/systemd/system/serial-getty@ttyS0.service.d/override.conf
+[Service]
+ExecStart=
+ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 %I $TERM
+
+systemctl daemon-reload
+systemctl restart serial-getty@ttyS0.service
+systemctl enable serial-getty@ttyS0.service
+init 6
+ps -ef | grep ttyS0
+systemctl status serial-getty@ttyS0.service
+```
+
+```bash
+# https://silicon.blog/2023/01/12/how-to-enable-copy-and-paste-function-on-your-proxmox-web-console-without-install-additional-software-in-your-vm/
+sudo -i
+nano  /etc/default/grub
+GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS0,115200"
+update-grub
+reboot
+```