--- type: "topic" created: "2024-01-06T01:25:36.042Z" updated: "2024-01-06T01:25:36.042Z" --- # Proxmox ```bash apt-get update apt-get upgrade nano /etc/resolv.conf ls -l /etc/network nano /etc/network/interfaces apt-get install links unzip ufw ufw allow from 192.168.0.0/24 to any port 22 comment "01) SSH" ufw allow from 192.168.1.0/24 to any port 22 comment "02) SSH" ufw allow to 0.0.0.0/0 port 80 comment "03) HTTP" ufw allow to 0.0.0.0/0 port 443 comment "04) HTTPS" ufw status numbered timedatectl set-timezone America/Phoenix timedatectl nano /etc/hosts ``` ```conf 127.0.0.1 localhost.localdomain localhost 192.168.0.56 pve.home pve # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts ``` ```bash apt-get install nano nginx git -y nano /etc/hosts nano /etc/nginx/sites-available/default echo >/etc/nginx/sites-available/default && nano /etc/nginx/sites-available/default ``` ```conf server { listen 80; listen [::]:80; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } } server { ssl_certificate 'localhost.crt'; ssl_certificate_key 'localhost.key'; listen 443 ssl http2; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; listen [::]:443 ssl http2; server_name ~^(?.+)\.pve\.home; proxy_redirect off; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; if ($subdomain = "gogs") { proxy_pass http://localhost:3000; } if ($subdomain = "syncthing") { proxy_pass http://localhost:8384; } if ($subdomain = "proxmox") { proxy_pass https://localhost:8006; } if ($subdomain = "") { proxy_pass http://localhost:80; } proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; } } ``` ```bash nano /root/localhost.conf echo >/root/localhost.conf && nano /root/localhost.conf ``` ```conf [req] default_bits = 2048 default_keyfile = localhost.key distinguished_name = req_distinguished_name req_extensions = req_ext x509_extensions = v3_ca [req_distinguished_name] countryName = Country Name (2 letter code) countryName_default = US stateOrProvinceName = State or Province Name (full name) stateOrProvinceName_default = Arizona localityName = Locality Name (eg, city) localityName_default = Anthem organizationName = Organization Name (eg, company) organizationName_default = Phares organizationalUnitName = organizationalunit organizationalUnitName_default = Development commonName = Common Name (e.g. server FQDN or YOUR name) commonName_default = pve.home commonName_max = 64 [req_ext] subjectAltName = @alt_names [v3_ca] subjectAltName = @alt_names [alt_names] DNS.1 = pve.home DNS.2 = gogs.pve.home DNS.3 = Trigkey.Proxmox DNS.4 = proxmox.pve.home DNS.5 = pi-hole.pve.home DNS.6 = syncthing.pve.home DNS.7 = localhost DNS.8 = 127.0.0.1 ``` ```bash rm /etc/nginx/localhost.key rm /etc/nginx/localhost.crt openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/localhost.key -out /etc/nginx/localhost.crt -config /root/localhost.conf ``` ```bash nginx -t systemctl restart nginx nginx -s reload ls /etc/nginx # https://pve.home/# # https://gogs.pve.home/# # https://syncthing.pve.home/# ``` ```bash adduser gogs ``` ```bash cd /home/gogs wget https://dl.gogs.io/0.13.0/gogs_0.13.0_linux_amd64.tar.gz tar -xvzf gogs_0.13.0_linux_amd64.tar.gz rm gogs_0.13.0_linux_amd64.tar.gz cd /home/gogs/gogs ./gogs web ``` ```bash mkdir /home/gogs/gogs-repositories chown gogs /home/gogs -R chgrp gogs /home/gogs -R ``` ```bash nano /etc/systemd/system/gogs-daemon.service ``` ```conf [Unit] Description=Gogs After=syslog.target After=network.target [Service] # Modify these two values and uncomment them if you have # repos with lots of files and get an HTTP error 500 because # of that ### #LimitMEMLOCK=infinity #LimitNOFILE=65535 Type=simple User=gogs Group=gogs WorkingDirectory=/home/gogs/gogs ExecStart=/home/gogs/gogs/gogs web Restart=always Environment=USER=gogs HOME=/home/gogs # Some distributions may not support these hardening directives # If you cannot start the service due # to an unknown option, comment out the ones not supported by your version of systemd. ProtectSystem=full PrivateDevices=yes PrivateTmp=yes NoNewPrivileges=true [Install] WantedBy=multi-user.target ``` ```bash nano /home/gogs/gogs/custom/conf/app.ini ``` ```conf BRAND_NAME = Gogs RUN_USER = gogs RUN_MODE = prod [database] TYPE = sqlite3 HOST = 127.0.0.1:3306 NAME = gogs SCHEMA = public USER = gogs PASSWORD = 1178 SSL_MODE = disable PATH = data/gogs.db [repository] ROOT = /home/gogs/gogs-repositories DEFAULT_BRANCH = master [server] DOMAIN = localhost HTTP_PORT = 3000 EXTERNAL_URL = https://asdf@pve.home/ DISABLE_SSH = false SSH_PORT = 22 START_SSH_SERVER = false OFFLINE_MODE = false [mailer] ENABLED = false [auth] REQUIRE_EMAIL_CONFIRMATION = false DISABLE_REGISTRATION = false ENABLE_REGISTRATION_CAPTCHA = true REQUIRE_SIGNIN_VIEW = false [user] ENABLE_EMAIL_NOTIFICATION = false [picture] DISABLE_GRAVATAR = false ENABLE_FEDERATED_AVATAR = false [session] PROVIDER = file [log] MODE = file LEVEL = Info ROOT_PATH = /home/gogs/gogs/log [security] INSTALL_LOCK = true SECRET_KEY = czo27vBeXWU7HTi ``` ```bash systemctl enable gogs-daemon systemctl start gogs-daemon systemctl status gogs-daemon.service systemctl daemon-reload journalctl -fu gogs-daemon.service journalctl --rotate journalctl --vacuum-time=1s cd /home/gogs git clone https://github.com/Kos-M/GogsThemes ufw allow from 192.168.0.0/26 to any port 3000 comment "05) gogs" ufw allow from 192.168.1.0/26 to any port 3000 comment "06) gogs" ufw status numbered exit cp ~/.bash_history /home/gogs/bash-history-2023-12-03.txt chown gogs /home/gogs -R chgrp gogs /home/gogs -R exit ``` ```bash apt-get install syncthing apt-get install apt-transport-https adduser syncthing ``` ```bash cat /etc/passwd | cut -d: -f1 systemctl enable syncthing@syncthing.service systemctl start syncthing@syncthing.service systemctl status syncthing@syncthing.service journalctl -e -u syncthing@syncthing.service nano /home/syncthing/.config/syncthing/config.xml ``` ```xml
0.0.0.0:8384
``` ```bash systemctl restart syncthing@syncthing.service chown syncthing /home/syncthing -R chgrp syncthing /home/syncthing -R ufw allow from 192.168.0.0/26 to any port 8384 comment "07) syncthing" ufw allow from 192.168.1.0/26 to any port 8384 comment "08) syncthing" ufw status numbered ``` ```conf Windows 192.168.0.62 pve.home 192.168.0.62 gogs.pve.home 192.168.0.62 proxmox.pve.home 192.168.0.62 pie-hole.pve.home 192.168.0.62 syncthing.pve.home ``` ```bash nano /root/.ssh/authorized_keys apt-get install ssh-import-id ssh-import-id gh:mikepharesjr systemctl restart ssh ``` ```bash adduser pi-hole ``` ## To Do ... ```bash cd /home/pi-hole # curl -sSL https://install.pi-hole.net | bash ``` ```bash Thu Jan 04 2024 18:47:05 GMT-0700 (Mountain Standard Time) nano /etc/network/interfaces ``` ```conf auto lo iface lo inet loopback iface enp4s0 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.1.61/26 gateway 192.168.1.1 bridge-ports enp4s0 bridge-stp off bridge-fd 0 source /etc/network/interfaces.d/* ``` - https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_package_repositories ```bash nano /etc/apt/sources.list ``` ```conf deb http://ftp.debian.org/debian bookworm main contrib deb http://ftp.debian.org/debian bookworm-updates main contrib # Proxmox VE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription # security updates deb http://security.debian.org/debian-security bookworm-security main contrib ``` ```bash nano /etc/apt/sources.list.d/pve-enterprise.list ``` ```conf # deb https://enterprise.proxmox.com/debian/pve bookworm pve-enterprise ``` ```bash nano /etc/apt/sources.list.d/ceph.list ``` ```conf # deb https://enterprise.proxmox.com/debian/ceph-quincy bookworm enterprise deb http://download.proxmox.com/debian/ceph-reef bookworm no-subscription ``` - https://smarthomescene.com/guides/how-to-install-home-assistant-on-proxmox-the-easy-way/ ```bash bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/haos-vm.sh)" bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)" ``` ```bash # https://www.firsttiger.com/cheatsheets/setting-up-xterm-js-for-proxmox/ sudo systemctl enable serial-getty@ttyS0.service sudo systemctl start serial-getty@ttyS0.service # https://devopstales.github.io/virtualization/proxmox-xtermjs-enable/ qm set [vmid] -serial0 socket nano /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="console=ttyS0,115200n8 console=tty1" GRUB_CMDLINE_LINUX="" GRUB_TERMINAL="serial console" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" echo 'GRUB_CMDLINE_LINUX="quiet console=tty0 console=ttyS0,115200"' >> /tmp/grub nano /etc/default/grub # Debian/Ubuntu etc. update-grub # RHEL/CentOS/Fedora grub2-mkconfig --output=/boot/grub2/grub.cfg mkdir -p /etc/systemd/system/serial-getty@ttyS0.service.d/ nano /etc/systemd/system/serial-getty@ttyS0.service.d/override.conf [Service] ExecStart= ExecStart=-/sbin/agetty -o '-p -- \\u' 115200 %I $TERM systemctl daemon-reload systemctl restart serial-getty@ttyS0.service systemctl enable serial-getty@ttyS0.service init 6 ps -ef | grep ttyS0 systemctl status serial-getty@ttyS0.service ``` ```bash # https://silicon.blog/2023/01/12/how-to-enable-copy-and-paste-function-on-your-proxmox-web-console-without-install-additional-software-in-your-vm/ sudo -i nano /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="quiet console=tty0 console=ttyS0,115200" update-grub reboot ```