2024-11-07 20:09:33 +00:00
# `tjo-cloud/infrastructure`
2024-07-08 19:36:43 +00:00
2024-11-07 20:09:33 +00:00
## Proxmox Configuration
* [Guide to install on emmc ](https://ibug.io/blog/2022/03/install-proxmox-ve-emmc/ )
### 1. Tailscale.
2024-11-30 15:29:35 +00:00
Install and authenticate as always. Start with:
```
tailscale up --ssh --accept-routes --accept-dns=false --advertise-tags=tag:system-tjo-cloud --hostname=$(hostname -f | sed 's/\./-/g')
```
2024-11-07 20:09:33 +00:00
2024-12-02 19:13:50 +00:00
### 2. Install intel-firmware updates.
2024-11-07 20:09:33 +00:00
```
# Add non-free-firmware to the end
vim /etc/apt/sources.list
apt install intel-microcode
reboot
```
### 2. Configure Hosts.
2024-11-30 14:50:15 +00:00
Every Proxmox node needs to have configured `/etc/hosts` with entries for all servers.
2024-11-07 20:09:33 +00:00
2024-11-07 20:10:07 +00:00
#### Servers
2024-11-07 20:09:33 +00:00
```
100.71.223.89 naboo.system.tjo.cloud naboo
fd7a:115c:a1e0::8701:df59 naboo.system.tjo.cloud naboo
100.110.88.100 batuu.system.tjo.cloud batuu
fd7a:115c:a1e0::1901:5864 batuu.system.tjo.cloud batuu
100.103.129.84 endor.system.tjo.cloud endor
fd7a:115c:a1e0::3b01:8154 endor.system.tjo.cloud endor
100.67.200.27 jakku.system.tjo.cloud jakku
fd7a:115c:a1e0::301:c81b jakku.system.tjo.cloud jakku
100.82.48.119 nevaroo.system.tjo.cloud nevaroo
fd7a:115c:a1e0::b301:3077 nevaroo.system.tjo.cloud nevaroo
2024-11-30 15:43:26 +00:00
100.99.13.61 mustafar.system.tjo.cloud mustafar
fd7a:115c:a1e0::2601:d3d mustafar.system.tjo.cloud mustafar
2024-11-07 20:09:33 +00:00
```
### 3. Connect to Proxmox Cluster.
2024-11-30 15:43:26 +00:00
The `$EXISTING_CLUSTER_NODE_HOST_NAME` (examples: `nevaroo` , `jakku` not the FQDN) represent an existing cluster node, via which the new node will join to the cluster.
This node's ssh key (`cat ~/.ssh/id_rsa.pub`) must be added to the `$EXISTING_CLUSTER_NODE_HOST_NAME` under `~/.ssh/authorized_keys` .
Then the node can join the cluster using:
2024-11-30 15:29:35 +00:00
2024-11-07 20:09:33 +00:00
```
2024-11-30 15:29:35 +00:00
pvecm add $EXISTING_CLUSTER_NODE_HOST_NAME --link0 $(tailscale ip -4) --link1 $(tailscale ip -6)
2024-11-07 20:09:33 +00:00
```
### 4. Configure Firewall.
```
2024-11-30 14:50:15 +00:00
# Disable Web Portal on public IP
2024-11-07 20:09:33 +00:00
iptables -A INPUT -p tcp -i vmbr0 --dport 8006 -j DROP
```
### 5. Disable RPC Bind
```
2024-11-25 16:28:38 +00:00
systemctl disable --now rpcbind.target
systemctl disable --now rpcbind.socket
systemctl disable --now rpcbind.service
2024-11-07 20:09:33 +00:00
```
### 5. Disable SSH Access from public internet and enable public key auth.
2024-11-30 14:50:15 +00:00
Make sure to copy your public key using `ssh-copy-id root@proxmox.ip.address` .
2024-11-07 20:09:33 +00:00
```
2024-11-07 20:14:51 +00:00
echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
2024-11-07 20:09:33 +00:00
```
2024-11-30 14:50:15 +00:00
### 6. Done
2024-11-07 20:09:33 +00:00
2024-12-14 19:15:07 +00:00
Your node should now be visible at https://proxmox.tjo.cloud.
