From aa1061b851ab2584d66c4f7d85a43e3426ed0905 Mon Sep 17 00:00:00 2001 From: Tine Date: Thu, 7 Nov 2024 21:09:33 +0100 Subject: [PATCH] docs: proxmox setup --- README.md | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 97625b4..19bb2de 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,71 @@ -# infrastructure +# `tjo-cloud/infrastructure` -tjo.cloud infrastructure \ No newline at end of file +## Proxmox Configuration + +* [Guide to install on emmc](https://ibug.io/blog/2022/03/install-proxmox-ve-emmc/) + +### 1. Tailscale. +Install and authenticate as always. Start with `tailscale up --ssh --accept-routes --accept-dns=false`. + +### 2. Install intel-firmware updates. + +``` +# Add non-free-firmware to the end +vim /etc/apt/sources.list + +apt install intel-microcode + +reboot +``` + +### 2. Configure Hosts. +Every Proxmox node needs to have configured `/etc/hosts` with entryies for all servers. + + +## Servers + +``` +100.71.223.89 naboo.system.tjo.cloud naboo +fd7a:115c:a1e0::8701:df59 naboo.system.tjo.cloud naboo + +100.110.88.100 batuu.system.tjo.cloud batuu +fd7a:115c:a1e0::1901:5864 batuu.system.tjo.cloud batuu + +100.103.129.84 endor.system.tjo.cloud endor +fd7a:115c:a1e0::3b01:8154 endor.system.tjo.cloud endor + +100.67.200.27 jakku.system.tjo.cloud jakku +fd7a:115c:a1e0::301:c81b jakku.system.tjo.cloud jakku + +100.82.48.119 nevaroo.system.tjo.cloud nevaroo +fd7a:115c:a1e0::b301:3077 nevaroo.system.tjo.cloud nevaroo +``` + +### 3. Connect to Proxmox Cluster. + +``` +pvecm add $EXISTING_NODE --link0 $(tailscale ip -4) --link1 $(tailscale ip -6) +``` + +### 4. Configure Firewall. + +``` +# Web Portal on public IP +iptables -A INPUT -p tcp -i vmbr0 --dport 8006 -j DROP +``` + +### 5. Disable RPC Bind + +``` +systemctl disable --now rpcbind +``` + +### 5. Disable SSH Access from public internet and enable public key auth. + +``` +echo "PasswordAuthentication no" >>> /etc/ssh/sshd_config +``` + +### 6. Install Node Exporter and send metrics to monitor.tjo.cloud. + +### 7. ???