infrastructure/README.md
Tine 01577ed7a6
Some checks failed
/ lint (push) Failing after 1m25s
docs: proxmox setup
2024-11-07 21:14:51 +01:00

1.5 KiB

tjo-cloud/infrastructure

Proxmox Configuration

1. Tailscale.

Install and authenticate as always. Start with tailscale up --ssh --accept-routes --accept-dns=false.

2. Install intel-micropodes updates.

# Add non-free-firmware to the end
vim /etc/apt/sources.list

apt install intel-microcode

reboot

2. Configure Hosts.

Every Proxmox node needs to have configured /etc/hosts with entryies for all servers.

Servers

100.71.223.89 naboo.system.tjo.cloud naboo
fd7a:115c:a1e0::8701:df59 naboo.system.tjo.cloud naboo

100.110.88.100 batuu.system.tjo.cloud batuu
fd7a:115c:a1e0::1901:5864 batuu.system.tjo.cloud batuu

100.103.129.84 endor.system.tjo.cloud endor
fd7a:115c:a1e0::3b01:8154 endor.system.tjo.cloud endor

100.67.200.27 jakku.system.tjo.cloud jakku
fd7a:115c:a1e0::301:c81b jakku.system.tjo.cloud jakku

100.82.48.119 nevaroo.system.tjo.cloud nevaroo
fd7a:115c:a1e0::b301:3077 nevaroo.system.tjo.cloud nevaroo

3. Connect to Proxmox Cluster.

pvecm add $EXISTING_NODE --link0 $(tailscale ip -4) --link1 $(tailscale ip -6)

4. Configure Firewall.

# Web Portal on public IP
iptables -A INPUT -p tcp -i vmbr0 --dport 8006 -j DROP

5. Disable RPC Bind

systemctl disable --now rpcbind

5. Disable SSH Access from public internet and enable public key auth.

echo "PasswordAuthentication no" >> /etc/ssh/sshd_config

6. Install Node Exporter and send metrics to monitor.tjo.cloud.

7. ???