infrastructure/README.md

tjo-cloud/infrastructure

Proxmox Configuration

• Guide to install on emmc

1. Tailscale.

Install and authenticate as always. Start with tailscale up --ssh --accept-routes --accept-dns=false --advertise-tags=tag:system-tjo-cloud.

2. Install intel-micropodes updates.

# Add non-free-firmware to the end
vim /etc/apt/sources.list

apt install intel-microcode

reboot

2. Configure Hosts.

Every Proxmox node needs to have configured /etc/hosts with entries for all servers.

Servers

100.71.223.89 naboo.system.tjo.cloud naboo
fd7a:115c:a1e0::8701:df59 naboo.system.tjo.cloud naboo

100.110.88.100 batuu.system.tjo.cloud batuu
fd7a:115c:a1e0::1901:5864 batuu.system.tjo.cloud batuu

100.103.129.84 endor.system.tjo.cloud endor
fd7a:115c:a1e0::3b01:8154 endor.system.tjo.cloud endor

100.67.200.27 jakku.system.tjo.cloud jakku
fd7a:115c:a1e0::301:c81b jakku.system.tjo.cloud jakku

100.82.48.119 nevaroo.system.tjo.cloud nevaroo
fd7a:115c:a1e0::b301:3077 nevaroo.system.tjo.cloud nevaroo

3. Connect to Proxmox Cluster.

pvecm add nevaroo.system.tjo.cloud --link0 $(tailscale ip -4) --link1 $(tailscale ip -6)

4. Configure Firewall.

# Disable Web Portal on public IP
iptables -A INPUT -p tcp -i vmbr0 --dport 8006 -j DROP

5. Disable RPC Bind

systemctl disable --now rpcbind.target
systemctl disable --now rpcbind.socket
systemctl disable --now rpcbind.service

5. Disable SSH Access from public internet and enable public key auth.

Make sure to copy your public key using ssh-copy-id root@proxmox.ip.address.

echo "PasswordAuthentication no" >> /etc/ssh/sshd_config

6. Done

Your node should now be vissible at https://proxmox.tjo.cloud.