bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/misc/post-pve-install.sh)"# It is recommended to answer âyesâ (y) to all options presented during the process.
127.0.0.1localhost.localdomainlocalhost192.168.5.2pve.lan.syselement.compve# The following lines are desirable for IPv6 capable hosts::1ip6-localhostip6-loopbackfe00::0ip6-localnetff00::0ip6-mcastprefixff02::1ip6-allnodesff02::2ip6-allroutersff02::3ip6-allhosts
Set the permanent backups directory environment variable or edit the script to set the $DEFAULT_BACK_DIR variable to your preferred backup directory
export BACK_DIR="/path/to/backup/directory"
Make the script executable
chmod+x./prox_config_backup.sh
Shut down ALL VMs + LXC Containers if you want to go the safe way. (Not required)
Run the script
./prox_config_backup.sh
Notification
The script supports healthchecks.io notifications, either to the hosted service, or a self-hosted instance. The notification sends during the final cleanup stage, and either returns 0 to tell Healthchecks that the command was successful, or the exit error code (1-255) to tell Healthchecks that the command failed. To enable:
Set the $HEALTHCHECK variable to 1
Set the $HEALTHCHECK_URL variable to the full ping URL for your check. Do not include anything after the UUID, the status flag will be added by the script.
PROXMOX - Network > edit eth0 and set the Static IP.
bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/ct/pbs.sh)"# PBS Interface <IP>:3000# Set a root password if using autologin. This will be the PBS password.# Login to WebGUI and open PBS shellsudopasswdroot
PBS post install
Disable the Enterprise Repo
Add/Correct PBS Sources
Enable the No-Subscription Repo
Add Test Repo
Disable Subscription Nag
Update and reboot Proxmox Backup Server
Run the command below in the Proxmox Backup Server Shell and answer "yes" to all options presented
PROXMOX - Network > edit eth0 and set the Static IP.
bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/ct/adguard.sh)"# Setup interface <IP>:3000# To Manually Update AdGuard Home, run the command above (or type update) in the AdGuard LXC Console.
bash-c"$(wget-qO-https://github.com/tteck/Proxmox/raw/main/ct/alpine-vaultwarden.sh)"# To Update Alpine-Vaultwarden, or Set the Admin Token, run the command above in the Vaultwarden LXC Console.# or runapkupdate&&apkupgrade
PROXMOX - Network > edit eth0 and set the Static IP.
Set https://vaultwarden.lab.syselement.com in the General settings - Domain URL admin menu http://192.168.5.7:8000/admin.
Vaultwarden needs to be behind a proxy (e.g. Zoraxy) to obtain HTTPS and to allow clients to connect.
PROXMOX - Network > edit eth0 and set the Static IP.
bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/ct/wikijs.sh)"# Wiki.js Interface <IP>:3000# To Manually Update Wiki.js , run the command above (or type update) in the Wiki.js LXC Console.
bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/ct/pihole.sh)"# Reboot Pi-hole LXC after install#P i-hole Interface <IP>/admin# To set your password:pihole-a-p
PROXMOX - Network > edit eth0 and set the Static IP.
bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/ct/homepage.sh)"# Homepage Interface: IP:3000# To Manually Update Homepage, run the command above (or type update) in the Homepage LXC Console.
### Settings for SSH with Passwordsudosed-i-e's/^PasswordAuthentication.*/PasswordAuthentication yes/'/etc/ssh/sshd_config&&sudosystemctlrestartsshd#### Settings SSH with SSH Key + Disable root login# Paste your SSH Public Key into ~/.ssh/authorized_keys (if not set by Proxmox Cloud-Init) and set sshd_config accordinglysudonano/etc/ssh/sshd_config# Paste these linesPermitRootLoginnoChallengeResponseAuthenticationnoPasswordAuthenticationnoUsePAMnoAuthenticationMethodspublickeyPubkeyAuthenticationyesPermitEmptyPasswordsno# Save and exit the file# Restart the sshd servicesudosystemctlrestartsshd# Check sshd config withsudosshd-T
Timezone and Updates
# TIMEZONEsudotimedatectlset-timezoneEurope/Rome# DISABLE AUTOMATIC UPDATESsudonano/etc/apt/apt.conf.d/20auto-upgrades# make sure all the directives are set to â0âsudosystemctldisableapt-daily-upgrade.timersudosystemctlmaskapt-daily-upgrade.servicesudosystemctldisableapt-daily.timersudosystemctlmaskapt-daily.service# Change "root" user passwordsudopasswdroot
sudosu# Docker Enginesh<(curl-sSLhttps://get.docker.com)# Docker ComposeLATEST=$(curl-sLhttps://api.github.com/repos/docker/compose/releases/latest|grep'"tag_name":'|cut-d'"'-f4)DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker}mkdir-p $DOCKER_CONFIG/cli-pluginscurl-sSLhttps://github.com/docker/compose/releases/download/$LATEST/docker-compose-linux-x86_64-o~/.docker/cli-plugins/docker-composechmod+x $DOCKER_CONFIG/cli-plugins/docker-composedockercomposeversion# Add a user to the "docker" group to let it run Dockersudogroupadddockersudogpasswd-a"${USER}"docker
On the host being connected to, you need to advertise that Tailscale is managing SSH connections which originate from the Tailscale network to this host
sudotailscaleup--ssh# This generates a host keypair, shares its public half with the Tailscale control plane for distribution to clients, and configures tailscaled to intercept all traffic from your tailnet that is routed to port 22 on the Tailscale IP address. This SSH initialization only needs to be done once per host.
sudosnapinstallmicrok8s--classic###sudousermod-a-Gmicrok8s $USERsudomkdir-p~/.kubesudochmod0700~/.kubesudochown-f-R $USER ~/.kube# Close SSH session and reopen itmicrok8sstatus--wait-ready
Some commands
microk8sstopmicrok8sstartmicrok8skubectlgetnodesmicrok8skubectlgetservicesmicrok8skubectlgetpodsmicrok8senablednsmicrok8senablehostpath-storagemicrok8senableingressmicrok8senablecore/metrics-server# Community Add-ons repositorymicrok8senablecommunitymicrok8senableportainer# microk8s disable portainer
bash-c"$(wget-qLO-https://github.com/tteck/Proxmox/raw/main/turnkey/turnkey.sh)"# Resource and network settings are adjustable post LXC creation.# The script creates a *.creds file in the Proxmox root directory with the password of the newly created TurnKey LXC Appliance.# Retrieve Password catturnkey-name.creds
SSH into the Ubuntu VM and run the BookStack Ubuntu Installation script
â A script to install BookStack on a fresh instance of Ubuntu 24.04 is available. This script is ONLY FOR A FRESH OS, it will install Apache, MySQL 8.0 & PHP 8.3 and could OVERWRITE any existing web setup on the machine. It also does not set up mail settings or configure system security so you will have to do those separately. You can use the script as a reference if youâre installing on a non-fresh machine.
# Download the scriptwgethttps://raw.githubusercontent.com/BookStackApp/devops/main/scripts/installation-ubuntu-22.04.sh# Make it executablechmoda+xinstallation-ubuntu-22.04.sh# Run the script with admin permissionssudo./installation-ubuntu-22.04.sh# Set the VM IP as domain during the first run of BookStack