cmer/proxmox-fresh.sh

## proxmox-fresh.sh
#!/bin/bash

apt update -y
apt install -y lsb-release sudo vim screen curl htop
RELEASE=`lsb_release -sc`

# Install no-nag
cd /tmp
curl -s https://api.github.com/repos/Jamesits/pve-fake-subscription/releases/latest \
| grep "browser_download_url.*deb" \
| cut -d : -f 2,3 \
| tr -d \" \
| wget -qi -
dpkg -i pve-fake-subscription_*_all.deb
echo "127.0.0.1 shop.maurer-it.com" | sudo tee -a /etc/hosts

# Enable community repo
echo "deb http://download.proxmox.com/debian/pve $RELEASE pve-no-subscription" > /etc/apt/sources.list.d/pve-community.list
rm /etc/apt/sources.list.d/pve-enterprise.list

# Add microcode repo
echo "deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free" > /etc/apt/sources.list

apt update -y

# Enable IOMMU for PCI passthrough
echo "vfio
vfio_iommu_type1
vfio_pci
vfio_virqfd" > /etc/modules

cat /proc/cpuinfo | grep 'vendor' | uniq | grep Intel > /dev/null

if [ $? -eq 0 ]; then
    echo "Enabling IOMMU for Intel..."
    sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 intel_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
    apt install -y intel-microcode
else
    echo "Enabling IOMMU for AMD..."
    sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 amd_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
    apt install -y amd64-microcode
fi

update-grub

if [ $(dmesg | grep ecap | wc -l) -eq 0 ]; then
  echo "No interrupt remapping support found"
  exit 1
fi

for i in $(dmesg | grep ecap | awk '{print $NF}'); do
  if [ $(( (0x$i & 0xf) >> 3 )) -ne 1 ]; then
    echo "Interrupt remapping not supported"
    exit 1
  fi
done

# Listen on 443
iptables -C PREROUTING -t nat  -p tcp --dport 443 -j REDIRECT --to-ports 8006 &> /dev/null
if [ $? -ne 0 ]; then
  /sbin/iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8006
fi

echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections

apt-get -y install iptables-persistent
service iptables-persistent save

echo "Done. You should reboot!"
	#!/bin/bash

	apt update -y
	apt install -y lsb-release sudo vim screen curl htop
	RELEASE=`lsb_release -sc`

	# Install no-nag
	cd /tmp
	curl -s https://api.github.com/repos/Jamesits/pve-fake-subscription/releases/latest \
	\| grep "browser_download_url.*deb" \
	\| cut -d : -f 2,3 \
	\| tr -d \" \
	\| wget -qi -
	dpkg -i pve-fake-subscription_*_all.deb
	echo "127.0.0.1 shop.maurer-it.com" \| sudo tee -a /etc/hosts

	# Enable community repo
	echo "deb http://download.proxmox.com/debian/pve $RELEASE pve-no-subscription" > /etc/apt/sources.list.d/pve-community.list
	rm /etc/apt/sources.list.d/pve-enterprise.list

	# Add microcode repo
	echo "deb http://deb.debian.org/debian bullseye main contrib non-free
	deb http://security.debian.org/debian-security bullseye-security main contrib non-free
	deb http://deb.debian.org/debian bullseye-updates main contrib non-free" > /etc/apt/sources.list

	apt update -y

	# Enable IOMMU for PCI passthrough
	echo "vfio
	vfio_iommu_type1
	vfio_pci
	vfio_virqfd" > /etc/modules

	cat /proc/cpuinfo \| grep 'vendor' \| uniq \| grep Intel > /dev/null

	if [ $? -eq 0 ]; then
	echo "Enabling IOMMU for Intel..."
	sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 intel_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
	apt install -y intel-microcode
	else
	echo "Enabling IOMMU for AMD..."
	sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 amd_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
	apt install -y amd64-microcode
	fi

	update-grub

	if [ $(dmesg \| grep ecap \| wc -l) -eq 0 ]; then
	echo "No interrupt remapping support found"
	exit 1
	fi

	for i in $(dmesg \| grep ecap \| awk '{print $NF}'); do
	if [ $(( (0x$i & 0xf) >> 3 )) -ne 1 ]; then
	echo "Interrupt remapping not supported"
	exit 1
	fi
	done

	# Listen on 443
	iptables -C PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8006 &> /dev/null
	if [ $? -ne 0 ]; then
	/sbin/iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8006
	fi

	echo iptables-persistent iptables-persistent/autosave_v4 boolean true \| sudo debconf-set-selections
	echo iptables-persistent iptables-persistent/autosave_v6 boolean true \| sudo debconf-set-selections

	apt-get -y install iptables-persistent
	service iptables-persistent save

	echo "Done. You should reboot!"