WARNING do not use this on any system you care about, there's a good chance it will irreversibly screw up your installation. Just documenting this for myself.

Ubuntu-Focal-To-Debian-Bullseye-with-Proxmox.sh

#!/bin/bash
#Converts an Ubuntu Focal installation to a Debian Bullseye installation
#This script is intended to be run on a fresh Ubuntu Focal installation

rm -rf /etc/apt/sources.list.*
# Append the Debian Bullseye sources to the sources.list file, keeping the Ubuntu sources for now
cat << EOF >> /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free"
EOF

cat << EOF > /etc/apt/preferences.d/10-no-ubuntu
Package: *
Pin: release o=Ubuntu
Pin-Priority: -1000
EOF

# These may need to be updated in the future
wget http://http.us.debian.org/debian/pool/main/d/debian-keyring/debian-keyring_2022.12.24_all.deb
dpkg -i debian-keyring_2022.12.24_all.deb
wget http://http.us.debian.org/debian/pool/main/d/debian-archive-keyring/debian-archive-keyring_2021.1.1_all.deb
dpkg -i debian-archive-keyring_2021.1.1_all.deb

apt update
apt dist-upgrade -y --allow-downgrades

# Removing the Ubuntu sources
cat << EOF > /etc/apt/sources.list
deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian-security/ bullseye-security main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free"
EOF

rm /etc/apt/preferences.d/10-no-ubuntu

# WARNING this may be dangerous, but for my use case, it is necessary avoid an error when we reinstall linux-image-amd64
rm -rf /lib/firmware/*


apt install -y linux-image-amd64
apt autoremove -y
apt autoremove -y

# From here on out it's just the Proxmox installation:
echo "Enter the domain name that will resolve to this servers IP address"
read hostname
sudo apt update && sudo apt full-upgrade -y
hostnamectl set-hostname $hostname
myip=$(curl --silent ifconfig.me)
echo "127.0.0.1 localhost" > hosts
echo $myip $hostname >> hosts
mv -f hosts /etc/hosts

#This ensures the hostname changes don't get reverted by cloud-init
sed -i '/host/d' /etc/cloud/cloud.cfg

echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg 

apt update && apt full-upgrade -y
apt install proxmox-ve postfix open-iscsi fail2ban -y
apt remove os-prober -y
dpkg --force-overwrite -i /var/cache/apt/archives/pve-firmware*.deb
apt -f install -y
dpkg --force-overwrite -i /var/cache/apt/archives/pve-firmware*.deb


cat <<EOF > /etc/fail2ban/jail.local
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1
EOF

cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
EOF

echo "REBOOT before doing anything else"