How to setup a community version of Proxmox VE 5.x-7.x

!proxmox_setup.sh

# copy and paste oneliner below to run
# curl -s https://gist.githubusercontent.com/ilude/32aec45964bc1207810f7e6e49544064/raw/%21proxmox_setup.sh?$(date +%s) | /bin/bash -s

# Disable Commercial Repo
sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list

# Add PVE Community Repo
echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-release | sed -n 's/.*(\(.*\)).*/\1/p') pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list

# setup no nag script to run on upgrade
echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/99-proxmox-no-nag-script

# setup dark-theme to reinstall on upgrade
THEME_APT_SCRIPT_FILE=/etc/apt/apt.conf.d/99-proxmox-dark-theme
if [ ! -f "$THEME_APT_SCRIPT_FILE" ]; then
tee -a "$THEME_APT_SCRIPT_FILE" >/dev/null <<'EOF'
DPkg::Post-Invoke { "wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh && bash PVEDiscordDark.sh install || true"; };
EOF
fi


apt-get update
apt-get dist-upgrade -y

# force post-invoke scripts to run
apt --reinstall install proxmox-widget-toolkit

# keep a record of when the system was setup
date > /etc/birth_certificate

if [ -f /var/run/reboot-required ]; then
sudo reboot
fi

proxmox lxc notes

# https://forum.proxmox.com/threads/mount-host-directory-into-lxc-container.66555/
pct set 103 -mp0 /host/dir,mp=/container/mount/point

proxmox nfs notes

sudo apt-get install -y nfs-common nfs-kernel-server
sudo echo "/pool/share       192.168.16.0/24(rw,fsid=0,insecure,no_subtree_check,async)" > /etc/export
systemctl start nfs-kernel-server.service

proxmox samba notes

##############################################################
# zfs samba file sharing
# https://forum.level1techs.com/t/how-to-create-a-nas-using-zfs-and-proxmox-with-pictures/117375

# On the root proxmox server:

apt-get update
apt-get install samba

# add root as a samba user and create a password
smbpasswd

# It would also be nice to not have to connect as root to the server every time.
# Lets create a new user and give them samba permissions.

# To create a new Unix user:
useradd -m mike
passwd mike

# This adds the new user to Samba.
smbpasswd -a mike

nano /etc/samba/smb.conf

service smbd stop
service smbd start

# Test for errors.
testparm

proxmox smb_hardened.conf

# https://blog.tim.kent.id.au/2018/11/hardening-samba.html
#
# https://wiki.archlinux.org/title/samba#Restrict_protocols_for_better_security

[global]
   server role = standalone server
   obey pam restrictions = yes
   create mask = 0766
   directory mask = 0777
   server string = Samba
   disable netbios = Yes
   server min protocol = SMB3_00
   smb ports = 445
   server signing = required
   restrict anonymous = 2

   server smb encrypt = desired
   use sendfile = yes

   load printers = no
   printing = bsd
   printcap name = /dev/null
   disable spoolss = yes
   show add printer wizard = no
   
[pool]
   comment = Pool Share
   browseable = yes
   path = /pool/share
   guest ok = no
   read only = no

[homes]
   comment = Home Directories
   browseable = no

proxmox unattended upgrades.sh

# https://wiki.debian.org/UnattendedUpgrades

proxmox zfs notes

zfs create pool/share
zfs create pool/share/apps 
zfs create pool/share/iso
zfs create pool/share/media
zfs create pool/vmstorage 

zfs list

NAME                           USED  AVAIL     REFER  MOUNTPOINT
pool                          24.4G  8.19T      192K  /pool
pool/share                    24.4G  8.19T      224K  /pool/share
pool/share/apps               23.0G  8.19T     23.0G  /pool/share/apps
pool/share/iso                1.37G  8.19T     1.37G  /pool/share/iso
pool/share/media               192K  8.19T      192K  /pool/share/media
pool/vmstorage                 304K  8.19T      192K  /pool/vmstorage

Back in GUI land…

Click on “Datacenter”
“Storage”
“Add”
“Directory”
ID: iso
Directory: /storage/share/iso
Content: make sure only “ISO image” and “Container template” are selected.
“Add”

And again…
“Add”
“ZFS”
ID: vmstorage
ZFS Pool: /storage/vmstorage

proxmox_setup_fail2ban.sh

# barrowed from https://github.com/DeadlockState/Proxmox-prepare/blob/master/proxmox_prepare.sh

apt-get install -y fail2ban > /dev/null 2>&1
	
	cd /etc/fail2ban/
	
	touch jail.local
	
	echo "[proxmox]
enabled = true
port = http,https,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 4
bantime = 43200" > jail.local

	cd filter.d/
	
	touch proxmox.conf
	
	echo "[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =" > proxmox.conf

	service fail2ban restart

proxmox_setup_github_public_keys.sh

fetch_github_key() 
{
  read -p "Enter Github Username: " github_username
  GITHUB_KEY=$(curl https://github.com/${github_username}.keys)
  if [ -z $(grep "$GITHUB_KEY" ~/.ssh/authorized_keys) ]; then 
    echo "$GITHUB_KEY" >> ~/.ssh/authorized_keys
    echo 'key added.'
  fi
}

read -t10 -p "Download github public key for ssh? (Y/N): "
if [ $? -gt 128 ]; then
  echo "Timed out waiting for input. Defaulting to N!"
  break
fi

case $REPLY in
[yY]*)
  fetch_github_key
  break
  ;;
*)
  break
  ;;
esac