soakes

# should works on any cloud-init enabled hypervisor (openstack.. )

# start from a normal ubuntu 20.04 install as minimal was not available for ARM64
# Since ARM64 machines has higher RAM, Shrinking is desired but not necessary. Instead we will increase tmpfs to 1700MB

# Getting root (if sudo -i doesn't work then set a root password beforehand using 'sudo passwd root'

sudo -i

# make sure we are on the highest kernel, so we can delete all the others ...

soakes

Proxmox Assign Bind Mount To Unprivileged Container

In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.

Bind Mount dataset to LXC

Add the following line to /etc/pve/lxc/<CT_ID>.conf

mp0:/mount/point/on/host,mp=/mount/point/on/lxc

Create group on host

In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.

soakes

On the host

Ensure these modules are loaded

cat /proc/sys/net/bridge/bridge-nf-call-iptables

Disable swap

sysctl vm.swappiness=0
swapoff -a

soakes

Hetzner Primary IPv4 IP + IPv4/2x Subnet + "Non-Routed" IPv6/64 Subnet HowTo

... so I do not forget the next time I have to figure this stuff out. And perhaps to help other poor souls fiddling with v6/v4 xen setups in a Hetzner network environment.

Basic setup

You can basically follow along the Xen Project Beginners Guide.

The short version

Install Debian Wheezy via Hetzner's installimage on the rescue system, the only important part about partitioning is that you have an LVM volume group named vg0 with enough space for your guests' disks.

soakes

Configuring IPv6 block from Online.net On Proxmox Host and Guests

Following the documentation on online.net would get IPv6 to work only in a simple system installation but won't get IPv6 to work with virtualization environment (Exp. Proxmox) as It's missing some IPv6 forwards and proxies on sysctl.conf.

On Proxmox Host (Or Debian if single Debian Installation)

Enable IPv6 on the System:

• Change Module Options to Enable IPv6:

soakes

online.net: systemd Network Configuration with (r)DNS

Introduction

This document will guide you through the process of setting up your online.net network addresses, DNS servers and rDNS records. For IPv4 we will use systemd-networkd (part of systemd) and odhcp6c (OpenWrt embedded DHCPv6-client) together with iproute2 for IPv6. For DNS we'll use systemd-resolved.

systemd is the default init process on Arch Linux, Debian GNU/Linux, Fedora, Ubuntu and more. iproute2 is also preinstalled there. So, if you're using a distribution that uses systemd, this tutorial should work for you. If you're using Gentoo Linux first make sure that you're using systemd.

Table of Contents

soakes

- name: Create temporary directory
  tempfile:
    prefix: ansible-tmp-
    state: directory
  register: vault_unseal__mktemp

- name: Check vault unseal package checksum file
  stat:
    path: "{{vault_unseal__mktemp.path }}/{{ vault_unseal_shasums }}"
  register: vault_unseal__checksum

soakes

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096

soakes

#! /usr/local/bin/bash
#
# Calomel.org 
#     https://calomel.org/zfs_health_check_script.html
#     FreeBSD 9.1 ZFS Health Check script 
#     zfs_health.sh @ Version 0.15

# Check health of ZFS volumes and drives. On any faults send email. In FreeBSD
# 10 there is supposed to be a ZFSd daemon to monitor the health of the ZFS
# pools. For now, in FreeBSD 9, we will make our own checks and run this script

soakes

#!/usr/bin/env bash

hostname=`hostname`
emaildomain=''
alertemail=''
mailgunapikey=''

# max capacity % before getting capacity alert
maxCapacity=80