xanderificnl

Be sure to replace the Mikrotik IP & the DHCP network (see line 8, "network set #")

Mikrot IP: 192.168.88.1/24 DHCP network: 0

/tool fetch url="https://boot.netboot.xyz/ipxe/netboot.xyz.kpxe"
/ip tftp add ip-addresses=192.168.88.0/24 req-filename=netboot.xyz.kpxe real-filename=netboot.xyz.kpxe allow=yes read-only=yes
/ip dhcp-server network set 0 next-server=192.168.88.1 boot-file-name=netboot.xyz.kpxe

marfillaster

Requirement

• USB flash drive - this is where the container filesystem will be persisted

Set-up docker bridge network

/interface bridge add name=docker

Set-up veth to be used by container

triangletodd

On the host

Ensure these modules are loaded

cat /proc/sys/net/bridge/bridge-nf-call-iptables

Disable swap

sysctl vm.swappiness=0
swapoff -a

ajmassi

Proxmox Assign Bind Mount To Unprivileged Container

In order for the LXC container to have full access the proxmox host directory, a subgid is set as owner of a host directory, and an ACL is used to ensure permissions.

Bind Mount dataset to LXC

Add the following line to /etc/pve/lxc/<CT_ID>.conf

mp0:/mount/point/on/host,mp=/mount/point/on/lxc

Create group on host

In the default Proxmox configuration, unpriviliged container subgids will have the prefix "10" followed by the expected 4-digit gid.

guycalledseven

Haproxy conditions

Since I keep forgetting them I've put them here.

To form a condition, you can use the following syntax after the rule that it applies to:

<HAProxy action statement> if|unless [!]acl1 <AND|OR|or|'||'> [!]acl2 ...

• if - the condition is TRUE if the result of the ACLs is TRUE.

catchdave

#!/bin/bash
#
# *** For DSM v7.x ***
#
# How to use this script:
#  1. Get your 3 PEM files ready to copy over from your local machine/update server (privkey.pem, fullchain.pem, cert.pem)
#     and put into a directory (this will be $CERT_DIRECTORY).
#     Personally, I use this script (https://gist.github.com/catchdave/3f6f412bbf0f0cec32469fb0c9747295) to automate steps 1 & 4.
#  2. Ensure you have a user setup on synology that has ssh access (and ssh access is setup).
#     This user will need to be able to sudo as root (i.e. add this line to sudoers, <USER> is the user you create):

gushmazuko

Proxmox VE Installation on Hetzner Server via Rescue System

Follow these steps to install Proxmox VE on a Hetzner server via the Rescue System. The Rescue System is a Linux-based environment that can be booted into to perform system recovery tasks. We'll be using it to install Proxmox VE.

In order to complete the process, it is indeed necessary to first boot into the Rescue System and then connect to it via SSH. This will allow you to run the commands for installing Proxmox VE. Here are the steps:

Starting the Rescue System

1. Log into the Hetzner Robot.
2. Under "Main Functions; Server" select the desired server and then open the tab "Rescue".

teamblack-ci

#!/bin/sh
#
# Perform certificate updates in Vault.

set -eo pipefail

if ! vault token lookup > /dev/null; then
  echo "Login to Vault first."
  exit 1
fi

greenbrian

#!/bin/bash

# start vault
VAULT_UI=true vault server -dev -dev-root-token-id=root -dev-listen-address=127.0.0.1:8200

# login as root - DO NOT DO THIS IN PRODUCTION
vault login root

# write some secrets
vault kv put secret/test color=blue number=eleventeen

krzysztof-magosa

#!/usr/bin/env python

#
# (c) Krzysztof Magosa
# License: MIT
# Use at your own risk.
#
# https://gist.github.com/krzysztof-magosa/d9d96c8864a20dc3b47fd1eee1cfcc4f
#