2022-07-28 15:17:20 +00:00
|
|
|
## Proxmox
|
2023-08-18 13:21:21 +00:00
|
|
|
|
|
|
|
|
### readonly kernel error nvme
|
|
|
|
|
there are maybe three problems
|
|
|
|
|
- C6 power states
|
|
|
|
|
- iommu=soft kernel cmdline (https://bugzilla.kernel.org/show_bug.cgi?id=202665)
|
|
|
|
|
- https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html?highlight=amd_iommu
|
|
|
|
|
- it is maybe triggered by the fstrim command
|
|
|
|
|
- APST https://unix.stackexchange.com/questions/612096/clarifying-nvme-apst-problems-for-linux => `nvme_core.default_ps_max_latency_us=0`
|
|
|
|
|
|
|
|
|
|
|
2023-01-14 15:54:44 +00:00
|
|
|
### subscription nag screen
|
|
|
|
|
https://johnscs.com/remove-proxmox51-subscription-notice/
|
|
|
|
|
`sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service`
|
2023-08-18 13:21:21 +00:00
|
|
|
=> breaks update
|
2022-07-28 15:17:20 +00:00
|
|
|
|
|
|
|
|
### packages
|
2024-04-28 18:51:32 +00:00
|
|
|
tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils,clevis
|
2022-07-28 15:17:20 +00:00
|
|
|
|
|
|
|
|
### 0-prepare
|
|
|
|
|
```
|
|
|
|
|
cryptsetup benchmark
|
|
|
|
|
# Tests are approximate using memory only (no storage IO).
|
|
|
|
|
PBKDF2-sha1 1693983 iterations per second for 256-bit key
|
|
|
|
|
PBKDF2-sha256 3021832 iterations per second for 256-bit key
|
|
|
|
|
PBKDF2-sha512 1325633 iterations per second for 256-bit key
|
|
|
|
|
PBKDF2-ripemd160 754371 iterations per second for 256-bit key
|
|
|
|
|
PBKDF2-whirlpool 595105 iterations per second for 256-bit key
|
|
|
|
|
argon2i 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
|
|
|
|
|
argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
|
|
|
|
|
# Algorithm | Key | Encryption | Decryption
|
|
|
|
|
aes-cbc 128b 1090.7 MiB/s 3409.7 MiB/s
|
|
|
|
|
serpent-cbc 128b 103.7 MiB/s 379.6 MiB/s
|
|
|
|
|
twofish-cbc 128b 215.8 MiB/s 389.4 MiB/s
|
|
|
|
|
aes-cbc 256b 851.0 MiB/s 2905.0 MiB/s
|
|
|
|
|
serpent-cbc 256b 106.6 MiB/s 378.1 MiB/s
|
|
|
|
|
twofish-cbc 256b 221.1 MiB/s 385.7 MiB/s
|
|
|
|
|
aes-xts 256b 2801.2 MiB/s 2827.7 MiB/s
|
|
|
|
|
serpent-xts 256b 349.7 MiB/s 351.8 MiB/s
|
|
|
|
|
twofish-xts 256b 352.7 MiB/s 359.3 MiB/s
|
|
|
|
|
aes-xts 512b 2391.9 MiB/s 2392.0 MiB/s
|
|
|
|
|
serpent-xts 512b 352.8 MiB/s 342.3 MiB/s
|
|
|
|
|
twofish-xts 512b 358.6 MiB/s 359.6 MiB/s
|
|
|
|
|
root@pve:~#
|
|
|
|
|
```
|
2024-04-28 18:51:32 +00:00
|
|
|
#### file storage
|
2022-07-28 15:17:20 +00:00
|
|
|
1. create dm-integrity
|
|
|
|
|
skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
|
2022-08-02 04:34:00 +00:00
|
|
|
2. create bcache with a spare ssd or optane flash
|
|
|
|
|
3. https://hoerli.net/bcache-btrfs-fuer-openmediavault/
|
2022-07-28 15:17:20 +00:00
|
|
|
1. create GPT partition
|
|
|
|
|
- first sector: 2048
|
|
|
|
|
- last sector: end
|
|
|
|
|
- uuid: 8300
|
|
|
|
|
3. create btrfs raid-1
|
|
|
|
|
```
|
|
|
|
|
mkfs.btrfs --csum xxhash -d raid1 /dev/sda /dev/sdb
|
|
|
|
|
|
|
|
|
|
Label: (null)
|
|
|
|
|
UUID: 8d65854a-6be3-45de-81dd-cadbd9f49892
|
|
|
|
|
Node size: 16384
|
|
|
|
|
Sector size: 4096
|
|
|
|
|
Filesystem size: 1.82TiB
|
|
|
|
|
Block group profiles:
|
|
|
|
|
Data: RAID1 1.00GiB
|
|
|
|
|
Metadata: RAID1 1.00GiB
|
|
|
|
|
System: RAID1 8.00MiB
|
|
|
|
|
SSD detected: no
|
|
|
|
|
Zoned device: no
|
|
|
|
|
Incompat features: extref, skinny-metadata, no-holes
|
|
|
|
|
Runtime features: free-space-tree
|
|
|
|
|
Checksum: xxhash64
|
|
|
|
|
Number of devices: 2
|
|
|
|
|
Devices:
|
|
|
|
|
ID SIZE PATH
|
|
|
|
|
1 931.51GiB /dev/sda1
|
|
|
|
|
2 931.51GiB /dev/sdb1
|
|
|
|
|
```
|
|
|
|
|
5. create mounttarget folder and create fstab entry
|
2023-08-18 13:21:21 +00:00
|
|
|
```
|
|
|
|
|
lsblk -o uuid,name
|
2022-07-28 15:17:20 +00:00
|
|
|
UUID NAME
|
|
|
|
|
sda
|
|
|
|
|
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sda1
|
|
|
|
|
sdb
|
|
|
|
|
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sdb1
|
|
|
|
|
|
|
|
|
|
UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
|
2023-08-18 13:21:21 +00:00
|
|
|
```
|
|
|
|
|
|
2022-07-28 15:17:20 +00:00
|
|
|
6. Create under Rechenzentrum->Storage->Hinzufügen->BTRFS
|
|
|
|
|
7. update templates: `pveam update`
|
|
|
|
|
|
2024-04-28 18:51:32 +00:00
|
|
|
### ToDo
|
2022-08-04 13:10:00 +00:00
|
|
|
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
|
|
|
|
|
|
2024-04-28 18:51:32 +00:00
|
|
|
### established services
|
2022-08-04 13:10:00 +00:00
|
|
|
1. homer
|
|
|
|
|
2. NTP with NTS + GPS USB
|
|
|
|
|
3. www-stack protection shadowd
|
|
|
|
|
4. www-stack protection fail2ban
|
|
|
|
|
5. www-stack nginx+php-fpm+adminer
|
|
|
|
|
6. caching redis-server
|
|
|
|
|
7. gitea
|
|
|
|
|
8. nextcloud
|
|
|
|
|
9. postgre sql
|
|
|
|
|
10. mysql
|
|
|
|
|
11. file synchronisation syncthing + history storage
|
|
|
|
|
12. backup target borg
|
2023-03-11 13:17:21 +00:00
|
|
|
13. docker host
|
|
|
|
|
* portainer
|
2022-08-04 13:10:00 +00:00
|
|
|
|
2024-04-28 18:51:32 +00:00
|
|
|
#### maybe
|
2022-08-04 13:10:00 +00:00
|
|
|
4. armbian build
|
2023-03-11 13:17:21 +00:00
|
|
|
5. openwrt build
|
|
|
|
|
|
2024-04-28 18:51:32 +00:00
|
|
|
#### secureboot
|
|
|
|
|
https://pve.proxmox.com/wiki/Secure_Boot_Setup
|
2023-03-11 13:17:21 +00:00
|
|
|
|
|
|
|
|
#### postgresql
|
|
|
|
|
- use lxc
|
|
|
|
|
- add second mount point for database
|
|
|
|
|
- install postggresql and start service, register service for auto start
|
|
|
|
|
- change postgres password
|
|
|
|
|
- login as postgres user and alter database password
|
|
|
|
|
- `psql -c "ALTER USER postgres WITH PASSWORD 'your-password';"`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
##### nextcloud
|
|
|
|
|
`sed -i 's/\$vEvent->add(\$alarm)/\#\$vEvent->add(\$alarm)/g' apps/dav/lib/CalDAV/BirthdayService.php`
|
