## Proxmox ### readonly kernel error nvme there are maybe three problems - C6 power states - iommu=soft kernel cmdline (https://bugzilla.kernel.org/show_bug.cgi?id=202665) - https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html?highlight=amd_iommu - it is maybe triggered by the fstrim command - APST https://unix.stackexchange.com/questions/612096/clarifying-nvme-apst-problems-for-linux => `nvme_core.default_ps_max_latency_us=0` ### subscription nag screen https://johnscs.com/remove-proxmox51-subscription-notice/ `sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service` => breaks update ### packages tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils ### 0-prepare ``` cryptsetup benchmark # Tests are approximate using memory only (no storage IO). PBKDF2-sha1 1693983 iterations per second for 256-bit key PBKDF2-sha256 3021832 iterations per second for 256-bit key PBKDF2-sha512 1325633 iterations per second for 256-bit key PBKDF2-ripemd160 754371 iterations per second for 256-bit key PBKDF2-whirlpool 595105 iterations per second for 256-bit key argon2i 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time) # Algorithm | Key | Encryption | Decryption aes-cbc 128b 1090.7 MiB/s 3409.7 MiB/s serpent-cbc 128b 103.7 MiB/s 379.6 MiB/s twofish-cbc 128b 215.8 MiB/s 389.4 MiB/s aes-cbc 256b 851.0 MiB/s 2905.0 MiB/s serpent-cbc 256b 106.6 MiB/s 378.1 MiB/s twofish-cbc 256b 221.1 MiB/s 385.7 MiB/s aes-xts 256b 2801.2 MiB/s 2827.7 MiB/s serpent-xts 256b 349.7 MiB/s 351.8 MiB/s twofish-xts 256b 352.7 MiB/s 359.3 MiB/s aes-xts 512b 2391.9 MiB/s 2392.0 MiB/s serpent-xts 512b 352.8 MiB/s 342.3 MiB/s twofish-xts 512b 358.6 MiB/s 359.6 MiB/s root@pve:~# ``` #### 1. create dm-integrity skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html 2. create bcache with a spare ssd or optane flash 3. https://hoerli.net/bcache-btrfs-fuer-openmediavault/ 1. create GPT partition - first sector: 2048 - last sector: end - uuid: 8300 3. create btrfs raid-1 ``` mkfs.btrfs --csum xxhash -d raid1 /dev/sda /dev/sdb Label: (null) UUID: 8d65854a-6be3-45de-81dd-cadbd9f49892 Node size: 16384 Sector size: 4096 Filesystem size: 1.82TiB Block group profiles: Data: RAID1 1.00GiB Metadata: RAID1 1.00GiB System: RAID1 8.00MiB SSD detected: no Zoned device: no Incompat features: extref, skinny-metadata, no-holes Runtime features: free-space-tree Checksum: xxhash64 Number of devices: 2 Devices: ID SIZE PATH 1 931.51GiB /dev/sda1 2 931.51GiB /dev/sdb1 ``` 5. create mounttarget folder and create fstab entry ``` lsblk -o uuid,name UUID NAME sda 8d65854a-6be3-45de-81dd-cadbd9f49892 └─sda1 sdb 8d65854a-6be3-45de-81dd-cadbd9f49892 └─sdb1 UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1 ``` 6. Create under Rechenzentrum->Storage->Hinzufügen->BTRFS 7. update templates: `pveam update` ### ToDo https://wiki.postgresql.org/wiki/Transparent_Data_Encryption ### established services 1. homer 2. NTP with NTS + GPS USB 3. www-stack protection shadowd 4. www-stack protection fail2ban 5. www-stack nginx+php-fpm+adminer 6. caching redis-server 7. gitea 8. nextcloud 9. postgre sql 10. mysql 11. file synchronisation syncthing + history storage 12. backup target borg 13. docker host * portainer 15. #### maybe 4. armbian build 5. openwrt build #### postgresql - use lxc - add second mount point for database - install postggresql and start service, register service for auto start - change postgres password - login as postgres user and alter database password - `psql -c "ALTER USER postgres WITH PASSWORD 'your-password';"` ##### nextcloud `sed -i 's/\$vEvent->add(\$alarm)/\#\$vEvent->add(\$alarm)/g' apps/dav/lib/CalDAV/BirthdayService.php`