4.6 KiB
4.6 KiB
Proxmox
readonly kernel error nvme
there are maybe three problems
- C6 power states
- iommu=soft kernel cmdline (https://bugzilla.kernel.org/show_bug.cgi?id=202665)
- https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html?highlight=amd_iommu
- it is maybe triggered by the fstrim command
- APST https://unix.stackexchange.com/questions/612096/clarifying-nvme-apst-problems-for-linux =>
nvme_core.default_ps_max_latency_us=0
subscription nag screen
https://johnscs.com/remove-proxmox51-subscription-notice/
sed -Ezi.bak "s/(Ext.Msg.show\(\{\s+title: gettext\('No valid sub)/void\(\{ \/\/\1/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service
=> breaks update
packages
tmux, powertop,htop, cryptsetup,vim, cpu-frequ-utils,clevis
0-prepare
cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 1693983 iterations per second for 256-bit key
PBKDF2-sha256 3021832 iterations per second for 256-bit key
PBKDF2-sha512 1325633 iterations per second for 256-bit key
PBKDF2-ripemd160 754371 iterations per second for 256-bit key
PBKDF2-whirlpool 595105 iterations per second for 256-bit key
argon2i 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
argon2id 6 iterations, 1048576 memory, 4 parallel threads (CPUs) for 256-bit key (requested 2000 ms time)
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 1090.7 MiB/s 3409.7 MiB/s
serpent-cbc 128b 103.7 MiB/s 379.6 MiB/s
twofish-cbc 128b 215.8 MiB/s 389.4 MiB/s
aes-cbc 256b 851.0 MiB/s 2905.0 MiB/s
serpent-cbc 256b 106.6 MiB/s 378.1 MiB/s
twofish-cbc 256b 221.1 MiB/s 385.7 MiB/s
aes-xts 256b 2801.2 MiB/s 2827.7 MiB/s
serpent-xts 256b 349.7 MiB/s 351.8 MiB/s
twofish-xts 256b 352.7 MiB/s 359.3 MiB/s
aes-xts 512b 2391.9 MiB/s 2392.0 MiB/s
serpent-xts 512b 352.8 MiB/s 342.3 MiB/s
twofish-xts 512b 358.6 MiB/s 359.6 MiB/s
root@pve:~#
file storage
- create dm-integrity skipped: https://btrfs.readthedocs.io/en/latest/Tree-checker.html
- create bcache with a spare ssd or optane flash
- https://hoerli.net/bcache-btrfs-fuer-openmediavault/
- create GPT partition
- first sector: 2048
- last sector: end
- uuid: 8300
- create btrfs raid-1
mkfs.btrfs --csum xxhash -d raid1 /dev/sda /dev/sdb
Label: (null)
UUID: 8d65854a-6be3-45de-81dd-cadbd9f49892
Node size: 16384
Sector size: 4096
Filesystem size: 1.82TiB
Block group profiles:
Data: RAID1 1.00GiB
Metadata: RAID1 1.00GiB
System: RAID1 8.00MiB
SSD detected: no
Zoned device: no
Incompat features: extref, skinny-metadata, no-holes
Runtime features: free-space-tree
Checksum: xxhash64
Number of devices: 2
Devices:
ID SIZE PATH
1 931.51GiB /dev/sda1
2 931.51GiB /dev/sdb1
- create mounttarget folder and create fstab entry
lsblk -o uuid,name
UUID NAME
sda
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sda1
sdb
8d65854a-6be3-45de-81dd-cadbd9f49892 └─sdb1
UUID=8d65854a-6be3-45de-81dd-cadbd9f49892 /mnt/slowStorage btrfs defaults,rw 0 1
- Create under Rechenzentrum->Storage->Hinzufügen->BTRFS
- update templates:
pveam update
ToDo
https://wiki.postgresql.org/wiki/Transparent_Data_Encryption
established services
- homer
- NTP with NTS + GPS USB
- www-stack protection shadowd
- www-stack protection fail2ban
- www-stack nginx+php-fpm+adminer
- caching redis-server
- gitea
- nextcloud
- postgre sql
- mysql
- file synchronisation syncthing + history storage
- backup target borg
- docker host
- portainer
maybe
- armbian build
- openwrt build
secureboot
https://pve.proxmox.com/wiki/Secure_Boot_Setup
postgresql
- use lxc
- add second mount point for database
- install postggresql and start service, register service for auto start
- change postgres password
- login as postgres user and alter database password
psql -c "ALTER USER postgres WITH PASSWORD 'your-password';"
nextcloud
sed -i 's/\$vEvent->add(\$alarm)/\#\$vEvent->add(\$alarm)/g' apps/dav/lib/CalDAV/BirthdayService.php