I will be using Proxmox Helper Scripts (https://tteck.github.io/Proxmox/ or https://Helper-Scripts.com) to help configure the different LXCs and VMs that I want.
Disable nag screen
As I was tired of having to confirm that I didn't have a subscription, I ripped these commands from Proxmox VE Tools -> Proxmox VE Post Install (https://raw.githubusercontent.com/tteck/Proxmox/main/misc/post-pve-install.sh) and ran on the Shell command line
- echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/.*data\.status.*{/{s/\!//;s/active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" >/etc/apt/apt.conf.d/no-nag-script
- apt --reinstall install proxmox-widget-toolkit
Setup Users
My philosophy was to put all actual users in the 1000s and system users in the 2000s
- user1
- useradd user1
- usermod -g users user1
- adduser user1 user1
- id user1
- user2
- useradd user2
- usermod -g users user2
- adduser user2 user2
- id user2
- mythtv
- groupadd -g 2001 mythtv
- useradd -u 2001 -g 2001 mythtv
- nginx
- groupadd -g 2002 nginx
- useradd -u 2002 -g 2002 nginx
- edit /etc/subuid and add
- root:1000:1000
- root:2000:1000
- edit /etc/subgid and add
- root:100:1
- root:1000:1000
- root:2000:1000
Import ZFS
- zpool import storage
- I decided not to map the drive in Proxmox, but if you wanted to you would do that here
- proxmox -> Datacenter -> Storage -> Add -> ZFS
Fix Directory/File Permissions
- /storage/mythtv
- cd /storage/mythtv
- ls -al
- find ./ -user <current owner> -print0 | xargs -0 chown -h mythtv
- find ./ -group <current group> -print0 | xargs -0 chgrp -h mythtv
- /storage/containers/mythtv
- cd /storage/containers/mythtv
- ls -al
- find ./ -user <current owner> -print0 | xargs -0 chown -h mythtv
- find ./ -group <current group> -print0 | xargs -0 chgrp -h mythtv
- /storage/containers/webserver
- cd /storage/containers
- chown -R nginx webserver
- chgrp -R nginx webserver
Create a Docker LXC
Now I needed a Docker LXC to run my webserver and MythTV
- bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/docker.sh)"
- I then edited the config to set a static IP and change the hostname
- docker -> Network -> net0 -> Edit
- docker -> DNS -> Hostname -> Edit
- Add users
- nas
- groupadd -g 2000 nas
- useradd -u 2000 -g 2000 nas
- mythtv
- groupadd -g 2001 mythtv
- useradd -u 2001 -g 2001 mythtv
- nginx
- groupadd -g 2002 nginx
- useradd -u 2002 -g 2002 nginx
MythTV
- Edit /storage/containers/mythtv/docker-compose.yml
- Change the User Ids and Groups Ids to 2001
- Test
- docker compose up -d
- If it looks like API port changed from 6544 to 6744, then you need to fix the IPs
- Check pin and update backend ip
- apt-get install default-mysql-client
- mysql -p -h 127.0.0.1 -P 3306 mythconverg
- select * from settings where value like '%pin%'
- update settings set data = '192.168.1.31' where data = '192.168.1.11' ;
- quit;
- Restart MythTV and Test
- docker compose down && docker compose up -d
- This time I put a copy of docker-mythtv.service in /storage/container/mythtv so I can easily copy it to /etc/systemd/system/ in the future
- make sure to change `docker-compose` to `docker compose`
- docker compose down
- systemctl enable docker-mythtv
- systemctl start docker-mythtv
Webserver
- Test
- docker compose up -d
- docker compose down
- This time I put a copy of docker-webserver.service, certbot.service, and certbot.timer in /storage/container/webserver/systemd so I can easily copy it to /etc/systemd/system/ in the future
- make sure to change `docker-compose` to `docker compose`
- cp certbot.service certbot.timer docker-webserver.server /etc/systemd/system/
- systemctl enable docker-webserver
- systemctl start docker-webserver
- systemctl enable certbot.timer
Create a Debian LXC for File Sharing
- following:
- bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/debian.sh)"
- Add users/groups
- <container> -> Console
- user1
- useradd user1
- usermod -g users user1
- adduser user1 user1
- id user2
- user2
- useradd user2
- usermod -g users user2
- adduser user2 user2
- id user2
- nas
- groupadd -g 2000 nas
- useradd nas -u 2000 -g 2000 -m -s /bin/bash
- adduser nas sudo
- passwd nas
- shutdown the container
- Set a static IP and change the hostname
- <container> -> Network -> net0 -> Edit
- <container> -> DNS -> Hostname -> Edit
- Add more compute/memory (2 cores/1024MB)
- <container> -> Resources -> Cores -> Edit
- <container> -> Resources -> Memory -> Edit
- Add our storage
- edit /etc/pve/lxc/<container id>.conf
- add a line for each of your datasets like the below examples:
- mp0: /storage/folder1/dataset1,mp=/storage/folder1/dataset1
- mp1: /storage/folder1/dataset2,mp=/storage/folder1/dataset2
- mp2: /storage/dataset3,mp=/storage/dataset3
- Map the users
- Notes
- /etc/subuid and /etc/subgid need to specify the user starting the lxc container (root)
- /etc/pve/lxc/<container id>.conf needs to map all ids and not just the ones you want to remap
- edit /etc/pve/lxc/<container id>.conf add these lines
- lxc.idmap: u 0 100000 1000
- lxc.idmap: u 1000 1000 1000
- lxc.idmap: u 2000 102000 63535
- lxc.idmap: g 0 100000 100
- lxc.idmap: g 100 100 1
- lxc.idmap: g 101 100101 899
- lxc.idmap: g 1000 1000 1000
- lxc.idmap: g 2000 102000 63535
Change the drive permissions- I couldn't get the container to boot with trying to remap root so don't do this step
cd /rpool/data/subvol-<container id>-disk-0find ./ -user 100000 -print0 | xargs -0 chown -h 2000find ./ -group 100000 -print0 | xargs -0 chgrp -h 2000- Start the container
- Install cockpit
- apt install cockpit --no-install-recommends
- wget https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.3.7/cockpit-file-sharing_3.3.7-1focal_all.deb
- wget https://github.com/45Drives/cockpit-navigator/releases/download/v0.5.10/cockpit-navigator_0.5.10-1focal_all.deb
- wget https://github.com/45Drives/cockpit-identities/releases/download/v0.1.12/cockpit-identities_0.1.12-1focal_all.deb
- apt install ./*.deb
- rm *.deb
- Configure cockpit
- https://192.168.X.X:9090
- use nas to login
- enable administrative access
- Identities
- Set a Samba password for each of the users
- File Sharing
- Click "Fix Now"
- Global Settings
- Toggle Global MacOS Shares
- Add `allow insecure wide links = yes` to Advanced
- Apply
- Add your shares
- I used the following to ensure all users can access others files in advanced
- create mask = 0664
- force create mode = 0664
- directory mask = 0775
- force directory mode = 0775
- I used the following to be able to follow symlinks
- follow symlinks = yes
- wide links = yes
Create a Ubuntu VM for VNC and Handbrake
I have read that x264 sees reduced performance with over 6 threads, so I gave the VM 12 virtual cores since I want to be able to process 2 discs at a time.
- bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/vm/ubuntu2404-vm.sh)"
- Edit Cloud-Init
- ubuntu -> Cloud-Init
- set user/pass
- set static IP
- Disable start at boot
- ubuntu -> Options -> Start at boot -> Edit
- uncheck and the hit OK
- Change resources
- 12 Cores
- 24 GB of memory (2 GB per core)
- added 16 GB of storage
- Console
- start VM
- login
- Enable ssh with password
- /etc/ssh/sshd_config.d/10_users.conf
- Match User username
- PasswordAuthentication yes
- sudo systemctl restart ssh
- VNC server
- sudo apt install tigervnc-standalone-server
- A window manager and terminal to use inside VNC
- sudo apt install xfce4 xfce4-terminal
- Keep proxmox console as text
- sudo systemctl set-default multi-user.target
- Start VNC
- tigervncserver :1 -geometry 1600x900 -depth 24 -localhost no -SecurityTypes VncAuth,TLSVnc -xstartup /usr/bin/startxfce4
- Add handbrake
- sudo apt install handbrake libdvd-pkg
- sudo dpkg-reconfigure libdvd-pkg
- Set timezone (Added 2024-0620)
- timedatectl list-timezones
- sudo timedatectl set-timezone America/New_York
- Setup samba shares
- sudo apt install cifs-utils
- create a file to save samba credentials in (eg smbcredentials)
- username=username
- password=password
- mount the shares
- sudo mount -t cifs //192.168.1.XX/nas /storage/encrypted/nas -o credentials=/home/<username>/smbcredentials,uid=<username>,gid=users
- Add qemu agent (added 2024-07-29)
- sudo apt install qemu-guest-agent
- sudo systemctl start qemu-guest-agent
Appendix
Error
- Failed to run lxc.hook.pre-start for container
- are your zfs pools mounted?
- make sure cifs-utils are installed
- sudo apt install cifs-utils
- samba files are all owned by root
- make sure to add the uid and gid to the mount command
Sources
- samba masks:
- samba follow links:
- id mapping:
- https://forum.proxmox.com/threads/trouble-with-lxc-mount-point-permissions.101482/
- https://forum.proxmox.com/threads/changing-the-default-lxc-uid-gid-mapping.110292/
- ssh:
- libdvdcss:
- revert ubuntu console from gui back to text mode inside proxmox
- https://unix.stackexchange.com/questions/90554/how-to-boot-linux-to-command-line-mode-instead-of-gui
- timezone
