Add proxmox.txt and Update disks.txt

02-ssh-help.txt

@@ -1,3 +1,4 @@
+# https://devconnected.com/how-to-install-and-enable-ssh-server-on-debian-10/
 # ssh-keygen -t ed25519 -C "user@website.com"
 # ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id_ed25519 -C "john@example.com"
 # Generate OpenSSH Private Key id_rsa and Public Key id_rsa.pub (4096, 7680, 15360)

kvm-openvswitch-debian.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+echo "This quick installer script requires root privileges."
+echo "Checking..."
+if [[ $(/usr/bin/id -u) -ne 0 ]];
+then
+    echo "Not running as root"
+    exit 0
+else
+        echo "Installation continues"
+fi
+
+SUDO=
+if [ "$UID" != "0" ]; then
+        if [ -e /usr/bin/sudo -o -e /bin/sudo ]; then
+                SUDO=sudo
+        else
+                echo "*** This quick installer script requires root privileges."
+                exit 0
+        fi
+fi
+
+apt update
+apt upgrade -y
+apt install sudo
+echo "sudoers configuration"
+# Add group admins to sudoers
+sed -i 's/%sudo/%admins/g' /etc/sudoers
+echo "%admins ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
+cat /etc/sudoers
+
+echo "user's configuration"
+# Add group admins
+groupadd admins
+# Add a user to a group admins
+usermod -a -G admins adrian
+# Check is the user in admins group
+id adrian
+
+echo "Check does the system handles virtualization:"
+echo "VMX/SVM: " && egrep -c '(vmx|svm)' /proc/cpuinfo
+
+if [ "egrep -c '(vmx|svm)' /proc/cpuinfo" != "0" ]; then
+        hostnamectl set-hostname kvm
+        hostnamectl
+        apt install -y bridge-utils openvswitch-common openvswitch-switch firewalld
+        echo "Firewalld configuration"
+        firewall-cmd --permanent --zone=public --set-target=default
+        firewall-cmd --set-default-zone public
+        firewall-cmd --permanent --zone=public --change-interface=enp0s25
+        firewall-cmd --runtime-to-permanent
+        firewall-cmd --reload
+        firewall-cmd --list-all
+        systemctl restart firewalld.service
+        systemctl status firewalld.service
+        systemctl status openvswitch-switch.service
+        echo "dns-nameservers 10.10.0.100" >> /etc/network/interfaces
+        echo "# IP configuration of the OVS Bridge" >> /etc/network/interfaces
+        echo "allow-hotplug br-ex" >> /etc/network/interfaces
+        echo "allow-ovs br-ex" >> /etc/network/interfaces
+        echo "iface br-ex inet dhcp" >> /etc/network/interfaces
+        echo "dns-nameservers 10.10.0.100" >> /etc/network/interfaces
+        echo "ovs_type OVSBridge" >> /etc/network/interfaces
+        echo "ovs_ports enp0s25" >> /etc/network/interfaces
+        cat /etc/network/interfaces
+        echo "Change services: openvswitch-switch.service, ovs-vswitchd.service and ovsdb-server.service"
+        sed -i 's/Before=network.target/#Before=network.target/g' /usr/lib/systemd/system/openvswitch-switch.service
+        sed -i 's/PartOf=network.target/#PartOf=network.target/g' /usr/lib/systemd/system/openvswitch-switch.service
+        sed -i 's/Before=network.target networking.service/#Before=network.target networking.service/g' /usr/lib/systemd/system/ovs-vswitchd.service
+        sed -i 's/Before=network.target networking.service/#Before=network.target networking.service/g' /usr/lib/systemd/system/ovsdb-server.service
+        sed -i 's/After=syslog.target network-pre.target dpdk.service local-fs.target/After=syslog.target network-pre.target dpdk.service local-fs.target networking.service/g' /usr/lib/systemd/system/ovsdb-server.service
+        systemctl daemon-reload
+        systemctl restart ovs-vswitchd.service
+        systemctl restart ovsdb-server.service
+        systemctl restart openvswitch-switch.service
+        echo "Add virtual bridge br-ex"
+        ovs-vsctl add-br br-ex
+        echo "check the status of the virtual bridge br-ex"
+        ovs-vsctl show | grep -B 7 br-ex
+        firewall-cmd --permanent --zone=public --add-interface=enp0s25
+        firewall-cmd --permanent --zone=public --add-interface=br-ex
+        firewall-cmd --reload
+        firewall-cmd --list-all
+        ovs-vsctl add-port br-ex enp0s25 && reboot
+else
+        break;
+fi

proxmox.txt

@@ -13,3 +13,12 @@ if (false) {
 systemctl daemon-reload
 
 # UPDATE HOST > REPOSITORIES - DISABLE BOTH ENTERPRISE REPOSITORIES & ADD pve-no-subscription
+
+# DISABLE ROOT SSH REMOTE LOGIN - see 02-ssh-help.txt
+
+# ENABLE INTEL IOMMU
+vi /etc/default/grub
+GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on"
+
+update-grub
+update-initramfs -u

user-disabled-password.txt

@@ -23,54 +23,3 @@ passwd boringproxy
 su - boringproxy
 sudo usermod -a -G libvirt,kvm $USER
 
-adduser --help
-adduser [--uid id] [--firstuid id] [--lastuid id]
-        [--gid id] [--firstgid id] [--lastgid id] [--ingroup group]
-        [--add-extra-groups] [--shell shell]
-        [--comment comment] [--home dir] [--no-create-home]
-        [--allow-all-names] [--allow-bad-names]
-        [--disabled-password] [--disabled-login]
-        [--conf file] [--quiet] [--verbose] [--debug]
-        user
-    Add a normal user
-
-adduser --system
-        [--uid id] [--group] [--ingroup group] [--gid id]
-        [--shell shell] [--comment comment] [--home dir] [--no-create-home]
-        [--conf file] [--quiet] [--verbose] [--debug]
-        user
-   Add a system user
-
-adduser --group
-        [--gid ID] [--firstgid id] [--lastgid id]
-        [--conf file] [--quiet] [--verbose] [--debug]
-        group
-addgroup
-        [--gid ID] [--firstgid id] [--lastgid id]
-        [--conf file] [--quiet] [--verbose] [--debug]
-        group
-   Add a user group
-
-addgroup --system
-        [--gid id]
-        [--conf file] [--quiet] [--verbose] [--debug]
-        group
-   Add a system group
-
-adduser USER GROUP
--------------------------------------------------------------
-deluser --help
-deluser [--system] [--remove-home] [--remove-all-files] [--backup]
-        [--backup-to dir] [--backup-suffix str] [--conf file]
-        [--quiet] [--verbose] [--debug] user
-
-  remove a normal user from the system
-
-deluser --group [--system] [--only-if-empty] [--conf file] [--quiet]
-        [--verbose] [--debug] group
-delgroup [--system] [--only-if-empty] [--conf file] [--quiet]
-         [--verbose] [--debug] group
-  remove a group from the system
-
-deluser [--conf file] [--quiet] [--verbose] [--debug] user group
-  remove the user from a group