luu123 · March 17, 2023 21:47 · Jul 7, 2022 · Jun 12, 2022 · Jun 10, 2022 · Jun 10, 2022
diff --git a/proxmox zfs notes b/proxmox zfs notes
@@ -1,3 +1,9 @@
+zfs set atime=off <pool_name>
+zfs set compression=lz4 <pool_name>
+
+zpool add <pool_name> cache <device_name_from_lsblk>
+zpool add <pool_name> log mirror c4t1d0 c4t2d0
+
 zfs create pool/share
 zfs create pool/share/apps 
 zfs create pool/share/iso

diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -34,80 +34,7 @@ if ! [[ -f /etc/birth_certificate ]]; then
   date > /etc/birth_certificate
 fi
 
-# offer to fetch and store github public keys in authorized_keys file
-fetch_github_key()
-{
-  mkdir -p ~/.ssh
-  if ! [[ -f ~/.ssh/authorized_keys ]]; then
-    touch ~/.ssh/authorized_keys
-  fi
-  chmod 700 ~/.ssh
-  chmod 600 ~/.ssh/*
 
-  read -p "Enter Github Username: " github_username
-  curl -s https://github.com/${github_username}.keys >> ~/.ssh/authorized_keys
-}
-
-read -t 10 -p "Download github public key for ssh? (Y/n): " REPLY
-if [ $? -gt 128 ]; then
-  echo "Timed out waiting for input. Defaulting to N!"
-  break
-fi
-
-case $REPLY in
-[yY]*)
-  fetch_github_key
-  ;;
-*)
-  ;;
-esac
-
-# offer to setup gmail for outgoing smtp messages
-# https://geekistheway.com/2021/03/07/configuring-e-mail-alerts-on-your-proxmox/
-setup_smtp_to_gmail() 
-{
-  apt update
-  apt install -y libsasl2-modules
-
-  echo "You will need to go to https://security.google.com/settings/security/apppasswords to generate an app password!"
-  echo ""
-  read -p  'Gmail username (without @gmail.com): ' YOUR_GMAIL_USERNAME
-  read -sp 'Gmail App Password: ' YOUR_GMAIL_APP_PASSWORD
-
-  echo "smtp.gmail.com $YOUR_GMAIL_USERNAME@gmail.com:$YOUR_GMAIL_APP_PASSWORD" > /etc/postfix/sasl_passwd
-  postmap hash:/etc/postfix/sasl_passwd
-  chmod 600 /etc/postfix/sasl_passwd
-
-  sed -i 's/relayhost\ =/relayhost\ =\ smtp.gmail.com:587/g' /etc/postfix/main.cf
-
-  tee -a /etc/postfix/main.cf >/dev/null <<'EOF'
-smtp_use_tls = yes
-smtp_sasl_auth_enable = yes
-smtp_sasl_security_options =
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
-smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
-smtp_tls_session_cache_timeout = 3600s
-EOF
-
-  postfix reload
-
-  echo "Proxmox test message $(date)" | mail -s "Proxmox Test from $(hostname)" $YOUR_GMAIL_USERNAME@gmail.com
-}
-
-read -t 10 -p "Setup gmail for outgoing smtp mail messages? (Y/n): " REPLY
-if [ $? -gt 128 ]; then
-  echo "Timed out waiting for input. Defaulting to N!"
-  break
-fi
-
-case $REPLY in
-[yY]*)
-  setup_smtp_to_gmail
-  ;;
-*)
-  ;;
-esac
 
 # check if reboot is required 
 if [ -f /var/run/reboot-required ]; then

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,74 @@
+# offer to fetch and store github public keys in authorized_keys file
+fetch_github_key()
+{
+  mkdir -p ~/.ssh
+  if ! [[ -f ~/.ssh/authorized_keys ]]; then
+    touch ~/.ssh/authorized_keys
+  fi
+  chmod 700 ~/.ssh
+  chmod 600 ~/.ssh/*
+
+  read -p "Enter Github Username: " github_username
+  curl -s https://github.com/${github_username}.keys >> ~/.ssh/authorized_keys
+}
+
+read -t 10 -p "Download github public key for ssh? (Y/n): " REPLY
+if [ $? -gt 128 ]; then
+  echo "Timed out waiting for input. Defaulting to N!"
+  break
+fi
+
+case $REPLY in
+[yY]*)
+  fetch_github_key
+  ;;
+*)
+  ;;
+esac
+
+# offer to setup gmail for outgoing smtp messages
+# https://geekistheway.com/2021/03/07/configuring-e-mail-alerts-on-your-proxmox/
+setup_smtp_to_gmail() 
+{
+  apt update
+  apt install -y libsasl2-modules
+
+  echo "You will need to go to https://security.google.com/settings/security/apppasswords to generate an app password!"
+  echo ""
+  read -p  'Gmail username (without @gmail.com): ' YOUR_GMAIL_USERNAME
+  read -sp 'Gmail App Password: ' YOUR_GMAIL_APP_PASSWORD
+
+  echo "smtp.gmail.com [email protected]:$YOUR_GMAIL_APP_PASSWORD" > /etc/postfix/sasl_passwd
+  postmap hash:/etc/postfix/sasl_passwd
+  chmod 600 /etc/postfix/sasl_passwd
+
+  sed -i 's/relayhost\ =/relayhost\ =\ smtp.gmail.com:587/g' /etc/postfix/main.cf
+
+  tee -a /etc/postfix/main.cf >/dev/null <<'EOF'
+smtp_use_tls = yes
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options =
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
+smtp_tls_session_cache_timeout = 3600s
+EOF
+
+  postfix reload
+
+  echo "Proxmox test message $(date)" | mail -s "Proxmox Test from $(hostname)" [email protected]
+}
+
+read -t 10 -p "Setup gmail for outgoing smtp mail messages? (Y/n): " REPLY
+if [ $? -gt 128 ]; then
+  echo "Timed out waiting for input. Defaulting to N!"
+  break
+fi
+
+case $REPLY in
+[yY]*)
+  setup_smtp_to_gmail
+  ;;
+*)
+  ;;
+esac
diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -63,6 +63,7 @@ case $REPLY in
 esac
 
 # offer to setup gmail for outgoing smtp messages
+# https://geekistheway.com/2021/03/07/configuring-e-mail-alerts-on-your-proxmox/
 setup_smtp_to_gmail() 
 {
   apt update

diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -18,7 +18,6 @@ DPkg::Post-Invoke { "wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordD
 EOF
 fi
 
-
 apt-get update
 apt-get dist-upgrade -y
 
@@ -30,8 +29,86 @@ systemctl restart ssh
 apt --reinstall install proxmox-widget-toolkit
 
 # keep a record of when the system was setup
-date > /etc/birth_certificate
+if ! [[ -f /etc/birth_certificate ]]; then
+  echo "Creating /etc/birth_certificate"
+  date > /etc/birth_certificate
+fi
+
+# offer to fetch and store github public keys in authorized_keys file
+fetch_github_key()
+{
+  mkdir -p ~/.ssh
+  if ! [[ -f ~/.ssh/authorized_keys ]]; then
+    touch ~/.ssh/authorized_keys
+  fi
+  chmod 700 ~/.ssh
+  chmod 600 ~/.ssh/*
+
+  read -p "Enter Github Username: " github_username
+  curl -s https://github.com/${github_username}.keys >> ~/.ssh/authorized_keys
+}
+
+read -t 10 -p "Download github public key for ssh? (Y/n): " REPLY
+if [ $? -gt 128 ]; then
+  echo "Timed out waiting for input. Defaulting to N!"
+  break
+fi
+
+case $REPLY in
+[yY]*)
+  fetch_github_key
+  ;;
+*)
+  ;;
+esac
+
+# offer to setup gmail for outgoing smtp messages
+setup_smtp_to_gmail() 
+{
+  apt update
+  apt install -y libsasl2-modules
+
+  echo "You will need to go to https://security.google.com/settings/security/apppasswords to generate an app password!"
+  echo ""
+  read -p  'Gmail username (without @gmail.com): ' YOUR_GMAIL_USERNAME
+  read -sp 'Gmail App Password: ' YOUR_GMAIL_APP_PASSWORD
+
+  echo "smtp.gmail.com $YOUR_GMAIL_USERNAME@gmail.com:$YOUR_GMAIL_APP_PASSWORD" > /etc/postfix/sasl_passwd
+  postmap hash:/etc/postfix/sasl_passwd
+  chmod 600 /etc/postfix/sasl_passwd
+
+  sed -i 's/relayhost\ =/relayhost\ =\ smtp.gmail.com:587/g' /etc/postfix/main.cf
+
+  tee -a /etc/postfix/main.cf >/dev/null <<'EOF'
+smtp_use_tls = yes
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options =
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
+smtp_tls_session_cache_timeout = 3600s
+EOF
+
+  postfix reload
+
+  echo "Proxmox test message $(date)" | mail -s "Proxmox Test from $(hostname)" $YOUR_GMAIL_USERNAME@gmail.com
+}
+
+read -t 10 -p "Setup gmail for outgoing smtp mail messages? (Y/n): " REPLY
+if [ $? -gt 128 ]; then
+  echo "Timed out waiting for input. Defaulting to N!"
+  break
+fi
+
+case $REPLY in
+[yY]*)
+  setup_smtp_to_gmail
+  ;;
+*)
+  ;;
+esac
 
+# check if reboot is required 
 if [ -f /var/run/reboot-required ]; then
-sudo reboot
+  sudo reboot
 fi
diff --git a/proxmox lxc notes b/proxmox lxc notes
@@ -1,3 +0,0 @@
-# https://forum.proxmox.com/threads/mount-host-directory-into-lxc-container.66555/
-pct set 103 -mp0 /host/dir,mp=/container/mount/point
-

diff --git a/proxmox nfs notes b/proxmox nfs notes
@@ -1,3 +0,0 @@
-sudo apt-get install -y nfs-common nfs-kernel-server
-sudo echo "/pool/share       192.168.16.0/24(rw,fsid=0,insecure,no_subtree_check,async)" > /etc/export
-systemctl start nfs-kernel-server.service

diff --git a/proxmox_notes.md b/proxmox_notes.md
@@ -0,0 +1,18 @@
+#### lxc notes  
+[https://forum.proxmox.com/threads/mount-host-directory-into-lxc-container.66555/]()
+```
+pct set 103 -mp0 /host/dir,mp=/container/mount/point
+```
+
+#### nfs notes
+```
+sudo apt-get install -y nfs-common nfs-kernel-server
+sudo echo "/pool/share       192.168.16.0/24(rw,fsid=0,insecure,no_subtree_check,async)" > /etc/export
+systemctl start nfs-kernel-server.service
+```
+
+#### unattended upgrades
+[https://wiki.debian.org/UnattendedUpgrades]()
+
+#### setup gmail email sending 
+[https://geekistheway.com/2021/03/07/configuring-e-mail-alerts-on-your-proxmox/]()
diff --git a/proxmox_setup_github_public_keys.sh b/proxmox_setup_github_public_keys.sh
@@ -1,25 +0,0 @@
-fetch_github_key() 
-{
-  read -p "Enter Github Username: " github_username
-  GITHUB_KEY=$(curl https://github.com/${github_username}.keys)
-  if [ -z $(grep "$GITHUB_KEY" ~/.ssh/authorized_keys) ]; then 
-    echo "$GITHUB_KEY" >> ~/.ssh/authorized_keys
-    echo 'key added.'
-  fi
-}
-
-read -t10 -p "Download github public key for ssh? (Y/N): "
-if [ $? -gt 128 ]; then
-  echo "Timed out waiting for input. Defaulting to N!"
-  break
-fi
-
-case $REPLY in
-[yY]*)
-  fetch_github_key
-  break
-  ;;
-*)
-  break
-  ;;
-esac

diff --git a/proxmox_unattended_upgrades.md b/proxmox_unattended_upgrades.md
@@ -1,34 +0,0 @@
-[https://wiki.debian.org/UnattendedUpgrades]()
-
-#### setup gmail email sending 
-[https://geekistheway.com/2021/03/07/configuring-e-mail-alerts-on-your-proxmox/]()
-
-```
-apt update
-apt install -y libsasl2-modules
-
-set YOUR_GMAIL_USERNAME=
-set YOUR_GMAIL_APP_PASSWORD=
-
-echo "smtp.gmail.com [email protected]:$YOUR_GMAIL_APP_PASSWORD" > /etc/postfix/sasl_passwd
-postmap hash:/etc/postfix/sasl_passwd
-chmod 600 /etc/postfix/sasl_passwd
-
-sed -i 's/relayhost\ =/relayhost\ =\ smtp.gmail.com:587/g' /etc/postfix/main.cf
-
-tee -a /etc/postfix/main.cf >/dev/null <<'EOF'
-smtp_use_tls = yes
-smtp_sasl_auth_enable = yes
-smtp_sasl_security_options =
-smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
-smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
-smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
-smtp_tls_session_cache_timeout = 3600s
-EOF
-
-postfix reload
-
-echo "My Test Message" | mail -s "Test from $(hostname)" [email protected]
-
-```
-

diff --git a/proxmox unattended upgrades.sh b/proxmox unattended upgrades.sh
@@ -1,2 +0,0 @@
-# https://wiki.debian.org/UnattendedUpgrades
-

diff --git a/proxmox_unattended_upgrades.md b/proxmox_unattended_upgrades.md
@@ -0,0 +1,34 @@
+[https://wiki.debian.org/UnattendedUpgrades]()
+
+#### setup gmail email sending 
+[https://geekistheway.com/2021/03/07/configuring-e-mail-alerts-on-your-proxmox/]()
+
+```
+apt update
+apt install -y libsasl2-modules
+
+set YOUR_GMAIL_USERNAME=
+set YOUR_GMAIL_APP_PASSWORD=
+
+echo "smtp.gmail.com [email protected]:$YOUR_GMAIL_APP_PASSWORD" > /etc/postfix/sasl_passwd
+postmap hash:/etc/postfix/sasl_passwd
+chmod 600 /etc/postfix/sasl_passwd
+
+sed -i 's/relayhost\ =/relayhost\ =\ smtp.gmail.com:587/g' /etc/postfix/main.cf
+
+tee -a /etc/postfix/main.cf >/dev/null <<'EOF'
+smtp_use_tls = yes
+smtp_sasl_auth_enable = yes
+smtp_sasl_security_options =
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_tls_CAfile = /etc/ssl/certs/Entrust_Root_Certification_Authority.pem
+smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
+smtp_tls_session_cache_timeout = 3600s
+EOF
+
+postfix reload
+
+echo "My Test Message" | mail -s "Test from $(hostname)" [email protected]
+
+```
+
diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -11,9 +11,13 @@ echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-relea
 echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/99-proxmox-no-nag-script
 
 # setup dark-theme to reinstall on upgrade
-tee -a /etc/apt/apt.conf.d/99-proxmox-dark-theme >/dev/null <'EOF'
+THEME_APT_SCRIPT_FILE=/etc/apt/apt.conf.d/99-proxmox-dark-theme
+if [ ! -f "$THEME_APT_SCRIPT_FILE" ]; then
+tee -a "$THEME_APT_SCRIPT_FILE" >/dev/null <<'EOF'
 DPkg::Post-Invoke { "wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh && bash PVEDiscordDark.sh install || true"; };
 EOF
+fi
+
 
 apt-get update
 apt-get dist-upgrade -y

diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -11,7 +11,7 @@ echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-relea
 echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/99-proxmox-no-nag-script
 
 # setup dark-theme to reinstall on upgrade
-tee -a /etc/apt/apt.conf.d/99-proxmox-dark-theme >/dev/null <<'EOF'
+tee -a /etc/apt/apt.conf.d/99-proxmox-dark-theme >/dev/null <'EOF'
 DPkg::Post-Invoke { "wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh && bash PVEDiscordDark.sh install || true"; };
 EOF
 

diff --git a/proxmox unattended upgrades.sh b/proxmox unattended upgrades.sh
@@ -0,0 +1,2 @@
+# https://wiki.debian.org/UnattendedUpgrades
+
diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -1,5 +1,5 @@
 # copy and paste oneliner below to run
-# curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/!proxmox_setup.sh?$(date +%s) | /bin/bash -s
+# curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/%21proxmox_setup.sh?$(date +%s) | /bin/bash -s
 
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list

diff --git a/proxmox nfs notes b/proxmox nfs notes
@@ -0,0 +1,3 @@
+sudo apt-get install -y nfs-common nfs-kernel-server
+sudo echo "/pool/share       192.168.16.0/24(rw,fsid=0,insecure,no_subtree_check,async)" > /etc/export
+systemctl start nfs-kernel-server.service
diff --git a/!proxmox_setup.sh b/!proxmox_setup.sh
@@ -1,5 +1,5 @@
 # copy and paste oneliner below to run
-# curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/proxmox_setup.sh?$(date +%s) | /bin/bash -s
+# curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/!proxmox_setup.sh?$(date +%s) | /bin/bash -s
 
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list

diff --git a/hardened_smb.conf → proxmox smb_hardened.conf b/hardened_smb.conf → proxmox smb_hardened.conf
diff --git a/proxmox_setup.sh → !proxmox_setup.sh b/proxmox_setup.sh → !proxmox_setup.sh
diff --git a/hardened_smb.conf b/hardened_smb.conf
@@ -0,0 +1,35 @@
+# https://blog.tim.kent.id.au/2018/11/hardening-samba.html
+#
+# https://wiki.archlinux.org/title/samba#Restrict_protocols_for_better_security
+
+[global]
+   server role = standalone server
+   obey pam restrictions = yes
+   create mask = 0766
+   directory mask = 0777
+   server string = Samba
+   disable netbios = Yes
+   server min protocol = SMB3_00
+   smb ports = 445
+   server signing = required
+   restrict anonymous = 2
+
+   server smb encrypt = desired
+   use sendfile = yes
+
+   load printers = no
+   printing = bsd
+   printcap name = /dev/null
+   disable spoolss = yes
+   show add printer wizard = no
+
+[pool]
+   comment = Pool Share
+   browseable = yes
+   path = /pool/share
+   guest ok = no
+   read only = no
+
+[homes]
+   comment = Home Directories
+   browseable = no
diff --git a/proxmox lxc notes b/proxmox lxc notes
@@ -0,0 +1,3 @@
+# https://forum.proxmox.com/threads/mount-host-directory-into-lxc-container.66555/
+pct set 103 -mp0 /host/dir,mp=/container/mount/point
+
diff --git a/proxmox samba notes b/proxmox samba notes
@@ -0,0 +1,29 @@
+##############################################################
+# zfs samba file sharing
+# https://forum.level1techs.com/t/how-to-create-a-nas-using-zfs-and-proxmox-with-pictures/117375
+
+# On the root proxmox server:
+
+apt-get update
+apt-get install samba
+
+# add root as a samba user and create a password
+smbpasswd
+
+# It would also be nice to not have to connect as root to the server every time.
+# Lets create a new user and give them samba permissions.
+
+# To create a new Unix user:
+useradd -m mike
+passwd mike
+
+# This adds the new user to Samba.
+smbpasswd -a mike
+
+nano /etc/samba/smb.conf
+
+service smbd stop
+service smbd start
+
+# Test for errors.
+testparm
diff --git a/proxmox zfs notes b/proxmox zfs notes
@@ -0,0 +1,33 @@
+zfs create pool/share
+zfs create pool/share/apps 
+zfs create pool/share/iso
+zfs create pool/share/media
+zfs create pool/vmstorage 
+
+zfs list
+
+NAME                           USED  AVAIL     REFER  MOUNTPOINT
+pool                          24.4G  8.19T      192K  /pool
+pool/share                    24.4G  8.19T      224K  /pool/share
+pool/share/apps               23.0G  8.19T     23.0G  /pool/share/apps
+pool/share/iso                1.37G  8.19T     1.37G  /pool/share/iso
+pool/share/media               192K  8.19T      192K  /pool/share/media
+pool/vmstorage                 304K  8.19T      192K  /pool/vmstorage
+
+Back in GUI land…
+
+Click on “Datacenter”
+“Storage”
+“Add”
+“Directory”
+ID: iso
+Directory: /storage/share/iso
+Content: make sure only “ISO image” and “Container template” are selected.
+“Add”
+
+And again…
+“Add”
+“ZFS”
+ID: vmstorage
+ZFS Pool: /storage/vmstorage
+
diff --git a/import_github_public_keys.sh → proxmox_setup_github_public_keys.sh b/import_github_public_keys.sh → proxmox_setup_github_public_keys.sh
diff --git a/import_github_public_keys.sh b/import_github_public_keys.sh
@@ -0,0 +1,25 @@
+fetch_github_key() 
+{
+  read -p "Enter Github Username: " github_username
+  GITHUB_KEY=$(curl https://github.com/${github_username}.keys)
+  if [ -z $(grep "$GITHUB_KEY" ~/.ssh/authorized_keys) ]; then 
+    echo "$GITHUB_KEY" >> ~/.ssh/authorized_keys
+    echo 'key added.'
+  fi
+}
+
+read -t10 -p "Download github public key for ssh? (Y/N): "
+if [ $? -gt 128 ]; then
+  echo "Timed out waiting for input. Defaulting to N!"
+  break
+fi
+
+case $REPLY in
+[yY]*)
+  fetch_github_key
+  break
+  ;;
+*)
+  break
+  ;;
+esac
diff --git a/proxmox_setup.sh b/proxmox_setup.sh
@@ -1,32 +1,6 @@
 # copy and paste oneliner below to run
 # curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/proxmox_setup.sh?$(date +%s) | /bin/bash -s
 
-fetch_github_key() 
-{
-  read -p "Enter Github Username: " github_username
-  GITHUB_KEY=$(curl https://github.com/${github_username}.keys)
-  if [ -z $(grep "$GITHUB_KEY" ~/.ssh/authorized_keys) ]; then 
-    echo "$GITHUB_KEY" >> ~/.ssh/authorized_keys
-    echo 'key added.'
-  fi
-}
-
-read -t10 -p "Download github public key for ssh? (Y/N): "
-if [ $? -gt 128 ]; then
-  echo "Timed out waiting for input. Defaulting to N!"
-  break
-fi
-
-case $REPLY in
-[yY]*)
-  fetch_github_key
-  break
-  ;;
-*)
-  break
-  ;;
-esac
-
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 

diff --git a/proxmox_setup.sh b/proxmox_setup.sh
@@ -1,6 +1,32 @@
 # copy and paste oneliner below to run
 # curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/proxmox_setup.sh?$(date +%s) | /bin/bash -s
 
+fetch_github_key() 
+{
+  read -p "Enter Github Username: " github_username
+  GITHUB_KEY=$(curl https://github.com/${github_username}.keys)
+  if [ -z $(grep "$GITHUB_KEY" ~/.ssh/authorized_keys) ]; then 
+    echo "$GITHUB_KEY" >> ~/.ssh/authorized_keys
+    echo 'key added.'
+  fi
+}
+
+read -t10 -p "Download github public key for ssh? (Y/N): "
+if [ $? -gt 128 ]; then
+  echo "Timed out waiting for input. Defaulting to N!"
+  break
+fi
+
+case $REPLY in
+[yY]*)
+  fetch_github_key
+  break
+  ;;
+*)
+  break
+  ;;
+esac
+
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 

diff --git a/proxmox_setup.sh b/proxmox_setup.sh
@@ -18,6 +18,10 @@ EOF
 apt-get update
 apt-get dist-upgrade -y
 
+# disable kerbose authentication for sshd, this will speed up logins
+sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
+systemctl restart ssh
+
 # force post-invoke scripts to run
 apt --reinstall install proxmox-widget-toolkit
 

diff --git a/proxmox_setup_fail2ban.sh b/proxmox_setup_fail2ban.sh
@@ -0,0 +1,25 @@
+# barrowed from https://github.com/DeadlockState/Proxmox-prepare/blob/master/proxmox_prepare.sh
+
+apt-get install -y fail2ban > /dev/null 2>&1
+
+	cd /etc/fail2ban/
+
+	touch jail.local
+
+	echo "[proxmox]
+enabled = true
+port = http,https,8006
+filter = proxmox
+logpath = /var/log/daemon.log
+maxretry = 4
+bantime = 43200" > jail.local
+
+	cd filter.d/
+
+	touch proxmox.conf
+
+	echo "[Definition]
+failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
+ignoreregex =" > proxmox.conf
+
+	service fail2ban restart
diff --git a/proxmox_setup.sh b/proxmox_setup.sh
@@ -19,4 +19,11 @@ apt-get update
 apt-get dist-upgrade -y
 
 # force post-invoke scripts to run
-apt --reinstall install proxmox-widget-toolkit
+apt --reinstall install proxmox-widget-toolkit
+
+# keep a record of when the system was setup
+date > /etc/birth_certificate
+
+if [ -f /var/run/reboot-required ]; then
+sudo reboot
+fi
diff --git a/proxmox_setup.sh b/proxmox_setup.sh
@@ -1,3 +1,6 @@
+# copy and paste oneliner below to run
+# curl -s https://gist.github.com/ilude/32aec45964bc1207810f7e6e49544064/raw/proxmox_setup.sh?$(date +%s) | /bin/bash -s
+
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 

diff --git a/gistfile1.txt → proxmox_setup.sh b/gistfile1.txt → proxmox_setup.sh
@@ -1,11 +1,19 @@
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
-apt-get update
 
 # Add PVE Community Repo
 echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-release | sed -n 's/.*(\(.*\)).*/\1/p') pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
+
+# setup no nag script to run on upgrade
+echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/99-proxmox-no-nag-script
+
+# setup dark-theme to reinstall on upgrade
+tee -a /etc/apt/apt.conf.d/99-proxmox-dark-theme >/dev/null <<'EOF'
+DPkg::Post-Invoke { "wget https://raw.githubusercontent.com/Weilbyte/PVEDiscordDark/master/PVEDiscordDark.sh && bash PVEDiscordDark.sh install || true"; };
+EOF
+
 apt-get update
+apt-get dist-upgrade -y
 
-# Remove nag
-echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script
+# force post-invoke scripts to run
 apt --reinstall install proxmox-widget-toolkit
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -7,5 +7,5 @@ echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-relea
 apt-get update
 
 # Remove nag
-echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; systemctl restart pveproxy.service; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script
+echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script
 apt --reinstall install proxmox-widget-toolkit
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -1,8 +1,10 @@
 # Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
+apt-get update
 
 # Add PVE Community Repo
 echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-release | sed -n 's/.*(\(.*\)).*/\1/p') pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
+apt-get update
 
 # Remove nag
 echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; systemctl restart pveproxy.service; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -2,7 +2,7 @@
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 
 # Add PVE Community Repo
-echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
+echo "deb http://download.proxmox.com/debian/pve $(grep "VERSION=" /etc/os-release | sed -n 's/.*(\(.*\)).*/\1/p') pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
 
 # Remove nag
 echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; systemctl restart pveproxy.service; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -2,7 +2,7 @@
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 
 # Add PVE Community Repo
-echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
+echo "deb http://download.proxmox.com/debian/pve buster pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
 
 # Remove nag
 echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; systemctl restart pveproxy.service; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -5,5 +5,5 @@ sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
 
 # Remove nag
-cp /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js{,.bak}
-sed -i "s/if (data.status !== 'Active')/if (false)/" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
+echo "DPkg::Post-Invoke { \"dpkg -V proxmox-widget-toolkit | grep -q '/proxmoxlib\.js$'; if [ \$? -eq 1 ]; then { echo 'Removing subscription nag from UI...'; sed -i '/data.status/{s/\!//;s/Active/NoMoreNagging/}' /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js; systemctl restart pveproxy.service; }; fi\"; };" > /etc/apt/apt.conf.d/no-nag-script
+apt --reinstall install proxmox-widget-toolkit
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -1,4 +1,4 @@
-# Remove Commercial Repo
+# Disable Commercial Repo
 sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
 
 # Add PVE Community Repo

diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,9 @@
+# Remove Commercial Repo
+sed -i "s/^deb/\#deb/" /etc/apt/sources.list.d/pve-enterprise.list
+
+# Add PVE Community Repo
+echo "deb http://download.proxmox.com/debian/pve stretch pve-no-subscription" > /etc/apt/sources.list.d/pve-no-enterprise.list
+
+# Remove nag
+cp /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js{,.bak}
+sed -i "s/if (data.status !== 'Active')/if (false)/" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
Original file line number	Diff line number	Diff line change
		@@ -1,3 +0,0 @@
		# https://forum.proxmox.com/threads/mount-host-directory-into-lxc-container.66555/
		pct set 103 -mp0 /host/dir,mp=/container/mount/point
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# https://forum.proxmox.com/threads/mount-host-directory-into-lxc-container.66555/
		pct set 103 -mp0 /host/dir,mp=/container/mount/point