Scripts for building containers for the Proxmox home server

Initial Setup

The first step is to build the containers needed for building all other containers.
This can be done on a privileged Debian CT (make sure to enable the Fuse, Nesting and 'Create Device Nodes' features) on the new proxmox server or any other Debian install

1. Clone this repo
2. cd in to cloned repo
3. run bash Scripts/FirstSetup.sh, to install dependencies and generate the container images
4. upload the Debian-imgbuilder.tar.xz to the proxmox server and create a privileged container
5. Follow the steps under Container Setup > imgbuilder
6. Upload the Debian-Jenkins.tar.xz to the proxmox server and create a container
7. Follow the steps under Container Setup > Jenkins

List of containers

Name	Distro	Description
minimal	All	Minimal installed packages
default	All	ssh-server and nano packages
jenkins	Debian	Jenkins server
jenkinsBuilder	Debian	Basic node for Jenkins
imgbuilder	Debian	LXC template builder node for Jenkins
mysql	Debian	Mysql server with PhpMyadmin
pihole	Debian	Pihole CT
collabora	Debian	CollaboraOffice WebService (CODE version)
jellyfin	Debian	Jellyfin in-home streaming server
domoticz	Debian	Domoticz home automation service
omadaV3 (Unsupported)	Debian	TP-link Omada SDN controller(V3.2.14)
docker	Debian	Docker container service
smb	Debian	Samba server
x2go	Debian	Remote xfce desktop accessable via X2go
aptcacherng	Debian	Caching server for linux packages
nfs	Debian	NFS server
duplicati	Debian	Duplicati backup software
fileshelter	Debian	FileShelter file shareing software
esphome	Debian	ESPHome software to manage wifi-MCUs
postgresql	Debian	PostgreSQL server with pgAdmin
linkwarden	Debian	inkwarden is an collaborative bookmark manager to collect, organize and preserve webpages.
elkarbackupALP (Deprecated)	Alpine	ElkarBackup rsyncsnapshot server (Requires PHP 7.4)
gitea	Alpine	Gitea server
nginx	Alpine	Nginx server for reverse-proxy use
ddns	Alpine	DDNS client configured for OVH/OVH-Cloud
transfersh	Alpine	transfer.sh instance
iscsi	Alpine	iSCSI server
z2mqtt	Alpine	Mqtt bridges for Zigbee and ZWave
nodered	Alpine	Node-Red
nodejs	Alpine	Basic nodejs install with pm2
nextcloud	Alpine	Nextcloud
mqtt	Alpine	Mosquitto mqtt broker
hass (Unsupported & Broken)	Alpine	HomeAssistant core instance with HACS and mysql support (Due to Nabu Casa EOL on hass core, and Broken because python 3.13 is required)
mailbackup	Alpine	Contains mail archive tools (MailBackup-sys)
heimdall	Alpine	Heimdall, A application dashboard/launcher
vouchproxy	Alpine	Vouch-proxy, A SSO solution for Nginx
freshrss	Alpine	FreshRSS, a self-hosted RSS feed aggregator
uptimekuma	Alpine	Uptime Kuma a self-hosted monitoring tool.
kavita	Alpine	A self-hosted digital library which supports a vast array of file formats.

(Unsupported and Broken containners are removed from the jenkins build config)

Container Setup

imgbuilder

This container should be set up as privileged

1. Enable features: Fuse, Nesting and 'Create Device Nodes'
2. Add a mountpoint to /LXCBuild on a accessible place for the Proxmox Server
3. Add this location to datastore for LXC templates to Proxmox
4. Set the jenkins user password using passwd jenkins in the container
5. Create folders on mountpoint using mkdir -p /LXCBuild/template/cache
6. Set permissions on the folder chmod o+w -R /LXCBuild
7. Write down the ip of this server (for use in the jenkins container)

jenkins

After first start of CT wait a minute for jenkins to fully initialize before continuing with these steps

1. In the container configure the setup script nano /opt/Setup/Scripts/FirstRun.sh
2. In the container run the setup script bash /opt/Setup/Scripts/FirstRun.sh
3. Access Jenkins using http://<ip>:8080
4. Press the X to skip the fist time setup
5. Delete the Admin user go to 'Manage Jenkins' > 'Manage Users' > Admin > Delete
6. Add credentials for imgbuilder-CT go to 'Manage Jenkins' > 'Manage Nodes and Clouds' > LXCBuilder1 > configure
   Under Credentials click 'Add', enter 'jenkins' as username, and set the password that was set in the imgbuilder CT Then select the created credential and click save
7. Click 'Relaunch agent'
8. Now you can build container images

mysql

• To configure the MySQL root password in the container run the setup script bash /opt/Setup/Scripts/FirstRun.sh

gitea

1. Edit the parameters in the FistRun script in the container vi /opt/Setup/Scripts/FirstRun.sh
2. Run the FistRun script in the container ash /opt/Setup/Scripts/FirstRun.sh

• Available on http://<ip>:3000

nginx

• Run the FistRun script in the container ash /opt/Setup/Scripts/FirstRun.sh

pihole

• Run the FistRun script in the container bash /opt/Setup/Scripts/FirstRun.sh

collabora

• Update the configuration in /etc/coolwsd/coolwsd.xml and reload the service systemctl restart coolwsd

jellyfin

• To set-up the system follow the initial set-up wizard on http://<ip>:8096

domoticz

• Available on http://<ip>:8080

transfersh

• Available on http://<ip>:8080

omadaV3

This version of the Omada software is EOL, Build has been removed form Jenkins build list

• To set-up the system follow the initial set-up wizard on http://<ip>:8088

docker

• Run the FistRun script in the container bash /opt/Setup/Scripts/FirstRun.sh This container can be set up in two ways

1. As controller with portainer
2. As remote with docker tcp on port 2375
3. BONUS if FistRun script is skipped the CT has clean docker

iscsi

In Proxmox

• Run following commands

modprobe target_core_mod
printf "#Load iSCSI module at boot\ntarget_core_mod" > /etc/modules-load.d/iSCSI-target.conf

• Add the following to /etc/pve/lxc/<CT-ID>.conf

lxc.apparmor.profile: unconfined

• Restart CT

In CT

• in the targetcli shell (by using the targetcli command) run the following commands

cd /iscsi
create <iqn for this server,Example:(iqn.2021-09.lan.test:host)>
exit

z2mqtt

• Enable feature on CT: 'Create Device Nodes' Do not start this container after creation, follow these steps first
• Recommended to give CT 1-2GB of RAM (Required for updating)

In Proxmox

• Add the following to /etc/udev/rules.d/99-CustomHome.rules

Always add (to set the device permissions)**

KERNEL=="ttyUSB[0-9]*", MODE="0666"
KERNEL=="ttyACM[0-9]*", MODE="0666"

Add for Sonoff Zigbee 3.0 Plus USB ZBDongel-P (CC2652P + CP2102N)

SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="ttyACM-Zigbee"

Add for Sonoff Zigbee 3.0 Plus USB ZBDongel-E (EFR32MG21)

SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="55d4", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="55d4", SYMLINK+="ttyACM-Zigbee"

Add for Zigbee CC2531 USB

SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"

Add for Zwave Aeotec Z-Stick Gen5

SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"

• Run udevadm trigger
• Add the following to /etc/pve/lxc/<CT-ID>.conf

lxc.cgroup2.devices.allow: c 166:* rwm
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyACM-Zigbee dev/ttyACM-Zigbee none bind,optional,create=file
lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=file

• Zigbee2mqtt Available on http://<ip>:8080
• Z-wave JS UI Available on http://<ip>:8091
• in the Z-wave JS UI web ui set the Zwave serial port to /dev/ttyACM-Zwave
• If a Cannot lock port error shows, please reboot the CT, if that does not fix it try rebooting the Proxmox server

nodered

• Available on http://<ip>:1880

nextcloud

MountPoint for data folder /var/nextcloud

1. Edit the parameters in the FistRun script in the container vi /opt/Setup/Scripts/FirstRun.sh
2. Run the FistRun script in the container ash /opt/Setup/Scripts/FirstRun.sh
3. Available on http://<ip>

smb

• Webmin available on http://<ip/hostname>
• Samba server Available

x2go

• Add a user by typing adduser <username>
• Set key auth only sed -i -e '/PasswordAuthentication/c\PasswordAuthentication no' -e '/ChallengeResponseAuthentication/c\ChallengeResponseAuthentication no' /etc/ssh/sshd_config
• Set ssh port sed -i -e '/Port 22/c\Port <PortNr>' /etc/ssh/sshd_config

hass

EOL Use Docker with HomeAssistant compose file instead, Build has been removed form Jenkins build list

• After first start of CT HomeAssistant will finish its installation this will take at least 10 minutes
• HomeAssistant available on http://<ip>:8123

aptcacherng

• Available on http://<ip>:80

nfs

This container should be set up as privileged

• Enable feature on CT: 'Nesting, NFS'
• Webmin available on http://<ip/hostname>
• NFS server Available

duplicati

1. Run the FistRun script in the container to set the password bash /opt/Setup/Scripts/FirstRun.sh
2. Available on http://<ip>:8200

mailbackup

• Info html page available on http://<ip>:80
• Add user/storage space by running ash /opt/AddMailBox.sh

heimdall

• Available on http://<ip>:80

vouchproxy

• Default port 9090
• A script to setup another instance is located here: /opt/AddVouchInstance.sh

freshrss

• Available on http://<ip>:80

elkarbackupALP

Debian version depricated and removed

1. Edit the parameters in the FistRun script in the container vi /opt/Setup/Scripts/FirstRun.sh
2. Run the FistRun script in the container ash /opt/Setup/Scripts/FirstRun.sh
3. Available on http://<ip> (Default username/password: root/root)
4. Click cogwheel/settings icon > Manage backup locations >New (make sure to create this directory and set ngix as the owner)
5. Add a retention policy under the Policies tab

heimdal

• Available on http://<ip>:80, first time loading the page may take a while

fileshelter

• Available on http://<ip>:5091

esphome

• Available on http://<ip>:6052

postgresql

• Run the FistRun script in the container ash /opt/Setup/Scripts/FirstRun.sh
• After this pgAdmin is available on http://<ip>:80,

linkwarden

• Edit and run the FistRun script in the container ash /opt/Setup/Scripts/FirstRun.sh
• After this pgAdmin is available on http://<ip>:80,

uptimekuma

• Available on http://<ip>:80

kavita

• Available on http://<ip>:80

Further CT documentation

iscsi

Allow Remote

Set the iqn of the client to one of the server:hostname/nickname

In CT

• in the targetcli shell (by using the targetcli command) run the following commands

cd /iscsi/<server-iqn>/tpg1/acls/
create <client-iqn>
exit

Add Drive

In Proxmox

• Create LVM Volume (Available @ /dev/<poolName>/<VolumeName>)

lvcreate --name <name> --size <VolumeSize>G <PoolName>

• Create LVM-Thin Volume

vcreate -V<VolumeSize>G -T <PoolName>/<ThinpoolName> -n <name>

• Create ZFS Volume (Available @ /dev/<poolName>/<VolumeName>)

zfs create -o volblocksize=32k -V <VolumeSize>G <poolName>/<VolumeName>
zfs set sync=disabled <poolName>/<VolumeName>

• Get id by using ls -l /dev/<devicename>
• Add the following to /etc/pve/lxc/<CT-ID>.conf

lxc.cgroup2.devices.allow: b <id>:<Subid> rwm
lxc.mount.entry: /dev/<devicename> dev/<device> none bind,optional,create=file

• Restart CT

In CT

• in the targetcli shell (by using the targetcli command) run the following commands

cd /backstores/block
create <name> /dev/<device>
cd /iscsi/<server-iqn>/tpg1/luns
create <device>
exit