Scripts for building containers for the Proxmox home server

Inital Setup

The fist step is to build the containers needed for building all other containers. This can be done on a Minimal debian CT (make sure to enable nesting) on the new proxmox server or any other debian install

1. Clone this repo
2. cd in to cloned repo
3. run bash Scripts/FirstSetup.sh, to genate the container images
4. upload the Debian-imgbuilder.tar.xz to the proxmox server and create a privileged container
5. Follow the steps under Container Setup > imgbuilder
6. Upload the Debian-Jenkins.tar.xz to the proxmox server and create a container
7. Follow the steps under Container Setup > Jenkins

List of containers

Name	Distro	Description
minimal	All	Minimal installed packages
default	All	ssh-server and nano packages
jenkins	Debian	Jenkins server
jenkinsBuilder	Debian	Basic node for Jenkins
imgbuilder	Debian	LXC template builder node for Jenkins
mysql	Debian	Mysql server with PhpMyadmin
pihole	Debian	Pihole CT
colabora	Debian	ColaboraOffice WebService (CODE version)
jellyfin	Debian	Jellyfin in-home streaming server
domoticz	Debian	Domoticz home automation service
omadaV3	Debian	TP-link Omada SDN controller(V3.2.14)
docker	Debian	Docker container service
smb	Debian	Samba server
tvheadend	Debian	Tvheadend server
x2go	Debian	Remote xfce desktop accessable via X2go
gitea	Alpine	Gitea server
nginx	Alpine	Nginx server for reverse-proxy use
ddns	Alpine	DDNS client configured for OVH/OVH-Cloud
transfersh	Alpine	transfer.sh instance
iscsi	Alpine	iSCSI server
z2mqtt	Alpine	Mqtt bridges for Zigbee and ZWave
nodered	Alpine	Node-Red
nodejs	Alpine	Basic nodejs install with pm2
mqtt	Alpine	Mosquitto mqtt broker
hass	Alpine	HomeAssistant instance with HACS and mysql support

TODO

Begin original list

AptCacherNG

Unifi Not supported in debian 11

MailBackup* FileShelter Not supported in debian 11 /transfer.sh As alternative

End original list

Container Setup

imgbuilder

This container shoud be set up as privileged

1. Enable features: Fuse, Nesting and 'Create Device Nodes'
2. Add a mountpoint to /LXCBuild on a accesable place for the Proxmox Server
3. Add this location to datastore for LXC templates to Proxmox
4. Set the jenkins user password using passwd jenkins in the container
5. Create folders on mountpoint using mkdir /LXCBuild/template/cache
6. Set permissions on the folder chmod o+w -R /LXCBuild
7. Write down the ip of this server (for use in the jenkins container)

jenkins

1. In the container configure the setup script nano /opt/Setup/Scripts/FirstRun.sh
2. In the container run the setup script bash /opt/Setup/Scripts/FirstRun.sh
3. Acces Jenkins using http://<ip>:8080
4. Press the X to skip the fist time setup
5. Delete the Admin user go to 'Manage Jenkins' > 'Manage Users' > Admin > Delete
6. Add credentials for imgbuilder-CT go to 'Manage Jenkins' > 'Manage Nodes and Clouds' > LXCBuilder1 > configure
   Under Credentials click 'Add', enter 'jenkins' as username, and set the password that was set in the imgbuilder CT Then select the created credential and click save
7. Click 'Relaunch agent'
8. Now you can build container images

mysql

• To configure the MySQL root password in the container run the setup script bash /opt/Setup/Scripts/FirstRun.sh

gitea

1. Edit the parameters in the FistRun script in the container vi /opt/Setup/Scripts/FirstRun.sh
2. Run the FistRun scipt in the container ash /opt/Setup/Scripts/FirstRun.sh

nginx

• Run the FistRun scipt in the container ash /opt/Setup/Scripts/FirstRun.sh

pihole

• Run the FistRun scipt in the container ash /opt/Setup/Scripts/FirstRun.sh

colabora

• Update the configuration in /etc/loolwsd/loolwsd.xml and reload the service systemctl restart loolwsd

jellyfin

• To set-up the system follow the inital set-up wizard on http://<ip>:8096

domoticz

• Avalible on http://<ip>:8080

transfersh

• Avalible on http://<ip>:8080

omadaV3

• To set-up the system follow the inital set-up wizard on http://<ip>:8088

docker

• Run the FistRun scipt in the container ash /opt/Setup/Scripts/FirstRun.sh This container can be set up in two ways

1. As controller with portainer
2. As remote with docker tcp on port 2375
3. BONUS if FistRun scipt the CT has clean docker

iscsi

In Proxmox

• Run following commands

modprobe target_core_mod
printf "#Load iSCSI module at boot\ntarget_core_mod" > /etc/modules-load.d/iSCSI-target.conf

• Add the following to /etc/pve/lxc/<CT-ID>.conf

lxc.apparmor.profile: unconfined

• Restart CT

In CT

• in the targetcli shell (by using the targetcli command) run the following commands

cd /iscsi
create <iqn for this server,Example:(iqn.2021-09.lan.test:host)>
exit

z2mqtt

Do not start this container after cration, follow these steps first

• Recomended to give CT 1-2GB of RAM (Required for updating)

In Proxmox

• Add the folling to /etc/udev/rules.d/99-CustomHome.rules

KERNEL=="ttyUSB[0-9]*", MODE="0666"
KERNEL=="ttyACM[0-9]*", MODE="0666"

SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0451", ATTRS{idProduct}=="16a8", SYMLINK+="ttyACM-Zigbee"

SUBSYSTEM=="tty", ACTION=="change", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"
SUBSYSTEM=="tty", ACTION=="add", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyACM-Zwave"

• Run udevadm trigger
• Add the folling to /etc/pve/lxc/<CT-ID>.conf

lxc.cgroup2.devices.allow: c 166:* rwm
lxc.mount.entry: /dev/ttyACM-Zigbee dev/ttyACM-Zigbee none bind,optional,create=file
lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=file

• Zigbee2mqtt avalible on http://<ip>:5002
• ZWave2mqtt avalible on http://<ip>:8091
• in the ZWave2mqtt web ui set the Zwave serial port to /dev/ttyACM-Zwave
• If a Cannot lock port error shows, please reboot the CT, if that does not fix it try rebooting the Proxmox server

nodered

• Avalible on http://<ip>:1880

nextcloud

MountPoint for data folder /var/nextcloud

1. Edit the parameters in the FistRun script in the container vi /opt/Setup/Scripts/FirstRun.sh
2. Run the FistRun scipt in the container ash /opt/Setup/Scripts/FirstRun.sh
3. Avalible on http://<ip>

smb

• Webmin avalible on http://<ip/hostname>
• Samba server avalible

tvheadend

Do first login and setup wizzard in a incognito/Private window, since the authentication system can get confused after setting the new username

• Tvheadend avalible on http://<ip>:9981
• Default credentials: setup/setup
• Follow the setup wizzard after login, otherwise authentication will be disabled

hass

• After first start of CT HomeAssistant will finish its instalation this wil take at least 10 minutes
• HomeAssistantavalible on http://<ip>:8123

Further CT documentation

iscsi

Allow Remote

Set the iqn of the client to one of the server:hostname/nickname

In CT

• in the targetcli shell (by using the targetcli command) run the following commands

cd /iscsi/<server-iqn>/tpg1/acls/
create <client-iqn>
exit

Add Drive

In Proxmox

• Create LVM Volume (Avalible @ /dev/<poolName>/<VolumeName>)

lvcreate --name <name> --size <VolumeSize>G <PoolName>

• Create ZFS Volume (Avalible @ /dev/<poolName>/<VolumeName>)

zfs create -o volblocksize=32k -V <VolumeSize>G <poolName>/<VolumeName>
zfs set sync=disabled <poolName>/<VolumeName>

• Get id by using ls -l /dev/<devicename>
• Add the folling to /etc/pve/lxc/<CT-ID>.conf

lxc.cgroup2.devices.allow: b <id>:<Subid> rwm
lxc.mount.entry: /dev/<devicename> dev/<device> none bind,optional,create=file

• Restart CT

In CT

• in the targetcli shell (by using the targetcli command) run the following commands

cd /backstores/block
create <name> /dev/<device>
cd /iscsi/<server-iqn>/tpg1/luns
create <device>
exit

x2go

• Add a user by typing adduser <username>
• Set key auth only sed -i -e '/PasswordAuthentication/c\PasswordAuthentication no' -e '/ChallengeResponseAuthentication/c\ChallengeResponseAuthentication no' /etc/ssh/sshd_config
• Set ssh port sed -i -e '/Port 22/c\Port <PortNr>' /etc/ssh/sshd_config