PacketRealm.io

Step-by-step notes to install NVIDIA via RPM Fusion akmods on Fedora, blacklist nouveau, update GRUB, enroll the akmods key with mokutil, and verify.

This guide shows how to install the official NVIDIA driver (the .run installer from Nvidia.com) on Ubuntu 24.04/25.04 with Secure Boot enabled, sign the kernel modules, enroll the MOK key, and verify that the driver is actually being used (not falling back to llvmpipe). TL;DR Download the driver from Nvidia.com chmod +x NVIDIA-Linux-x86_64-<version>.run Stop the display manager (e.g., gdm3) and switch to a TTY Run the installer with module signing (supplies key + cert or lets the installer create them) Enroll the cert with mokutil --import ... Reboot and Enroll MOK on the blue screen Add nvidia-drm.modeset=1 to GRUB, rebuild initramfs, reboot Verify with nvidia-smi and glxinfo Prerequisites Ubuntu 24.04/25.04 (GNOME) Secure Boot enabled in BIOS/UEFI Internet access build-essential, kernel headers, and basic tools: sudo apt update sudo apt install -y build-essential dkms linux-headers-$(uname -r) mokutil curl wget mesa-utils Tip: If you previously installed NVIDIA via apt, either purge it or ensure there’s no conflict. Mixing .run and apt packages can cause headaches. ...

PBS + Rclone Backup Email Notification Setup for PacketRealm.io This document outlines how to configure email notifications for Proxmox Backup Server (PBS) backup syncs using rclone and msmtp, and send logs via email from [email protected]. 1. Email Account: [email protected] This email address is used as the sender for: PBS backup reports Grafana alerts General system monitoring You may use it with msmtp as an SMTP client to send messages. 2. Install Required Packages sudo apt update sudo apt install msmtp msmtp-mta 3. Configure msmtp Edit /root/.msmtprc: ...

☁️ Offsite Backup with Backblaze B2 This guide explains how to securely sync encrypted Proxmox Backup Server (PBS) backups to Backblaze B2 using rclone. It includes scripting, logging, cron automation, and tips to keep costs in check. 1. 🔧 Rclone Setup Install rclone on your PBS VM: curl https://rclone.org/install.sh | bash Configure a remote for B2: rclone config Name: b2pbs Type: Backblaze B2 Account ID and Application Key from B2 console Create a B2 bucket, e.g., packetrealm-backup-bucket. ...

🧰 Overview This guide walks through setting up a Proxmox Backup Server (PBS) VM, creating a ZFS-backed datastore, and configuring encrypted backups from your Proxmox node. 1. 🖥️ Create PBS VM in Proxmox Resources Assigned CPU: 2 vCPU RAM: 4GB (minimum) Disk 1: 32GB OS (can be on local-lvm) Disk 2: Backup storage disk (e.g. 500GB from zfs-ssd) Installation Steps Download the PBS ISO and upload it to your Proxmox ISO storage. Create a new VM: Use the PBS ISO Attach the secondary virtual disk for backups (e.g. zfs-ssd-pbs-zvol) Boot into the installer and follow the on-screen steps to install PBS on Disk 1. 2. 🧱 Create PBS Datastore Once inside the PBS VM: ...

ZFS Snapshot Rotate Script This script automates: Daily snapshot creation for both LXC containers (subvol) and VMs (zvol) Cleanup of snapshots older than RETENTION_DAYS Logging to /var/log/zfs-snapshots/snapshot-YYYY-MM-DD.log Optional dry-run mode to simulate deletions Support for -v flag (verbose mode) Cron scheduling and logrotate ready 📄 Script Location Place the script at: /usr/local/sbin/zfs-snapshot-rotate.sh chmod +x /usr/local/sbin/zfs-snapshot-rotate.sh ⏰ Cron Job (Automatic Daily Snapshots) Open root’s crontab: sudo crontab -e Add this line to run the script daily at 2:00 AM: ...

Proxmox Directory Storage: The Structure No One Explains If you’ve ever found yourself confused why Proxmox is “hiding” your ISO files or not listing them in the GUI, you’re not alone. The behavior is not a bug—it’s by design, just very poorly documented. This guide documents what Proxmox expects when using directory (dir) storage types—especially on ZFS—so everything shows up and works cleanly. 🔍 The Hidden Directory Structure When you point dir storage to a path, Proxmox does not use that folder directly. Instead, it creates specific subdirectories inside that path depending on content type: ...

I recently upgraded my Proxmox VE 8.4.0 homelab and added a dedicated 1TB SSD using ZFS. After setting up the new ZFS pool (zfs-ssd), I needed to migrate my existing VMs from local-lvm (LVM-Thin) to ZFS. This post documents my complete migration process. 🖥️ System Overview Proxmox VE Version: 8.4.0 Existing Storage: local-lvm (LVM-Thin) New Storage: zfs-ssd (ZFS pool on 1TB SSD) 🧭 Migration Method The migration process uses Proxmox’s built-in disk move functionality. This converts LVM-Thin volumes into ZFS ZVOLs automatically. ...

I recently upgraded my Proxmox VE server with 48GB RAM and added a new 1TB SSD. This guide documents how I set up ZFS on the new SSD and configured it as a storage backend optimized for VM and container use. 🖥️ System Overview Proxmox Version: 8.4.0 New SSD: /dev/sda (1TB) Existing boot disk: /dev/sdb (240GB) 🔧 Step 1: Identify the New SSD Run lsblk to identify your drives: lsblk -o NAME,SIZE,TYPE,MOUNTPOINT Look for your unpartitioned 1TB SSD (e.g. /dev/sda). ...

🔐 pfSense + LDAP Authentication Setup Guide A step-by-step guide to integrate pfSense with Active Directory over secure LDAPS using a Let’s Encrypt certificate issued via DNS validation. ✅ 1. Prerequisites 🖥️ Windows Server 2025 as Domain Controller (DC) 🌐 A pfSense firewall instance 🌍 A domain name (e.g., packetrealm.io) ☁️ Cloudflare for DNS management 🔒 Admin access to pfSense Web UI 📶 Internet access from the Domain Controller 🌐 2. Configure DNS in Cloudflare Log in to your Cloudflare dashboard Select your domain (e.g., packetrealm.io) Navigate to DNS → Add an A record: Name: dc IPv4 address: IP of your DC (LAN IP or WAN if accessible) Proxy status: ⚪ DNS only Save and verify with: nslookup dc.packetrealm.io 📜 3. Issue TLS Certificate via Win-ACME (Manual DNS) 🧰 3.1 Download Win-ACME 👉 Download Win-ACME Use the win-acme.v2.x.x.x.x64.trimmed.zip version Extract to C:\win-acme 📥 3.2 Issue Certificate (Manual DNS-01) cd C:\win-acme .\wacs.exe Choose M → Create new certificate with advanced options Enter: dc.packetrealm.io Choose DNS-01 challenge Select Manual for DNS update method Add TXT record in Cloudflare: Name: _acme-challenge.dc Value: TXT value from wacs After propagation, hit Enter to continue 🔍 3.3 Verify Certificate Open mmc.exe Add Certificates → Local Computer Navigate to Personal → Certificates Ensure: Issued to: dc.packetrealm.io Enhanced Key Usage: Server Authentication 🔁 3.4 Restart NTDS Restart-Service ntds 🔗 4. Import Let’s Encrypt Root CA to pfSense 📄 4.1 Download Root Certificate 👉 ISRG Root X1 - PEM format 🛠️ 4.2 Add to pfSense Go to System → Cert Manager → CAs Click Add Name: Let’s Encrypt ISRG Root X1 Paste entire PEM contents Save ✅ 👤 5. Create LDAP Bind Account (Best Practice) Open Active Directory Users and Computers Create OU: ServiceAccount (if needed) Add user: ldapbind Set password + Password never expires Example DN: CN=ldapbind,OU=ServiceAccount,DC=packetrealm,DC=io 🧩 6. Configure LDAP in pfSense Go to System → User Manager → Authentication Servers Click Add: Type: LDAP Hostname: dc.packetrealm.io Port: 636 Transport: SSL Peer CA: Let’s Encrypt ISRG Root X1 Base DN: DC=packetrealm,DC=io Bind DN: CN=ldapbind,OU=ServiceAccount,DC=packetrealm,DC=io Password: your ldapbind password Save & test with Diagnostics → Authentication 🔐 7. Enable LDAP Authentication in pfSense Go to System → User Manager → Settings Set your LDAP server as the authentication backend Apply settings 🔄 8. Automate Certificate Renewal ✅ Win-ACME installs a scheduled task It auto-renews and places cert in Local Computer > Personal pfSense trusts it through the CA, no re-import needed Monitor expiry as a safeguard 🛠️ 9. Troubleshooting Test LDAPS connectivity ...