Homelab

PBS + Rclone Backup Email Notification Setup for PacketRealm.io This document outlines how to configure email notifications for Proxmox Backup Server (PBS) backup syncs using rclone and msmtp, and send logs via email from [email protected]. 1. Email Account: [email protected] This email address is used as the sender for: PBS backup reports Grafana alerts General system monitoring You may use it with msmtp as an SMTP client to send messages. 2. Install Required Packages sudo apt update sudo apt install msmtp msmtp-mta 3. Configure msmtp Edit /root/.msmtprc: ...

ZFS Snapshot Rotate Script This script automates: Daily snapshot creation for both LXC containers (subvol) and VMs (zvol) Cleanup of snapshots older than RETENTION_DAYS Logging to /var/log/zfs-snapshots/snapshot-YYYY-MM-DD.log Optional dry-run mode to simulate deletions Support for -v flag (verbose mode) Cron scheduling and logrotate ready 📄 Script Location Place the script at: /usr/local/sbin/zfs-snapshot-rotate.sh chmod +x /usr/local/sbin/zfs-snapshot-rotate.sh ⏰ Cron Job (Automatic Daily Snapshots) Open root’s crontab: sudo crontab -e Add this line to run the script daily at 2:00 AM: ...

Proxmox Directory Storage: The Structure No One Explains If you’ve ever found yourself confused why Proxmox is “hiding” your ISO files or not listing them in the GUI, you’re not alone. The behavior is not a bug—it’s by design, just very poorly documented. This guide documents what Proxmox expects when using directory (dir) storage types—especially on ZFS—so everything shows up and works cleanly. 🔍 The Hidden Directory Structure When you point dir storage to a path, Proxmox does not use that folder directly. Instead, it creates specific subdirectories inside that path depending on content type: ...

I recently upgraded my Proxmox VE 8.4.0 homelab and added a dedicated 1TB SSD using ZFS. After setting up the new ZFS pool (zfs-ssd), I needed to migrate my existing VMs from local-lvm (LVM-Thin) to ZFS. This post documents my complete migration process. 🖥️ System Overview Proxmox VE Version: 8.4.0 Existing Storage: local-lvm (LVM-Thin) New Storage: zfs-ssd (ZFS pool on 1TB SSD) 🧭 Migration Method The migration process uses Proxmox’s built-in disk move functionality. This converts LVM-Thin volumes into ZFS ZVOLs automatically. ...

I recently upgraded my Proxmox VE server with 48GB RAM and added a new 1TB SSD. This guide documents how I set up ZFS on the new SSD and configured it as a storage backend optimized for VM and container use. 🖥️ System Overview Proxmox Version: 8.4.0 New SSD: /dev/sda (1TB) Existing boot disk: /dev/sdb (240GB) 🔧 Step 1: Identify the New SSD Run lsblk to identify your drives: lsblk -o NAME,SIZE,TYPE,MOUNTPOINT Look for your unpartitioned 1TB SSD (e.g. /dev/sda). ...

🔐 pfSense + LDAP Authentication Setup Guide A step-by-step guide to integrate pfSense with Active Directory over secure LDAPS using a Let’s Encrypt certificate issued via DNS validation. ✅ 1. Prerequisites 🖥️ Windows Server 2025 as Domain Controller (DC) 🌐 A pfSense firewall instance 🌍 A domain name (e.g., packetrealm.io) ☁️ Cloudflare for DNS management 🔒 Admin access to pfSense Web UI 📶 Internet access from the Domain Controller 🌐 2. Configure DNS in Cloudflare Log in to your Cloudflare dashboard Select your domain (e.g., packetrealm.io) Navigate to DNS → Add an A record: Name: dc IPv4 address: IP of your DC (LAN IP or WAN if accessible) Proxy status: ⚪ DNS only Save and verify with: nslookup dc.packetrealm.io 📜 3. Issue TLS Certificate via Win-ACME (Manual DNS) 🧰 3.1 Download Win-ACME 👉 Download Win-ACME Use the win-acme.v2.x.x.x.x64.trimmed.zip version Extract to C:\win-acme 📥 3.2 Issue Certificate (Manual DNS-01) cd C:\win-acme .\wacs.exe Choose M → Create new certificate with advanced options Enter: dc.packetrealm.io Choose DNS-01 challenge Select Manual for DNS update method Add TXT record in Cloudflare: Name: _acme-challenge.dc Value: TXT value from wacs After propagation, hit Enter to continue 🔍 3.3 Verify Certificate Open mmc.exe Add Certificates → Local Computer Navigate to Personal → Certificates Ensure: Issued to: dc.packetrealm.io Enhanced Key Usage: Server Authentication 🔁 3.4 Restart NTDS Restart-Service ntds 🔗 4. Import Let’s Encrypt Root CA to pfSense 📄 4.1 Download Root Certificate 👉 ISRG Root X1 - PEM format 🛠️ 4.2 Add to pfSense Go to System → Cert Manager → CAs Click Add Name: Let’s Encrypt ISRG Root X1 Paste entire PEM contents Save ✅ 👤 5. Create LDAP Bind Account (Best Practice) Open Active Directory Users and Computers Create OU: ServiceAccount (if needed) Add user: ldapbind Set password + Password never expires Example DN: CN=ldapbind,OU=ServiceAccount,DC=packetrealm,DC=io 🧩 6. Configure LDAP in pfSense Go to System → User Manager → Authentication Servers Click Add: Type: LDAP Hostname: dc.packetrealm.io Port: 636 Transport: SSL Peer CA: Let’s Encrypt ISRG Root X1 Base DN: DC=packetrealm,DC=io Bind DN: CN=ldapbind,OU=ServiceAccount,DC=packetrealm,DC=io Password: your ldapbind password Save & test with Diagnostics → Authentication 🔐 7. Enable LDAP Authentication in pfSense Go to System → User Manager → Settings Set your LDAP server as the authentication backend Apply settings 🔄 8. Automate Certificate Renewal ✅ Win-ACME installs a scheduled task It auto-renews and places cert in Local Computer > Personal pfSense trusts it through the CA, no re-import needed Monitor expiry as a safeguard 🛠️ 9. Troubleshooting Test LDAPS connectivity ...

This guide walks you through deploying a Hugo static site using the PaperMod theme, hosted on an unprivileged LXC container running NGINX. This version includes a manual installation of Hugo via .deb for full control over the version. 📁 Prerequisites Proxmox or any hypervisor Ubuntu 22.04 LXC (unprivileged) A non-root user with sudo privileges 🛠️ Step 1: Install Required Dependencies sudo apt update && sudo apt install -y curl wget git nginx 📆 Step 2: Install Hugo Manually (v0.147.8) wget https://github.com/gohugoio/hugo/releases/download/v0.147.8/hugo_0.147.8_linux-amd64.deb chmod +x hugo_0.147.8_linux-amd64.deb sudo dpkg -i hugo_0.147.8_linux-amd64.deb hugo version 🏠 Step 3: Create Your Hugo Site ...

Welcome to PacketRealm.io — my digital sanctum. I’m a homelab enthusiast and network engineer on a mission to understand the invisible threads that bind our digital world. Whether it’s Layer 2 magic, BGP sorcery, or deploying self-hosted services with just the right blend of elegance and redundancy, this realm is where ideas are forged and protocols come to life. 🧠 What I Do Network Engineering — From firewall rules to VLAN segmentation, my lab mimics enterprise-grade setups using open-source tools. System Architecture — I architect and maintain a hybrid environment using Proxmox, Docker, and virtualized infrastructure. Security & Identity — Integrating solutions like pfSense, Keycloak, and LDAP to secure and federate identity across services. Monitoring & Observability — Using tools like Prometheus, Grafana, Netdata to make sure no packet goes unnoticed. 🧪 My Lab Stack Includes pfSense (Primary + HA) Pi-hole (Redundant DNS sinkholes) Active Directory (Windows Server 2025) Dockerized services (like Nebula-sync) Prometheus + Grafana Hugo-powered website (this one!) 🌐 Why PacketRealm? Because every byte has a purpose. Every route hides a story. This is where packets go to become legends. ...