Disable tso gso
apt install ethtool
ethtool -K eno1 tso off gso off
vim /etc/network/interfaces
-----
iface eno1 inet manual
post-up ethtool -K eno1 tso off gso off || true
-----
Export zfs volume to qcow2
ls /dev/zvol/rpool/data
---
lrwxrwxrwx 1 root root 12 Jan 30 03:47 vm-100-disk-0 -> ../../../zd0
lrwxrwxrwx 1 root root 14 Jan 30 03:47 vm-100-disk-0-part1 -> ../../../zd0p1
---
qemu-img convert -p -f raw /dev/zd0 -O qcow2 /mnt/pve/remote-storagebox/convert/vm-100-disk-0.qcow2
Fail2ban
# Install
apt-get install fail2ban
vim /etc/fail2ban/jail.local
-----
[sshd]
enabled = true
filter = sshd
banaction = iptables
backend = systemd
maxretry = 5
bantime = -1
ignoreip = 127.0.0.1/8
-----
systemctl enable --now fail2ban
# View banned IP
fail2ban-client status sshd
Add Hetzner Box to PVE
pvesm add cifs remote-box --server u100000.your-storagebox.de --share backup --username u100000 --password <your-storage-box-password> --content backup
Add rsync backend
rsync --progress -e 'ssh -p23' --recursive /data u100000@u100000.your-storagebox.de:<target_directory>
PVE Kernel Pin
# List installed kernels
proxmox-boot-tool kernel list
# Install 5.13 kernel
apt install pve-kernel-5.13
# List installed kernels again to get latest kernel version
proxmox-boot-tool kernel list
# Pin 5.13.19-6-pve kernel
proxmox-boot-tool kernel pin 5.13.19-6-pve
# Save settings
proxmox-boot-tool refresh
# Reboot
# Unpin kernel
proxmox-boot-tool kernel unpin 5.13.19-6-pve
proxmox-boot-tool refresh
Create Lxc container
bash -c "$(wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/ct/debian.sh)"
Disable apparmor on priviled lxc container
# Execute on pve host
cd /etc/pve/lxc
vim 101.conf
# Add this config to the end:
---
...
lxc.apparmor.profile: unconfined
lxc.cap.drop:
---