From 7350b014037d55357241599ef85a8c4af89ba45d Mon Sep 17 00:00:00 2001
From: CroneKorkN <i@ckn.li>
Date: Thu, 5 Jun 2025 18:13:54 +0200
Subject: [PATCH] wip

---
 bundles/proxmox-ve/items.py           |  21 ++++++
 bundles/proxmox-ve/metadata.py        |  98 ++++++++++++++++++++++++++
 bundles/systemd-networkd/items.py     |   8 ++-
 data/apt/keys/proxmox-ve-bookworm.gpg | Bin 0 -> 1187 bytes
 groups/os/debian-11.py                |   3 +
 groups/os/debian-12-common.py         |  26 +++++++
 groups/os/debian-12-pve.py            |   9 +++
 groups/os/debian-12.py                |   4 ++
 groups/os/linux.py                    |   1 -
 nodes/home.router.py                  |   8 ++-
 nodes/home.server.py                  |   6 +-
 11 files changed, 178 insertions(+), 6 deletions(-)
 create mode 100644 bundles/proxmox-ve/items.py
 create mode 100644 bundles/proxmox-ve/metadata.py
 create mode 100644 data/apt/keys/proxmox-ve-bookworm.gpg
 create mode 100644 groups/os/debian-12-common.py
 create mode 100644 groups/os/debian-12-pve.py

diff --git a/bundles/proxmox-ve/items.py b/bundles/proxmox-ve/items.py
new file mode 100644
index 0000000..d00540f
--- /dev/null
+++ b/bundles/proxmox-ve/items.py
@@ -0,0 +1,21 @@
+files = {
+    '/etc/apt/apt.conf.d/10pveapthook': {
+        'content_type': 'any',
+        'mode': '0644',
+    },
+    '/etc/apt/apt.conf.d/76pveconf': {
+        'content_type': 'any',
+        'mode': '0444',
+    },
+    '/etc/apt/apt.conf.d/76pveproxy': {
+        'content_type': 'any',
+        'mode': '0444',
+    },
+    '/etc/network/interfaces': {
+        'content_type': 'any',
+    },
+}
+
+symlinks['/etc/ssh/ssh_host_rsa_key.pub'] = {
+    'target': '/etc/ssh/ssh_host_managed_key.pub',
+}
diff --git a/bundles/proxmox-ve/metadata.py b/bundles/proxmox-ve/metadata.py
new file mode 100644
index 0000000..52cc30a
--- /dev/null
+++ b/bundles/proxmox-ve/metadata.py
@@ -0,0 +1,98 @@
+defaults = {
+    'apt': {
+        'packages': {
+            'linux-image-amd64': {
+                'installed': False,
+            },
+            'proxmox-default-kernel': {},
+            # after reboot
+            'proxmox-ve': {},
+            'postfix': {},
+            'open-iscsi': {},
+            'chrony': {},
+            'os-prober': {
+                'installed': False,
+            },
+        },
+        'sources': {
+            'proxmox-ve': {
+                'options': {
+                    'aarch': 'amd64',
+                },
+                'urls': {
+                    'http://download.proxmox.com/debian/pve',
+                },
+                'suites': {
+                    '{codename}',
+                },
+                'components': {
+                    'pve-no-subscription',
+                },
+                'key': 'proxmox-ve-{codename}',
+            },
+        },
+    },
+    # 'nftables': {
+    #     'input': {
+    #         'tcp dport 8006 accept',
+    #     },
+    # },
+    'zfs': {
+        'datasets': {
+            'tank/proxmox-ve': {
+                'mountpoint': '/var/lib/proxmox-ve',
+            },
+        }
+    }
+}
+
+
+# @metadata_reactor.provides(
+#     'systemd',
+# )
+# def bridge(metadata):
+#     return {
+#         'systemd': {
+#             'units': {
+#                 # f'internal.network': {
+#                 #     'Network': {
+#                 #         'Bridge': 'br0',
+#                 #     },
+#                 # },
+#                 'br0.netdev': {
+#                     'NetDev': {
+#                         'Name': 'br0',
+#                         'Kind': 'bridge'
+#                     },
+#                 },
+#                 'br0.network': {
+#                     'Match': {
+#                         'Name': 'br0',
+#                     },
+#                     'Network': {
+#                         'Unmanaged': 'yes'
+#                     },
+#                 },
+#             },
+#         },
+#     }
+
+
+@metadata_reactor.provides(
+    'nginx/vhosts',
+)
+def nginx(metadata):
+    return {
+        'nginx': {
+            'has_websockets': True,
+            'vhosts': {
+                metadata.get('proxmox-ve/domain'): {
+                    'content': 'nginx/proxy_pass.conf',
+                    'context': {
+                        'target': 'https://localhost:8006',
+                        'websockets': True,
+                    }
+                },
+            },
+        },
+    }
diff --git a/bundles/systemd-networkd/items.py b/bundles/systemd-networkd/items.py
index 47bb2bd..f8b80c8 100644
--- a/bundles/systemd-networkd/items.py
+++ b/bundles/systemd-networkd/items.py
@@ -1,9 +1,6 @@
 assert node.has_bundle('systemd')
 
 files = {
-    '/etc/network/interfaces': {
-        'delete': True,
-    },
     '/etc/resolv.conf': {
         'content_type': 'mako',
     },
@@ -22,3 +19,8 @@ svc_systemd = {
     'systemd-networkd.service': {},
 }
 
+
+if not node.has_bundle('proxmox-ve'):
+    files['/etc/network/interfaces'] = {
+        'delete': True,
+    }
diff --git a/data/apt/keys/proxmox-ve-bookworm.gpg b/data/apt/keys/proxmox-ve-bookworm.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..8e6e95e806e13e71e6175e9433e61c8b965edaec
GIT binary patch
literal 1187
zcmV;U1YG->0u2OXgJqln5CF^rXIo4a$3{!qI0{XK^pS@vp;huGOd+dKK}<2F8PfX1
zWf%Lxk-IT9WvvaMILjf4;gr<sJ}Ikt&qEE~4p92nB>dsH+|(D6h18Mz72WuTXMP<s
zD2)+-$p>*9R(1aO)0SdrPuZ6k(zql`5Jf49aHba}!$=dmx-1s&1qbX!%19!rr1?HF
zYsk1fmeD`5yL(+S(YnJgJa=oubCegXLn7|juqzqZBrgAuWo>Djgl>tqaPIC_y0>1@
z6|duk)NVxb_w7~8E_>YK6c@(KkbwPnl0uiwEX~3NN^qQW13nmd0KksaCa!iT!4w*W
z_^5BYCr+zzb^$e{@NY?!ztqLujAb^Rfn2$xqg;}*+5acDnC)FT6No^;-=l@^!nPCB
zqJFgQs#u50RcjZQ&ve$Y_ucVvkJSUv(P>I`TQoB42EFF}xxM+F%^5_VQ6?Cvmjgw~
zg-bqnEicROZd(Bo_djVbPI?u=`!uK0Px-|U2Bu9_u7IrJm;lj9G98GXAzRR&H@F2S
z5$vJas!<O#64GyvJm$8g%rp!7V(uu=fBkgT<pq=YJB*sm6{cs{ToE?fx|WaD!^SDr
z*gdC|`Qd|RM&XPJ*g<(<-XA-i8BkHRu>OX&3ZOvko-THjD0!scq6Y^aCQ<~7Gt2VA
z<p<9yPvE<A*gXId0RRECI#6<Ncx`WZAVP0%Yj<yQZ6H!*Y-M3{Wgtssc_2J+a&LHT
zZ+I<oWo%_(b7eqqa&LHTZ+I?aZ*4w_0#pPO0SW*<79j-m;Woy6+~gYO-fzeeK(CKu
zo(wq!0%L<^oB|sI1ql+&0{{gJ2?z%Q1{Dek2nzxP76JnS0v-VZ7k~f?2@nxLua9G%
z3^}>?5BvxsA9&kMlDj=arG;cicsk#jpLH=)O$^-wyWp@MEcpDvu#p>Bjov+dvi%-+
ztJ284{ZW4X9!R19ds_5hHRQ>eYpav206~0TF+PygJ*R0sbbvx;l!m>{fU*JVH5FJ&
z0l0c`O93|wL7+DbsZOW>uSfUNYW|2Lo!mDtf=FK={1#uKfkj~_@dYDOvpbC`y%QTt
z8!xN|h3pm1A@Gfm^@`tn&S*uF2MH3ab6Px3>~9Di*gktsNs?4nHGZSR^G!I`gedM~
z<BTgPqB;iOuG<lW9uLh9nH$cz<qwdI488ff4bbDimo!`anr^48={oa>SZXf4p8FQi
zs<`~{1|zS;dAq<(lTB2_<G{%c*|R9oT3!7^K*7LFa>R*FA|s-x2M>&3@QO*RnzO#$
z!+~v^sL%u8W47sY1j5tedb;L>Jd^-?x<E$>ipbWa2%u`Tb9HWE!?)_?y^#_<B6CtR
zsPdWSN%<@5L`&iLjPt^6bARd<w!AiTAw?IOLbm3C-YtRDy)8c&y)|J4?cLtvcI1Oy
z6DwatYeg!7+01ky#k_FE&)`5V<{L~`vejtLU8~L!SJsd%AEzOs79$N=N_rG(@qTln
z8*X8if1U|tqFXl;fl_+zYNpwC^GL?LXYTIkzkyA!5A5b<xcq{TG6}RzMARk6`}*&k
BFxUV9

literal 0
HcmV?d00001

diff --git a/groups/os/debian-11.py b/groups/os/debian-11.py
index 81c8de7..bde0f45 100644
--- a/groups/os/debian-11.py
+++ b/groups/os/debian-11.py
@@ -2,6 +2,9 @@
     'supergroups': [
         'debian',
     ],
+    'bundles': [
+        'systemd-networkd',
+    ],
     'metadata': {
         'php': {
             'version': '7.4',
diff --git a/groups/os/debian-12-common.py b/groups/os/debian-12-common.py
new file mode 100644
index 0000000..4c3e8ba
--- /dev/null
+++ b/groups/os/debian-12-common.py
@@ -0,0 +1,26 @@
+{
+    'metadata': {
+        'apt': {
+            'sources': {
+                'debian': {
+                    'components': {
+                        'non-free-firmware',
+                    },
+                },
+                'debian-security': {
+                    'components': {
+                        'non-free-firmware',
+                    },
+                },
+            },
+        },
+        'php': {
+            'version': '8.2',
+        },
+        'postgresql': {
+            'version': '15',
+        },
+        'os_codename': 'bookworm',
+    },
+    'os_version': (12,),
+}
diff --git a/groups/os/debian-12-pve.py b/groups/os/debian-12-pve.py
new file mode 100644
index 0000000..ea29665
--- /dev/null
+++ b/groups/os/debian-12-pve.py
@@ -0,0 +1,9 @@
+{
+    'supergroups': [
+        'debian',
+        'debian-12-common',
+    ],
+    'bundles': [
+        'ifupdown',
+    ],
+}
diff --git a/groups/os/debian-12.py b/groups/os/debian-12.py
index e749175..6318024 100644
--- a/groups/os/debian-12.py
+++ b/groups/os/debian-12.py
@@ -1,6 +1,10 @@
 {
     'supergroups': [
         'debian',
+        'debian-12-common',
+    ],
+    'bundles': [
+        'systemd-networkd',
     ],
     'metadata': {
         'apt': {
diff --git a/groups/os/linux.py b/groups/os/linux.py
index 3b38dd0..21f82a3 100644
--- a/groups/os/linux.py
+++ b/groups/os/linux.py
@@ -14,7 +14,6 @@
         'system',
         'systemd',
         'systemd-journald',
-        'systemd-networkd',
         'systemd-mount',
         'systemd-timers',
         'users',
diff --git a/nodes/home.router.py b/nodes/home.router.py
index d5ace54..b4ec4fc 100644
--- a/nodes/home.router.py
+++ b/nodes/home.router.py
@@ -18,7 +18,7 @@
                 'interface': 'enx00e04c220682',
                 'ipv4': '10.0.99.126/24',
                 'gateway4': '10.0.99.1',
-                'vlans': {'iot', 'internet', 'guest', 'rolf', 'internal'},
+                'vlans': {'iot', 'internet', 'guest', 'rolf', 'internal', 'proxmox'},
             },
             'internal': {
                 'type': 'vlan',
@@ -37,6 +37,12 @@
                 'id': 3,
                 'ipv4': '10.0.3.1/24',
             },
+            'proxmox': {
+                'type': 'vlan',
+                'id': 4,
+                'ipv4': '10.0.4.1/24',
+                'dhcp_server': True,
+            },
             'guest': {
                 'type': 'vlan',
                 'id': 9,
diff --git a/nodes/home.server.py b/nodes/home.server.py
index b8e6c80..cef6c5b 100644
--- a/nodes/home.server.py
+++ b/nodes/home.server.py
@@ -35,6 +35,7 @@
         #'tasmota-charge',
         'wol-waker',
         'zfs',
+        'proxmox-ve',
     ],
     'metadata': {
         'id': 'af96709e-b13f-4965-a588-ef2cd476437a',
@@ -47,7 +48,7 @@
         },
         'apt': {
             'packages': {
-                'firmware-realtek': {},
+                # 'firmware-realtek': {}, proxmox-ve incompatibility
             },
         },
         'build-server': {
@@ -124,6 +125,9 @@
                 'unsortable': 'SofortUpload/Unsortable',
             },
         },
+        'proxmox-ve': {
+            'domain': 'pve.ckn.li',
+        },
         'raspberrymatic-cert': {
             'domain': 'homematic.ckn.li',
             'node': 'home.homematic',