Quartz sync: Mar 3, 2026, 10:47 PM
This commit is contained in:
99
content/homelab/guides/Create a TrueNAS test vm.md
Normal file
99
content/homelab/guides/Create a TrueNAS test vm.md
Normal file
@@ -0,0 +1,99 @@
|
||||
---
|
||||
title: Create a TrueNAS test vm
|
||||
publish: true
|
||||
date: 2026-01-14
|
||||
tags:
|
||||
- guide
|
||||
description:
|
||||
---
|
||||
# TrueNAS Scale VM: Configuring Virtual Disk Serials
|
||||
|
||||
## Overview
|
||||
|
||||
This guide explains how to assign custom serial numbers to Proxmox virtual disks.
|
||||
|
||||
This is required for TrueNAS Scale to correctly identify disks and form ZFS pools in a virtualized environment.
|
||||
|
||||
> [!WARNING] **Test Labs Only**
|
||||
> Never use virtual disks for production TrueNAS deployments. It prevents ZFS from accessing SMART data and increases data loss risk.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
* A running PVE node.
|
||||
* A created TrueNAS Scale VM on your PVE node.
|
||||
* Basic shell knowledge.
|
||||
|
||||
---
|
||||
|
||||
## Steps
|
||||
|
||||
### Step 1: Locate VM Config
|
||||
|
||||
Open an SSH connection to your Proxmox node and identify your TrueNAS VM ID (e.g., `100`).
|
||||
|
||||
### Step 2: Add Serial Numbers
|
||||
|
||||
Edit the QEMU server configuration file for your VM:
|
||||
|
||||
```bash
|
||||
vi /etc/pve/qemu-server/${TRUENAS_VMID}.conf
|
||||
|
||||
```
|
||||
|
||||
Locate the lines defining your hard disks (usually starting with `scsi`). Append a unique serial parameter `,serial=XXXX` to the end of each disk line.
|
||||
|
||||
**Example Configuration:**
|
||||
|
||||
```ini
|
||||
# Before
|
||||
scsi1: local-lvm:vm-100-disk-1,discard=on,iothread=1,size=16G,ssd=1
|
||||
scsi2: local-lvm:vm-100-disk-2,discard=on,iothread=1,size=16G,ssd=1
|
||||
|
||||
# After (Ensure every serial string is unique)
|
||||
scsi1: local-lvm:vm-100-disk-1,discard=on,iothread=1,size=16G,ssd=1,serial=TRUENAS-01
|
||||
scsi2: local-lvm:vm-100-disk-2,discard=on,iothread=1,size=16G,ssd=1,serial=TRUENAS-02
|
||||
|
||||
```
|
||||
|
||||
### Step 3: Apply Changes
|
||||
|
||||
For these hardware changes to register, you must fully stop and start the VM (a reboot is not sufficient).
|
||||
|
||||
```bash
|
||||
qm stop ${TRUENAS_VMID}
|
||||
qm start ${TRUENAS_VMID}
|
||||
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Verification
|
||||
|
||||
Open the Shell inside your running TrueNAS VM and run:
|
||||
|
||||
```bash
|
||||
lsblk -o NAME,SERIAL,SIZE
|
||||
|
||||
```
|
||||
|
||||
**Expected Output:**
|
||||
|
||||
```text
|
||||
NAME SERIAL SIZE
|
||||
sda TRUENAS-01 16G
|
||||
sdb TRUENAS-02 16G
|
||||
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### "Disk Serial" or Multipath Errors
|
||||
|
||||
**Problem:** TrueNAS complains about duplicate disks or fails to create the pool.
|
||||
**Solution:** You likely pasted the same serial number for multiple disks. Re-open the `.conf` file and ensure every `serial=...` string is unique.
|
||||
|
||||
---
|
||||
|
||||
**Created:** 2026-01-14
|
||||
110
content/homelab/guides/GPU PASSTHROUGH.md
Normal file
110
content/homelab/guides/GPU PASSTHROUGH.md
Normal file
@@ -0,0 +1,110 @@
|
||||
---
|
||||
title: GPU PASSTHROUGH
|
||||
publish: true
|
||||
date: 2026-02-18
|
||||
tags:
|
||||
- guide
|
||||
description:
|
||||
---
|
||||
|
||||
# GPU PASSTHROUGH
|
||||
|
||||
## Overview
|
||||
|
||||
What this guide covers and what you'll accomplish.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Requirement 1
|
||||
- Requirement 2
|
||||
- Required knowledge
|
||||
|
||||
## What You'll Need
|
||||
|
||||
- Hardware/software requirements
|
||||
- Tools
|
||||
- Access requirements
|
||||
|
||||
## Steps
|
||||
|
||||
### Step 1: Setup
|
||||
|
||||
|
||||
|
||||
```bash
|
||||
echo "blacklist nouveau" >> /etc/modprobe.d/blacklist.conf
|
||||
echo "blacklist nvidia*" >> /etc/modprobe.d/blacklist.conf
|
||||
```
|
||||
|
||||
|
||||
```bash
|
||||
lspci -v
|
||||
```
|
||||
|
||||
You should find the id of your device, in my case it is 01:00 which is pretty common.
|
||||
|
||||
Then look out for the specific code of your device.
|
||||
|
||||
```bash
|
||||
lspci -n -s 01:00
|
||||
```
|
||||
|
||||
Then you just have to add it to vfio.
|
||||
|
||||
```bash
|
||||
echo "options vfio-pci ids=10de:1b81,10de:10f0 disable_vga=1" > /etc/modprobe.d/vfio.conf
|
||||
```
|
||||
|
||||
|
||||
```bash
|
||||
update-initramfs -u
|
||||
```
|
||||
|
||||
```bash
|
||||
reboot now
|
||||
```
|
||||
|
||||
### Step 2: Configuration
|
||||
|
||||
Continue with configuration steps.
|
||||
|
||||
```bash
|
||||
# More commands
|
||||
```
|
||||
|
||||
### Step 3: Verification
|
||||
|
||||
How to verify everything is working.
|
||||
|
||||
```bash
|
||||
# Verification commands
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Issue 1
|
||||
|
||||
**Problem**: Description of the problem
|
||||
|
||||
**Solution**: How to fix it
|
||||
|
||||
### Issue 2
|
||||
|
||||
**Problem**: Description
|
||||
|
||||
**Solution**: Fix
|
||||
|
||||
## Next Steps
|
||||
|
||||
- What to do after completing this guide
|
||||
- Related guides
|
||||
- Advanced configurations
|
||||
|
||||
## References
|
||||
|
||||
- Links to documentation
|
||||
- Related resources
|
||||
|
||||
---
|
||||
|
||||
*Created: 2026-02-18*
|
||||
85
content/homelab/guides/Step CA.md
Normal file
85
content/homelab/guides/Step CA.md
Normal file
@@ -0,0 +1,85 @@
|
||||
---
|
||||
title: Step CA
|
||||
publish: true
|
||||
date: 2026-01-20
|
||||
tags:
|
||||
- guide
|
||||
- network
|
||||
- security
|
||||
- CA
|
||||
- PKI
|
||||
description:
|
||||
---
|
||||
|
||||
# Step CA
|
||||
|
||||
## Overview
|
||||
|
||||
A guide to setting up *step-ca*
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Requirement 1
|
||||
- Requirement 2
|
||||
- Required knowledge
|
||||
|
||||
## What You'll Need
|
||||
|
||||
- Hardware/software requirements
|
||||
- Tools
|
||||
- Access requirements
|
||||
|
||||
## Steps
|
||||
|
||||
### Step 1: Setup
|
||||
|
||||
Detailed instructions for the first step.
|
||||
|
||||
```bash
|
||||
# Example commands
|
||||
```
|
||||
|
||||
### Step 2: Configuration
|
||||
|
||||
Continue with configuration steps.
|
||||
|
||||
```bash
|
||||
# More commands
|
||||
```
|
||||
|
||||
### Step 3: Verification
|
||||
|
||||
How to verify everything is working.
|
||||
|
||||
```bash
|
||||
# Verification commands
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### Issue 1
|
||||
|
||||
**Problem**: Description of the problem
|
||||
|
||||
**Solution**: How to fix it
|
||||
|
||||
### Issue 2
|
||||
|
||||
**Problem**: Description
|
||||
|
||||
**Solution**: Fix
|
||||
|
||||
## Next Steps
|
||||
|
||||
- What to do after completing this guide
|
||||
- Related guides
|
||||
- Advanced configurations
|
||||
|
||||
## References
|
||||
|
||||
- Links to documentation
|
||||
- Related resources
|
||||
|
||||
---
|
||||
|
||||
*Created: 2026-01-20*
|
||||
29
content/homelab/guides/Terraform provider.md
Normal file
29
content/homelab/guides/Terraform provider.md
Normal file
@@ -0,0 +1,29 @@
|
||||
---
|
||||
title: Terraform provider
|
||||
publish: true
|
||||
tags:
|
||||
-
|
||||
---
|
||||
|
||||
# Terraform provider
|
||||
|
||||
Create the Terraform role.
|
||||
|
||||
```bash
|
||||
pveum role add TerraformProv -privs "Datastore.Allocate Datastore.AllocateSpace Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Modify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.Console VM.Migrate VM.Monitor VM.PowerMgmt SDN.Use"
|
||||
```
|
||||
|
||||
|
||||
```bash
|
||||
pveum user add terraform-prov@pve
|
||||
```
|
||||
|
||||
```bash
|
||||
pveum aclmod / -user terraform-prov@pve -role TerraformProv
|
||||
```
|
||||
|
||||
|
||||
```bash
|
||||
pveum user token add terraform-prov@pve terraform -expire 0 -privsep 0 -comment "Terraform token"
|
||||
```
|
||||
|
||||
@@ -0,0 +1,116 @@
|
||||
---
|
||||
title: Trust a certificate from a private local certificate authority
|
||||
publish: true
|
||||
date: 2026-01-11
|
||||
tags:
|
||||
- guide
|
||||
- step-ca
|
||||
- runbook
|
||||
description:
|
||||
---
|
||||
|
||||
# Trust a certificate from a private local certificate authority
|
||||
|
||||
## Overview
|
||||
|
||||
Make your device trust your private CA for TLS encryption.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- A local CA running (in our case step-ca) and reachable at `CA_URL`, for instance `https://local-ca.homelab.internal:443`
|
||||
- An end device with access to a normal shell (*eww, Powershell*).
|
||||
- very basic understanding of what a PKI is and how certificate trust works.
|
||||
|
||||
|
||||
### Initial problem
|
||||
|
||||
When doing
|
||||
|
||||
```bash
|
||||
curl $CA_URL
|
||||
```
|
||||
|
||||
you get :
|
||||
|
||||
```
|
||||
curl: (60) SSL certificate problem: unable to get local issuer certificate
|
||||
More details here: https://curl.se/docs/sslcerts.html
|
||||
|
||||
curl failed to verify the legitimacy of the server and therefore could not
|
||||
establish a secure connection to it. To learn more about this situation and
|
||||
how to fix it, please visit the webpage mentioned above.
|
||||
```
|
||||
|
||||
Which is normal as your root Certificate authority uses a self-signed certificate.
|
||||
|
||||
## Steps
|
||||
|
||||
### Step 1: Setup
|
||||
|
||||
If not already done, install step cli on your end-device :
|
||||
|
||||
```bash
|
||||
brew install step
|
||||
```
|
||||
|
||||
refer to official documentation https://smallstep.com/docs/step-ca/installation/ for additional installation details for your OS.
|
||||
|
||||
### Step 2 : get CA fingerprint
|
||||
|
||||
`CA_FINGERPRINT` is the fingerprint of your root certificate.
|
||||
|
||||
If you don't have any other device than Step CA with the CA configured, run
|
||||
|
||||
Inside of your host/container running step CA (or any client with step ca already configured)
|
||||
|
||||
```bash
|
||||
step certificate fingerprint <(step ca root)
|
||||
```
|
||||
|
||||
### Step 3: Bootstrap cert
|
||||
|
||||
You'll need to run :
|
||||
|
||||
```bash
|
||||
step ca bootstrap --ca-url $CA_URL --fingerprint $CA_FINGERPRINT
|
||||
```
|
||||
|
||||
|
||||
where `CA_URL` is the address of the CA with protocol
|
||||
|
||||
### Step 3 : Install certificate
|
||||
|
||||
|
||||
```bash
|
||||
step certificate install <(step ca root)
|
||||
```
|
||||
|
||||
|
||||
### Step 4: Verification
|
||||
|
||||
In most modern distributions and *UNIX* derivatives, curl (particularly when installed by default) is configured to run with the system trust store
|
||||
|
||||
Now after running
|
||||
|
||||
```bash
|
||||
curl $CA_URL
|
||||
```
|
||||
|
||||
you get
|
||||
|
||||
`404 page not found`
|
||||
|
||||
Which is completely fine.
|
||||
|
||||
### You successfuly installed a certificate.
|
||||
|
||||
## References
|
||||
|
||||
- https://smallstep.com/docs/step-ca/installation/
|
||||
- Related resources
|
||||
|
||||
|
||||
|
||||
---
|
||||
|
||||
*Created: 2026-01-11*
|
||||
Reference in New Issue
Block a user