Proxmox Initial Install & Provisioning#

This guide contains the steps performed immediately after installing Proxmox VE. These steps are designed to be integrated into the ultimate_master_restore.sh script.

1 System Maintenance#

1.1 Update System (Included in Restore script)#

apt update && apt full-upgrade -y
apt autoremove && apt autoclean

2 SSH Configuration#

2.1 Configure SSH Public Key (Included in Restore script)#

Edit authorized keys:

nano ~/.ssh/authorized_keys

Paste SSH keys for 1Password Private note

Restart SSH:

systemctl restart sshd

Edit SSH config:

nano /etc/ssh/sshd_config

Ensure:

PermitRootLogin prohibit-password
PubkeyAuthentication yes

Apply:

systemctl restart sshd

2.3 Enable Warp Terminal Support (Included in Restore script)#

echo -e '\n# Auto-Warpify\nprintf '\''\eP$f{"hook": "SourcedRcFileForWarp", "value": { "shell": "bash", "uname": "'$(uname)'" }}\x9c'\'' ' >> ~/.bashrc

3 SSD Wear Reduction#

3.1 Disable HA Cluster Services (Included in Restore script)#

Do NOT perform this if the node is part of a cluster.

systemctl stop pve-ha-lrm
systemctl disable pve-ha-lrm
systemctl stop pve-ha-crm
systemctl disable pve-ha-crm

3.2 Disable Swap (Included in Restore script)#

swapoff /dev/pve/swap
lvchange -a n /dev/pve/swap
lvremove /dev/pve/swap

3.3 Install log2ram (Included in Restore script)#

Protect the boot SSD by mounting logs in RAM.

# Reduce log size
journalctl --vacuum-size=200M
# Install log2ram
git clone https://github.com/azlux/log2ram.git
cd log2ram && ./install.sh
# Set SIZE=512M in /etc/log2ram.conf
systemctl enable log2ram

4 User Management#

4.1 Installing N8N Restricted User (Included in Restore script)#

adduser --system --home /home/n8n --shell /bin/bash --group n8n
mkdir -p /home/n8n/.ssh
# Add public key
nano /home/n8n/.ssh/authorized_keys
# Fix permissions
chmod 755 /home/n8n
chmod 700 /home/n8n/.ssh
chmod 600 /home/n8n/.ssh/authorized_keys
chown -R n8n:n8n /home/n8n/.ssh

5 Storage & Hardware#

5.1 Partition Unused Disk Space (Included in Restore script)#

fdisk /dev/sda
# Inside fdisk: F -> n -> p -> w

5.2 Hardware Passthrough - IOMMU (Included in Restore script)#

# Modify /etc/default/grub:
GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on" 
update-grub
reboot

5.3 ZFS atime Optimization#

# Disable atime on main pool
zfs set atime=off Storage

6 Performance & Monitoring#

6.1 Limit ZFS ARC Cache & IPMI (Included in Restore script)#

apt install ipmitool -y
modprobe ipmi_devintf
modprobe ipmi_si
echo "ipmi_devintf" >> /etc/modules
echo "ipmi_si" >> /etc/modules
echo "options zfs zfs_arc_max=68719476736" > /etc/modprobe.d/zfs.conf
update-initramfs -u

6.2 CPU Scaling Governor Service#

Enforce “powersave” mode at boot.

cat <<EOF > /etc/systemd/system/cpu-governor.service
[Unit]
Description=Set CPU Scaling Governor to Powersave
After=multi-user.target

[Service]
Type=oneshot
ExecStart=/usr/bin/bash -c 'echo "powersave" | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor'
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target
EOF

systemctl daemon-reload
systemctl enable --now cpu-governor.service

6.3 Hardware Monitoring#

ipmitool dcmi power reading | grep "Instantaneous"
ipmitool sensor | grep -i "DutyCycle"

7 Security & Notifications#

7.1 Remove Subscription Nag (Included in Restore script)#

Modify /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js: Add:

orig_cmd ();
return;

to checked_command.

7.2 Email Notifications - SMTP (Included in Restore script)#

Configure SMTP targets in Datacenter > Notifications for smtp.gmail.com.

7.3 Fail2ban Configuration (Included in Restore script)#

Create /etc/fail2ban/jail.local and filters for Proxmox. (See Setup Guide for full config).

8 Utilities & Customization#

8.1 UPS tool (Included in Restore script)#

Install NUT client to connect to UPS.

8.2 Permanent Bash SSH Aliases (Included in Restore script)#

Add power management aliases to /root/.bashrc.