Background: I’d like to turn an old personal laptop into a Jellyfin server so that I can stream media to my living room TV. I want to be able to expand what I use this server for over time. I’m leaning toward Proxmox as the OS so that I can spin up new containers for various services instead of installing a bunch of services on a base Debian install. I also want full disk encryption so that any data on the OS drive is less likely to be compromised by theft or Craigslist.

Question #1: I gather the general accepted approach for this is to first install Debian as a base w/ full disk encryption enabled and then install Proxmox on top because there is no option for full disk encryption in the native installer for Proxmox. Is this still the case?

Excerpt from this tutorial from November 2023 on the Proxmox Forum:

This tutorial deals with encryption of an existing installation. If you are starting fresh, my recommendation would be to install Debian with full disk encryption and then add Proxmox to it.

Excerpt from this post from February 2019 on the Level1Techs Forum:

The easiest way to do an encrypted Proxmox setup is to start with a minimal, vanilla Debian install. Set up the encrypted partition using the installer like you would with any other Debian system. Once installed, reboot. Then follow the guide for installing Proxmox on Debian.

Question #2: I don’t mind entering the key manually whenever I reboot the server, but will I be able to unlock the server remotely? For example, suppose I’m tinkering in the web admin panel or an SSH session and I want/need to reboot—will I have to physically go over to the laptop and enter the key every time?

Also, I appreciate any other tips from the community to help me think about this in the right way. Thanks!

  • barnaclebill@lemmy.dbzer0.comOPEnglish
    3·
    21 hours ago

    You swapped the kernel? I guess I’ll find out soon enough when I attempt my setup, but as I gather up the motivation to dive in, I’m assuming it will be as simple as installing a proxmox package or something. I guess I should re-read the guides. 🤣

    That would be dope if you wouldn’t mind sharing your notes. There’s a decent amount of documentation out there already, but I often find it extremely valuable to read different people’s perspectives from real life experience in addition to the official guides. No pressure. Either way, thanks for chiming in!

    • jjffnn@feddit.dkEnglish
      1·
      12 hours ago

      It took some time as i had to find a moment to translate my notes.
      I did my best with formatting but for some reason new paragraphs aren’t a thing i can get working in an untiered list in a lemmy comment 🤷
      I presume some basic knowledge of linux and how to install an OS on a machine, but i’ve tried to add every single step with commands.
      If anybody knows an easier way or have any comments regarding this, feel free to educate me.

      Here is the way i installed it:

      Switching the kernel:

      • Install default debian bookworm without desktop environment, but with “standard systems utilities” and “ssh server”
        • Don’t forget to LUKS it, or else you could have just used the proxmox iso 😉
        • SSH server could probably be omitted if everything is done directly on the machine, but i wanted it so i could copy/paste commands
      • Boot and log in as root
      • Check /etc/hosts and change the ip in front of the hostname to the static ip of the machine
      • Check with hostname --ip-address, it should return the ip-address
      • Add proxmox repo with echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bookworm pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
      • Add proxmox key with wget https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
      • Run apt update && apt full-upgrade
      • Install proxmox kernel with apt install proxmox-default-kernel
      • Restart with systemctl reboot
      • NOTE: The machine will boot and get stuck on loading initial ramdisk, type in the LUKS key and press enter despite not getting a prompt

      Installing the packages

      • Install Proxmox packages with apt install proxmox-ve postfix open-iscsi chrony
        • Postfix needs to be configured, if no mailserver choose local only and let system name stay as default
      • Remove debian kernel with apt remove linux-image-amd64 'linux-image-6.1
      • Update and check grub config with update-grub
        • Seems redundant, because i think it does this by it self when running the command above
      • If proxmox is the only OS, remove os-proper with apt remove os-prober
        • This gave me an error about it not being empty, but it fixed itselv after a reboot
      • I think a reboot is needed here, but i honestly don’t remember. If in doubt run systemctl reboot

      Adding SSH access for root user
      It’s easier to copy/paste commands, this requires SSH access to the server
      This can be done at any point. I did it as soon as i installed debian, and then removed it as i booted into proxmox

      • Edit /etc/ssh/sshd_config with nano /etc/ssh/sshd_config
      • Around line 32 find #PermitRootLogin without-password and make en new line below it and write PermitRootLogin yes.
        • The commented line can be edited but i find it easier to add the line as it needs to be removed again later
      • Restart the SSH server with /etc/init.d/ssh restart
      • When done with copy/pasting the commands it’s better to remove root SSH access again, this is done by removing the line that was added above

      Removing debian user
      This removes the user that was made as part of installing debian. It can probably be used, but i found it better to add all needed users once i got in to proxmox instead the [username] of course needs to be changed out for the username you used when you installed debian.

      • Log in to the terminal as root
      • Find the list of users with grep ‘users’ /etc/group
      • Use deluser [username] to remove the user