From 5481292b7faf7055f21892151f82627d1aa5c3cf Mon Sep 17 00:00:00 2001 From: "Rasmus \"Pez\" Wejlgaard" Date: Wed, 13 May 2026 21:09:54 +0100 Subject: [PATCH] fix: remove subscription nag and lock down proxmox (#106) --- ansible/roles/proxmox_ve/handlers/main.yml | 9 +++++++++ ansible/roles/proxmox_ve/tasks/main.yml | 19 +++++++++++++++++++ docs/hosts/london-a.md | 13 ++++++------- 3 files changed, 34 insertions(+), 7 deletions(-) diff --git a/ansible/roles/proxmox_ve/handlers/main.yml b/ansible/roles/proxmox_ve/handlers/main.yml index 2b3020c..06d5eaf 100644 --- a/ansible/roles/proxmox_ve/handlers/main.yml +++ b/ansible/roles/proxmox_ve/handlers/main.yml @@ -2,3 +2,12 @@ - name: Update apt cache ansible.builtin.apt: update_cache: true + +- name: Restart pveproxy + ansible.builtin.service: + name: pveproxy + state: restarted + +- name: Reload ufw + community.general.ufw: + state: enabled diff --git a/ansible/roles/proxmox_ve/tasks/main.yml b/ansible/roles/proxmox_ve/tasks/main.yml index e1f413f..3b427f1 100644 --- a/ansible/roles/proxmox_ve/tasks/main.yml +++ b/ansible/roles/proxmox_ve/tasks/main.yml @@ -25,3 +25,22 @@ - name: Update apt cache ansible.builtin.apt: update_cache: true + +# Patch is re-applied automatically on each Ansible run, which handles pve-manager package updates +# reverting the file. +- name: Suppress Proxmox subscription nag dialog + ansible.builtin.replace: + path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js + regexp: "if \\(res === null \\|\\| res === undefined \\|\\| !res \\|\\| res\\.data\\.status\\.toLowerCase\\(\\) !== 'active'\\)" + replace: "if (false)" + notify: Restart pveproxy + +- name: Allow Proxmox web UI on Tailscale only + community.general.ufw: + rule: allow + port: '8006' + proto: tcp + interface: tailscale0 + direction: in + comment: "Proxmox web UI - Tailscale only" + notify: Reload ufw diff --git a/docs/hosts/london-a.md b/docs/hosts/london-a.md index 43f0d49..f17ba92 100644 --- a/docs/hosts/london-a.md +++ b/docs/hosts/london-a.md @@ -1,15 +1,15 @@ # london-a -VM host. Runs KVM virtual machines via Cockpit. +Proxmox VE hypervisor. ## Overview | | | |---|---| | **Location** | London (NW9) | -| **OS** | Debian | -| **Tailscale IP** | 100.90.111.19 | -| **Role** | VM host (Cockpit + KVM) | +| **OS** | Proxmox VE (Debian Bookworm) | +| **Tailscale IP** | 100.122.180.98 | +| **Role** | Hypervisor (Proxmox VE) | ## Hardware @@ -19,14 +19,13 @@ VM host. Runs KVM virtual machines via Cockpit. | Memory | 32 GB | | Boot disk | 1 TB | -Old gaming PC. Reinstalled with Debian in 2026-05 after moving monitoring to Grafana Cloud. +Old gaming PC. Runs Proxmox VE on bare metal. ## Services | Service | Port | Status | Notes | |---------|------|--------|-------| -| Cockpit | 9090 | Active | Web UI for VM management | -| cockpit-machines | — | Active | KVM/libvirt VM management via Cockpit | +| Proxmox VE | 8006 | Active | Web UI — Tailscale only | | Tailscale | — | Active | Mesh networking | ## Networking