====== Proxmox VE Server Setup ======
This is a summary of steps to install Proxmox.
  * Install Proxmox VE
  * Under DNS, add all DNS servers
  * Under Hosts, add all Proxmox hosts  

==== Configure NTP ====
   # nano /etc/chrony/chrony.conf
      Add 'server 139.169.206.5 iburst' and 'server 198.122.144.26 iburst'
   # systemctl restart chronyd
   # journalctl --since -1h -u chrony

==== Configure Repositories ====
  * Navigate to Updates > Repositories. Highlight the enterprise repos and click the Disable button.
  * Click 'Add' and the No-Subscription repo and the Ceph Quincy no-subscription repo.
  * Navigate to Updates and select 'Refresh'
  * Click 'Upgrade'

==== Configure Storage ====   
  * Under Disks, add storage disks by using 'Initialize disk with GPT'
  * Under Disks/LVM-Thin, add the new disk
  * Under Local/ISO Images, upload ISO images for creating VMs
   
==== Configure Cluster ====
Checklist 
  * Dedicated NICs for the cluster
  * < 5ms latency
  * Use IP addresses, not names
  * HA requires at least 3 hosts
  * The cluster name cannot be changed later
  * Changing the hostname and IP is not possible after cluster creation

===== Ubuntu VMs =====
Install an approved release of Ubuntu from an ISO file
  > sudo nano /etc/ssh/sshd_config
    change "PermitRootLogin without-password" to "PermitRootLogin yes"
  > sudo apt install network-manager
  > sudo nano /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
    Add the line
    network: {config: disabled}
  > sudo nano /etc/netplan/50-cloud-init.yaml
    Edit the file with static IP settings: 
    network:
      version: 2
      ethernets:
        ens18:
          dhcp4: false
          dhcp6: false
          addresses:
            - 139.169.156.11/24
          routes:
            - to: default
              via: 139.169.156.1
          nameservers:
             addresses:
               - 139.169.16.150
               - 139.169.31.2

  > sudo nano /etc/sysctl.conf
     Insert the following lines at the bottom of the file:
      # Disable IPv6
      net.ipv6.conf.all.disable_ipv6 = 1
      net.ipv6.conf.default.disable_ipv6 = 1
      net.ipv6.conf.lo.disable_ipv6 = 1
  > sudo sysctl -p

=== Misc ===
  > sudo apt install nano
  > sudo apt install nfs-common
  > sudo apt install net-tools
  > sudo apt install nmap

=== Webmin ===
  > sudo curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
  > sudo sh setup-repos.sh
  > sudo apt install --install-recommends webmin
  > systemctl status webmin.service

==== firewalld ====
   >



==== NTP Client ====
  > sudo apt install ntp
  > sudo nano /etc/ntpsec/ntp.conf
    server 139.169.206.5 prefer
    (Remove other server & pool sources)
  > ntpq -p

==== Guest Agent ====
  > sudo apt install qemu-guest-agent 
  > sudo systemctl enable qemu-guest-agent
  Shutdown the VM
  Under VM options, enable 'QEMU Guest Agent'
  Start the VM
  > systemctl status qemu-guest-agent.service

==== Squid ====
   > 

==== Apache ====
   > 

=== Apache SSL ===
   Create a CSR:
   >

=== Nagios ===
Do NOT install Nagios using repositories.  It's unsupported!
   > su


=== MariaDB ===
  >

=== phpMyAdmin ===
  >   

==== Mumble Server ====
   > sudo apt install mumble-server
   > sudo dpkg-reconfigure mumble-server
   > sudo nano /etc/mumble-server.ini
      users=100
      welcometext="<br />Welcome to the CTSD <b>Murmur</b> server.<br /><br />By accessing and using this information system, you acknowledge and consent to the following:<br />   You are accessing a <b>U.S. Government information system</b>, which includes:<br />   (1) this computer<br />   (2) this computer network<br />   (3) all computers connected to this network including end user systems<br />   (4) all devices and storage media attached to this network or to any computer on this network<br />   (5) cloud and remote information services.<br /><br />This information system is provided for U.S. Government-authorized use only.<br />You have no reasonable expectation of privacy regarding any communication transmitted through or data stored on this information system.<br />At any time, and for any lawful purpose, the U.S. Government may monitor, intercept, search, and seize any communication or data transiting, stored on, or traveling to or from this information system.<br />You are NOT authorized to process classified information on this information system.<br />Unauthorized or improper use of this system may result in suspension or loss of access privileges, disciplinary action, and civil and/or criminal penalties.<br />"
  
==== UniFi Network Controller ====
  >


===== Windows VMs =====
  * Configure the VM to use VirtIO network adapter(s)
  * Install an approved release of Windows from an ISO file
  * To install the VirtIO network drivers, mount the VirtIO ISO file and run virtio-win-gt-x64
  * To install the enable QEMU agent, run guest-agent\qemu-ga-x86_64.msi
  * SHUTDOWN the VM, in the Options menu enable the QEMU guest agent then start the VM.
  * Enable the administrative share 

  REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f


===== Debian VMs =====
Install Debian 12 from an ISO file
  > sudo nano /etc/ssh/sshd_config
    change "PermitRootLogin without-password" to "PermitRootLogin yes"
  
  > sudo nano /etc/network/interfaces
    # The primary network interface
    allow-hotplug ens18
    auto ens18
    iface ens18 inet static
       address 192.168.10.103
       netmask 255.255.255.0
       gateway 192.168.10.1
       dns-nameservers 192.168.10.107 192.168.10.1

==== No-IP DUC ====
   > mkdir /home/username/noip
   > cd /home/username/noip
   > wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
   > tar vzxf noip-duc-linux.tar.gz
   > cd noip-xxx
   > sudo make
   > sudo make install
   > sudo noip2 ­-S
   To reconfigure the client: /usr/local/bin/noip2 -C