cmer · January 4, 2024 10:40
diff --git a/proxmox-fresh.sh b/proxmox-fresh.sh
 #!/bin/bash

 apt update -y
 apt install -y lsb-release sudo vim screen curl htop
 RELEASE=`lsb_release -sc`

 # Install no-nag
 cd /tmp
 curl -s https://api.github.com/repos/Jamesits/pve-fake-subscription/releases/latest \
 | grep "browser_download_url.*deb" \
 | cut -d : -f 2,3 \
 | tr -d \" \
 | wget -qi -
 dpkg -i pve-fake-subscription_*_all.deb
 echo "127.0.0.1 shop.maurer-it.com" | sudo tee -a /etc/hosts

 # Enable community repo
 echo "deb http://download.proxmox.com/debian/pve $RELEASE pve-no-subscription" > /etc/apt/sources.list.d/pve-community.list
 rm /etc/apt/sources.list.d/pve-enterprise.list

 # Add microcode repo
 echo "deb http://deb.debian.org/debian bullseye main contrib non-free
 deb http://security.debian.org/debian-security bullseye-security main contrib non-free
 deb http://deb.debian.org/debian bullseye-updates main contrib non-free" > /etc/apt/sources.list

 apt update -y

 # Enable IOMMU for PCI passthrough
 echo "vfio
 vfio_iommu_type1
 vfio_pci
 vfio_virqfd" > /etc/modules

 cat /proc/cpuinfo | grep 'vendor' | uniq | grep Intel > /dev/null

 if [ $? -eq 0 ]; then
    echo "Enabling IOMMU for Intel..."
    sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 intel_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
    apt install -y intel-microcode
 else
    echo "Enabling IOMMU for AMD..."
    sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 amd_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
    apt install -y amd64-microcode
 fi

 update-grub

 if [ $(dmesg | grep ecap | wc -l) -eq 0 ]; then
  echo "No interrupt remapping support found"
  exit 1
 fi

 for i in $(dmesg | grep ecap | awk '{print $NF}'); do
  if [ $(( (0x$i & 0xf) >> 3 )) -ne 1 ]; then
    echo "Interrupt remapping not supported"
    exit 1
  fi
 done

 # Listen on 443
 iptables -C PREROUTING -t nat  -p tcp --dport 443 -j REDIRECT --to-ports 8006 &> /dev/null
 if [ $? -ne 0 ]; then
  /sbin/iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8006
 fi

 echo iptables-persistent iptables-persistent/autosave_v4 boolean true | sudo debconf-set-selections
 echo iptables-persistent iptables-persistent/autosave_v6 boolean true | sudo debconf-set-selections

 apt-get -y install iptables-persistent
 service iptables-persistent save

 echo "Done. You should reboot!"
	#!/bin/bash

	apt update -y
	apt install -y lsb-release sudo vim screen curl htop
	RELEASE=`lsb_release -sc`

	# Install no-nag
	cd /tmp
	curl -s https://api.github.com/repos/Jamesits/pve-fake-subscription/releases/latest \
	\| grep "browser_download_url.*deb" \
	\| cut -d : -f 2,3 \
	\| tr -d \" \
	\| wget -qi -
	dpkg -i pve-fake-subscription_*_all.deb
	echo "127.0.0.1 shop.maurer-it.com" \| sudo tee -a /etc/hosts

	# Enable community repo
	echo "deb http://download.proxmox.com/debian/pve $RELEASE pve-no-subscription" > /etc/apt/sources.list.d/pve-community.list
	rm /etc/apt/sources.list.d/pve-enterprise.list

	# Add microcode repo
	echo "deb http://deb.debian.org/debian bullseye main contrib non-free
	deb http://security.debian.org/debian-security bullseye-security main contrib non-free
	deb http://deb.debian.org/debian bullseye-updates main contrib non-free" > /etc/apt/sources.list

	apt update -y

	# Enable IOMMU for PCI passthrough
	echo "vfio
	vfio_iommu_type1
	vfio_pci
	vfio_virqfd" > /etc/modules

	cat /proc/cpuinfo \| grep 'vendor' \| uniq \| grep Intel > /dev/null

	if [ $? -eq 0 ]; then
	echo "Enabling IOMMU for Intel..."
	sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 intel_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
	apt install -y intel-microcode
	else
	echo "Enabling IOMMU for AMD..."
	sed -i 's#^\(GRUB_CMDLINE_LINUX_DEFAULT="quiet\)"$#\1 amd_iommu=on net.ifnames=0"#' <<<'GRUB_CMDLINE_LINUX_DEFAULT="quiet"' /etc/default/grub > /dev/null
	apt install -y amd64-microcode
	fi

	update-grub

	if [ $(dmesg \| grep ecap \| wc -l) -eq 0 ]; then
	echo "No interrupt remapping support found"
	exit 1
	fi

	for i in $(dmesg \| grep ecap \| awk '{print $NF}'); do
	if [ $(( (0x$i & 0xf) >> 3 )) -ne 1 ]; then
	echo "Interrupt remapping not supported"
	exit 1
	fi
	done

	# Listen on 443
	iptables -C PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8006 &> /dev/null
	if [ $? -ne 0 ]; then
	/sbin/iptables -A PREROUTING -t nat -p tcp --dport 443 -j REDIRECT --to-ports 8006
	fi

	echo iptables-persistent iptables-persistent/autosave_v4 boolean true \| sudo debconf-set-selections
	echo iptables-persistent iptables-persistent/autosave_v6 boolean true \| sudo debconf-set-selections

	apt-get -y install iptables-persistent
	service iptables-persistent save

	echo "Done. You should reboot!"