This script will install the latest compatible version of Proxmox on top of an existing Debian 11 Bullseye installation. It also installs fail2ban and includes the fail2ban configs sourced from the official Proxmox wiki

prox7.sh

#!/bin/bash
#This script assumes that you have a domain name with a DNS record pointed to Proxmox's public IP


echo "Enter the domain name that will resolve to this servers IP address"
read hostname
sudo apt update && sudo apt full-upgrade -y
hostnamectl set-hostname $hostname
myip=$(curl --silent ifconfig.me)
echo "127.0.0.1 localhost" > hosts
echo $myip $hostname >> hosts
mv -f hosts /etc/hosts

#This ensures the hostname changes don't get reverted by cloud-init
sed -i '/host/d' /etc/cloud/cloud.cfg

echo "deb [arch=amd64] http://download.proxmox.com/debian/pve bullseye pve-no-subscription" > /etc/apt/sources.list.d/pve-install-repo.list
wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg 

apt update && apt full-upgrade -y
apt install proxmox-ve postfix open-iscsi fail2ban -y
apt remove os-prober -y

cat <<EOF > /etc/fail2ban/jail.local
[proxmox]
enabled = true
port = https,http,8006
filter = proxmox
logpath = /var/log/daemon.log
maxretry = 3
# 1 hour
bantime = 3600

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
findtime = 300
bantime = 3600
ignoreip = 127.0.0.1
EOF

cat <<EOF > /etc/fail2ban/filter.d/proxmox.conf
[Definition]
failregex = pvedaemon\[.*authentication failure; rhost=<HOST> user=.* msg=.*
ignoreregex =
EOF

reboot

hi look i had to copy the original file and then add at the end the config. then it work ok.