Skip to content

casapps/caspromoxctl

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
caspromoxctl
caspromoxctl
 
 

Repository files navigation

🚀 caspromoxctl – Proxmox Infrastructure in One Command

Untested as of right now This is a first draft that needs to be tested. When I have the time it will be tested.

caspromoxctl is a single-script, enterprise-grade bootstrapper for setting up full-stack Proxmox VE infrastructure on Debian 10/11/12 or Proxmox VE. Designed for self-hosters, homelabbers, and SMBs, this tool transforms any supported Debian-based system into a secure, containerized, fully-monitored infrastructure platform—complete with DNS, DHCP, PXE, NGINX reverse proxy, certificate automation, and more.

One command. One script. Full stack.
curl -sSL https://your-domain.com/caspromoxctl | sudo bash

📦 Features

  • 🔧 Idempotent Infrastructure-as-Code: Run it repeatedly with safety. No breakage.
  • 🧠 Smart Detection: Auto-detects WAN/LAN, bridges, interfaces (bond, VLAN, PPPoE, tunnel), IPv6, Proxmox vs. Debian.
  • 🏗️ Network Bootstrap: Creates vmbr0 (WAN) and vmbr1 (LAN), adds VLANs, and configures IPv4/IPv6, with rollback if anything fails.
  • 🌐 Service Stack:
    • DNS: BIND9 with TSIG + dynamic DHCP integration
    • DHCP: Auto-zoned, secure, and dual-stack
    • PXE: iPXE-ready with dynamic menus
    • Nginx: Hardened reverse proxy with WebSocket/VNC/SPICE support
    • Postfix: Secure mail relay with TLS and monitoring
    • Step-CA: Internal certificate authority with fallback to self-signed
    • Monitoring: Monit, Darkstat, status dashboard, and service alerts
    • Web UI: Fully responsive, mobile-first, with Light/Dark/Dracula themes and live stats
  • 🐳 Container Platform: Deploys Docker, Incus (LXD fork), and Portainer using vmbr1 with proper isolation
  • 🔐 Security Stack: UFW, fail2ban, SSH hardening, rate limiting, mail alerts, and TLS across all services
  • 🕸️ API-First Design: JSON endpoints for system, service, and network stats (healthz, status, metrics)
  • 💾 Backups & Recovery: Step-based archiving, timestamped restore points, and full .env config generation
  • 🎛️ Admin Portal: Web-based tools for WoL, diagnostics, config, UPS, logs, backups, and more

🖥️ Supported Platforms

  • Debian 10 / 11 / 12
  • Proxmox VE 6 / 7 / 8 (auto-installs PVE if absent)
  • Architectures: x86_64 (amd64) only

🚦 Usage

curl -sSL https://your-domain.com/caspromoxctl | sudo bash

Or download manually:

wget https://your-domain.com/caspromoxctl -O caspromoxctl
chmod +x caspromoxctl
sudo ./caspromoxctl --install

Common Flags

Flag Description
--install Run full installation (default)
--domain DOMAIN Set your FQDN domain
--wan eth0 Specify WAN interface
--timezone TZ Set timezone (e.g., America/New_York)
--regen Regenerate configs without full reset
--backup Create a new backup archive
--restore latest Restore last backup
--uninstall Remove all services and configs
--debug Enable verbose logging
--raw Disable colors/emojis for plain output
--help Show usage and flag reference

🧬 Architecture

  • vmbr0: External WAN bridge
  • vmbr1: Internal LAN bridge
    • VLAN 10: Management (Proxmox UI, SSH)
    • VLAN 20: Storage (NFS, backup)
    • VLAN 30: VMs/Containers
    • VLAN 40: Internal services

Public services bind to both vmbr0 and vmbr1. Internal-only services bind to vmbr1 exclusively. IPv6 support is conditional based on actual WAN connectivity.

🔐 Security & Certificate Management

  • Let's Encrypt (via DNS-2136) with fallback self-signed
  • Automatic renewal hooks per service (NGINX, Postfix, Proxmox, Portainer, Incus)
  • Full IPv6 SAN support
  • TLS-by-default for all public-facing services

📊 Monitoring

  • Monit: Auto-recovery and alerting
  • Darkstat: Real-time network stats via NGINX
  • Web UI: Live service grid, theme switcher, responsive layout
  • Health endpoints: /healthz, /status, /api/*

📁 Project Structure

  • /etc/caspromoxctl/: Config and scripts
  • /var/www/nginx/DOMAIN/: Web interface
  • /var/log/caspromoxctl/: Logs and rotation
  • /etc/network/interfaces: Replaced with generated bridges and VLANs
  • .env: Fully exportable config snapshot

🔄 Cron Jobs

Scheduled tasks via /etc/cron.d/caspromoxctl include:

  • Backup rotation
  • Version checks
  • Certificate renewals
  • Kernel update validation
  • Network health tests

🛠️ Development

  • Fully POSIX-compliant Bash
  • No dependencies beyond Debian/Proxmox APT packages
  • All logic contained in single caspromoxctl script
  • MIT Licensed

👥 Contributing

Pull requests, issues, and forks welcome! See CONTRIBUTING.md for guidelines.

📄 License

MIT

© 2025 caspromoxctl Project — Built for the fearless homelabber and the lean enterprise. Secure. Smart. Single-script.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages