Mirrors/ProxMenux
1
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-06-14 12:27:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

complete i18n migration to /[locale]/ with EN+ES content

Browse Source 
Full rewrite of the docs site under app/[locale]/ with next-intl
in localePrefix:"always" mode. Every page now exists at both
/en/<path> and /es/<path>; the root / shows a meta-refresh + JS
redirect to /<defaultLocale>/ so GitHub Pages serves something
on the apex URL.

Highlights:
- 107 doc pages migrated to file-per-page JSON namespaces under
  messages/en/ and messages/es/. Spanish content is fully
  translated (no copy-of-English placeholders).
- New documentation for the Active Suppressions section in the
  Settings tab and the per-event Dismiss dropdown in the Health
  Monitor modal.
- New screenshots: dismiss-duration-dropdown.png and an updated
  health-suppression-settings.png.
- Pagefind integrated for client-side search; index is built on
  every CI deploy (not committed).
- RSS feeds: per-locale at /<locale>/rss.xml plus root /rss.xml
  for backward compat.
- Removed the dead app/[locale]/guides/[slug]/ route — every
  guide now has its own static page and no markdown source
  remains.
- Fixed orphan link /guides/nvidia -> /guides/nvidia-manual in
  docs/hardware/nvidia-host.
- Removed obsolete components (footer2, calendar, drawer).

Verified locally with `npm ci && npm run build`: 2804 files in
out/, 231 pages indexed by pagefind, root redirect intact, both
locale roots and the new Active Suppressions docs render OK.
This commit is contained in:
MacRimi
2026-05-31 12:41:10 +02:00
parent 875910b4d7
commit 5ca3463bf6
649 changed files with 83958 additions and 11096 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
web/messages/en/docs/post-install/automated.json Normal file
View File

@@ -0,0 +1,172 @@
{
"meta": {
"title": "Automated Post-Install Script | ProxMenux Documentation",
"description": "The ProxMenux Automated post-install script applies a curated set of 13 safe, hardware-aware optimizations to a fresh Proxmox VE host with zero prompts. Every change is registered for later reversal via Uninstall Optimizations.",
"ogTitle": "Automated Post-Install Script | ProxMenux Documentation",
"ogDescription": "13 curated optimizations applied to a fresh Proxmox VE host with zero prompts. Hardware-aware (SSD/NVMe auto-detect) and fully reversible."
},
"header": {
"title": "Automated Post-Install Script",
"description": "One click, zero prompts — ProxMenux applies a curated set of 13 safe optimizations that almost every Proxmox host benefits from. Every change is registered in the tools JSON so you can undo any of them later from Uninstall Optimizations.",
"section": "Post-Install · Automated"
},
"intro": {
"title": "When to pick Automated",
"body": "Run this on a freshly installed Proxmox host when you want the sensible baseline without making decisions. The script is idempotent — running it twice is safe, it just re-applies the same configurations. Opt-in features (Fastfetch, IOMMU, Ceph repo, HA, AMD fixes…) are intentionally <strong>not</strong> part of this path; pick them from <link>Customizable</link> if you need them."
},
"applies": {
"heading": "What the script applies",
"intro": "The optimizations are applied in this exact order. The <em>Category</em> column links to the detailed documentation of each change in the Customizable reference.",
"headerNum": "#",
"headerTool": "Tool",
"headerWhat": "What it does",
"headerCategory": "Category"
},
"optimizations": [
{
"tool": "APT repositories + full upgrade",
"what": "Disables the enterprise pve-enterprise.sources and ceph.sources, writes a clean no-subscription source for the host's Debian codename, then runs apt update && apt full-upgrade -y (Proxmox's official upgrade command).",
"category": "Basic Settings",
"categorySlug": "basic-settings"
},
{
"tool": "Subscription banner removal",
"what": "Patches the web UI to hide the 'No valid subscription' banner. Asks for confirmation before applying; reversible from Uninstall Optimizations.",
"category": "Customization",
"categorySlug": "customization"
},
{
"tool": "Force IPv4",
"what": "Writes /etc/apt/apt.conf.d/99-force-ipv4 so apt uses IPv4 only — bypasses flaky IPv6 mirror setups.",
"category": "Network",
"categorySlug": "network"
},
{
"tool": "Skip language packages",
"what": "Writes /etc/apt/apt.conf.d/99-disable-translations to stop downloading locale-specific packages. Faster, lighter apt updates.",
"category": "Basic Settings",
"categorySlug": "basic-settings"
},
{
"tool": "Increase system limits",
"what": "Raises inotify watches, nofile/nproc limits, kernel keyring limits and fs.file-max across sysctl.d, limits.d, pam and systemd — high enough for container-heavy hosts.",
"category": "System",
"categorySlug": "system"
},
{
"tool": "Memory tuning",
"what": "Sets vm.swappiness=10, balanced dirty ratios, vm.overcommit_memory=1, vm.max_map_count=262144 and compaction proactiveness when supported.",
"category": "System",
"categorySlug": "system"
},
{
"tool": "Kernel panic behaviour",
"what": "Configures the host to reboot 10 seconds after a panic / oops / hardlockup instead of freezing indefinitely.",
"category": "System",
"categorySlug": "system"
},
{
"tool": "Network stack tuning",
"what": "TCP buffer sizing, IPv4 hardening (redirects off, rp_filter=2, martian log off), local port range 1024-65535, TCP MTU probing, RFC 1337, plus a oneshot systemd unit to normalise virtual firewall bridges.",
"category": "Network",
"categorySlug": "network"
},
{
"tool": "Bashrc customisation (root)",
"what": "Colored PS1, common aliases (l/la/ll/ls/grep), timestamped history and bash-completion sourcing, all inside a PMX_CORE_BASHRC fenced block so it is easy to remove.",
"category": "Customization",
"categorySlug": "customization"
},
{
"tool": "Log2RAM (SSD-aware, auto)",
"what": "Detects whether the root disk is SSD / NVMe and installs Log2RAM from upstream git. Sizes the ramdisk by host RAM (128M / 256M / 512M), schedules periodic sync and a 95 % threshold auto-sync. Adjusts journald limits to fit in the ramdisk.",
"category": "Storage",
"categorySlug": "storage"
},
{
"tool": "ZFS autotrim (SSD-only)",
"what": "Enables zpool autotrim=on on every ZFS pool whose vdevs are all SSD/NVMe with TRIM support (checks /sys/block/<dev>/queue/rotational and discard_granularity). Pools backed by HDDs are skipped automatically. Only pools actually changed by ProxMenux are recorded for uninstall — pools you set autotrim on manually are left alone.",
"category": "Storage",
"categorySlug": "storage"
},
{
"tool": "Journald size limits",
"what": "Forces persistent storage, caps SystemMaxUse=64M / RuntimeMaxUse=60M, sets compression, info-level logging (required for the Monitor). Skipped automatically when Log2RAM is active (it does its own adjustment).",
"category": "System",
"categorySlug": "system"
},
{
"tool": "Logrotate tuning",
"what": "Daily rotation with size cap 10M, 7 rotations, compression and copytruncate — Log2RAM-friendly.",
"category": "System",
"categorySlug": "system"
},
{
"tool": "Persistent interface names",
"what": "Writes /etc/systemd/network/10-*.link files matching each physical NIC by MAC so eth0 / enp… names stay stable across reboots and new NIC additions.",
"category": "Network",
"categorySlug": "network"
}
],
"hardwareTitle": "Hardware-aware defaults",
"hardwareBody": "The script reads the host hardware before applying settings. Log2RAM is only installed on SSD / NVMe root disks by default (it prompts if detection says otherwise). Log2RAM ramdisk size is picked from total RAM (<code>≤ 8 GB → 128M</code>, <code>≤ 16 GB → 256M</code>, <code>'>' 16 GB → 512M</code>). The journald limits are matched to the ramdisk size when Log2RAM is active, to avoid filling it.",
"upgrade": {
"heading": "Update and upgrade system",
"intro": "The very first step of the Automated bundle is the Proxmox upgrade. Proxmox's own upgrade guidance for a running host (within the same major version) is to run:",
"after": "That single line is the official command on any current Proxmox release. The Automated script runs <strong>exactly</strong> that, and wraps it with the repo hygiene and post-upgrade cleanup the official upgrade guide also recommends — same steps as the standalone <link>Proxmox System Update</link> utility:",
"items": [
"Disables the enterprise <code>pve-enterprise.sources</code> / <code>ceph.sources</code>, removes legacy repo files, writes a clean no-subscription source for the host's codename.",
"Runs the upgrade non-interactively with <code>DEBIAN_FRONTEND=noninteractive</code> and <code>--force-confdef --force-confold</code> — config files you customised stay yours when upstream also changed them.",
"Installs essential Proxmox packages if missing (<code>zfsutils-linux</code>, <code>proxmox-backup-restore-image</code>, <code>chrony</code>).",
"LVM metadata sanity check, <code>apt-get autoremove -y</code> + <code>apt-get autoclean -y</code>, and a reboot prompt only if the kernel actually changed."
],
"sameTitle": "Same updater, two entry points",
"sameBody": "The Automated bundle and the standalone <link>Proxmox System Update</link> utility share the same underlying scripts (<code>update-pve8.sh</code> / <code>update-pve9_2.sh</code>). Use the utility on its own when you only want to upgrade the host without applying the rest of the optimizations."
},
"endResult": {
"heading": "Expected end result",
"body": "When the script finishes, you will see a success message with the per-step output and a reboot prompt (some kernel settings require a restart to take effect). Declining the reboot is safe; the settings apply at the next boot.",
"imageAlt": "Automated post-install script — final terminal output showing each optimization applied successfully"
},
"notDoes": {
"heading": "What this script does NOT do",
"items": [
"Timezone auto-detection (commented out upstream; use Customizable if you want it).",
"Disable portmapper / rpcbind (see <secLink>Security</secLink>).",
"Enable IOMMU / VFIO (see <virtLink>Virtualization</virtLink>).",
"Install Fastfetch / Figurine / Ceph repo / HA / AMD CPU fixes (see <optLink>Optional</optLink>).",
"Install pigz or apply ZFS ARC tuning (see <perfLink>Performance</perfLink> / <storLink>Storage</storLink>)."
]
},
"xshokTitle": "xshok-proxmox detection",
"xshokBody": "If the host has previously run the <code>xshok-proxmox</code> script, ProxMenux detects the marker file and warns you before continuing. Some tweaks can overlap. The companion script is deprecated — if you decide to continue anyway, review <link>the overview</link> for context.",
"revert": {
"heading": "Reverting",
"body": "Every tool in the table above registers itself in <code>/usr/local/share/proxmenux/installed_tools.json</code>. Open <link>Uninstall Optimizations</link> to pick individual items to revert. Backups of modified config files are placed next to the originals with a <code>.bak</code> suffix."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — pick exactly what you want from the same catalog."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — revert any subset of what was applied here."
},
{
"label": "Useful System Commands",
"href": "/docs/help-info/system-commands",
"tail": " — verify the changes (uptime, free, journalctl, etc.)."
},
{
"label": "Post-Install overview",
"href": "/docs/post-install",
"tail": "."
}
]
}
}

240
web/messages/en/docs/post-install/basic-settings.json Normal file
View File

@@ -0,0 +1,240 @@
{
"meta": {
"title": "Post-Install: Basic Settings | ProxMenux Documentation",
"description": "Foundational post-install options: switch to free Proxmox repositories and upgrade, auto-detect timezone and enable NTP, skip APT language downloads, and pick from 25 common system utilities to install."
},
"header": {
"title": "Post-Install: Basic Settings",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Four foundational options you typically want on any fresh Proxmox host: switch to the free community repositories and run a full system upgrade, auto-configure the timezone and NTP sync, strip APT language downloads to save bandwidth and disk, and pick from a list of 25 common system utilities."
},
"upgrade": {
"heading": "Update and upgrade system",
"intro": "Reconfigures APT to use the free <em>pve-no-subscription</em> repository (instead of the enterprise repo that requires a subscription) and runs a full system upgrade. The exact steps depend on the Proxmox VE major version: ProxMenux detects it and dispatches to the right script.",
"headerVersion": "PVE version",
"headerScript": "Dispatcher script",
"headerCodename": "Debian codename",
"rows": [
{
"version": "9.x",
"script": "update-pve9_2.sh",
"codename": "trixie"
},
{
"version": "8.x",
"script": "update-pve8.sh",
"codename": "bookworm"
}
],
"officialTitle": "The official Proxmox recommendation",
"officialBody": "Proxmox's own upgrade guidance is to run, in this exact order:",
"officialOutro": "That single line is all you need on any current Proxmox release. The challenge isn't the command itself — it's making sure the repositories on the host are sane <em>before</em> running it.",
"doesTitle": "What the ProxMenux option does — verified against the script",
"doesIntro": "The ProxMenux update wraps the exact apt commands above and adds a number of pre/post steps you would otherwise have to remember by hand. Every item below is what the dispatcher script actually does (see <link>Proxmox System Update</link> for the full breakdown):",
"doesItems": [
"<strong>Repository hygiene first.</strong> Disables the enterprise <code>pve-enterprise.sources</code> / <code>ceph.sources</code>, removes legacy repo files left over from previous PVE versions, and writes a clean <code>proxmox.sources</code> pointing at the free <em>pve-no-subscription</em> channel (matching the host's Debian codename: trixie for PVE 9, bookworm for PVE 8).",
"<strong>Debian repos rewritten</strong> with main / updates / security, including <code>non-free-firmware</code>, so the firmware warning during upgrade goes away.",
"<strong>Runs the official upgrade.</strong> <code>apt-get update</code> followed by <code>apt full-upgrade -y</code> (PVE 9) or <code>apt dist-upgrade -y</code> (PVE 8), both launched non-interactively with <code>--force-confdef --force-confold</code> so any configuration files you customised stay yours.",
"<strong>Installs essential packages</strong> if they are missing: <code>zfsutils-linux</code>, <code>proxmox-backup-restore-image</code>, <code>chrony</code>.",
"<strong>LVM metadata sanity check.</strong> Looks for VMs with disk passthrough that may have scribbled stale physical-volume headers onto raw disks; warns if anything is off (no automatic fix).",
"<strong>Cleans up afterwards:</strong> <code>apt-get autoremove -y</code> + <code>apt-get autoclean -y</code>, then prompts for a reboot if the kernel was updated or <code>/var/run/reboot-required</code> is present."
],
"shortTitle": "In short",
"shortBody": "The option runs the exact <code>apt update && apt full-upgrade -y</code> Proxmox recommends, wraps it with the repo hygiene and post-upgrade cleanup that the official guide also tells you to do, and prompts for the reboot at the end. See <link>Proxmox System Update</link> — the same updater is also available as a standalone utility in the main menu, with the full process diagram.",
"subTitle": "Don't apply to a subscribed host",
"subBody": "If you actually have a Proxmox subscription and want to keep using the enterprise repositories, skip this option. Re-running it would disable the enterprise repo and route you to the community channel. You can restore enterprise repos from the Uninstall menu if you change your mind later.",
"safetyTitle": "Post-update safety check",
"safetyBody": "After the upgrade, the script checks for disks with stale PV (Physical Volume) metadata — an edge case that can happen when a VM with disk passthrough scribbles LVM headers onto a raw disk. If anything suspicious is found you'll see a warning suggesting <code>pvs</code> to inspect. No action is taken automatically."
},
"time": {
"heading": "Synchronize time automatically",
"intro": "Detects the server's public IP via <code>dig myip.opendns.com @resolver1.opendns.com</code>, then queries <code>ipapi.co/'{'ip'}'/timezone</code> to look up the matching IANA timezone, and applies it with <code>timedatectl set-timezone</code>. Finally enables NTP with <code>timedatectl set-ntp true</code>.",
"depTitle": "Depends on two external services",
"depBody": "The lookup relies on OpenDNS and <code>ipapi.co</code> being reachable, and on their responses being correct. If you run Proxmox behind a VPN or on a VLAN that egresses from a different region, the auto-detected timezone may be wrong. In that case skip this option and set the timezone by hand:",
"revertTitle": "Reversible from the Uninstall menu",
"revertBody": "<link>Uninstall Optimizations</link> resets the timezone to UTC (a safe default). It does not disable NTP — your clock keeps syncing, just anchored to UTC until you set a new timezone manually."
},
"languages": {
"heading": "Skip downloading additional languages",
"intro": "On every <code>apt update</code>, Debian by default pulls translation files for every locale it ships — a lot of traffic and disk space for something you'll rarely see. This option tells APT to only fetch the main metadata. Before disabling, ProxMenux <strong>makes sure the host's own locale is actually generated</strong> (reads <code>/etc/default/locale</code> or <code>/etc/environment</code>, appends to <code>/etc/locale.gen</code> if missing, and runs <code>locale-gen</code>). So you don't lose your shell locale as a side effect.",
"writtenTitle": "What gets written",
"revertTitle": "Reversible from the Uninstall menu",
"revertBody": "Deleting <code>/etc/apt/apt.conf.d/99-disable-translations</code> (either manually or from the Uninstall menu) restores the default behaviour and APT downloads language files again."
},
"utilities": {
"heading": "Install common system utilities",
"intro": "Opens a checklist with <strong>25 curated utilities</strong> organised into groups. Pick the ones you want, confirm, and ProxMenux installs each via <code>apt</code>, verifying the package worked and showing a summary at the end.",
"imageAlt": "Checklist dialog showing the list of ProxMenux system utilities with space to select and enter to confirm",
"reuseTitle": "Same list is reused elsewhere",
"reuseBody": "The 25-utility catalogue lives in a single source of truth (<code>PROXMENUX_UTILS</code> in <code>scripts/global/utils-install-functions.sh</code>). The <em>Utilities and Tools → System Utilities</em> menu on the main ProxMenux menu exposes the same list, so you can come back later and install more without re-running post-install.",
"listTitle": "What's in the list",
"groups": [
{
"group": "System monitors",
"items": [
{
"pkg": "htop",
"desc": "Interactive process viewer"
},
{
"pkg": "btop",
"desc": "Modern resource monitor (CPU, RAM, disks, net, processes)"
},
{
"pkg": "s-tui",
"desc": "Terminal-based CPU stress & monitoring UI"
},
{
"pkg": "iftop",
"desc": "Live per-connection bandwidth usage"
},
{
"pkg": "iotop",
"desc": "Per-process disk I/O"
},
{
"pkg": "iptraf-ng",
"desc": "Interactive IP LAN monitor"
}
]
},
{
"group": "Network",
"items": [
{
"pkg": "iperf3",
"desc": "Measure maximum achievable bandwidth between hosts"
},
{
"pkg": "net-tools",
"desc": "Legacy tools (ifconfig, netstat, route). Still handy for quick checks."
},
{
"pkg": "ipset",
"desc": "Manage large IP sets in the kernel — useful with iptables/nftables rules."
}
]
},
{
"group": "Download and archive",
"items": [
{
"pkg": "axel",
"desc": "Lightweight parallel download accelerator"
},
{
"pkg": "aria2",
"desc": "Multi-source / multi-protocol downloader (HTTP, FTP, BitTorrent, Metalink)"
},
{
"pkg": "unzip",
"desc": "Extract ZIP archives"
},
{
"pkg": "zip",
"desc": "Create ZIP archives"
},
{
"pkg": "cabextract",
"desc": "Extract Microsoft CAB archives (handy when working with Windows ISOs)"
},
{
"pkg": "wimtools",
"desc": "Manipulate Windows WIM images (extract, split, mount, apply)"
},
{
"pkg": "genisoimage",
"desc": "Build ISO 9660 images from a directory tree"
}
]
},
{
"group": "Text and files",
"items": [
{
"pkg": "dos2unix",
"desc": "Convert CRLF (Windows) to LF (Unix) line endings"
},
{
"pkg": "grc",
"desc": "Generic colouriser — wraps ping, traceroute, dig, tail, etc. with syntax highlighting"
},
{
"pkg": "plocate",
"desc": "Fast file search (indexed). Run `updatedb` after install to build the index."
}
]
},
{
"group": "Remote and sessions",
"items": [
{
"pkg": "sshpass",
"desc": "Non-interactive SSH password auth — useful for scripts, not for daily use"
},
{
"pkg": "tmux",
"desc": "Terminal multiplexer — detach sessions, split panes, survive disconnects"
}
]
},
{
"group": "Hardware and low-level",
"items": [
{
"pkg": "msr-tools",
"desc": "Read/write CPU model-specific registers (rdmsr, wrmsr)"
},
{
"pkg": "intel-gpu-tools",
"desc": "Intel GPU diagnostic utilities including `intel_gpu_top`"
}
]
},
{
"group": "Virtualization",
"items": [
{
"pkg": "libguestfs-tools",
"desc": "Inspect and modify VM disk images (virt-ls, virt-cat, guestmount…)"
},
{
"pkg": "chntpw",
"desc": "Edit Windows SAM — useful for password recovery on Windows VMs you inherit"
}
]
}
],
"actionTitle": "A few of them in action",
"noBulkTitle": "No bulk uninstall for utilities",
"noBulkBody": "The Uninstall Optimizations menu does <strong>not</strong> track which utilities you installed — only whether the \"apt languages\", \"time sync\" and \"apt upgrade\" options were applied. To remove a specific utility later, uninstall it by hand:"
},
"related": {
"heading": "Related",
"items": [
{
"label": "Proxmox System Update",
"href": "/docs/utils/system-update",
"tail": " — re-runs the apt update + dist-upgrade cycle on demand."
},
{
"label": "System Utilities Installer",
"href": "/docs/utils/system-utils",
"tail": " — install (or re-install) utilities individually after post-install."
},
{
"label": "Updates and Packages commands",
"href": "/docs/help-info/update-commands",
"tail": " — apt reference."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

106
web/messages/en/docs/post-install/customizable.json Normal file
View File

@@ -0,0 +1,106 @@
{
"meta": {
"title": "Customizable Post-Install Script | ProxMenux Documentation",
"description": "Cherry-pick exactly which optimizations to apply to a Proxmox VE host with ProxMenux. 10 categories, ~30 individual tools, checklist UI. Includes everything the Automated script does, plus opt-in features (IOMMU, Fastfetch, Figurine, Ceph, HA, AMD fixes…).",
"ogTitle": "Customizable Post-Install Script | ProxMenux Documentation",
"ogDescription": "10 categories, ~30 individual optimizations. Pick exactly what you want on a Proxmox VE host. Fully reversible."
},
"header": {
"title": "Customizable Post-Install Script",
"description": "Cherry-pick exactly which optimizations to apply to a Proxmox VE host. ProxMenux groups ~30 individual tools into 10 categories, each with its own checklist dialog. Same engine as Automated, but with full control over what gets applied.",
"section": "Post-Install · Customizable"
},
"intro": {
"title": "When to pick Customizable",
"body": "Choose this path when you already know which tweaks you want on the host — or which you definitely do not want. The script presents a checklist per category so you can pre-select, deselect or mix-and-match optimizations. Every item can be applied again later (it is idempotent) or reverted from <link>Uninstall Optimizations</link>."
},
"compare": {
"heading": "How it compares to Automated",
"body": "Customizable is a superset of the <link>Automated script</link>. It covers the same 13 baseline optimizations plus a long list of opt-in ones that Automated intentionally skips — things that are useful only on specific hardware (AMD fixes), specific hosting (OVH RTM), or specific workloads (IOMMU/VFIO, Ceph repo, High Availability, Fastfetch, Figurine, ZFS ARC tuning, pigz, ZFS auto-snapshot, vzdump speed limits, Open vSwitch, TCP BBR…)."
},
"categoriesSection": {
"heading": "The 10 categories",
"body": "The Customizable script groups optimizations into 10 categories. Each category has its own checklist dialog and its own documentation page — open one of the cards below for the per-option rationale, defaults and verification steps."
},
"categories": [
{
"name": "Basic Settings",
"description": "Repositories, system upgrade, timezone, locale, common utilities."
},
{
"name": "System",
"description": "Journald, logrotate, kernel limits, memory tuning, kernel panic, fast reboots."
},
{
"name": "Virtualization",
"description": "Guest agent auto-install, IOMMU/VFIO enablement for PCI passthrough."
},
{
"name": "Network",
"description": "APT over IPv4, network sysctl tuning, Open vSwitch, TCP BBR, persistent interface names."
},
{
"name": "Storage",
"description": "ZFS ARC sizing, ZFS auto-snapshot, vzdump backup speed limits."
},
{
"name": "Security",
"description": "Disable portmapper/rpcbind to reduce the attack surface."
},
{
"name": "Customization",
"description": "Bashrc colors & aliases, MOTD banner, subscription-notice removal."
},
{
"name": "Monitoring",
"description": "OVH Real-Time Monitoring (only on detected OVH servers)."
},
{
"name": "Performance",
"description": "Parallel gzip (pigz) for faster compression in backups and transfers."
},
{
"name": "Optional",
"description": "AMD CPU fixes, Fastfetch, Figurine, Ceph repo, High Availability, Log2RAM."
}
],
"mixTip": {
"title": "Mix Automated and Customizable",
"body": "A common pattern: run <strong>Automated</strong> first to lock in the sensible baseline, then open <strong>Customizable</strong> and pick only the opt-in tools you care about (for example, IOMMU on a host that will do GPU passthrough). Changes are tracked independently; the Uninstall menu shows everything you have applied regardless of which path added it."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Automated Post-Install",
"href": "/docs/post-install/automated",
"tail": " — sane defaults applied with zero prompts."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — back any selection out cleanly."
},
{
"label": "Basic Settings",
"href": "/docs/post-install/basic-settings",
"tail": " — repos, time, language, utilities."
},
{
"label": "Virtualization",
"href": "/docs/post-install/virtualization",
"tail": " — IOMMU + VFIO for passthrough."
},
{
"label": "Security",
"href": "/docs/post-install/security",
"tailRich": " · <storageLink>Storage</storageLink> · <networkLink>Network</networkLink> · <customLink>Customization</customLink> — other categories."
},
{
"label": "Post-Install overview",
"href": "/docs/post-install",
"tail": "."
}
]
}
}

74
web/messages/en/docs/post-install/customization.json Normal file
View File

@@ -0,0 +1,74 @@
{
"meta": {
"title": "Post-Install: Customization | ProxMenux Documentation",
"description": "Customization options in the ProxMenux Customizable post-install script: a colored bash prompt with useful aliases, a ProxMenux banner in the MOTD, and the option to remove the Proxmox subscription nag from the web interface."
},
"header": {
"title": "Post-Install: Customization",
"description": "Cosmetic and quality-of-life tweaks for the Proxmox host. None of them change functional behaviour — they just make the shell nicer to use and hide the subscription nag in the web UI. All three are tracked and reversible from the Uninstall menu.",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Three small, independent options: a <strong>colored bash prompt + aliases</strong> for the root shell, a one-line <strong>MOTD banner</strong> visible on SSH login, and removal of the <strong>\"No valid subscription\" popup</strong> that Proxmox shows on every login to the web UI."
},
"bashrc": {
"heading": "Customize bashrc",
"intro": "Injects a curated block into <code>/root/.bashrc</code> with a colored prompt, timestamped history, standard <code>ls</code> / <code>grep</code> aliases, and a <code>source</code> for bash completion. Makes working over SSH noticeably more pleasant and makes it obvious which host you're on when you have many tabs open.",
"writesTitle": "What ProxMenux adds to .bashrc",
"writesOutro": "The block is delimited by the <code>PMX_CORE_BASHRC</code> markers. Running the script again replaces the previous block instead of duplicating it. The original <code>.bashrc</code> is backed up once to <code>/root/.bashrc.bak</code>, and a <code>source /root/.bashrc</code> line is appended to <code>/root/.bash_profile</code> so the prompt also applies on login shells (e.g. after <code>su -</code>).",
"rootTitle": "Applies to root only",
"rootBody": "The customization targets the root account's shell. Other users you create on the host keep their own defaults. If you administer Proxmox exclusively over the web UI and never use the shell, this option is pure aesthetics and you can skip it."
},
"motd": {
"heading": "Set up custom MOTD banner",
"intro": "Prepends <em>\"This system is optimised by: ProxMenux\"</em> to <code>/etc/motd</code>, the message shown after a successful SSH login (above the shell prompt, before any <code>update-motd</code> scripts run). Harmless and purely informational — useful as a quick visual confirmation that ProxMenux has been applied on this host.",
"writesTitle": "What ProxMenux writes",
"writesOutro": "Original <code>/etc/motd</code> is backed up to <code>/etc/motd.bak</code> on first apply. The operation is idempotent: if the marker line is already present, nothing is added."
},
"banner": {
"heading": "Remove subscription banner",
"intro": "Removes the <em>\"You do not have a valid subscription for this server\"</em> modal that pops up every time someone logs into the Proxmox web UI without an enterprise subscription. The patch is version-aware: different Proxmox major versions have different UI bundles, so ProxMenux dispatches to the right script.",
"versionTitle": "Version-aware dispatch",
"versionItems": [
"<strong>PVE 9.x</strong> → runs <code>remove-banner-pve-v3.sh</code> (patches both the desktop <code>proxmoxlib.js</code> and the new Yew-based mobile UI).",
"<strong>PVE 8.x</strong> → runs <code>remove-banner-pve8.sh</code> (desktop-only)."
],
"versionOutro": "Before patching, ProxMenux backs up the original JS/template files to <code>/usr/local/share/proxmenux/backups/</code> with a timestamp. The Uninstall flow uses those backups to restore the original files, and falls back to reinstalling the Proxmox UI packages if the backup is missing or corrupt.",
"breakTitle": "Can break after Proxmox updates",
"breakBody": "Proxmox regularly ships UI updates that overwrite <code>proxmoxlib.js</code>. When that happens, the banner comes back. You can re-apply this option after every Proxmox update to re-patch the file, or just accept the nag until you reapply. ProxMenux also installs an APT hook that auto-re-patches on package upgrades — see <link>Uninstall Optimizations</link> for how that hook is reversed.",
"legalTitle": "Legal note (always worth repeating)",
"legalBody": "This option only hides the UI nag. It does <strong>not</strong> grant you enterprise support, access to the enterprise repository, or any rights to ship Proxmox commercially without a subscription. If you run Proxmox in a revenue-generating environment, buy a subscription — it supports the project and gets you the stable enterprise channel."
},
"verify": {
"heading": "Verification",
"intro": "After applying all three:",
"reversibleTitle": "All three are reversible",
"reversibleBody": "<link>Uninstall Optimizations</link> restores <code>/root/.bashrc</code> and <code>/etc/motd</code> from their <code>.bak</code> backups, and either restores the patched UI files from the backup directory or reinstalls <code>pve-manager</code>, <code>proxmox-widget-toolkit</code>, <code>libjs-extjs</code> and <code>libpve-http-server-perl</code> with <code>--force-confnew</code> to bring the web UI back to vanilla."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Optional",
"href": "/docs/post-install/optional",
"tail": " — Fastfetch and Figurine (other visual customizations)."
},
{
"label": "Show Version Information",
"href": "/docs/settings/show-version-information",
"tail": " — confirms the customizations are tracked as installed."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — revert bashrc, motd, subscription nag."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

106
web/messages/en/docs/post-install/index.json Normal file
View File

@@ -0,0 +1,106 @@
{
"meta": {
"title": "Proxmox VE Post-Install Script — Automated and Customizable | ProxMenux",
"description": "Overview of the ProxMenux Post-Install scripts for Proxmox VE. Run the Automated script for sane defaults with zero prompts, the Customizable script to pick exactly what you want across 10 categories (system, virtualization, network, storage, security, performance, optional), or fully reverse any change with the Uninstall Optimizations option.",
"ogTitle": "Proxmox VE Post-Install Script — Automated and Customizable",
"ogDescription": "Apply common Proxmox VE post-install optimizations across 10 categories — automated or à la carte, with reversible options.",
"twitterTitle": "Proxmox VE Post-Install Script | ProxMenux",
"twitterDescription": "Automated and customizable post-install optimizations for Proxmox VE — with reversible options."
},
"header": {
"title": "Post-Install Scripts",
"description": "Configure a fresh Proxmox VE host with ProxMenux's post-install optimizations. Three paths: run everything automatically, cherry-pick what you want, or reverse any change. All changes are tracked.",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this menu is for",
"body": "Right after installing Proxmox VE, there are dozens of small changes that make the host faster and easier to maintain — free repositories, sane journald limits, sensible TCP buffers, SSD-friendly log storage, bashrc niceties, and more. ProxMenux automates all of them, tracks what it changed, and lets you revert."
},
"openingMenu": {
"heading": "Opening the menu",
"body": "From ProxMenux's main menu, select <strong>Settings post-install Proxmox</strong>. You will see this:",
"imageAlt": "Post-Installation Scripts menu with 3 ProxMenux options (Automated / Customizable / Uninstall) followed by the Community Scripts section"
},
"threeWays": {
"heading": "Three ways to apply optimizations",
"body": "The three ProxMenux entries share the same underlying code and the same registry of installed tools — they just give you different levels of control. Pick the one that matches how much you want to decide."
},
"routes": [
{
"title": "Automated",
"description": "A curated set of 13 safe, always-useful optimizations applied in sequence with zero prompts. Good default for most users.",
"bullets": [
"Free repos + system upgrade",
"Memory, kernel, network tuning",
"Log2RAM (auto-detected on SSD/NVMe)",
"Journald + logrotate size limits",
"Persistent interface names"
]
},
{
"title": "Customizable",
"description": "~30 individual optimizations across 10 categories. You pick exactly which ones to apply. Same engine as Automated, but with full control.",
"bullets": [
"Checklist UI per category",
"Includes everything Automated does, plus opt-in items (IOMMU, Fastfetch, Figurine, Ceph, HA, AMD fixes…)",
"Run as many times as you want — changes are idempotent"
]
},
{
"title": "Apply Available Updates",
"description": "When a post-install optimization (Log2Ram, Memory Settings, Logrotate…) gets a newer version on disk than what is registered on the host, this entry surfaces only the ones that moved. Re-runs the corresponding function and refreshes the registry — touches nothing else.",
"bullets": [
"Per-optimization opt-in (only what changed)",
"Same picker available from the Monitor dashboard",
"Single grouped notification when new updates land"
]
},
{
"title": "Uninstall Optimizations",
"description": "Every change made by either path is tracked in a JSON registry, and every optimization has a reverse function. Pick what to revert, and the host goes back.",
"bullets": [
"Detects previously applied optimizations automatically",
"Reversal restores original configs from backup files",
"Reboot prompt if needed (VFIO, persistent names, etc.)"
]
}
],
"whichTitle": "Which one should you pick?",
"whichBody": "If this is a fresh Proxmox install and you want the sensible baseline with no decisions: <autoLink><strong>Automated</strong></autoLink>. If you already know which tweaks you want (or which you definitely don't want): <customLink><strong>Customizable</strong></customLink>. If something you already applied has a newer version on disk and you want to lift only that: <updatesLink><strong>Apply Available Updates</strong></updatesLink>. If you applied something earlier and want to back it out cleanly: <uninstallLink><strong>Uninstall Optimizations</strong></uninstallLink>. You can mix them — apply Automated first, then open Customizable to add opt-ins like Fastfetch or IOMMU, and revert any individual item later.",
"mixing": {
"heading": "Mixing with other post-install scripts",
"stackTitle": "Don't stack multiple post-install scripts",
"stackBody": "Running several post-install scripts on the same host can cause duplicated configuration files, conflicting sysctl entries, or worse — broken networking after reboot. If you already applied the <strong>Helper-Scripts Post Install</strong>, some ProxMenux optimizations may overlap with what it already configured. Stick to one post-install tool per host.",
"xshokTitle": "xshok-proxmox: deprecated",
"xshokBody": "Earlier versions of ProxMenux referenced <a>xshok-proxmox</a> as a companion post-install tool. That project is now deprecated and no longer offered from ProxMenux. If a previous run of xshok-proxmox left markers on the host, ProxMenux still detects them and will warn you — but it is not something you should install alongside ProxMenux today."
},
"community": {
"heading": "Community scripts",
"body": "The menu also exposes two third-party scripts from the <a>community-scripts</a> project: <em>Proxmox VE Post Install</em> and <em>Proxmox VE Microcode</em>. These are wrappers that <code>wget | bash</code> the original authors' scripts. They are not maintained by ProxMenux. See <link>External Repositories</link> for details and trust considerations before running them."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Proxmox System Update",
"href": "/docs/utils/system-update",
"tail": " — keeps the host up to date once it's been post-installed."
},
{
"label": "Security",
"href": "/docs/security",
"tail": " — Fail2Ban + Lynis on top of the post-install hardening."
},
{
"label": "Show Version Information",
"href": "/docs/settings/show-version-information",
"tail": " — see which post-install components are tracked as installed."
},
{
"label": "Updates and Packages commands",
"href": "/docs/help-info/update-commands",
"tail": " — reference for apt / pveupgrade."
}
]
}
}

58
web/messages/en/docs/post-install/monitoring.json Normal file
View File

@@ -0,0 +1,58 @@
{
"meta": {
"title": "Post-Install: Monitoring | ProxMenux Documentation",
"description": "Monitoring options in the ProxMenux Customizable post-install script. Currently a single option: install OVH Real-Time Monitoring (RTM), which only activates if the host is detected as an OVH server."
},
"header": {
"title": "Post-Install: Monitoring",
"description": "Monitoring options inside the Customizable post-install script. This category is small and provider-specific — it installs the OVH Real-Time Monitoring agent on dedicated OVH servers and does nothing anywhere else.",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "Narrow scope on purpose",
"body": "Post-install monitoring is limited to <strong>one provider-specific agent</strong>. General-purpose monitoring (Prometheus, Grafana, node_exporter) is out of scope here because those require architectural decisions (separate host or not, data retention, alerting targets) that don't fit a one-click post-install step. ProxMenux Monitor itself, bundled with ProxMenux, fills most of that role without needing any external agent."
},
"ovh": {
"heading": "Install OVH Real-Time Monitoring (RTM)",
"intro": "If your Proxmox host is a dedicated server rented from <a>OVHcloud</a>, you can enable RTM to expose hardware telemetry (CPU temperature, PSU status, disk SMART, RAID controller state, etc.) to the OVH control panel. This is the same agent OVH uses for their own \"Server Monitoring\" feature.",
"decisionsTitle": "How ProxMenux decides",
"decisionsItems": [
"Gets the host's public IP via <code>curl ipinfo.io/ip</code>.",
"Looks up the owning ISP with a <code>whois</code> query to <code>v4.whois.cymru.com</code>.",
"If the result mentions OVH, fetches <code>last-public-ovh-infra-yak.snap.mirrors.ovh.net/yak/archives/apply.sh</code> and pipes it to <code>bash</code> with the RTM v2 puppet manifest.",
"If the result does <em>not</em> mention OVH, nothing is installed. The option is a no-op."
],
"remoteTitle": "Remote script piped to bash",
"remoteBody": "The installation runs <code>wget -qO - https://…apply.sh | bash</code>. If the OVH mirror is ever compromised, the script executes as root on your host. Before enabling this option, decide whether you trust OVH's mirror chain more than the monitoring you gain. For most home-lab or non-OVH users this option should simply stay off.",
"noOpTitle": "Only enable if the host is actually at OVH",
"noOpBody": "The option is a no-op on non-OVH servers, so ticking it on a home-lab Proxmox doesn't break anything. But there is a cosmetic bug today: even on non-OVH servers the script prints <em>\"Server belongs to OVH\"</em> at the end, which can be misleading. See the troubleshooting note below.",
"runsTitle": "What ProxMenux runs",
"verifyTitle": "Verification",
"verifyBody": "On a real OVH host, after a reboot you should see the <a>RTM dashboard</a> in your OVH Manager populated with live data for the host. On the Proxmox side, the RTM collector is a systemd service — check it directly:",
"troubleTitle": "Troubleshooting",
"spuriousTitle": "\"Server belongs to OVH\" but I'm not on OVH",
"spuriousBody": "This is a known cosmetic quirk in the current script: the success message fires outside the OVH-detected conditional, so it prints on every run. If the RTM install did <em>not</em> actually happen (check <code>systemctl status ovh-rtm</code> — it will not exist), the message is spurious and can be ignored. Nothing was installed on your host.",
"revertTitle": "Not reversible from the Uninstall menu",
"revertBody": "There is no dedicated uninstall entry for RTM. On a real OVH host, remove the packages manually with <code>apt purge ovh-*</code> and delete any puppet manifests under <code>/etc/puppet/</code> that RTM installed. On a non-OVH host, nothing was ever installed, so there's nothing to revert."
},
"related": {
"heading": "Related",
"items": [
{
"label": "ProxMenux Monitor",
"href": "/docs/settings/proxmenux-monitor",
"tail": " — local web dashboard for the host (works on any provider, not just OVH)."
},
{
"label": "Useful System Commands",
"href": "/docs/help-info/system-commands",
"tail": " — local-host monitoring reference."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

126
web/messages/en/docs/post-install/network.json Normal file
View File

@@ -0,0 +1,126 @@
{
"meta": {
"title": "Post-Install: Network | ProxMenux Documentation",
"description": "Network-related optimizations in the ProxMenux Customizable post-install script: force APT over IPv4, apply a curated sysctl tuning profile, install Open vSwitch, enable TCP BBR + Fast Open, and pin interface names to their MAC addresses."
},
"header": {
"title": "Post-Install: Network",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Five independent network options. Two are small (<strong>APT over IPv4</strong>, <strong>Open vSwitch install</strong>), two tune TCP behaviour (<strong>network sysctl profile</strong>, <strong>BBR + Fast Open</strong>), and one fixes a common operational headache — <strong>pinning interface names</strong> so a new NIC or a BIOS update doesn't rename <code>enp3s0</code> to <code>enp4s0</code> and break your bridges."
},
"ipv4": {
"heading": "Force APT to use IPv4",
"intro": "Writes <code>Acquire::ForceIPv4 \"true\";</code> to <code>/etc/apt/apt.conf.d/99-force-ipv4</code>. APT then refuses to use IPv6 for package downloads, even if the host has IPv6 connectivity.",
"tipTitle": "Who benefits",
"tipBody": "Useful when your IPv6 path is flaky, slower than IPv4, or the Debian/Proxmox mirror occasionally breaks over IPv6 (it happens). Harmless on hosts without IPv6. On a healthy dual-stack network, it's just a guarantee of predictable behaviour — apt won't surprise you with an IPv6 timeout."
},
"sysctl": {
"heading": "Apply network optimizations",
"intro": "Writes a curated sysctl profile to <code>/etc/sysctl.d/99-network.conf</code> covering core socket buffers, ICMP hardening, basic spoof protection, and TCP buffer sizes that make sense on a hypervisor with lots of concurrent flows.",
"tunedTitle": "What gets tuned",
"headerArea": "Area",
"headerSettings": "Key settings",
"rows": [
{
"area": "Core socket buffers",
"settings": "<code>netdev_max_backlog=8192</code>, <code>rmem_max=16M</code>, <code>wmem_max=16M</code>, <code>somaxconn=8192</code>"
},
{
"area": "ICMP hardening",
"settings": "<code>icmp_echo_ignore_broadcasts=1</code>, <code>icmp_ignore_bogus_error_responses=1</code>"
},
{
"area": "Routing safety",
"settings": "<code>accept_redirects=0</code>, <code>accept_source_route=0</code>, <code>secure_redirects=0</code>, <code>send_redirects=0</code>"
},
{
"area": "Reverse path filter",
"settings": "<code>rp_filter=2</code> (loose mode, see note below)"
},
{
"area": "TCP",
"settings": "<code>tcp_mtu_probing=1</code>, <code>tcp_rfc1337=1</code>, <code>tcp_sack=1</code>, <code>tcp_rmem=8K/87K/16M</code>, <code>tcp_wmem=8K/64K/16M</code>"
},
{
"area": "Ports",
"settings": "<code>ip_local_port_range=1024 65535</code> (ephemeral port pool)"
},
{
"area": "Unix sockets",
"settings": "<code>net.unix.max_dgram_qlen=4096</code>"
}
],
"sourceOutro": "It also adds <code>source /etc/network/interfaces.d/*</code> to <code>/etc/network/interfaces</code> if not already present — standard practice so you can drop modular interface snippets without editing the main file.",
"rpFilterTitle": "Why rp_filter=2 (loose) instead of 1 (strict)",
"rpFilterBody": "Strict reverse-path filtering drops packets whose source would be routed out a <em>different</em> interface. That's the right default on a client machine, but breaks badly on a Proxmox host where VM traffic often arrives on a bridge and leaves on an uplink with asymmetric routes. <code>rp_filter=2</code> (loose) only drops packets with truly unroutable sources. It's a pragmatic trade-off — slight reduction in local-IP-spoof detection in exchange for not breaking your VM network."
},
"ovs": {
"heading": "Install Open vSwitch",
"intro": "Installs <code>openvswitch-switch</code> + <code>openvswitch-common</code>. These packages add OVS as a bridge implementation alternative to the standard Linux bridges that Proxmox uses by default. The install alone doesn't change any networking — existing <code>vmbrX</code> bridges keep working. OVS becomes available in the Proxmox UI when you <em>create</em> a new bridge and pick it from the type dropdown.",
"tipTitle": "When OVS makes sense",
"tipBody": "Consider OVS if you need <strong>VLAN trunking with non-contiguous VLAN IDs</strong>, <strong>LACP with LLDP on specific modes</strong>, <strong>fine-grained flow programming</strong> (OpenFlow), or interoperation with SDN controllers. For a home lab with a couple of VLANs and a single LACP uplink, standard Linux bridges + <code>vmbrX.VID</code> are simpler and perfectly fine.",
"revertTitle": "Not reversible from the Uninstall menu",
"revertBody": "Installing OVS is not tracked in Uninstall Optimizations. If you decide you don't want it, remove it manually — but only after migrating any bridges back to Linux bridges first:"
},
"bbr": {
"heading": "Enable TCP BBR + TCP Fast Open",
"intro": "Writes two sysctl files and reloads them. BBR replaces the default CUBIC congestion control with Google's bandwidth-based algorithm, which handles long-fat pipes and lossy links much better. TCP Fast Open (TFO) eliminates a round trip on repeat TCP connections by piggy-backing data on the SYN.",
"verifyTitle": "Verification",
"impactTitle": "Impact is workload-dependent",
"impactBody": "BBR shines on high-latency or lossy links (cross-continent replication, VPN tunnels, mobile clients). On a LAN between two machines on the same switch, the difference is often within noise. TFO helps short, repeated HTTP connections the most.",
"revertTitle": "Not reversible from the Uninstall menu",
"revertBody": "BBR/TFO aren't tracked. To revert, remove the two sysctl files and reload:"
},
"names": {
"heading": "Interface Names (persistent)",
"intro": "Iterates over every physical NIC the host has (skipping loopback, Docker veths, bridges, TAP devices, bonds, Cilium, ZeroTier, WireGuard) and writes a systemd <code>.link</code> file binding the current interface name to the current MAC address. The kernel's naming logic can then no longer rename that NIC — the MAC wins.",
"whyTitle": "Why this matters",
"whyItems": [
"Adding or removing PCIe devices can shift the bus numbering, turning <code>enp3s0</code> into <code>enp4s0</code>. If your <code>/etc/network/interfaces</code> references the old name, the bridge vanishes on reboot.",
"BIOS / firmware updates sometimes change how devices enumerate, with the same effect.",
"LXC containers with <code>hotplug</code> NICs and bonded links can race on boot and end up named inconsistently. Pinning fixes that."
],
"writtenTitle": "What gets written",
"writtenIntro": "One file per physical NIC, at <code>/etc/systemd/network/10-&lt;iface&gt;.link</code>:",
"writtenOutro": "Any pre-existing <code>.link</code> files in that directory are copied to <code>/etc/systemd/network/backup-&lt;timestamp&gt;/</code> before touching anything.",
"pveTitle": "PVE 9 vs PVE 8",
"pveBody": "On Proxmox VE 9 (<code>systemd-networkd</code> native), the script reloads udev rules after writing the <code>.link</code> files so new hotplug NICs pick up the correct name without a reboot. On PVE 8 (<code>ifupdown2</code>), interface naming is resolved at boot anyway — a reboot is required for the changes to take effect. The script sets the reboot flag either way so Customizable prompts you.",
"reviewTitle": "Review existing /etc/network/interfaces first",
"reviewBody": "If your host has legacy configuration in <code>/etc/network/interfaces</code> that references NIC names generated by the kernel's default scheme, pinning <em>today's</em> names is exactly what you want. But if you've already manually customised the config around specific names, double-check the pinning matches what the interfaces file expects before rebooting.",
"revertTitle": "Reversible from the Uninstall menu",
"revertBody": "<link>Uninstall Optimizations</link> deletes every <code>.link</code> file from <code>/etc/systemd/network/</code>, restoring the kernel's default naming on next reboot. The timestamped backup of the original files stays behind in case you need to restore specific ones manually."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Network Management",
"href": "/docs/network",
"tail": " — diagnostics, bridge analysis, guided repairs."
},
{
"label": "Persistent interface names",
"href": "/docs/network/persistent-names",
"tail": " — same idea exposed as its own menu later (use either, not both)."
},
{
"label": "Network commands reference",
"href": "/docs/help-info/network-commands",
"tail": " — ip, ss, ethtool, sysctl."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — revert any of these network changes."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

143
web/messages/en/docs/post-install/optional.json Normal file
View File

@@ -0,0 +1,143 @@
{
"meta": {
"title": "ProxMenux Post-Install: Optional Settings",
"description": "Guide to Optional Settings in the ProxMenux post-install script for additional Proxmox VE features and optimizations.",
"ogTitle": "ProxMenux Post-Install: Optional Settings",
"ogDescription": "Guide to Optional Settings in the ProxMenux post-install script for additional Proxmox VE features and optimizations.",
"ogImageAlt": "ProxMenux Post-Install Optional Settings"
},
"title": "Optional Settings",
"intro": "The <strong>Optional Settings</strong> category provides additional features and optimizations that you can choose to apply to your Proxmox VE installation. These settings are not essential but can enhance your system's capabilities in specific scenarios.",
"available": "Available Optional Features",
"ceph": {
"title": "Add Latest Ceph Support",
"intro": "This option installs the latest Ceph storage system support for Proxmox VE. Ceph is a distributed storage system that provides high performance, reliability, and scalability.",
"doesIntro": "What it does:",
"doesItems": [
"Adds the Ceph repository to your system",
"Updates package lists",
"Installs Ceph packages using the 'pveceph install' command",
"Verifies the installation"
],
"howUse": "How to use: After installation, you can configure and manage Ceph storage using the Proxmox VE web interface or command-line tools.",
"automates": "This adjustment automates the following commands:"
},
"amd": {
"title": "Apply AMD CPU Fixes",
"intro": "This option applies specific fixes for AMD EPYC and Ryzen CPUs to improve stability and compatibility.",
"doesIntro": "What it does:",
"doesItems": [
"Detects if an AMD EPYC or Ryzen CPU is present",
"Applies kernel parameter 'idle=nomwait' to prevent random crashes",
"Configures KVM to ignore certain MSRs (Model Specific Registers) for better Windows guest compatibility",
"Installs the latest Proxmox VE kernel"
],
"howUse": "How to use: These fixes are applied automatically and require a system reboot to take effect.",
"automates": "This adjustment automates the following commands:"
},
"ha": {
"title": "Enable High Availability Services",
"intro": "This option enables High Availability (HA) services in Proxmox VE, allowing for automatic failover of VMs and containers in case of node failure.",
"doesIntro": "What it does:",
"doesItems": [
"Enables and starts the pve-ha-lrm (Local Resource Manager) service",
"Enables and starts the pve-ha-crm (Cluster Resource Manager) service",
"Enables and starts the corosync service for cluster communication"
],
"howUse": "How to use: After enabling these services, you can configure HA groups and resources in the Proxmox VE web interface.",
"automates": "This adjustment automates the following commands:"
},
"testing": {
"title": "Enable Proxmox Testing Repository",
"intro": "This option enables the Proxmox testing repository, allowing access to the latest, potentially unstable versions of Proxmox VE packages.",
"doesIntro": "What it does:",
"doesItems": [
"Adds the Proxmox testing repository to the system's package sources",
"Creates a new file in /etc/apt/sources.list.d/ for the testing repository",
"Updates the package lists to include packages from the new repository"
],
"howUse": "How to use: After enabling this repository, you can update and upgrade your system to get the latest testing versions of Proxmox VE packages. Use with caution as these versions may be unstable.",
"manualIntro": "To manually add the Proxmox testing repository, you can use these commands:",
"noteLabel": "Note:",
"noteBody": "$(lsb_release -cs) automatically detects your Proxmox VE version codename (e.g., bullseye).",
"warnLabel": "Warning:",
"warnBody": "Enabling the testing repository may lead to system instability. It's recommended for testing environments only."
},
"fastfetch": {
"title": "Install and Configure Fastfetch",
"intro": "This option silently installs and configures Fastfetch, a system information tool that displays system specs and a custom logo at login.",
"doesLabel": "What it does:",
"doesItems": [
"Silently downloads and installs the latest version of Fastfetch",
"Allows you to choose a custom logo (<strong>ProxMenux, Proxmox, Helper-Scripts, Home-Labs-Club, Proxmology</strong>, or a custom one)",
"Configures Fastfetch to display <em>\"System optimised by ProxMenux\"</em>",
"Sets up Fastfetch to run automatically at console login"
],
"importantLabel": "Important:",
"importantBody": "If you connect to Proxmox via SSH, you should select the <strong>Proxmox</strong> logo or create a custom one using <code>jp2a</code> or <code>img2txt</code>. The other logos are generated using <code>chafa</code> and may not display correctly in a standard SSH session.",
"customLabel": "Custom Logos:",
"customBody1": "To use a custom logo, place your ASCII art text file in: <code>/usr/local/share/fastfetch/logos/</code>",
"customBody2": "You can create custom logos using tools like <code>chafa</code>, <code>jp2a</code>, or <code>img2txt</code>.",
"customBody3": "For best results:",
"customItems": [
"Keep the logo height to 35 lines or less to maintain proportions and fit in the terminal",
"Use <code>chafa</code> for color logos (may not display correctly in SSH sessions)",
"Use <code>jp2a</code> or <code>img2txt</code> for SSH-compatible logos"
],
"examplesLabel": "Example Logos:",
"logos": [
{
"name": "ProxMenux",
"alt": "ProxMenux Logo",
"src": "https://macrimi.github.io/ProxMenux/fastfetch/proxmenux.png"
},
{
"name": "Proxmox",
"alt": "Proxmox Logo",
"src": "https://macrimi.github.io/ProxMenux/fastfetch/proxmox.png"
},
{
"name": "JC Channel",
"alt": "JC Channel Logo",
"src": "/fastfetch/jc-channel.png"
},
{
"name": "Helper-Scripts",
"alt": "Helper-Scripts Logo",
"src": "https://macrimi.github.io/ProxMenux/fastfetch/helper-scripts.png"
},
{
"name": "Home-Labs-Club",
"alt": "Home-Labs-Club Logo",
"src": "https://macrimi.github.io/ProxMenux/fastfetch/home-labs-club.png"
},
{
"name": "Proxmology",
"alt": "Proxmology Logo",
"src": "https://macrimi.github.io/ProxMenux/fastfetch/proxmology.png"
}
],
"automates": "This adjustment automates the following commands:"
},
"figurine": {
"title": "Install and Configure Figurine",
"intro": "This option installs and configures Figurine, a tool that creates stylish ASCII text banners for your terminal, displaying your hostname in a visually appealing 3D format.",
"doesLabel": "What it does:",
"doesItems": [
"Downloads and installs Figurine v2.0.0 from GitHub",
"Creates a welcome message that displays your hostname in 3D ASCII art when you log in",
"Automatically removes any previous Figurine installation if present",
"Sets up the welcome message to run automatically at login"
],
"practicalLabel": "Practical Use:",
"practicalBody": "When managing multiple Proxmox nodes in a cluster, Figurine provides an immediate visual indication of which node you're currently logged into. This helps prevent accidental commands on the wrong node and improves your workflow when managing multiple servers.",
"exampleLabel": "Example Output:",
"imageAlt": "Figurine Example Output",
"automates": "This adjustment automates the following process:",
"outro": "After installation, you'll see your hostname displayed in 3D ASCII art each time you log in, making it immediately clear which Proxmox node you're working on."
},
"autoApplication": {
"title": "Automatic Application",
"body": "These optional features are applied only when specifically selected during the post-install process. Each feature can be individually chosen based on your specific needs and preferences."
}
}

60
web/messages/en/docs/post-install/performance.json Normal file
View File

@@ -0,0 +1,60 @@
{
"meta": {
"title": "Post-Install: Performance | ProxMenux Documentation",
"description": "Performance options in the ProxMenux Customizable post-install script. Replaces single-threaded gzip with pigz (parallel gzip) for faster backups and compression on multi-core hosts."
},
"header": {
"title": "Post-Install: Performance",
"description": "Performance options inside the Customizable post-install script. Currently this category contains a single optimization: replacing gzip with pigz so backups and compression use every CPU core instead of one.",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "The only performance option here rewires the system's gzip to a parallel implementation. Other performance-related tweaks (memory tuning, I/O scheduling, ZFS ARC sizing, kernel limits) live under their own categories (<em>System</em>, <em>Storage</em>) because they affect different subsystems."
},
"pigz": {
"heading": "Use pigz for faster gzip compression",
"intro": "Standard <code>gzip</code> compresses data using a <strong>single CPU core</strong>. On modern Proxmox hosts with 8, 16 or 32 cores, that is a huge bottleneck during <code>vzdump</code> VM/CT backups, log rotation, and anything else that pipes through <code>gzip</code>. <a>pigz</a> is a drop-in parallel replacement: same gzip-compatible output, but it spreads the work across every core.",
"doesTitle": "What ProxMenux does",
"doesIntro": "Four steps, all idempotent:",
"doesItems": [
"Sets <code>pigz: 1</code> in <code>/etc/vzdump.conf</code> so Proxmox's backup tool uses pigz natively.",
"Installs the <code>pigz</code> apt package if not already present.",
"Writes a wrapper script at <code>/bin/pigzwrapper</code> that forwards every argument to <code>/usr/bin/pigz</code>.",
"Moves the original <code>/bin/gzip</code> aside to <code>/bin/gzip.original</code> and replaces <code>/bin/gzip</code> with the wrapper. From now on, <em>anything</em> that calls <code>gzip</code> — logrotate, <code>tar czf</code>, scripts, vzdump — uses pigz transparently."
],
"replacesTitle": "This replaces a system binary",
"replacesBody": "Replacing <code>/bin/gzip</code> with a wrapper is unusual. It is safe (the wrapper produces gzip-compatible output), but worth knowing: scripts that hardcode paths, run inside restrictive chroots, or verify binary hashes may behave differently. The original binary is preserved as <code>/bin/gzip.original</code> so you can always swap it back.",
"revertTitle": "Not reversible from the Uninstall menu",
"revertBody": "This optimization is applied by Customizable, but <strong>does not currently have a matching entry in the Uninstall Optimizations menu</strong>. To revert it by hand, restore the original gzip and clear the wrapper:",
"verifyTitle": "Verification",
"verifyBody": "After applying, <code>gzip --version</code> should mention pigz. A quick benchmark also shows the speed difference on a multi-core host:",
"whenTitle": "When this matters most",
"whenBody": "The impact scales with <strong>how many cores the host has</strong> and <strong>how often you run backups</strong>. On a 2-core home-lab box with one daily vzdump, the benefit is marginal. On a 16-core production host backing up a dozen VMs every night, pigz can cut the backup window to a fraction of what single-threaded gzip takes."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Backup and Restore commands",
"href": "/docs/help-info/backup-commands",
"tailRich": " — vzdump CLI reference, including <code>--pigz</code> threads option."
},
{
"label": "Storage",
"href": "/docs/post-install/storage",
"tail": " — vzdump speed limits and ZFS ARC tuning."
},
{
"label": "System",
"href": "/docs/post-install/system",
"tail": " — file-descriptor and memory tuning."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

57
web/messages/en/docs/post-install/security.json Normal file
View File

@@ -0,0 +1,57 @@
{
"meta": {
"title": "Post-Install: Security | ProxMenux Documentation",
"description": "Security options available in the ProxMenux Customizable post-install script. Currently a single option: disable the portmapper/rpcbind service to reduce the host's attack surface."
},
"header": {
"title": "Post-Install: Security",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Post-install security is limited to <strong>host hardening that is safe to apply unattended</strong> — things that disable services almost nobody needs and that can be undone from the Uninstall menu. Active security tooling (Fail2Ban for intrusion prevention, Lynis for auditing) lives under the dedicated <em>Security</em> entry on ProxMenux's main menu, not here in post-install."
},
"rpcbind": {
"heading": "Disable portmapper / rpcbind",
"intro": "<code>rpcbind</code> (formerly <code>portmap</code>) is a service that maps RPC program numbers to network ports. It is a dependency for NFS and some legacy RPC-based tools. On a typical Proxmox host that is not acting as an NFS server, <strong>nothing uses it</strong> — and leaving it enabled keeps port <code>111/tcp</code> listening on every interface.",
"whyTitle": "Why it's worth disabling",
"whyItems": [
"Reduces the host attack surface — one less listening service to worry about.",
"Historically abused as a reflection/amplification vector in DDoS attacks. Disabling <code>rpcbind</code> removes that amplification factor for your host.",
"Removes the noise it generates in logs and <code>netstat</code> / <code>ss</code> output, making real activity easier to spot."
],
"nfsTitle": "Don't disable this if you use NFS",
"nfsBody": "NFS server <strong>and</strong> NFS client rely on <code>rpcbind</code> to negotiate the ports used by <code>mountd</code>, <code>statd</code>, <code>lockd</code>, etc. If your Proxmox host either <em>exports</em> NFS shares to other machines or <em>mounts</em> NFS shares from a NAS, do not apply this option. Mounts will fail with <code>mount.nfs: rpc.statd is not running</code> or similar.",
"runsTitle": "What ProxMenux runs",
"runsOutro": "The package stays installed (so you or another tool can re-enable it later). The service unit is disabled so the service does not come back on reboot.",
"verifyTitle": "Verification",
"verifyBody": "After applying, confirm <code>rpcbind</code> is off and nothing is listening on port 111:",
"reversibleTitle": "Reversible from the Uninstall menu",
"reversibleBody": "This change is tracked. Open <link>Uninstall Optimizations</link> and pick <em>RPC Disable</em> to restore it. Nothing is purged from the system — just re-enable the service and it starts again."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Security menu",
"href": "/docs/security",
"tail": " — heavier hitters: Fail2Ban (intrusion prevention) and Lynis (audit)."
},
{
"label": "Lynis",
"href": "/docs/security/lynis",
"tail": " — audit the host to find more hardening opportunities."
},
{
"label": "Useful System Commands",
"href": "/docs/help-info/system-commands",
"tail": " — service status, journalctl, lynis audit reference."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

158
web/messages/en/docs/post-install/storage.json Normal file
View File

@@ -0,0 +1,158 @@
{
"meta": {
"title": "Post-Install: Storage | ProxMenux Documentation",
"description": "Storage optimizations in the ProxMenux Customizable post-install script: ZFS ARC sizing based on host RAM, zfs-auto-snapshot for periodic snapshots, and vzdump backup speed limits removal."
},
"header": {
"title": "Post-Install: Storage",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Three storage-related optimizations: tune the <strong>ZFS ARC</strong> cache size to a sensible fraction of host RAM, install and schedule <strong>ZFS auto-snapshots</strong>, and remove throttles from <strong>vzdump</strong> so backups run at full speed. All three are independent — pick the ones that match your setup."
},
"notTrackedTitle": "None of these are in the Uninstall menu",
"notTrackedBody": "Unlike most post-install optimizations, the three Storage options are <strong>not currently tracked</strong> in the Uninstall Optimizations flow. If you apply them and later want to revert, you'll have to do it by hand. The manual rollback commands are shown below each section.",
"arc": {
"heading": "Optimize ZFS ARC size",
"intro": "The <strong>Adaptive Replacement Cache (ARC)</strong> is ZFS's in-memory read cache. Without explicit tuning, ZFS happily grabs up to half the host RAM for itself, which is excessive on a Proxmox host that also needs memory for VMs and LXCs. This option caps ARC to a sane fraction of total RAM based on the size of the machine.",
"sizingTitle": "Sizing rules",
"headerRam": "Host RAM",
"headerMin": "ARC min",
"headerMax": "ARC max",
"rows": [
{
"ram": "≤ 16 GB",
"min": "512 MB",
"max": "512 MB"
},
{
"ram": "17 32 GB",
"min": "1 GB",
"max": "1 GB"
},
{
"ram": "> 32 GB",
"min": "RAM / 16",
"max": "RAM / 8"
}
],
"after": "On a 64 GB host, that means 4 GB min / 8 GB max for ARC. The config is written to <code>/etc/modprobe.d/99-zfsarc.conf</code> and enables a few extra ZFS tunables (L2ARC prefetch on, L2ARC write max at 500 MB, longer TXG timeout).",
"rebootTitle": "Requires a reboot to take effect",
"rebootBody": "ARC settings are read when the <code>zfs</code> kernel module loads. They do <strong>not</strong> apply on a live system — you'll need to reboot the host for the cap to kick in. The script sets the \"reboot required\" flag automatically.",
"safeTitle": "Safe on non-ZFS hosts",
"safeBody": "The function checks for the <code>zfs</code> command before touching anything. On ext4 / LVM-only Proxmox hosts, ticking this option is a no-op — nothing gets written.",
"verifyTitle": "Verification and manual rollback"
},
"autoSnap": {
"heading": "Install ZFS auto-snapshot",
"intro": "Installs the <a>zfs-auto-snapshot</a> package and rewrites its cron schedules so snapshots are taken automatically at several intervals. A great no-effort safety net on top of your regular vzdump backups.",
"cadenceTitle": "Snapshot cadence ProxMenux configures",
"headerLabel": "Label",
"headerRuns": "Runs",
"headerKept": "Snapshots kept",
"rows": [
{
"label": "frequent",
"runs": "every 15 min",
"kept": "4"
},
{
"label": "hourly",
"runs": "every hour",
"kept": "1"
},
{
"label": "daily",
"runs": "once a day",
"kept": "1"
},
{
"label": "weekly",
"runs": "once a week",
"kept": "1"
},
{
"label": "monthly",
"runs": "once a month",
"kept": "1"
}
],
"conservativeTitle": "Conservative keep counts",
"conservativeBody": "ProxMenux ships with conservative retention (just 4 frequent + 1 of each longer interval) so ZFS snapshot storage doesn't balloon. If you want longer retention, edit the numbers in <code>/etc/cron.d/zfs-auto-snapshot</code>, <code>/etc/cron.hourly/zfs-auto-snapshot</code>, etc. after the script runs.",
"onlyZfsTitle": "Only useful on ZFS pools",
"onlyZfsBody": "Installing the package on an ext4-only host is harmless but pointless — there are no ZFS datasets for it to snapshot. Skip this option if you don't use ZFS.",
"verifyTitle": "Verification and manual rollback"
},
"autotrim": {
"heading": "Enable ZFS autotrim (SSD/NVMe pools)",
"intro": "Enables the <code>autotrim</code> property on every ZFS pool that is backed exclusively by SSDs or NVMe drives with TRIM support. Pools that include a single HDD vdev are skipped automatically — TRIM on rotational drives is meaningless and ZFS will refuse it. Pools that were already set to <code>autotrim=on</code> are left as they are.",
"trimTitle": "What TRIM does, and why it matters on ZFS",
"trimBody1": "SSDs / NVMe drives manage internal storage in fixed-size erase blocks that are much larger than the logical sectors the filesystem talks to. When a filesystem deletes a file, the drive doesn't know — it still thinks those sectors are in use, so its internal garbage collector keeps shuffling stale data around to free new erase blocks. <strong>TRIM</strong> is the standard command the OS uses to tell the drive \"these sectors are now free, you can erase them ahead of time\".",
"trimBody2": "Without TRIM, SSD performance degrades over time as the drive runs out of pre-erased blocks and has to do erase-on-write, and write amplification increases — both shortening the drive's useful life. With TRIM enabled, the drive can keep a healthy pool of empty blocks ready to write into.",
"trimBody3": "On ZFS, <code>autotrim=on</code> is the modern equivalent of the periodic <code>zpool trim &lt;pool&gt;</code> command — instead of having to remember to run a trim manually (or schedule one), the pool issues TRIM commands automatically and continuously as blocks become free. It's low-overhead and the recommended setting for SSD-backed pools.",
"practicalTitle": "Why is this practical to enable?",
"practicalItems": [
"<strong>Sustained write performance.</strong> SSDs that never see TRIM commands slow down measurably over months. Autotrim keeps the controller's job easier.",
"<strong>Drive longevity.</strong> Lower write amplification means fewer total NAND writes for the same amount of data — measurable in years of useful life for the disk.",
"<strong>No scheduled cron job to remember.</strong> Unlike a periodic <code>zpool trim</code>, autotrim is fire-and-forget — the pool handles it on its own."
],
"whenTitle": "When is this necessary?",
"whenIntro1": "<strong>You should enable it</strong> on any ZFS pool whose vdevs are all SSD or NVMe with TRIM support — the typical Proxmox install on consumer or enterprise SSDs.",
"whenIntro2": "<strong>The script skips it automatically</strong> on:",
"whenSkipItems": [
"Pools containing any HDD (rotational) vdev — TRIM is meaningless there.",
"Drives without <code>discard_granularity</code> exposed in sysfs — usually old SSDs without TRIM, or pass-through paths where the OS can't see the underlying device.",
"Pools where ZFS itself reports the property unsupported (rare; very old pools).",
"Pools already set to <code>autotrim=on</code> (no-op)."
],
"whenIntro3": "<strong>Not relevant on ext4-only hosts</strong> — there's nothing for ZFS to trim. The function exits with a friendly message in that case.",
"recordedTitle": "Why only the pools ProxMenux changed are recorded",
"recordedBody": "The function only writes a pool to its internal state file (<code>/usr/local/share/proxmenux/zfs_autotrim_pools</code>) when it actively flipped that pool from <code>off</code> to <code>on</code>. Pools you had on autotrim before running the script are left out of the list, so a future Uninstall doesn't turn off settings you configured yourself — only ProxMenux's own changes are reverted.",
"manualTitle": "Manual equivalent (run on your server)",
"manualIntro": "The full sequence the script runs against each pool is replicable by hand. This is what you would type if you wanted to do the same thing on a single pool without ProxMenux:",
"verifyTitle": "Verification and manual rollback",
"oneShotTitle": "Need a one-shot trim instead of continuous?",
"oneShotBody": "Some operators prefer a manual trim during off-peak hours rather than continuous trim activity. Disable autotrim and schedule a cron job that runs <code>zpool trim &lt;pool&gt;</code> — same end goal, different cadence."
},
"vzdump": {
"heading": "Increase vzdump backup speed",
"intro": "By default, Proxmox vzdump throttles backups to protect running VMs/CTs from IO starvation. On many setups that throttle is more conservative than needed. This option removes the bandwidth cap and lowers the I/O priority so vzdump can saturate the storage path during backup windows.",
"changedTitle": "What gets changed in /etc/vzdump.conf",
"noBackupTitle": "No backup of vzdump.conf",
"noBackupBody": "The script <strong>edits <code>/etc/vzdump.conf</code> in place</strong> without creating a <code>.bak</code> first. If you had custom values there (bwlimit, ionice, compress, pigz, tmpdir, exclude-path, etc.), the changes to <em>those two lines</em> are made with <code>sed</code> — surrounding config is preserved — but there's no \"undo\" snapshot. Make a manual backup if your config is non-trivial: <code>cp /etc/vzdump.conf /etc/vzdump.conf.pre-proxmenux</code>.",
"skipTitle": "When to skip this",
"skipBody": "On a host with slow local storage and VMs that are latency-sensitive, removing the bandwidth cap can cause noticeable slowdowns during backups. If you've previously set a specific <code>bwlimit</code> for that reason, keep it — skip this option.",
"verifyTitle": "Verification and manual rollback"
},
"related": {
"heading": "Related",
"items": [
{
"label": "ZFS Management commands",
"href": "/docs/help-info/zfs-commands",
"tail": " — zpool / zfs reference for ARC, snapshots, scrub."
},
{
"label": "Storage and Disks commands",
"href": "/docs/help-info/storage-commands",
"tail": " — generic block-device and Proxmox storage reference."
},
{
"label": "Backup and Restore commands",
"href": "/docs/help-info/backup-commands",
"tail": " — vzdump CLI reference (now without the legacy bwlimit / ionice caps)."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — revert ARC / vzdump changes."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

133
web/messages/en/docs/post-install/system.json Normal file
View File

@@ -0,0 +1,133 @@
{
"meta": {
"title": "Post-Install: System | ProxMenux Documentation",
"description": "System-level optimizations in the ProxMenux Customizable post-install script: journald and logrotate size limits, higher kernel and file-descriptor limits, balanced memory tuning, kexec for quick reboots, and kernel panic recovery."
},
"header": {
"title": "Post-Install: System",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Six independent, system-level optimizations. They tune <strong>journald</strong> and <strong>logrotate</strong> to stop logs from filling the disk, raise <strong>kernel and file-descriptor limits</strong> so applications with many open files don't hit ceilings, <strong>balance memory</strong> for a virtualization host, add <strong>kexec</strong> for \"reboots without the BIOS\", and configure <strong>automatic recovery</strong> on kernel panic. All six are tracked and reversible from the Uninstall menu."
},
"journald": {
"heading": "Optimize journald",
"intro": "Rewrites <code>/etc/systemd/journald.conf</code> with sane defaults so the systemd journal can't slowly eat your root partition, then restarts <code>systemd-journald</code> and vacuums existing logs.",
"keyTitle": "Key values",
"keyItems": [
"<code>Storage=persistent</code> — keep logs on disk across reboots.",
"<code>SystemMaxUse=64M</code> / <code>RuntimeMaxUse=60M</code> — hard caps on journal disk/memory usage.",
"<code>Compress=yes</code>, <code>Seal=no</code> — compress logs, skip forward-secure sealing (saves CPU).",
"<code>MaxLevelStore=info</code> — store info and above (required for ProxMenux Monitor's log viewer and for Fail2Ban to detect SSH/Proxmox auth failures from the journal).",
"Rate-limits: <code>1000 events / 30 s</code> to prevent log flooding.",
"<code>ForwardToSyslog=no</code>, <code>ForwardToWall=no</code> — don't duplicate messages to syslog or broadcast to consoles."
],
"tipTitle": "Why MaxLevelStore=info matters",
"tipBody": "Using a stricter level like <code>warning</code> makes ProxMenux Monitor's log viewer show nearly identical entries across all date ranges (because most activity is info-level), and it prevents Fail2Ban from seeing failed logins. If you want less log volume, rely on the <code>SystemMaxUse</code> cap and <code>RateLimitBurst</code> instead of lowering the stored level."
},
"logrotate": {
"heading": "Optimize logrotate",
"intro": "Rewrites <code>/etc/logrotate.conf</code> with a tighter policy suitable for a host that's also part of an SSD-protecting Log2RAM setup: daily rotation, 7-day retention, 10 MB size trigger, compression, and <code>copytruncate</code> so active services keep writing without reopening their log files. Original <code>logrotate.conf</code> is backed up to <code>.bak</code> on first apply.",
"tipTitle": "Log2RAM-friendly",
"tipBody": "The <code>size 10M</code> trigger means logs rotate on size <em>or</em> daily, whichever comes first. Combined with Log2RAM's RAM-backed <code>/var/log</code>, this keeps the working set small so flushes to disk stay cheap."
},
"limits": {
"heading": "Increase various system limits",
"intro": "Raises a bunch of kernel, systemd and PAM limits that default to values too low for a host running many VMs, containers and networked services.",
"headerFile": "File",
"headerSets": "What it sets",
"rows": [
{
"file": "/etc/sysctl.d/99-maxwatches.conf",
"sets": "<code>fs.inotify.max_user_watches / max_user_instances / max_queued_events = 1048576</code>"
},
{
"file": "/etc/sysctl.d/99-maxkeys.conf",
"sets": "<code>kernel.keys.maxkeys / root_maxkeys = 1000000</code>"
},
{
"file": "/etc/sysctl.d/99-swap.conf",
"sets": "<code>vm.swappiness = 10</code>, <code>vm.vfs_cache_pressure = 100</code>"
},
{
"file": "/etc/sysctl.d/99-fs.conf",
"sets": "<code>fs.nr_open / file-max = 2097152</code>, <code>fs.aio-max-nr = 1048576</code>"
},
{
"file": "/etc/security/limits.d/99-limits.conf",
"sets": "<code>nofile</code> and <code>nproc</code> to 1,048,576 (unlimited for root)"
},
{
"file": "/etc/systemd/system.conf + user.conf",
"sets": "<code>DefaultLimitNOFILE=1048576</code> for systemd services"
},
{
"file": "/etc/pam.d/common-session + runuser-l",
"sets": "<code>session required pam_limits.so</code> so the above apply to login shells"
},
{
"file": "/root/.profile",
"sets": "<code>ulimit -n 1048576</code> for the root shell"
}
],
"tipTitle": "Why inotify matters",
"tipBody": "Applications like Docker, Syncthing, Node.js watchers, Plex's library scanner and many more hit <code>max_user_watches</code> quickly. Default on Debian is 8192 — a single running Plex can exhaust it. 1M is generous and costs ~1 KB of RAM per watch, which is negligible."
},
"memory": {
"heading": "Optimize memory settings",
"intro": "Writes a balanced sysctl profile to <code>/etc/sysctl.d/99-memory.conf</code>. Designed for a hypervisor host — prefers keeping VM working sets in RAM and frees pages proactively so allocation bursts don't stall.",
"warnTitle": "swappiness=10 on memory-tight hosts",
"warnBody": "On a host with 16 GB RAM running many VMs, lowering swappiness can push the kernel to OOM-kill processes instead of swapping. If you're routinely seeing OOM events, raise swappiness back to 3060 in <code>/etc/sysctl.d/99-memory.conf</code> after the script runs."
},
"kexec": {
"heading": "Enable fast reboots (kexec)",
"intro": "Installs <code>kexec-tools</code> and wires it up so you can reboot the host straight into a new kernel <em>without going through BIOS/UEFI firmware</em>. On big servers where POST takes 45 90 seconds, this turns a reboot from a coffee break into a few seconds of downtime.",
"installsTitle": "What ProxMenux installs",
"installsItems": [
"Package <code>kexec-tools</code> (with debconf pre-answered so apt doesn't prompt during install).",
"Systemd unit <code>/etc/systemd/system/kexec-pve.service</code> — loads the Proxmox kernel and initrd into memory at boot, reusing the current cmdline.",
"An alias in <code>/root/.bash_profile</code>: <code>reboot-quick</code> → <code>systemctl kexec</code>."
],
"usageIntro": "Usage after the next reboot (or manual <code>systemctl start kexec-pve</code>):",
"warnTitle": "When not to use kexec",
"warnBody": "kexec skips firmware-level init. If you rely on BIOS/UEFI to reset hardware state — for example, a GPU doing passthrough that only resets cleanly on full POST, or a troublesome HBA firmware — kexec reboots may leave those devices in a half-initialized state. Use a normal <code>reboot</code> after kernel upgrades or when you need BIOS/UEFI changes to take effect. <code>reboot-quick</code> is for everyday restarts."
},
"panic": {
"heading": "Enable restart on kernel panic",
"intro": "Makes the kernel <strong>auto-reboot</strong> instead of sitting forever on a panic screen. Critical on headless/remote Proxmox hosts where a hung kernel means all your VMs are down until you can power-cycle the box.",
"tipTitle": "Pair this with remote console access",
"tipBody": "Auto-reboot is a recovery mechanism, not a debug tool. If you want to <em>investigate</em> a panic rather than just come back up, use <link>the kexec option</link> above with the kernel kdump support (not configured by ProxMenux) or capture a serial console to another host before enabling auto-reboot."
},
"verify": {
"heading": "Verification",
"intro": "After applying the System optimizations:",
"tipTitle": "Fully reversible",
"tipBody": "All six options are tracked in <code>installed_tools.json</code>, so they appear in <link>Uninstall Optimizations</link> if you want to back any of them out. Reverts restore the sysctl files' defaults, drop the systemd unit and alias for kexec, and reset journald/logrotate to stock Debian configs."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Useful System Commands",
"href": "/docs/help-info/system-commands",
"tail": " — verify the changes (free -h, journalctl, ulimit -a)."
},
{
"label": "Performance",
"href": "/docs/post-install/performance",
"tail": " — additional system-level tuning (pigz)."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — revert any of these changes."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}

210
web/messages/en/docs/post-install/uninstall.json Normal file
View File

@@ -0,0 +1,210 @@
{
"meta": {
"title": "Uninstall Optimizations | ProxMenux Documentation",
"description": "Reverse any post-install optimization applied by ProxMenux. Every change is tracked in a JSON registry, and every tool has a dedicated uninstaller that restores the original configuration."
},
"header": {
"title": "Uninstall Optimizations",
"description": "Reverse any change made by the Automated or Customizable post-install scripts. ProxMenux keeps a registry of every optimization it applied and has a dedicated reversal function for each one — pick which to revert, and the host goes back.",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "Why this exists",
"body": "Every tweak the post-install scripts apply is <strong>tracked</strong> in a JSON registry at <code>/usr/local/share/proxmenux/installed_tools.json</code>. That registry is what powers the uninstall flow — it shows you the list of optimizations currently applied, and a reversal function that restores the original state for each one (from backup files where possible, or by reinstalling the affected packages)."
},
"openMenu": {
"heading": "How to open it",
"body": "From ProxMenux's main menu, <strong>Settings post-install Proxmox → Uninstall optimizations</strong>. You will see a checklist of <em>currently applied</em> optimizations — items you have not applied don't show up.",
"imageAlt": "Uninstall Optimizations checklist showing items currently applied on the host, with checkboxes to select which to revert"
},
"howWorks": {
"heading": "How the reversal works",
"steps": [
{
"title": "Registry and auto-detection",
"body1": "On first run, ProxMenux walks the host looking for fingerprint files (e.g. <code>/etc/sysctl.d/99-memory.conf</code>, <code>/etc/apt/apt.conf.d/99-force-ipv4</code>, <code>haveged</code> package installed, Log2RAM service active…). Anything found is added to the registry as reversible, even if it was applied by an older ProxMenux version that predates the registry.",
"body2": "This migration only runs once. After that, every apply/revert updates the registry directly."
},
{
"title": "Pick what to revert",
"body1": "The checklist shows a human-readable label per item (e.g. <em>Memory Settings Optimization</em>, <em>IOMMU/VFIO PCI Passthrough</em>, <em>Log2RAM (SSD Protection)</em>). Tick the ones you want to reverse. Nothing you don't tick will be touched."
},
{
"title": "Reversal runs",
"body1": "For each selected item, ProxMenux calls its matching uninstall function. Most reversals follow one of three patterns:",
"items": [
"<strong>Backup-based</strong> — restore a <code>.bak</code> captured at apply time (bashrc, logrotate.conf, journald.conf, GRUB/kernel cmdline).",
"<strong>Delete-the-config</strong> — remove ProxMenux's <code>/etc/sysctl.d/99-*.conf</code>, <code>/etc/apt/apt.conf.d/99-*</code>, or systemd unit, then reload.",
"<strong>Package reinstall</strong> — for UI changes like the subscription banner, reinstall the upstream packages with <code>--force-confnew</code> to restore shipped configuration."
],
"body2": "Each reversal logs its progress. Items that require a reboot (VFIO, persistent interface names) set a flag that triggers the reboot prompt at the end."
},
{
"title": "Reboot if needed",
"body1": "If any reversed item modified kernel parameters, kernel modules, or network naming, you'll be offered a reboot. Otherwise the changes are live immediately."
}
]
},
"reversible": {
"heading": "What is reversible",
"intro": "Every optimization the post-install scripts apply has a matching uninstaller. Grouped here by area:",
"groups": [
{
"title": "Repositories & APT",
"items": [
{
"tool": "Subscription Banner Removal",
"restores": "Reinstalls pve-manager, proxmox-widget-toolkit, libjs-extjs and libpve-http-server-perl with force-confnew to restore the original UI files. Also clears cached .js / .gz copies."
},
{
"tool": "APT Language Skip",
"restores": "Removes /etc/apt/apt.conf.d/99-disable-translations. APT will download language packages again."
},
{
"tool": "APT IPv4 Force",
"restores": "Removes /etc/apt/apt.conf.d/99-force-ipv4."
}
]
},
{
"title": "Kernel, memory and system limits",
"items": [
{
"tool": "Memory Settings",
"restores": "Removes /etc/sysctl.d/99-memory.conf and reloads sysctl."
},
{
"tool": "Kernel Panic Configuration",
"restores": "Removes /etc/sysctl.d/99-kernelpanic.conf."
},
{
"tool": "System Limits Increase",
"restores": "Removes /etc/sysctl.d/99-maxwatches.conf, 99-maxkeys.conf, 99-swap.conf, 99-fs.conf and /etc/security/limits.d/99-limits.conf. Reverts PAM limits and systemd DefaultLimitNOFILE."
}
]
},
{
"title": "Networking",
"items": [
{
"tool": "Network Optimizations",
"restores": "Removes /etc/sysctl.d/99-network.conf and the proxmenux-fwbr-tune.service unit. Reloads sysctl and systemd."
},
{
"tool": "Persistent Interface Names",
"restores": "Removes every .link file from /etc/systemd/network/. Interface names return to systemd's default behaviour on next reboot."
}
]
},
{
"title": "Logging",
"items": [
{
"tool": "Journald Optimization",
"restores": "Rewrites /etc/systemd/journald.conf with vanilla defaults and restarts systemd-journald."
},
{
"tool": "Logrotate Optimization",
"restores": "Restores /etc/logrotate.conf from the .bak file captured before the change."
},
{
"tool": "Log2RAM",
"restores": "Stops and disables the service and timer. Purges cron jobs, systemd units, binaries, config files and the /var/log.hdd directory. Also uninstalls the apt package if it was installed that way."
},
{
"tool": "ZFS autotrim",
"restores": "Reads /usr/local/share/proxmenux/zfs_autotrim_pools (the list of pools ProxMenux actually changed) and runs zpool set autotrim=off on each one. Pools you set autotrim on manually before ProxMenux ran are not touched."
}
]
},
{
"title": "Shell & appearance",
"items": [
{
"tool": "Bashrc Customization",
"restores": "Restores /root/.bashrc from the .bak backup. If no backup exists, removes the PMX_CORE_BASHRC block by markers."
},
{
"tool": "Fastfetch",
"restores": "Removes the binary, config directory, update-motd hook and the bashrc block. Purges the apt package if installed."
},
{
"tool": "Figurine",
"restores": "Removes the binary, profile.d entry and the alias block in bashrc/profile."
}
]
},
{
"title": "Hardware & virtualization",
"items": [
{
"tool": "IOMMU / VFIO",
"restores": "Removes vfio modules from /etc/modules, the nouveau / radeon / nvidia blacklist entries, and intel_iommu=on / amd_iommu=on / iommu=pt / pcie_acs_override parameters from /etc/kernel/cmdline (ZFS) or GRUB. Rebuilds initramfs."
},
{
"tool": "AMD CPU fixes (Ryzen/EPYC)",
"restores": "Removes idle=nomwait from kernel cmdline (ZFS) or GRUB, and the ignore_msrs / report_ignored_msrs options from /etc/modprobe.d/kvm.conf."
}
]
},
{
"title": "Services & extras",
"items": [
{
"tool": "Time Synchronization",
"restores": "Sets timezone back to UTC (safe default) via timedatectl."
},
{
"tool": "Entropy Generation (haveged)",
"restores": "Stops, disables and purges the haveged package."
},
{
"tool": "kexec (fast reboots)",
"restores": "Disables kexec-pve.service, removes the unit file and the reboot-quick alias, purges kexec-tools."
}
]
}
]
},
"edge": {
"heading": "Edge cases and caveats",
"packageTitle": "Package reinstall touches live Proxmox packages",
"packageBody": "Reverting <strong>Subscription Banner Removal</strong> reinstalls <code>pve-manager</code>, <code>proxmox-widget-toolkit</code>, <code>libjs-extjs</code> and <code>libpve-http-server-perl</code> with <code>--force-confnew</code>. This is generally safe but does touch the running web UI — refresh your browser afterwards, and expect a few seconds of reconnection. Don't run this in the middle of a migration or clone operation.",
"rebootTitle": "Persistent names and VFIO need a reboot",
"rebootBody": "Removing the <code>.link</code> files (<em>Persistent Interface Names</em>) and reverting <em>IOMMU/VFIO</em> do not affect the running system — they only matter after a reboot. ProxMenux sets the reboot flag automatically for these.",
"perItemTitle": "You can revert one thing and keep the rest",
"perItemBody": "The uninstaller operates per-item. If you only want to remove Log2RAM but keep the network tuning and bashrc changes, tick only <em>Log2RAM</em>. Nothing else is touched, and the registry is updated accordingly."
},
"inspect": {
"heading": "Inspecting the registry manually",
"intro": "If you want to see what's tracked without opening the menu:",
"outro": "Each <code>\"tool\": true</code> entry corresponds to something ProxMenux applied and can reverse. Removing an entry manually is not recommended — always use the menu, which also runs the reversal function instead of just forgetting the change.",
"reinstallTitle": "Reinstall after uninstall",
"reinstallBody": "Reverting an optimization doesn't prevent you from re-applying it later. Open <link>the Post-Install menu</link> again and run either Automated or Customizable — the registry will track the new state."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Automated Post-Install",
"href": "/docs/post-install/automated",
"tail": " — re-apply the sane-defaults baseline."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — pick a different subset."
},
{
"label": "Uninstall ProxMenux",
"href": "/docs/settings/uninstall-proxmenux",
"tail": " — different operation: removes ProxMenux itself, not its applied optimizations."
},
{
"label": "Post-Install overview",
"href": "/docs/post-install",
"tail": "."
}
]
}
}

106
web/messages/en/docs/post-install/updates.json Normal file
View File

@@ -0,0 +1,106 @@
{
"meta": {
"title": "Apply Available Updates — Post-Install Optimizations | ProxMenux Documentation",
"description": "How ProxMenux detects when a post-install optimization (Log2Ram, Memory Settings, System Limits, Logrotate, Network tuning…) has been updated upstream, and how to apply the new version — from the Post-Install menu or from the Monitor dashboard."
},
"header": {
"title": "Apply Available Updates",
"description": "When a post-install optimization (Log2Ram, Memory Settings, System Limits, Logrotate…) gets a newer version on disk than the one currently registered on the host, ProxMenux surfaces it as an available update. You can apply it from the Post-Install menu (Scripts side) or from the Monitor dashboard — both paths re-run the same post-install function and refresh the registry.",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this is",
"body": "ProxMenux post-install optimizations are versioned. Each script in the repository carries a version number (e.g. <code>Log2ram SSD Protection v1.2</code>), and the host keeps a registry of which optimizations are active and at which version in <code>/usr/local/share/proxmenux/installed_tools.json</code>. When a new ProxMenux release ships an updated version of any optimization, ProxMenux detects the mismatch and offers to re-apply just that one — without re-running the whole post-install."
},
"why": {
"heading": "Why this exists",
"body": "Post-install optimizations occasionally get improvements — a better sysctl tuning, a stricter Logrotate limit, a new Log2RAM size heuristic, a fix for an edge case reported by a tester. Without an update path the operator had only two options: manually re-run the post-install script (which re-applies <em>every</em> optimization) or skip the improvement entirely. Apply Available Updates is the middle ground: a per-optimization, opt-in re-run that lifts only the versions that actually moved."
},
"detection": {
"heading": "How updates are detected",
"steps": [
{
"title": "Versioned scripts on disk",
"body": "Every post-install function declares its version inside the script (<code>scripts/post_install/auto_post_install.sh</code> and <code>scripts/post_install/customizable_post_install.sh</code>). A scanner extracts these versions from the source on disk."
},
{
"title": "Versioned registry on the host",
"body": "When the operator applied each optimization, the corresponding <code>register_tool</code> call wrote the active version into <code>/usr/local/share/proxmenux/installed_tools.json</code>. That file is the source of truth for \"what is active on this host right now\"."
},
{
"title": "Monitor compares both sides",
"body": "On startup and every 24h, the Monitor compares disk versions against registry versions. Any mismatch produces an entry in <code>/usr/local/share/proxmenux/updates_available.json</code>. That file drives both the Post-Install menu entry and the Monitor dashboard card."
},
{
"title": "One notification per new version",
"body": "When at least one optimization has a pending update, the Monitor emits a single grouped notification — for example <em>\"4 ProxMenux optimization update(s) available\"</em> — with one line per tool in the same <code>name (vX → vY)</code> format used for Proxmox package updates. The notification is anti-cascade so it does not repeat day after day for the same set; only a new version (or a fresh tool entering the list) re-triggers it."
}
]
},
"pathA": {
"heading": "Path A — From the Post-Install menu",
"intro": "From ProxMenux's main menu, open <strong>Settings post-install Proxmox</strong>. When there are pending updates, a new entry <strong>Apply available updates (N)</strong> appears right above <em>Uninstall optimizations</em>. The number reflects how many optimizations have a newer version on disk than what the host currently has registered. When everything is up to date the entry simply does not appear, so the menu stays clean.",
"menuAlt": "Post-Install Scripts menu showing the conditional 'Apply available updates (N)' entry positioned just above 'Uninstall optimizations', with the count badge indicating how many optimizations have a newer version on disk",
"menuCaption": "The <em>Apply available updates (N)</em> entry only renders when at least one optimization has a pending update — it hides when the host is current.",
"checklistBody": "Selecting the entry opens a checklist with every pending update, each row formatted as <code>name (vX → vY)</code>. All rows are pre-checked by default; uncheck any you don't want to apply this round.",
"checklistAlt": "Apply Available Updates checklist dialog with one row per pending optimization, each labelled with the optimization name and the version transition (current → available). All rows pre-checked.",
"checklistCaption": "Per-optimization opt-in: pick exactly which versions to lift. The same engine that powers Automated and Customizable post-install runs in the background to re-apply each function and refresh its registry version."
},
"pathB": {
"heading": "Path B — From the Monitor dashboard",
"intro": "The same updates appear in the Monitor under <link>Settings → ProxMenux Optimizations</link>. When pending updates are detected the card shows an \"Updates available\" banner with the count and an <strong>Apply</strong> action that opens the same per-optimization picker.",
"imageAlt": "ProxMenux Optimizations card on the Monitor dashboard with an Updates available banner at the top showing the count of pending updates and an Apply button that opens the per-optimization picker",
"imageCaption": "The Optimizations card in the Monitor — when at least one optimization has a newer version on disk, the banner surfaces it without requiring shell access."
},
"applying": {
"heading": "What happens when you apply",
"steps": [
{
"title": "Re-runs the post-install function",
"body": "The picked optimization's function is re-executed against the host. Because every post-install function is <strong>idempotent</strong>, re-running it doesn't duplicate config — it overwrites the previous version with the new one (sysctl files, drop-ins, service units, etc.)."
},
{
"title": "Refreshes the registry",
"body": "The <code>register_tool</code> call inside the function writes the new version into <code>installed_tools.json</code>. The next scan no longer sees a mismatch and the update entry disappears from both the menu and the Monitor card."
},
{
"title": "No reboot unless the function says so",
"body": "Most updates take effect immediately. Updates that touch kernel modules, persistent interface names, or VFIO show the same reboot prompt as a fresh install would."
}
]
},
"differs": {
"heading": "How it differs from the other paths",
"headerPath": "Path",
"headerScope": "Scope",
"headerWhen": "When it makes sense",
"rows": [
{
"pathLabel": "Automated",
"pathHref": "/docs/post-install/automated",
"scope": "Re-applies <em>every</em> optimization in the bundle.",
"when": "Fresh host, or full re-baseline of a fully-managed node."
},
{
"pathLabel": "Customizable",
"pathHref": "/docs/post-install/customizable",
"scope": "Pick from the full catalogue.",
"when": "Cherry-pick which optimizations are active on the host."
},
{
"pathLabel": "Apply available updates",
"pathHref": null,
"scope": "Only the optimizations whose version bumped on disk.",
"when": "Keep already-installed optimizations current without touching the rest."
},
{
"pathLabel": "Uninstall optimizations",
"pathHref": "/docs/post-install/uninstall",
"scope": "Reverse the optimization and remove its registry entry.",
"when": "Roll back a specific change."
}
]
},
"notifTitle": "Notification gate",
"notifBody": "The notification that announces pending updates is the <em>ProxMenux optimization updates available</em> event. It is enabled by default on every channel, can be muted per-channel from <link>Settings → Notifications</link>, and is anti-cascade — it fires once per distinct set of pending updates, not on every 24h scan."
}

116
web/messages/en/docs/post-install/virtualization.json Normal file
View File

@@ -0,0 +1,116 @@
{
"meta": {
"title": "Post-Install: Virtualization | ProxMenux Documentation",
"description": "Virtualization options in the ProxMenux Customizable post-install script: auto-install the right guest agent if Proxmox runs inside a VM, and enable IOMMU / VFIO so you can pass PCI devices (GPUs, NICs, HBAs) through to your own VMs."
},
"header": {
"title": "Post-Install: Virtualization",
"section": "Settings post-install Proxmox"
},
"intro": {
"title": "What this category covers",
"body": "Two independent options. <strong>Install relevant guest agent</strong> is a safety net for when Proxmox itself runs nested inside another hypervisor. <strong>Enable VFIO IOMMU support</strong> is the one most users care about: it flips on the kernel features you need to pass a GPU, HBA or NIC straight into a VM with near-native performance."
},
"guestAgent": {
"heading": "Install relevant guest agent",
"intro": "Detects the virtualization environment the Proxmox host is running on (using <code>systemd-detect-virt</code> and <code>dmidecode</code>) and installs the matching guest-tools package so the outer hypervisor can communicate with Proxmox cleanly (graceful shutdown, clock sync, IP reporting, etc.).",
"headerDetected": "Detected host",
"headerPackage": "Package installed",
"rows": [
{
"detected": "QEMU / KVM",
"package": "qemu-guest-agent"
},
{
"detected": "VMware (ESXi, Workstation)",
"package": "open-vm-tools"
},
{
"detected": "VirtualBox",
"package": "virtualbox-guest-utils"
},
{
"detected": "Bare metal (none)",
"package": "— no-op, nothing installed"
}
],
"skipTitle": "Skip this on bare-metal Proxmox",
"skipBody": "If Proxmox runs directly on hardware (the common case), ticking this option is a no-op — the detector returns <code>none</code> and the script exits without changes. The option only matters for the minority of setups that run Proxmox <em>as a guest</em> for testing or labs."
},
"vfio": {
"heading": "Enable VFIO IOMMU support",
"intro": "Turns on IOMMU on the host and loads the kernel modules that make PCI passthrough possible (<code>vfio</code>, <code>vfio_iommu_type1</code>, <code>vfio_pci</code>). With this enabled, you can bind a physical device to a VM and the guest gets direct, near-bare-metal access to it.",
"whoTitle": "Who needs this",
"whoItems": [
"You want to pass a GPU to a Windows gaming VM or a macOS VM.",
"You have a dedicated 10G NIC for a firewall/router VM (OPNsense, pfSense).",
"You want to pass an HBA directly to a TrueNAS/Unraid VM for ZFS on bare disks.",
"You're planning to use <em>Coral TPU</em>, a capture card, or an SDR dongle in a VM."
],
"whoOutro": "If none of those apply, you can safely skip this option. For passthrough to an <strong>LXC</strong> (not a VM), IOMMU is <em>not</em> required.",
"doesTitle": "What ProxMenux does",
"doesIntro": "The function is boot-loader aware: it detects whether Proxmox is on ZFS (systemd-boot) or LVM/ext4 (GRUB) and writes to the right file. It's also idempotent — if the parameters are already present, nothing is added.",
"headerBoot": "Boot type",
"headerFile": "File touched",
"headerPost": "Post-update step",
"bootRows": [
{
"boot": "systemd-boot (ZFS)",
"file": "/etc/kernel/cmdline",
"post": "proxmox-boot-tool refresh"
},
{
"boot": "GRUB (LVM/ext4)",
"file": "/etc/default/grub",
"post": "update-grub"
}
],
"kernelIntro": "Kernel parameters added:",
"modulesIntro": "Kernel modules added to <code>/etc/modules</code>:",
"blacklistIntro": "Conflicting drivers blacklisted in <code>/etc/modprobe.d/blacklist.conf</code>:",
"blacklistTitle": "Blacklisting GPU drivers conflicts with host-side GPU usage",
"blacklistBody": "The blacklist ensures the host kernel never binds <em>any</em> GPU driver, so VFIO can claim the GPU cleanly. This is exactly what you want for passthrough to a VM — but it's the <strong>opposite</strong> of what you need to <link>install NVIDIA drivers on the host</link> (for LXC transcoding, for example). Pick one path per GPU:",
"pathItems": [
"<strong>GPU → VM:</strong> enable VFIO/IOMMU here, leave the GPU drivers blacklisted.",
"<strong>GPU → LXC (or host):</strong> skip this option, use the NVIDIA host install, do not blacklist nvidia/nouveau.",
"<strong>Two GPUs:</strong> one can go to a VM and the other to an LXC, but you'll need finer-grained configuration (bind only one card to <code>vfio-pci</code> by PCI ID). Default blacklist is too broad for this case — edit <code>blacklist.conf</code> afterwards."
],
"acsTitle": "About pcie_acs_override — know what you're enabling",
"acsBody": "<code>pcie_acs_override=downstream,multifunction</code> relaxes the PCIe Access Control Services check. It lets the kernel split apart IOMMU groups that the firmware reports as monolithic, which is sometimes the only way to pass through one device of a group without dragging the rest. The trade-off is <strong>reduced isolation between devices</strong>: a malicious or compromised VM with passthrough has a larger attack surface via DMA. Fine for a home lab; think twice before enabling on a host that runs untrusted workloads. If you don't need it, remove that token from <code>/etc/kernel/cmdline</code> or <code>/etc/default/grub</code> after the script runs and re-run the boot-loader update step.",
"rebootTitle": "Reboot required",
"rebootBody": "IOMMU, VFIO modules, and the blacklist only take effect after a reboot + initramfs regeneration. The script triggers <code>update-initramfs -u -k all</code> and the boot-loader refresh, and sets the \"reboot required\" flag so Customizable prompts you at the end.",
"verifyTitle": "Verification after reboot",
"revertTitle": "Reversible from the Uninstall menu",
"revertBody": "<link>Uninstall Optimizations</link> reverts all the changes: strips the IOMMU tokens from <code>/etc/kernel/cmdline</code> or GRUB, removes the VFIO modules from <code>/etc/modules</code>, removes the driver blacklist entries, and rebuilds initramfs. A reboot is required to actually apply the reversion."
},
"related": {
"heading": "Related",
"items": [
{
"label": "Add GPU to VM (Passthrough)",
"href": "/docs/hardware/gpu-vm-passthrough",
"tail": " — natural next step once IOMMU + VFIO are enabled."
},
{
"label": "Add Controller or NVMe to VM",
"href": "/docs/disk-manager/add-controller-nvme-vm",
"tail": " — same passthrough infrastructure for storage controllers."
},
{
"label": "GPU Passthrough commands",
"href": "/docs/help-info/gpu-commands",
"tail": " — IOMMU verification reference."
},
{
"label": "Uninstall Optimizations",
"href": "/docs/post-install/uninstall",
"tail": " — back IOMMU / VFIO out cleanly."
},
{
"label": "Customizable Post-Install",
"href": "/docs/post-install/customizable",
"tail": " — back to the parent menu."
}
]
}
}