Last active
September 10, 2025 13:03
-
-
Save sbpro86/c072f82de1626a7fc058eae1d8919a59 to your computer and use it in GitHub Desktop.
OVH/SoYouStart Proxmox cloud images templates preparation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Prerequisites: | |
| # - OVH/SoYouStart IPS | |
| # - OVH/SoYouStart Dedivated Server | |
| # | |
| * Step 1 (GUI) | |
| Chose an ip for each cloud image template amd create Virtual MACs from OVH/SoYouStart Manager | |
| * Step 2 (CLI) | |
| # cd /var/lib/vz | |
| # mkdir tmp | |
| # cd tmp | |
| # wget https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img | |
| * Step 3 (CLI) | |
| # qm create 1001 --memory 2048 --net0 virtio,bridge=vmbr0 | |
| # qm create 1002 --memory 2048 --net0 virtio,bridge=vmbr0 | |
| * Step 4 (CLI) | |
| # qm importdisk 1001 noble-server-cloudimg-amd64.img local | |
| # rm bionic-server-cloudimg-amd64.img focal-server-cloudimg-amd64.img | |
| # cd .. && rmdir tmp | |
| * Step 5 (CLI) | |
| # qm set 1001 --scsihw virtio-scsi-pci --scsi0 local:1001/vm-1001-disk-0.raw | |
| * Step 6 (CLI) | |
| # qm set 1001 --ide1 local:cloudinit | |
| * Step 7 (CLI) | |
| # qm set 1001 --serial1 socket --vga serial1 | |
| * Step 8 (CLI) | |
| # reboot | |
| * Step 9 (GUI) | |
| Configure cloudinit | |
| - IP Config | |
| IP: Chose an ip from your OVH Additional IPs or IPv6 | |
| Gateway: is the dedicated server ip network address with mask of 24 and ip 254 | |
| - User | |
| - SSH Public Key | |
| - DNS Domain | |
| - DNS Server: 1.1.1.1 213.186.33.99 8.8.8.8 | 2606:4700:4700::64 2001:4860:4860::64 | |
| - Available Public DNS server v4 & v6: https://gist.github.com/mutin-sa/5dcbd35ee436eb629db7872581093bc5 | |
| * Step 10 (GUI) | |
| Network card type (E1000) | |
| Network mac address (The generated MAC address for the selected OVH Additional IPs) | |
| * Step 11 (GUI) - Not needed | |
| Extend Disk space by 3 Giga | |
| * Step 12 (GUI) | |
| Configure Options | |
| - Rename VMs | |
| - QEMU Guest Agent | |
| - Boot Order | |
| * Step 13 (GUI) | |
| Start VM | |
| """ | |
| # netplan apply | |
| # ping 8.8.8.8 | |
| # apt update | |
| # apt install qemu-guest-agent | |
| # reboot | |
| * Step 14 (GUI) | |
| Convert to template | |
| --- | |
| ### On the Proxmox Host | |
| #### Create the second bridge on the second NIC | |
| #### Enable packet forwarding on the host | |
| ``` | |
| # immediate | |
| sysctl -w net.ipv4.ip_forward=1 | |
| sysctl -w net.ipv6.conf.all.forwarding=1 | |
| # make persistent | |
| cat >/etc/sysctl.d/99-proxmox-routing.conf <<'EOF' | |
| net.ipv4.ip_forward=1 | |
| net.ipv6.conf.all.forwarding=1 | |
| EOF | |
| sysctl --system | |
| ``` | |
| #### Add NAT (masquerade) from vmbr1 out to the internet | |
| - Create/update /etc/nftables.conf: | |
| ``` | |
| flush ruleset | |
| table ip nat { | |
| chain postrouting { | |
| type nat hook postrouting priority 100; | |
| oifname "vmbr0" ip saddr 10.10.20.0/24 masquerade # SNAT LAN→WAN | |
| } | |
| } | |
| ``` | |
| - Enable it | |
| ``` | |
| systemctl enable --now nftables | |
| nft list ruleset | |
| ``` | |
| #### For ZeroTier | |
| ``` | |
| ... | |
| table ip nat { | |
| chain postrouting { | |
| type nat hook postrouting priority 100; | |
| oifname "vmbr0" ip saddr 10.1.1.0/24 masquerade # SNAT LAN→WAN (you already have this) | |
| iifname "ZT_IFACE_HERE" oifname "vmbr1" masquerade # ← added: ZT→LAN NAT | |
| } | |
| } | |
| ... | |
| ``` | |
| - Replace ZT_IFACE_HERE with your real ZeroTier interface (e.g., zt7nnig26). Quick helpers: | |
| ``` | |
| ZTIF=$(ip -o link show | awk -F': ' '/^[0-9]+: zt/{print $2; exit}') | |
| sed -i "s/ZT_IFACE_HERE/$ZTIF/g" /etc/nftables.conf | |
| nft -f /etc/nftables.conf && nft list ruleset | |
| ``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment