Proxmox VM Template Creation Guide - n0one42/ansible-homelab GitHub Wiki

We are using the Ubuntu 24.04 Server for this purpose. I am not using cloud-init because I got some problems in the past and I do not like it. Also this is a one time process which is fast enough to do.

Upload the latest image to the proxmox server

https://mirror.init7.net/ubuntu-releases/24.04/ubuntu-24.04-live-server-amd64.iso

image

Create the vm template

image image image image image image image

Start the VM and Install everything

  • Ubuntu Server
  • Ubuntu Server (minimized)
  • Search for third-party drivers

image

  • Use an entire disk
  • Set up this disk as an LVM group
  • Install OpenSSH server

image

  • Password: Temp#1234
  • Install OpenSSH server

SSH into and configure it

To make it easier for copy / pasting, it its best to login and to get the ip of it. Then ssh into it.

ssh [email protected]

sudo apt update && sudo apt upgrade -y
sudo apt install qemu-guest-agent -y
sudo groupadd -g 1022 qwertz 
sudo useradd -u 1022 -g 1022 -m -s /bin/bash qwertz
sudo mkdir -p /home/qwertz/.ssh
# paste your id_ed25519.pub / id_ecdsa_sk.pub content into /home/qwertz/.ssh/authorized_keys
echo 'YOUR_FILE_PUB_KEY_CONTENT_HERE' | sudo tee -a /home/qwertz/.ssh/authorized_keys > /dev/null
sudo chmod 600 /home/qwertz/.ssh/authorized_keys
sudo chown -R qwertz:qwertz /home/qwertz/.ssh
openssl passwd -6
# Enter your rly strong password twice and remember it!
sudo usermod -aG sudo qwertz
sudo usermod --password 'PASTE_HASHED_PW_STARTING_WITH_$6$' qwertz

Hardening

sudo nano /etc/ssh/sshd_config.d/10-custom-settings.conf

Port 2222
PasswordAuthentication no
PermitEmptyPasswords no
GSSAPIAuthentication no
X11Forwarding no
UseDNS no
PermitRootLogin no
ChallengeResponseAuthentication no
AllowUsers qwertz
sudo chmod 600 /etc/ssh/sshd_config.d/10-custom-settings.conf
sudo systemctl restart ssh

Adding to passwordless sudo

EDITOR=nano sudo visudo -f /etc/sudoers.d/qwertz

# Allow passwordless sudo for specific user
qwertz ALL=(ALL) NOPASSWD:ALL
sudo chmod 440 /etc/sudoers.d/qwertz
sudo chown root:root /etc/sudoers.d/qwertz
sudo reboot

Login as qwertz with the key (id_ecdsa_sk / id_ed25519) and continue the configuration

ssh -o IdentitiesOnly=yes -o IdentityFile=~/.ssh/id_ecdsa_sk [email protected] -p 2222

  • Check if the password works with sudo -v to ensure the password matches. (No output is a good output).
  • sudo userdel -r tempuser sudo poweroff

Configure vm

  • Remove CD Drive
  • Convert to template
⚠️ **GitHub.com Fallback** ⚠️