Skip to content

Proxmox VE — Homelab Guide

What is Promox?

Proxmox Virtual Environment is an all-in-one, open-source platform for enterprise server virtualization. It combines the KVM hypervisor, Linux Containers (LXC), and software-defined storage and networking into a single solution. Using its integrated web-based interface, you can easily manage virtual machines, containers, high-availability clusters, and built-in disaster recovery tools.

Opinionated install + baseline hardening for a single-node or small cluster.

My UAT Homelab Laptop Specifications

  • Model - VivoBook_ASUSLaptop
  • RAM - 24GiB
  • CPU - 12 x AMD Ryzen 5 5500U with Radeon Graphics (1 Socket)
  • STORAGE - 512 SSD

Prerequisites

  • Hardware with virtualization support (Intel VT-x/AMD-V), 16GB+ RAM recommended
  • 1 or 2 storage device(s) (fast NVMe for VM storage, SATA/NAS for backups)
  • Static IP reserved in your router/DHCP

Downloads

Download the latest proxmox ISO from official website - Proxmox 9.0-1 iso Download
Download the rufus from their official website - Rufus Download

1) Install Proxmox VE

  1. Create a bootable iso of promiox using the image downloaded and rufus software.
  2. Boot and choose Install Proxmox VE.
  3. Select target disk (NVMe recommended), set Filesystem: ext4 or ZFS (RAID1) if you have 2 disks.
  4. Set a strong root password and valid email.
  5. Assign a static IP, gateway and DNS.

2) First Login

On your web browser, navigate to: https://<proxmox-ip>:8006 → login with your username and password setted during configuration.

3) Scripts

Navigate to Datacenter > node name of your pve > shell

3.1) Update OS and Proxmox :

apt update && apt full-upgrade -y && pveupgrade

3.2) Using helper scripts

About Proxmox VE Post Install script

This script helps simplify common setup steps after installing Proxmox VE, especially for users without an enterprise subscription.
It automatically:

  • Disables the commercial Enterprise repository and enables the No-Subscription one.
  • Fixes or adds the standard Proxmox sources, with an option to include the test repository.
  • Removes the “No valid subscription” pop-up.
  • Updates and upgrades the system.
  • Reboots the Proxmox host when completed.

To automate the tasks detailed in the section above, you can run these helper-scripts. 

bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/pve/post-pve-install.sh)"

4) Networking

I’m using a laptop without a built-in Ethernet port, so I normally need an adapter for a wired connection. Instead, I decided to use Wi-Fi and set up a VM bridge to host my UAT network.

  • vmbr0: management + VM bridge
  • VLANs: tag per network (e.g., 10 LAN, 20 Docker hosts, 30 Kubernetes nodes)

4.1) Update Network Settings for VM Bridge

nano /etc/network/interfaces

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto wlp1s0
iface wlp1s0 inet static
        address xx.xx.xx.xx/24
        netmask xx.xx.xx.xx
        gateway xx.xx.xx.xx
        wpa-ssid [network Name]
        wpa-psk  [Network password]
        dns-nameserver 1.1.1.1 8.8.8.8

auto vmbr0
iface vmbr0 inet static
        address 20.20.20.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '20.20.20.0/24' -o wlp1s0  -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '20.20.20.0/24' -o wlps1s0 -j MASQUERADE
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
source /etc/network/interfaces.d/*
Restart network network settings

systemctl restart networking

VLAN aware

Enable Bridge VLAN aware in the UI if you trunk multiple VLANs to Proxmox.

4.2) Enable IPv4 and IPv6 forwarding for VM bridge

Run the command below to make entries into /etc/sysctl.conf

echo -e "\n# Enable IPv4 and IPv6 forwarding for VM bridge routing\nnet.ipv4.ip_forward=1\nnet.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf

alternatively you can use nano or any CLI text editor you prefer

nano /etc/sysctl.conf

append the below in there

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

Apply changes by restarting network services 

systemctl restart networking

Save and exit the file, then apply the changes with

sysctl -p

Understanding the Role of IP Forwarding in Bridge Networking

That command reads the /etc/sysctl.conf file and applies all the kernel parameters immediately. This includes enabling packet forwarding, which is important for your VM bridge to route traffic through the Wi-Fi interface.

5) Storage

  • Local-lvm: Storage(thin pool) space on NVMe drive used for virtual machines
  • Backups: NFS/SMB to NAS, or Proxmox Backup Server

adding NFS storage for backups 

pvesm add nfs nas-backups --server xx.xx.xx.xx --path /mnt/pool/backups --content backup --maxfiles 7

6) Templates (cloud images)

pveam available | grep debian
pveam download local debian-12-standard_12.7-1_amd64.tar.zst
# Create a template VM → then "Convert to template"

7) Backups & snapshots

  • Schedule nightly VM backups to NAS storage.
  • Keep 7–14 daily, 4 weekly.
  • Use stop mode for small labs; snapshot if using qemu-guest-agent.

8) Secure baseline

  • Create an admin user (realm pve) and add to PVEAdmin.
  • Enable TOTP or WebAuthn 2FA.
  • Lock down firewall:
  • Datacenter Firewall → enable
  • Node Firewall → enable
  • Accept inbound 22/tcp and 8006/tcp from admin subnet only
  • Install guest agent on VMs: 
    apt install -y qemu-guest-agent && systemctl enable --now qemu-guest-agent

9) Quality-of-life

  • Tags for VMs: prod, lab, infra
  • Notes: record IPs, roles, and backup policy per VM
  • Hooks: pre/post backup scripts for app quiesce

Troubleshooting

  • Check VLAN ID on NIC + switch port
  • Verify bridge-vlan-aware yes
  • NAS permissions for backup content
  • Check journalctl -u pvedaemon

Appendix: VM Sizing Cheatsheet

Role vCPU RAM Disk
Pi-hole/DNS 1 512MB 4–8GB
Portainer Server 4 4–8GB 100GB
k3s server 2–4 4–8GB 40GB
Grafana/Prometheus 2 4–8GB 50–120GB