ControllingTheInter.net – Tech News, Legal and Daily Blog

Delegate access to another mailbox using Gsuite Admin

Step 1: Create a Service Account (Google Cloud)
Project Selection: Log in to the Google Cloud Console and select your project.

Enable APIs: Go to APIs & Services > Library, search for required APIs (e.g., Admin SDK API, Gmail API), and click Enable.

Create Account: Navigate to IAM & Admin > Service Accounts and click + Create Service Account.

Identity: Enter a name and ID, then click Create and Continue.

Skip Project Roles: Skip optional role assignments, as DwD permissions are managed in the Workspace Admin Console, not via IAM. Click Done.

Step 2: Download Credentials and Copy Client ID
Generate Key: Select your service account, go to the Keys tab, click Add Key > Create new key, choose JSON, and save the downloaded file securely.

Copy Client ID: On the Details tab, locate and copy the Unique ID (also called Client ID), which is a 21-digit numeric string.

Step 3: Authorize Domain-Wide Delegation (Google Admin)
Open Admin Console: Sign in to the Google Admin Console as a Super Administrator.

Navigate to API Controls: Go to Menu > Security > Access and data control > API controls.

Manage Delegation: Click Manage Domain Wide Delegation, then click Add new.

Authorize Scopes: * Client ID: Paste the numeric 21-digit ID copied in Step 2.

OAuth Scopes: Enter a comma-separated list of required scopes (e.g., https://www.googleapis.com/auth/gmail.settings.sharing).

Save: Click Authorize to finalize.

Place the file in the same location as the compiled binary.

Execute in package manager console Install-Package Google.apis.gmail.v1

and Install-Package Google.apis.auth

Imports System
Imports System.IO
Imports System.Threading
Imports Google.Apis.Auth.OAuth2
Imports Google.Apis.Gmail.v1
Imports Google.Apis.Gmail.v1.Data
Imports Google.Apis.Services
Imports Google.Apis.Util.Store
Imports Newtonsoft.Json.Linq
'Create a service account, add the clientid to the domainwide access. This access takes 15 or more minutes to propagate access through the system
'Create a JSON key
Public Class GmailDelegationManager
    Public Shared Sub GrantAccess(jsonKeyPath As String, delegatorEmail As String, delegateEmail As String)
        Try
            ' 1. Load the raw JSON from your key file
            Dim jsonText As String = File.ReadAllText(jsonKeyPath)
            Dim keyData = JObject.Parse(jsonText)

            ' 2. Extract the necessary fields manually
            Dim serviceAccountEmail As String = keyData("client_email").ToString()
            Dim privateKey As String = keyData("private_key").ToString()

            ' 3. Configure the Initializer properly
            Dim initializer As New ServiceAccountCredential.Initializer(serviceAccountEmail) With {
                .User = delegatorEmail,
                .Scopes = {GmailService.Scope.GmailSettingsSharing}
            }

            ' This is where the private key is correctly applied
            initializer.FromPrivateKey(privateKey)

            ' 4. Create the final credential object
            Dim credential As New ServiceAccountCredential(initializer)

            ' 5. Initialize the Gmail Service
            Dim service As New GmailService(New BaseClientService.Initializer() With {
                .HttpClientInitializer = credential,
                .ApplicationName = "Gmail Delegation Tool"
            })

            ' Create the Delegate object (remember the square brackets for VB.NET)
            Dim newDelegate As New Google.Apis.Gmail.v1.Data.[Delegate]() With {
                .DelegateEmail = delegateEmail
            }

            ' Execute the request to create the delegation
            ' "me" refers to David because the service is impersonating him
            Dim request = service.Users.Settings.Delegates.Create(newDelegate, "me")
            Dim result = request.Execute()

            Console.WriteLine($"Success! {result.DelegateEmail} can now access {delegatorEmail}'s mail.")
            Console.WriteLine($"Status: {result.VerificationStatus}") ' Usually returns 'accepted'

        Catch ex As Google.Apis.Auth.OAuth2.Responses.TokenResponseException
            Console.WriteLine("Auth Error: Ensure Domain-Wide Delegation is active for this Client ID.")
        Catch ex As Exception
            Console.WriteLine("Error: " & ex.Message)
        End Try
    End Sub

    Public Shared Sub RemoveEmailDelegation(jsonKeyPath As String, delegatorEmail As String, delegateEmail As String)
        Try
            ' 1. Load the Service Account JSON and configure impersonation
            Debug.WriteLine("Loading credentials for revocation...")
            Dim jsonText As String = File.ReadAllText(jsonKeyPath)
            Dim keyData = JObject.Parse(jsonText)

            Dim serviceAccountEmail As String = keyData("client_email").ToString()
            Dim privateKey As String = keyData("private_key").ToString()

            ' David (delegatorEmail) is the one we impersonate to remove the delegate
            Dim initializer As New ServiceAccountCredential.Initializer(serviceAccountEmail) With {
                .User = delegatorEmail,
                .Scopes = {GmailService.Scope.GmailSettingsSharing}
            }
            initializer.FromPrivateKey(privateKey)

            Dim credential As New ServiceAccountCredential(initializer)

            ' 2. Initialize the Gmail Service
            Using service As New GmailService(New BaseClientService.Initializer() With {
                .HttpClientInitializer = credential,
                .ApplicationName = "Gmail Delegation Tool"
            })
                Debug.WriteLine($"Attempting to remove delegate {delegateEmail} from {delegatorEmail}...")

                ' 3. Execute the Delete request
                ' userId "me" refers to the impersonated delegator (David)
                ' delegateEmail is Becky's primary email address
                Dim request = service.Users.Settings.Delegates.Delete("me", delegateEmail)
                request.Execute()

                Debug.WriteLine($"SUCCESS: Delegation revoked. {delegateEmail} no longer has access to {delegatorEmail}'s mail.")
            End Using

        Catch ex As Google.GoogleApiException When ex.Error.Code = 404
            Debug.WriteLine("INFO: This delegate relationship does not exist or was already removed.")
        Catch ex As Exception
            Debug.WriteLine($"ERROR: Failed to revoke access. {ex.Message}")
            Throw
        End Try
    End Sub
End Class

100

101

102

103

Imports System

Imports System.IO

Imports System.Threading

Imports Google.Apis.Auth.OAuth2

Imports Google.Apis.Gmail.v1

Imports Google.Apis.Gmail.v1.Data

Imports Google.Apis.Services

Imports Google.Apis.Util.Store

Imports Newtonsoft.Json.Linq

'Create a service account, add the clientid to the domainwide access. This access takes 15 or more minutes to propagate access through the system

'Create a JSON key

Public Class GmailDelegationManager

Public Shared Sub GrantAccess(jsonKeyPath As String, delegatorEmail As String, delegateEmail As String)

Try

' 1. Load the raw JSON from your key file

Dim jsonText As String = File.ReadAllText(jsonKeyPath)

Dim keyData = JObject.Parse(jsonText)

' 2. Extract the necessary fields manually

Dim serviceAccountEmail As String = keyData("client_email").ToString()

Dim privateKey As String = keyData("private_key").ToString()

' 3. Configure the Initializer properly

Dim initializer As New ServiceAccountCredential.Initializer(serviceAccountEmail) With {

.User = delegatorEmail,

.Scopes = {GmailService.Scope.GmailSettingsSharing}

}

' This is where the private key is correctly applied

initializer.FromPrivateKey(privateKey)

' 4. Create the final credential object

Dim credential As New ServiceAccountCredential(initializer)

' 5. Initialize the Gmail Service

Dim service As New GmailService(New BaseClientService.Initializer() With {

.HttpClientInitializer = credential,

.ApplicationName = "Gmail Delegation Tool"

})

' Create the Delegate object (remember the square brackets for VB.NET)

Dim newDelegate As New Google.Apis.Gmail.v1.Data.[Delegate]() With {

.DelegateEmail = delegateEmail

}

' Execute the request to create the delegation

' "me" refers to David because the service is impersonating him

Dim request = service.Users.Settings.Delegates.Create(newDelegate, "me")

Dim result = request.Execute()

Console.WriteLine($"Success! {result.DelegateEmail} can now access {delegatorEmail}'s mail.")

Console.WriteLine($"Status: {result.VerificationStatus}") ' Usually returns 'accepted'

Catch ex As Google.Apis.Auth.OAuth2.Responses.TokenResponseException

Console.WriteLine("Auth Error: Ensure Domain-Wide Delegation is active for this Client ID.")

Catch ex As Exception

Console.WriteLine("Error: " & ex.Message)

End Try

End Sub

Public Shared Sub RemoveEmailDelegation(jsonKeyPath As String, delegatorEmail As String, delegateEmail As String)

Try

' 1. Load the Service Account JSON and configure impersonation

Debug.WriteLine("Loading credentials for revocation...")

Dim jsonText As String = File.ReadAllText(jsonKeyPath)

Dim keyData = JObject.Parse(jsonText)

Dim serviceAccountEmail As String = keyData("client_email").ToString()

Dim privateKey As String = keyData("private_key").ToString()

' David (delegatorEmail) is the one we impersonate to remove the delegate

Dim initializer As New ServiceAccountCredential.Initializer(serviceAccountEmail) With {

.User = delegatorEmail,

.Scopes = {GmailService.Scope.GmailSettingsSharing}

}

initializer.FromPrivateKey(privateKey)

Dim credential As New ServiceAccountCredential(initializer)

' 2. Initialize the Gmail Service

Using service As New GmailService(New BaseClientService.Initializer() With {

.HttpClientInitializer = credential,

.ApplicationName = "Gmail Delegation Tool"

})

Debug.WriteLine($"Attempting to remove delegate {delegateEmail} from {delegatorEmail}...")

' 3. Execute the Delete request

' userId "me" refers to the impersonated delegator (David)

' delegateEmail is Becky's primary email address

Dim request = service.Users.Settings.Delegates.Delete("me", delegateEmail)

request.Execute()

Debug.WriteLine($"SUCCESS: Delegation revoked. {delegateEmail} no longer has access to {delegatorEmail}'s mail.")

End Using

Catch ex As Google.GoogleApiException When ex.Error.Code = 404

Debug.WriteLine("INFO: This delegate relationship does not exist or was already removed.")

Catch ex As Exception

Debug.WriteLine($"ERROR: Failed to revoke access. {ex.Message}")

Throw

End Try

End Sub

End Class

Clipboard to Vmware Vsphere and Proxmox

#requires -Version 5.1
<#
.SYNOPSIS
    Runs in the background and intercepts Ctrl+V to simulate typing.
.DESCRIPTION
    This script registers a global hotkey for Ctrl+V. When you press Ctrl+V,
    it "types" the contents of your clipboard instead of performing a normal paste.

    This is designed for use with remote consoles (like vSphere, Promox,
    or other no-VNC clients) that do not allow direct copy-pasting.
.USAGE
    1. Run this script in a PowerShell window.
    2. The script will remain running in the background.
    3. Copy any text you want to your clipboard.
    4. Click on your target console window (vSphere, Proxmox, etc.).
    5. Press Ctrl+V.
    6. The script will "type" the clipboard contents into the console.
    7. To stop the script, simply close this PowerShell window.
#>

# --- Load Required Assemblies ---
try {
    Add-Type -AssemblyName System.Windows.Forms
}
catch {
    Write-Error "Failed to load System.Windows.Forms assembly. This script requires it to function."
    exit 1
}

# --- Define Win32 API Functions for Hotkey ---
$signature = @"
[DllImport("user32.dll")]
public static extern bool RegisterHotKey(IntPtr hWnd, int id, uint fsModifiers, uint vk);

[DllImport("user32.dll")]
public static extern bool UnregisterHotKey(IntPtr hWnd, int id);

[DllImport("user32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool PeekMessage(out System.Windows.Forms.Message lpMsg, IntPtr hWnd, uint wMsgFilterMin, uint wMsgFilterMax, uint wRemoveMsg);
"@

# *** FIX IS HERE ***
# We must add -ReferencedAssemblies to tell the C# compiler where to find "System.Windows.Forms.Message"
Add-Type -MemberDefinition $signature -Name "User32" -Namespace "Win32" -ReferencedAssemblies "System.Windows.Forms" -PassThru | Out-Null

# --- SCRIPT PARAMETERS ---

# The delay (in milliseconds) between each keystroke.
# Dumb consoles (like VNC) may drop characters if this is too fast.
# Increase this value if you experience missed letters.
$keyDelay = 50 # 50ms is a good, reliable starting point.

# --- Hotkey Action Function ---

function Perform-TypingAction {
    param(
        [int]$Delay
    )

    # 1. Get text from the clipboard
    $textToType = $null
    try {
        if ([System.Windows.Forms.Clipboard]::ContainsText()) {
            $textToType = [System.Windows.Forms.Clipboard]::GetText()
        }
    }
    catch {
        Write-Warning "Failed to access clipboard: $_"
        return
    }

    # 2. Check if we have text
    if ([string]::IsNullOrEmpty($textToType)) {
        Write-Host "Hotkey pressed, but clipboard is empty. No action taken."
        return
    }

    Write-Host "Hotkey pressed! Typing clipboard contents..."

    # 3. Loop through each character and send it
    foreach ($char in $textToType.ToCharArray()) {
        $charString = $char.ToString()

        # SendKeys has 7 special characters that must be "escaped"
        # by wrapping them in curly braces {}.
        # These are: + ^ % ~ ( ) { }
        # We must also escape the braces themselves.
        if ("+^%~(){}".Contains($charString)) {
            $charString = "{$charString}"
        }

        try {
            [System.Windows.Forms.SendKeys]::SendWait($charString)
        }
        catch {
            Write-Error "Failed to send keystroke '$_'. Aborting."
            return # Stop typing on error
        }

        # Wait a small amount of time before sending the next key.
        Start-Sleep -Milliseconds $Delay
    }
    Write-Host "Typing complete."
}

# --- Main Hotkey Listener ---

# 1. Register the hotkey (Ctrl+V)
$hotkeyID = 1
$modCtrl = 0x0002 # MOD_CONTROL
$vkV = 0x56       # Virtual-Key code for 'V'

if (-not ([Win32.User32]::RegisterHotKey([IntPtr]::Zero, $hotkeyID, $modCtrl, $vkV))) {
    Write-Error "Failed to register hotkey Ctrl+V. Is it already in use by another program?"
    exit 1
}

Write-Host "Hotkey Ctrl+V registered. Script is running in the background." -ForegroundColor Green
Write-Host "Pressing Ctrl+V in any window will now type the clipboard contents."
Write-Host "Press Ctrl+C or close this window to stop the script."

# 2. Start the message loop to listen for the hotkey
$msg = New-Object System.Windows.Forms.Message
$WM_HOTKEY = 0x0312
$PM_REMOVE = 1

try {
    while ($true) {
        # Check for and remove messages from the queue
        $result = [Win32.User32]::PeekMessage([ref]$msg, [IntPtr]::Zero, 0, 0, $PM_REMOVE)

        if ($result) {
            # Check if the message is our hotkey
            if ($msg.Msg -eq $WM_HOTKEY -and $msg.WParam.ToInt32() -eq $hotkeyID) {
                # This is our hotkey!
                try {
                    Perform-TypingAction -Delay $keyDelay
                }
                catch {
                    Write-Error "An error occurred during typing: $_"
                }
            }
        }

        # Don't spin the CPU to 100%
        Start-Sleep -Milliseconds 50
    }
}
finally {
    # This block runs when the user presses Ctrl+C or closes the window
    [Win32.User32]::UnregisterHotKey([IntPtr]::Zero, $hotkeyID) | Out-Null
    Write-Host "Hotkey unregistered. Exiting." -ForegroundColor Yellow
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

#requires -Version 5.1

.SYNOPSIS

Runs in the background and intercepts Ctrl+V to simulate typing.

.DESCRIPTION

This script registers a global hotkey for Ctrl+V. When you press Ctrl+V,

it "types" the contents of your clipboard instead of performing a normal paste.

This is designed for use with remote consoles (like vSphere, Promox,

or other no-VNC clients) that do not allow direct copy-pasting.

.USAGE

1. Run this script in a PowerShell window.

2. The script will remain running in the background.

3. Copy any text you want to your clipboard.

4. Click on your target console window (vSphere, Proxmox, etc.).

5. Press Ctrl+V.

6. The script will "type" the clipboard contents into the console.

7. To stop the script, simply close this PowerShell window.

# --- Load Required Assemblies ---

try {

Add-Type -AssemblyName System.Windows.Forms

}

catch {

Write-Error "Failed to load System.Windows.Forms assembly. This script requires it to function."

exit 1

}

# --- Define Win32 API Functions for Hotkey ---

$signature = @"

[DllImport("user32.dll")]

public static extern bool RegisterHotKey(IntPtr hWnd, int id, uint fsModifiers, uint vk);

[DllImport("user32.dll")]

public static extern bool UnregisterHotKey(IntPtr hWnd, int id);

[DllImport("user32.dll")]

[return: MarshalAs(UnmanagedType.Bool)]

public static extern bool PeekMessage(out System.Windows.Forms.Message lpMsg, IntPtr hWnd, uint wMsgFilterMin, uint wMsgFilterMax, uint wRemoveMsg);

# *** FIX IS HERE ***

# We must add -ReferencedAssemblies to tell the C# compiler where to find "System.Windows.Forms.Message"

Add-Type -MemberDefinition $signature -Name "User32" -Namespace "Win32" -ReferencedAssemblies "System.Windows.Forms" -PassThru | Out-Null

# --- SCRIPT PARAMETERS ---

# The delay (in milliseconds) between each keystroke.

# Dumb consoles (like VNC) may drop characters if this is too fast.

# Increase this value if you experience missed letters.

$keyDelay = 50 # 50ms is a good, reliable starting point.

# --- Hotkey Action Function ---

function Perform-TypingAction {

param(

[int]$Delay

)

# 1. Get text from the clipboard

$textToType = $null

try {

if ([System.Windows.Forms.Clipboard]::ContainsText()) {

$textToType = [System.Windows.Forms.Clipboard]::GetText()

}

catch {

Write-Warning "Failed to access clipboard: $_"

return

}

# 2. Check if we have text

if ([string]::IsNullOrEmpty($textToType)) {

Write-Host "Hotkey pressed, but clipboard is empty. No action taken."

return

}

Write-Host "Hotkey pressed! Typing clipboard contents..."

# 3. Loop through each character and send it

foreach ($char in $textToType.ToCharArray()) {

$charString = $char.ToString()

# SendKeys has 7 special characters that must be "escaped"

# by wrapping them in curly braces {}.

# These are: + ^ % ~ ( ) { }

# We must also escape the braces themselves.

if ("+^%~(){}".Contains($charString)) {

$charString = "{$charString}"

}

try {

[System.Windows.Forms.SendKeys]::SendWait($charString)

}

catch {

Write-Error "Failed to send keystroke '$_'. Aborting."

return # Stop typing on error

}

# Wait a small amount of time before sending the next key.

Start-Sleep -Milliseconds $Delay

}

Write-Host "Typing complete."

}

# --- Main Hotkey Listener ---

# 1. Register the hotkey (Ctrl+V)

$hotkeyID = 1

$modCtrl = 0x0002 # MOD_CONTROL

$vkV = 0x56 # Virtual-Key code for 'V'

if (-not ([Win32.User32]::RegisterHotKey([IntPtr]::Zero, $hotkeyID, $modCtrl, $vkV))) {

Write-Error "Failed to register hotkey Ctrl+V. Is it already in use by another program?"

exit 1

}

Write-Host "Hotkey Ctrl+V registered. Script is running in the background." -ForegroundColor Green

Write-Host "Pressing Ctrl+V in any window will now type the clipboard contents."

Write-Host "Press Ctrl+C or close this window to stop the script."

# 2. Start the message loop to listen for the hotkey

$msg = New-Object System.Windows.Forms.Message

$WM_HOTKEY = 0x0312

$PM_REMOVE = 1

try {

while ($true) {

# Check for and remove messages from the queue

$result = [Win32.User32]::PeekMessage([ref]$msg, [IntPtr]::Zero, 0, 0, $PM_REMOVE)

if ($result) {

# Check if the message is our hotkey

if ($msg.Msg -eq $WM_HOTKEY -and $msg.WParam.ToInt32() -eq $hotkeyID) {

# This is our hotkey!

try {

Perform-TypingAction -Delay $keyDelay

}

catch {

Write-Error "An error occurred during typing: $_"

}

# Don't spin the CPU to 100%

Start-Sleep -Milliseconds 50

}

finally {

# This block runs when the user presses Ctrl+C or closes the window

[Win32.User32]::UnregisterHotKey([IntPtr]::Zero, $hotkeyID) | Out-Null

Write-Host "Hotkey unregistered. Exiting." -ForegroundColor Yellow

}

Capturing a Proxmox VM traffic remotely from a windows host using wireshark

This guide will show you how, step-by-step. We’ll use a single command to pipe traffic from your Proxmox host directly into your local Wireshark GUI.

The Big Picture: How It Works

This technique uses a powerful combination of tools:

SSH: We’ll open a secure shell connection to the Proxmox host.
dumpcap: This is the command-line capture engine that Wireshark itself uses. We’ll run it on the Proxmox host to do the actual packet capture.
The tap Interface: Proxmox creates a virtual network interface on the host (like tap122i0) for every network adapter on a running VM. We’ll tell dumpcap to listen to this specific interface.
The Pipe (|): We’ll “pipe” the raw packet data from the remote dumpcap command, through the encrypted SSH tunnel, and directly into our local Wireshark application.

Step 1: Install Wireshark on Windows

This one is simple. If you don’t already have Wireshark, go to wireshark.org and download the official Windows installer.

Run the installer, and make sure to let it add Wireshark to your system’s PATH if it asks. This will make running it from the command line easier.

Step 2: Install `dumpcap` on Your Proxmox Host

This is the most important step on the server-side. The dumpcap utility isn’t installed on Proxmox by default, but it’s available in the standard repositories as part of the wireshark-common package.

SSH into your Proxmox host as root.ssh root@<your-proxmox-ip>
Update your package lists and install wireshark-common:apt update apt install wireshark-common

When it asks if non-superusers should be able to capture packets, you can select “Yes” for convenience, but since we’ll be connecting as root, it doesn’t really matter.

Why this package? This package provides /usr/bin/dumpcap. This is crucial because it’s in the default SSH PATH, avoiding many “command not found” errors that can happen when trying to use tcpdump (which is in /usr/sbin).

Step 3: Find Your VM’s Network Interface Name

You can’t just capture from eth0. You need to find the specific tap interface that Proxmox has assigned to your VM.

On your Proxmox host, find your VM’s ID:qm listYou’ll see a list of your VMs. Let’s say the one you want to monitor is VM 122.
Now, list the network interfaces associated with that VM ID:ls /sys/class/net/ | grep tap122
The output will be something like tap122i0. This is the interface name you need. (The i0 corresponds to net0 in the VM’s hardware tab, i1 would be net1, and so on).

Step 4: Run the All-in-One Capture Command

Now it’s time to put it all together. Open a Command Prompt (cmd.exe) or PowerShell on your Windows machine.

Navigate to your Wireshark installation directory. This is the most reliable way to ensure Windows can find wireshark.exe.

cd "C:\Program Files\Wireshark\"

Now, run the following command, replacing the IP and interface name with your own:

ssh root@192.168.0.XXX dumpcap -i tap122i0 -P -w - -f 'tcp port 443 and not port 22' | wireshark -i - -k -p

Wireshark should pop open on your desktop and immediately start showing a live capture of all HTTPS traffic from VM 122.

Breakdown of the Magic Command

Here’s what each part of that command does:

Remote Part (on Proxmox)

ssh root@192.168.0.XXX: Connects to your Proxmox host as root.
dumpcap: Runs the capture utility on the host.
-i tap122i0: Tells dumpcap to listen only to the interface for VM 122.
-P: Uses the modern pcapng format.
-w -: Writes the packet data to standard output (the console) instead of a file.
-f 'tcp port 443 and not port 22': This is your capture filter. This example captures all HTTPS traffic (tcp port 443) but crucially ignores your own SSH traffic (not port 22) so you don’t capture the capture itself!

Local Part (on Windows)

|: The pipe. This takes all the output from the ssh command…
wireshark: …and pipes it directly into your local wireshark.exe.
-i -: Tells Wireshark to read from standard input (the pipe) instead of a local network card.
-k: Starts the capture immediately.
-p: Runs the interface in promiscuous mode (good practice).

And that’s it! You now have a powerful, low-impact way to debug traffic from any VM on your Proxmox host without ever having to log into the VM itself.

Speedrunning a Terraform setup in promox

SRC: https://registry.terraform.io/providers/Telmate/proxmox/latest

root@proxmox:~# pveum role modify terraform_role -privs “Datastore.AllocateSpace
Datastore.AllocateTemplate Datastore.Audit Pool.Allocate Sys.Audit Sys.Console Sys.Mod
ify VM.Allocate VM.Audit VM.Clone VM.Config.CDROM VM.Config.Cloudinit VM.Config.CPU VM
.Config.Disk VM.Config.HWType VM.Config.Memory VM.Config.Network VM.Config.Options VM.
Migrate VM.PowerMgmt SDN.Use”

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add –
sudo apt-add-repository “deb [arch=$(dpkg –print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main”
sudo apt update
sudo apt install terraform

SRC: https://registry.terraform.io/providers/Telmate/proxmox/latest/docs/resources/vm_qemu
[Main.tf]
terraform {
required_providers {
proxmox = {
source = “Telmate/proxmox”
version = “3.0.2-rc05”
}
}
}

provider “proxmox” {
pm_api_url = “https://192.168.0.xxx:8006/api2/json”
pm_user = “terraform”
pm_api_token_id = “terraform@pve!terraformAPI”
pm_api_token_secret = “19ca604a-xxxx”
#pm_password = “NotMyPazzsword”
pm_tls_insecure = true
pm_debug = true
}

resource “proxmox_vm_qemu” “my_vm” {
name = “my-vm”
target_node = “threadripper”
clone = “UbuntuWorkstation1”
cores = 2
memory = 2048
disk {
storage = “local-zfs”
type = “disk”
slot = “scsi0”
size = “32G”
}
}

user@user-Standard-PC-i440FX-PIIX-1996:~$ nano main.tf
user@user-Standard-PC-i440FX-PIIX-1996:~$ terraform init
Initializing the backend…
Initializing provider plugins…

Finding telmate/proxmox versions matching “3.0.2-rc05″…

Installing telmate/proxmox v3.0.2-rc05…

Installed telmate/proxmox v3.0.2-rc05 (self-signed, key ID A9EBBE091B35AFCE)
Partner and community providers are signed by their developers.
If you’d like to know more about provider signing, you can read about it here:
https://developer.hashicorp.com/terraform/cli/plugins/signing
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run “terraform init” in the future.

Terraform has been successfully initialized!

user@user-Standard-PC-i440FX-PIIX-1996:~$ terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:

create

Terraform will perform the following actions:

# proxmox_vm_qemu.my_vm will be created

resource “proxmox_vm_qemu” “my_vm” {

additional_wait = 5

agent = 0

agent_timeout = 90

automatic_reboot = true

automatic_reboot_severity = “error”

balloon = 0

bios = “seabios”

boot = (known after apply)

bootdisk = (known after apply)
… user@user-Standard-PC-i440FX-PIIX-1996:~$ terraform apply
proxmox_vm_qemu.my_vm: Creating…
proxmox_vm_qemu.my_vm: Still creating… [00m10s elapsed]
proxmox_vm_qemu.my_vm: Still creating… [00m20s elapsed]
proxmox_vm_qemu.my_vm: Creation complete after 29s [id=threadripper/qemu/155]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Install Axolotl on ubuntu with RTX Pro 6000 support

sudo apt update -y && sudo apt upgrade
sudo apt install python3 && sudo apt install pip
sudo apt install qemu-guest-agent

sudo apt purge '*nvidia*' -y
sudo apt remove --purge libnvidia-egl-wayland1:i386 libnvidia-fbc1-575:i386 screen-resolution-extra -y
sudo apt autoremove
dpkg -l | grep nvidia
sudo apt install nvidia-driver-575-open -y
sudo apt install nvidia-utils-575 -y
sudo apt install nvidia-cuda-toolkit -y
sudo dkms autoinstall
sudo update-initramfs -u
sudo reboot


mkdir -p ~/miniconda3
wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O ~/miniconda3/miniconda.sh
bash ~/miniconda3/miniconda.sh -b -u -p ~/miniconda3
rm ~/miniconda3/miniconda.sh

sudo reboot

source ~/miniconda3/bin/activate
conda init --all
conda create -n axolotl python=3.10
conda activate axolotl

sudo apt install git -y

git clone https://github.com/OpenAccess-AI-Collective/axolotl
cd axolotl
pip install -U packaging==23.2 setuptools==75.8.0 wheel ninja
pip install --no-build-isolation axolotl[deepspeed]
pip install --no-build-isolation -e '.[bitsandbytes]'
 pip install torch==2.7.1 torchvision==0.22.1+cu128 torchaudio==2.7.1 --index-url https://download.pytorch.org/whl/cu128
pip update flash-attn

axolotl train fft-8b.yml
accelerate launch -m axolotl.cli.train instruct-lora-8b.yml

sudo update-initramfs -u
sudo reboot

sudo apt update -y && sudo apt upgrade

sudo apt install python3 && sudo apt install pip

sudo apt install qemu-guest-agent

sudo apt purge '*nvidia*' -y

sudo apt remove --purge libnvidia-egl-wayland1:i386 libnvidia-fbc1-575:i386 screen-resolution-extra -y

sudo apt autoremove

dpkg -l | grep nvidia

sudo apt install nvidia-driver-575-open -y

sudo apt install nvidia-utils-575 -y

sudo apt install nvidia-cuda-toolkit -y

sudo dkms autoinstall

sudo update-initramfs -u

sudo reboot

mkdir -p ~/miniconda3

wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh -O ~/miniconda3/miniconda.sh

bash ~/miniconda3/miniconda.sh -b -u -p ~/miniconda3

rm ~/miniconda3/miniconda.sh

sudo reboot

source ~/miniconda3/bin/activate

conda init --all

conda create -n axolotl python=3.10

conda activate axolotl

sudo apt install git -y

git clone https://github.com/OpenAccess-AI-Collective/axolotl

cd axolotl

pip install -U packaging==23.2 setuptools==75.8.0 wheel ninja

pip install --no-build-isolation axolotl[deepspeed]

pip install --no-build-isolation -e '.[bitsandbytes]'

pip install torch==2.7.1 torchvision==0.22.1+cu128 torchaudio==2.7.1 --index-url https://download.pytorch.org/whl/cu128

pip update flash-attn

axolotl train fft-8b.yml

accelerate launch -m axolotl.cli.train instruct-lora-8b.yml

sudo update-initramfs -u

sudo reboot

Apply the Blackwell proxmox host crash fix to:

/etc/modprobe.d/nvidia-graphics-drivers-kms.conf
Solution: https://forum.level1techs.com/t/do-your-rtx-5090-or-general-rtx-50-series-has-reset-bug-in-vm-passthrough/228549/35

The Big Picture: How It Works

Step 1: Install Wireshark on Windows

Step 2: Install dumpcap on Your Proxmox Host

Step 3: Find Your VM’s Network Interface Name

Step 4: Run the All-in-One Capture Command

Breakdown of the Magic Command

Remote Part (on Proxmox)

Local Part (on Windows)

Step 2: Install `dumpcap` on Your Proxmox Host