Step-by-Step NVIDIA Driver Installation for Proxmox Users

Start by find the correct NVIDIA driver

https://www.nvidia.com/en-us/drivers

On the proxmox host :

wget https://us.download.nvidia.com/XFree86/Linux-x86_64/570.144/NVIDIA-Linux-x86_64-570.144.run
chmod +x ./NVIDIA-Linux-x86_64-570.144.run
./NVIDIA-Linux-x86_64-570.144.run
sudo ./NVIDIA-Linux-x86_64-570.144.run -dkms
nvidia-smi
nano /etc/modules-load.d/modules.conf
nvidia
nvidia_uvm
ls -al /dev/nvidia*
root@pve:~# ls -al /dev/nvidia*
crw-rw-rw- 1 root root 195,   0 Apr 19 19:40 /dev/nvidia0
crw-rw-rw- 1 root root 195, 255 Apr 19 19:40 /dev/nvidiactl
crw-rw-rw- 1 root root 510,   0 Apr 19 19:40 /dev/nvidia-uvm
crw-rw-rw- 1 root root 510,   1 Apr 19 19:40 /dev/nvidia-uvm-tools

/dev/nvidia-caps:
total 0
drwxr-xr-x  2 root root     80 Apr 19 19:40 .
drwxr-xr-x 20 root root   4760 Apr 19 19:40 ..
cr--------  1 root root 236, 1 Apr 19 19:40 nvidia-cap1
cr--r--r--  1 root root 236, 2 Apr 19 19:40 nvidia-cap2
nano /etc/pve/lxc/103.conf
lxc.cgroup2.devices.allow: c 195:* rwm
lxc.cgroup2.devices.allow: c 236:* rwm
lxc.cgroup2.devices.allow: c 510:* rwm
lxc.mount.entry: /dev/nvidia0 dev/nvidia0 none bind,optional,create=file
lxc.mount.entry: /dev/nvidiactl dev/nvidiactl none bind,optional,create=file
lxc.mount.entry: /dev/nvidia-uvm dev/nvidia-uvm none bind,optional,create=file
lxc.mount.entry: /dev/nvidia-uvm-tools dev/nvidia-uvm-tools none bind,optional,create=file
pct push 103 ./NVIDIA-Linux-x86_64-525.89.02.run /root/NVIDIA-Linux-x86_64-570.144.run

On Lxc :

sh NVIDIA-Linux-x86_64-570.144.run  --no-kernel-module
nvidia-smi

For Docker:

# Add Nvidia repository key
curl -fsSL https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/3bf863cc.pub | gpg --dearmor -o /etc/apt/keyrings/nvidia-archive-keyring.gpg

# Add Nvidia repository
echo "deb [signed-by=/etc/apt/keyrings/nvidia-archive-keyring.gpg] https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/ /" | tee /etc/apt/sources.list.d/nvidia-cuda-debian12.list

# Update package lists
apt update

# Install Nvidia container toolkit
apt install nvidia-container-toolkit

nano /etc/docker/daemon.json
{
  "default-runtime": "nvidia",
  "runtimes": {
  "nvidia": {
    "path": "nvidia-container-runtime",
    "runtimeArgs": []
  }
  }
}
sudo nvidia-ctk runtime configure --runtime=docker

nano /etc/nvidia-container-runtime/config.toml

# Set no-cgroups to true
no-cgroups = true

For testing

# Run a test Docker container to verify GPU usage
docker run --gpus all nvidia/cuda:12.6.1-base-ubuntu24.04 nvidia-smi

If needed before purge old nvidia driver

sudo apt remove --purge '^nvidia-.*'
sudo apt autoremove

Source :

https://yomis.blog/nvidia-gpu-in-proxmox-lxc

https://hostbor.com/gpu-passthrough-in-lxc-containers

Home Lab Optimisé

Matériel utilisé

  • Raspberry Pi : Services légers (Pi-hole, Gatus).
  • NAS Synology : Stockage, médias (Emby, Transmission), et gestion documentaire (Paperless-ngx).
  • PC Proxmox : Virtualisation des services gourmands (VM/LXC).

Architecture Logicielle

1. Raspberry Pi

  • Pi-hole : Bloque les pubs et traqueurs.
  • Gatus : Surveille la disponibilité des services.
Emulation Raspberry (Proxmox)
VM-104
Pi-Hole
Bloque les pubs et traqueurs.
VM-10XGatus Surveille la disponibilité des services.

2. NAS Synology (DSM)

  • Médias : Emby, Transmission, SickChill, NZBGet, FileBot.
  • Documents : Paperless-ngx (via Docker).
  • Sauvegarde : Duplicati.

3. Proxmox (PC Principal)

Conteneur/VMApplicationsRôleVLAN
VM-101Home AssistantAutomatisation domotique.10
VM-103Frigate (+ Ollama)Analyse vidéo (GPU) + IA locale.10
VM-106Docker Developement , supervision et monitoring.10
VM-109Firefly IIIGestion financière.10
VM-102pfSenseRouteur/firewall (optionnel).
VM-108Serveur Web (WordPress)Site web/blog.20
VM-105JenkinsIntégration/déploiement (CI/CD).10

Appareils Connectés (IoT)

  • Google Nest et Smart TV :
    • Isolés dans un VLAN IoT pour la sécurité.
    • Interagissent avec :
      • Home Assistant (commandes vocales, scénarios).
      • Emby (streaming depuis le NAS).
    • Contrôlés via Pi-hole pour bloquer les pubs.

Bonnes Pratiques

  • Réseau :
    • VLANs séparés (Trusted, IoT, Web, Media).
    • Pare-feu (pfSense) pour isoler les flux.
  • GPU :
    • Partage entre Frigate et Ollama via Docker dans un LXC dédié.
  • Sauvegardes :
    • Backuper Paperless, WordPress, et configurations Docker.

Schéma Réseau & Applications


graph TD
  %% Entry Point
  Internet --> OrangeBox --> pfSense

  %% VLAN Zones from pfSense
  pfSense --> VLAN10
  pfSense --> VLAN20
  pfSense --> VLAN30
  pfSense --> VLAN40

  %% VLAN 10 - Trusted
  subgraph "VLAN 10 - Trusted"
    direction TB
    VLAN10 --- VM101["VM-101: Home Assistant"]
    VM101 --- LXC103["LXC-103: Frigate + Ollama"]
    LXC103 --- VM106["VM-106: Docker Host"]
    VM106 --- VM109["VM-109: Firefly III"]
    VM109 --- VM105["VM-105: Jenkins"]
    VLAN10 --- RPi[(Raspberry Pi)]
    RPi --- Pihole
    Pihole --- Gatus
  end

  %% VLAN 20 - Web
  subgraph "VLAN 20 - Web"
    direction TB
    VLAN20 --- VM108["VM-108: Web Server - WordPress"]
  end

  %% VLAN 30 - IoT
  subgraph "VLAN 30 - IoT WIP"
    direction TB
    VLAN30 --- GoogleNest[Google Nest]
    GoogleNest --- SmartTV[Smart TV]
  end

  %% VLAN 40 - Media
  subgraph "VLAN 40 - Media"
    direction TB
    VLAN40 --- NAS[(NAS - Synology DSM)]
    NAS --- Emby --- Paperless --- Transmission --- Duplicati
  end

  %% Styling
  style VLAN10 fill:#d5f5e3,stroke:#27ae60
  style VLAN20 fill:#d6eaf8,stroke:#3498db
  style VLAN30 fill:#fadbd8,stroke:#e74c3c
  style VLAN40 fill:#fdedec,stroke:#f39c12

Légende Détaillée

ÉlémentDescription
🟠 pfSense (VM1)Routeur/firewall gérant les VLANs et la sécurité.
🟢 Raspberry PiExécute Pi-hole (DNS) + Gatus (monitoring).
🔵 NAS SynologyStockage central + applications média (Emby) et docs (Paperless).
VLAN 10 (Trusted)Services critiques : HA, Frigate, Ollama, Dev(Docker,Jenkins).
VLAN 20 (Web)Services exposés : WordPress
VLAN 30 (IoT)Appareils connectés (Google Nest, Smart TV) isolés pour sécurité.
VLAN 40 (Media)Accès aux médias (Emby) depuis la Smart TV.

Flux Clés à Retenir

  1. Google Nest/Smart TV → Communiquent avec Home Assistant (VLAN 10) via règles firewall précises.
  2. Frigate (VLAN 10) → Envoie les alertes à Home Assistant et Smart TV (via VLAN 30 autorisé).
  3. WordPress (VLAN 20) → Accessibles depuis Internet (port forwarding contrôlé par pfSense).
  4. Paperless (NAS) → Consommé par l’utilisateur via interface web NON exposée

pfSense

Exemple de Configuration pfSense (Règles VLAN 30 → VLAN 10)

ActionSourceDestinationPortDescription
✅ AllowVLAN30VM-101 (HA)8123Accès à l’interface HA.
✅ AllowVLAN30LXC-103(Frigate)5000Flux vidéo pour affichage TV.
🚫 BlockVLAN30VLAN10*Bloquer tout autre accès.

Bonnes Pratiques

Pour les Nest

  • Mise à jour firmware : Vérifiez régulièrement via l’app Google Home.
  • Isolation : Bloquez l’accès aux autres VLANs sauf pour :
    • Home Assistant (port 8123).

Pour la Smart TV

  • DNS personnalisé : Redirigez-la vers Pi-hole (Raspberry Pi) pour bloquer les pubs.
    • Dans pfSense : DHCP → Option DNS = IP du Pi-hole.
  • Désactivez le suivi : Désactivez ACR (Automatic Content Recognition) dans les paramètres TV.

Intégration de la Smart TV

Configuration Réseau

  • VLAN : Même VLAN IoT (30) que les Nest pour simplifier.
  • Règles pfSense :
    • Autorisez la TV à accéder à :
      • Internet (streaming Netflix/YouTube).
      • Emby/Jellyfin (NAS) via le VLAN Media (ex: VLAN 40 si existant).

Interaction avec Home Lab

  • Pour Emby/Jellyfin (NAS) :
    • Montez un dossier partagé Synology en SMB/NFS accessible à la TV.
    • Exemple de configuration Emby :yamlCopy# docker-compose.yml (NAS) volumes: – /volume1/medias:/media
  • Contrôle via Home Assistant :
    • Intégrez la TV via HDMI-CEC ou API spécifique (ex: Samsung Tizen, LG webOS).
    • Automatisations possibles :
      • Allumer/éteindre la TV quand Frigate détecte un mouvement.
      • Afficher les caméras sur la TV via un dashboard.

Intégration des Google Nest (Assistant Google)

Configuration Réseau

  • VLAN Recommandé : Isolez-les dans un VLAN IoT (ex: VLAN 30) pour limiter l’accès au reste du réseau.
    • Pour pfSense (VM-102) :CopyCréez un VLAN 30 → Interface dédiée → Règles de firewall : – Autoriser OUT vers Internet (HTTPS/DNS). – Bloquer l’accès aux autres VLANs (sauf exceptions comme Home Assistant).

Communication avec Home Assistant (VM-101)

  • Via le protocole local :
    • Activez Google Assistant SDK dans Home Assistant.
    • Utilisez Nabu Casa (ou un domaine personnalisé avec HTTPS) pour la liaison sécurisée.
  • Scénarios :
    • Contrôle des lumières/prises via commandes vocales.
    • Synchronisation avec vos calendriers/rappels.

DNS

💡 Network Overview (Goal)

  • Orange Box (ISP Router/Gateway):
    • IP: 192.168.1.1
    • LAN/Internet Gateway
  • pfSense (Firewall/Router):
    • WAN Interface: Gets IP from 192.168.1.0/24 (e.g. 192.168.1.2)
    • LAN Interface: New network 192.212.5.0/24 (e.g. 192.212.5.1)
  • Home Lab Devices:
    • On VLANs behind pfSense
  • Pi-hole:
    • Installed behind pfSense (e.g. 192.212.5.2)

🧠 What You Want:

  1. Devices on the lab network use Pi-hole for DNS.
  2. pfSense uses Pi-hole for DNS too (optional but recommended).
  3. Internet access for lab network is through pfSense ➝ Orange Box ➝ Internet.
  4. Lab network stays isolated from home network.

✅ Step-by-Step DNS Configuration

1. Install and Set Up Pi-hole

  • Install Pi-hole on a device behind pfSense (VM, Raspberry Pi, etc.).
  • Give it a static IP, e.g. 192.212.5.2
  • During setup, don’t use DHCP (let pfSense handle that).
  • Choose public upstream DNS (Cloudflare 1.1.1.1, Google 8.8.8.8, etc.)

2. Configure pfSense to Use Pi-hole as DNS

a. Set DNS Server
  • Go to System > General Setup in pfSense.
  • In the DNS Server Settings, add: nginxCopyEditDNS Server 1: 192.212.5.2 (your Pi-hole IP)
  • Uncheck “Allow DNS server list to be overridden by DHCP/PPP on WAN” — this avoids getting ISP’s DNS from the Orange Box.
b. Disable DNS Resolver (Optional)

If you don’t want pfSense to do any DNS resolution, you can:

  • Go to Services > DNS Resolver, and disable it.
  • Or keep it enabled for pfSense’s internal name resolution, but forward to Pi-hole.

3. Configure DHCP on pfSense VLANs)

  • Go to Services > DHCP Server > LAN
  • Under “DNS Servers”, set: DNS Server: 192.212.5.2
  • Now, all clients getting IPs from pfSense will also use Pi-hole as DNS.

4. (Optional) Block DNS Leaks

To prevent clients from bypassing Pi-hole (e.g., hardcoded DNS like 8.8.8.8):

  • Go to Firewall > NAT > Port Forward
  • Create rules to redirect all port 53 (DNS) traffic to Pi-hole IP.

Example:

  • Interface: LAN
  • Protocol: TCP/UDP
  • Destination Port: 53
  • Redirect target IP: 192.212.5.2 (Pi-hole)
  • Redirect Port: 53

Quelques rappels utiles

  • pfSense est la gateway de chaque VLAN → donc une IP par VLAN
  • Le DNS de chaque client dans chaque VLAN doit pointer vers le Pi-hole
  • pfSense peut rediriger les requêtes DNS via une règle NAT (port 53) vers le Pi-hole si nécessaire

Configuration Ip/pfsense/proxmox

ElementSchema IPRegle Pfsense
pfsense.5.1interface:
LAN -> .5.X
LAN_VLAN10 -> .10.X
LAN_VLAN20 -> .20.X
LAN_VLAN30 -> .30.X
LAN_VLAN40 -> .40.X
pihole.5.2NAT : LAN*** address:53 192.212.5.2:53
Raspberry.5.3pihole and gatus
home assistant.10.105NAT redirect old home assistant:
– LAN .30.105:1883 -> .10.105:8123
– LAN .30.105:1883 -> .10.105:8123
frigate.10.115
Kubuntu.10.140
docker.10.200
jenkins.10.140
fireflyIII.10.155
webserver.20.200
synology.40.111(network/interfaces)
auto vmbr2.40
iface vmbr2.40 inet static
address 192.212.40.245/24
vlan-raw-device vmbr2
qt21101l.5.101
px30_evb.5.102
Octoprint.5.110
Doorbell.5.150
dome01.5.151
dome02.5.152

nano /etc/network/interfaces

auto vmbr2.10
iface vmbr2.10 inet static
    address 192.212.10.245/24
    vlan-raw-device vmbr2
auto vmbr2.20
iface vmbr2.20 inet static
    address 192.212.20.245/24
    vlan-raw-device vmbr2
auto vmbr2.30
iface vmbr2.30 inet static
    address 192.212.30.245/24
    vlan-raw-device vmbr2
auto vmbr2.40
iface vmbr2.40 inet static
    address 192.212.40.245/24
    vlan-raw-device vmbr2

paperless-AI

Prompt:

You are a personalized document analyzer. Your task is to analyze documents and extract relevant information.

Analyze the document content and extract the following information into a structured JSON object:

1. TITLE: Create a concise, meaningful title for the document.
2. CORRESPONDENT: Identify the sender/institution, excluding addresses.
3. TAGS: Select from 4 to 10 relevant thematic tags.
4. DOCUMENT_DATE: Extract the document date (format: YYYY-MM-DD).
5. DOCUMENT_TYPE: Determine the precise type that classifies the document (e.g., Invoice, Contract, Employer, Information, etc.).
6. LANGUAGE: Determine the document language (e.g., "de" for German, "en" for English, etc.).

IMPORTANT RULES FOR THE ANALYSIS:

- FOR TAGS:
  - FIRST, remove all tags except "testAi."
  - One tag must refer to the receiver of the document.
  - Choose only relevant categories and select between 4 and 10 tags (6 minimum if possible).
  - Avoid generic or overly specific tags.
  - Use only the most important information to generate the tags.
  
- FOR THE TITLE:
  - Keep it short and concise—NO ADDRESSES.
  - Include the most important identifying features.
  - For invoices or orders, mention the invoice/order number if available.
  
- FOR THE CORRESPONDENT:
  - Identify the sender or institution.
  - Use the shortest form possible for the company name (e.g., "Amazon" instead of "Amazon EU SARL, German branch").

- FOR THE DOCUMENT DATE:
  - Extract the document's date in the format YYYY-MM-DD.
  - If there are multiple dates, use the most relevant one (e.g., the signing date).

- FOR THE LANGUAGE:
  - Identify the language of the document.
  - Use language codes such as "de" for German or "en" for English.
  - If the language is unclear, use "und" as a placeholder.

The output language will be FRENCH.
You are a personalized document analyzer. Your task is to analyze documents and extract relevant information.

Analyze the document content and extract the following information into a structured JSON object:

1. title: Create a concise, meaningful title for the document
2. correspondent: Identify the sender/institution but do not include addresses
3. tags: Select up to 10 relevant thematic tags
4. document_date: Extract the document date (format: YYYY-MM-DD)
5. document_type: Determine a precise type that classifies the document (e.g. Invoice, Contract, Employer, Information and so on)
6. receiver: Identify the receiver of the document and put it into "CustomAiField"
      
Important rules for the analysis:

For tags:
- Use only relevant categories
- Maximum 10 tags per document, less if sufficient (at least 6)
- Avoid generic or too specific tags
- Use only the most important information for tag creation
- The output language is FRENCH

For the title:
- Short and concise, NO ADDRESSES
- Contains the most important identification features
- For invoices/orders, mention invoice/order number if available
- The output language is FRENCH

For the correspondent:
- Identify the sender or institution
  When generating the correspondent, always create the shortest possible form of the company name (e.g. "Amazon" instead of "Amazon EU SARL, German branch")

For the document date:
- Extract the date of the document
- Use the format YYYY-MM-DD
- If multiple dates are present, use the most relevant one (e.g., the signing date).


The output language will be FRENCH.

install frigate

Installation :

https://www.hacf.fr/installation-frigate-proxmox/

https://community-scripts.github.io/ProxmoxVE/scripts?id=frigate

sudo apt -y install nfs-common
sudo apt -y install cifs-utils
sudo mkdir /Ftp

 sudo nano /etc/fstab
 //192.212.5.111/40-Ftp                       /Ftp                  cifs rw,credentials=/root/.sharelogin,nobrl,_netdev,uid=1000,gid=1000 0 0

sudo ln -s /Ftp/frigate /media/

in ha:

https://github.com/blakeblackshear/frigate-hass-integration

https://github.com/blakeblackshear/frigate-hass-addons