Originally published on LinkedIn on 2025-01-19.
This Lab environment was created for a showcase at a local school. The school, a small community-driven institution based on Montessori principles, serves approximately 70 children and teachers. Open Source and Free and Open-Source Software (FOSS) are valued by some of the teaching staff, and they requested assistance with certain aspects of the school’s infrastructure. Considering this preference, a cloud solution was deemed unsuitable.
Important Note: This is solely a LAB environment and should not be used for production purposes. It lacks critical security measures, including data protection, backups, encryption, network isolation, and other essential elements required for production environments. This lab is intended for demonstration and educational purposes only.
Goal Link zu Überschrift
The primary objective was to streamline file sharing and user management on Linux devices within the school.
Lab Environment Link zu Überschrift
As the school lacks a dedicated IT lab for such projects (existing Raspberry Pi devices are primarily used for experimental hacking and recreational purposes), the decision was made to construct the lab within a virtualized environment on the developer’s personal laptop. This also provided an opportunity to evaluate the performance of a new Tuxedo Infinitybook Pro Intel Gen9 system.
Nested Virtualization Link zu Überschrift
To achieve this, Nested Virtualization was necessary, which is enabled by KVMintegrated within the Linux kernel. The following steps will verify KVM availability on the current machine.
Conclusion
The output confirms that KVM and nested virtualization are supported on this machine. This allows for the creation of virtual machines within other virtual machines, providing a flexible environment for experimentation and development.
Virtual Machine Manager Link zu Überschrift
With libvirt and qemu and virt-manager there are tools to set things up. virt-manager is a very simple desktop user interface to manage libvirt. Because it is a very common package in a lot of distributions, it is also easy to install at TuxedoOS
Proxmox setup Link zu Überschrift
Then download the installation ISO for proxmox-VE and add them to a directory where libvirt can access it. In this case I created a virtual-images directory in my documents.
virt-manager qemu/KVM storage details
Let’s create a proxmox-ve instance
Once the configuration is complete, a new virtual machine will be created. The Proxmox VE setup process will then begin and automatically connect to the VM. If this automatic connection fails, use the virt-viewer or virt-manager user interface to connect to the virtual machine’s graphical interface.
For this lab environment, a single disk was configured. To explore the features of Proxmox, which are based on the ZFS file system, ZFS was chosen as the primary file system for the lab.
Important Note: When running multiple instances, careful consideration must be given to IP address assignment. Ensure that each instance within the virtual network has a unique IP address. Failure to do so may result in unexpected network behavior, providing a valuable learning opportunity regarding network configurations.
While automation of the configuration process is possible, it was deemed beyond the scope of this showcase.
Proxmox VE installer overview
Cluster setup
Login to a Proxmox node and setup a cluster via Datacenter > Cluster > “Create Cluster”. Later we will need the Join Information and copy it at a other node of this cluster.
create Proxmox Cluster
Cluster Join Information
This is an base64 encoded string. If you are interessted whats in there base64 -d is your friend.
Cluster Join
Univention Corporate Server Link zu Überschrift
So we have a running Proxmox cluster and can upload the ISO image to install Univention Corporate Server. The installation ISO is available as download from Univention .
Upload UCS ISO
After the upload of the UCS installation ISO, create a VM on the same pve node.
Summary of the VM configuration
The virtual machine console can be opened via the browser.
**
In this lab, the default settings were used for the UCS installation. Following the OS installation, UCS will reboot, and the configuration process can then begin. An activation key, obtained via email, is required.
Within this lab environment, I created a new UCS domain.
**
Enter the organization name and a valid email address. Univention will use this address to send the activation key to you.
**
Configure the FQDN of the machine and LDAP root.
**
Check the settings and start the system configuration.
**
The configuration process will set up the entire domain and machine. Once complete, you will be able to log in as the Administrator via a web browser. To start, import the license received via email under System > Welcome > License import.
**
**
Create a user account within the Univention Corporate Server (UCS) that will be used for subsequent logins from the Linux Mint operating system.
**
Linux Mint Link zu Überschrift
Download the ISO image from Linux Mint Project and upload it to a proxmox node.
**
**
Connect with graphical console and install Linux Mint. For the lab the oem installation was used with no special settings.
Univention Domain Join Link zu Überschrift
There is an issue when univention domain join is used with linux mint. Because of missing dependencies it will fail. This is easy to solve. Univention perhaps you take a look here.
Open Univention Domain Join and join the computer.
Univention Domain Join
In UCS the joined device is listed as Ubuntu computer.
Computer joined the Domain
Reboot the Linux Mint computer and logout the oem user. May also get rid of the oem user later. Now check if it is possible to login as the user we created in UCS.
UCS User at Client Device
It is possible to manage and assign groups via UMC, therefore I recommend to read the docs.
Nextcloud Link zu Überschrift
It is possible to install Nextcloud via Univention App Center. It will configure Nextcloud and integrate it within the UCS environment. There are more advanced setups possible. I just want to mention that univention has it’s own mechanism to configure integrated apps. So be aware of that before changing configuration files inside UCS.
Nextcloud in UCS App Center
In the UCS user settings, Nextcloud App is added automatically.
activ Nextcloud App at User configuration
The Univention portal serves as a central point for presenting available services. This allows users on the Linux Mint client to readily access the Nextcloud service through the portal.
Nextcloud service on Univention Portal
Nextcloud SSO
Univention Portal SSO login
Nextcloud User managed with UCS
Additional features Link zu Überschrift
Proxmox VM Replication
I have used Ceph in the past at larger Datacenter setups with a lot machines and Leaf Spine network architecture. This won’t be possible in that case. But as Proxmox supports ZFS I like to test some features there too. One feature is replication.
VM replication
Proxmox VM migration
An other is the possibility to migrate VM’s between nodes. Be careful with Linked Clones from VM templates, because the migration features are not supported if the VM uses local storage.
Live migration
Conclusion Link zu Überschrift
Open Source provides a lot of solutions, offering comprehensive features for various needs. For this project, the next steps involve defining the network architecture, hardware requirements, and appropriate backup and security measures.
It’s important to note that no company mentioned in this article has provided any form of financial compensation.
Special thanks to the vibrant communities around Open Source Software, and specifically those supporting:
Feel free to hit me up with any burning questions or brilliant improvement ideas! And remember, folks, 2025 is the year of the Linux desktop (at least within these hallowed halls of learning).
May the Force of open source be with you all!
Gerhard Sulzberger