Should I install Proxmox Virtual Environment 8 on a Legion Pro 5i Gen 8?

I'm looking for help and advice.  Click images to see larger version.

Morgonaut — Triple Boot HackintoshI have a little experience operating Proxmox VE on servers — which belong to clients.  But, they are running older versions.  Mostly, I just interact with the Linux guest VMs (Virtual Machines) hosted on Proxmox.

In the past, I have seen YouTube videos touting, "I run Linux, macOS, and Windows — on one machine, simultaneously — with Proxmox!"  Typically, however, the YouTuber is running Proxmox on a desktop PC — with a workstation CPU (Threadripper or Xeon W) — and at least 2 graphics cards.  At least one of the graphics cards is an AMD Radeon — for PCI-passthrough to the macOS guest VM.

My goal is to build a portable virtual environment.  To work with, I only have 2 graphics devices — Intel 13th-gen integrated-graphics and NVIDIA RTX 4060 discreet-graphics.  Except on standby, the system guzzles battery.  I don't expect to run this without the power supply (available).  Power concerns aside, I suspect I can run (at most) 2 VMs to 2 displays — including (or in addition to) the built-in display.  As I don't want to rely on another device to manage Proxmox, I am aware I will need to install a (light) desktop environment.

My major concern are the IOMMU groups for PCI-passthrough.  The RTX 4060 is definitely in a discreet group — to pass through to Windows or Linux.  But, macOS will only work with Intel or AMD graphics (or very old NVIDIA cards).  In the past, I have run Mojave on a guest VM in VirtualBox — on a Lenovo 2-in-1 (Intel 8th-gen Core i7 + NVIDIA MX230).  I did not find a way to pass through the Intel integrated-graphics.  Nor did I find a way to output sound.

I hope I have better luck with KVM and qemu.

Another concern is BIOS updates.  I haven't had to download a BIOS-update and run it from boot-media in over a decade.  Nor have I checked if that is still possible.  I see that I can download a BIOS update (.exe) from Lenovo Support.  But, can I run the update without Windows?  Although I plan to have a Windows VM, I don't plan to use the OEM (bare metal) Windows system.

Legion Pro 5i under light loadI have already backed up the initial state of the SSD.  So far, I have been using the Legion Pro 5i Gen 8 — solely with Linux Live-USB.  Here are the Geekbench 6 results (links launch new tab or window):

I don't know if this can be done.  A few years ago, I was excited to try.  But, much has changed.

Once more... I am looking for help and advice.  Thanks in advance!

  • Here is a video I found, which provides (some) good advice — installing Proxmox VE + installing Xfce DE¹, so you can manage Proxmox locally + add new user and add that user to sudoers (%wheel) group, so you don't login as root after reboot.

    But, then the video offers horrible advice — performing tasks as root (sudo su), to disable default repos and enable "community" repos.

    The video creator — he doesn't explain the risks of following his instructions.  Which means 1 or more of the following:

    • He doesn't know about the risks.
    • He doesn't care about the risks
    • He's hoping his audience neither knows, nor cares about the risks...
      • the ignorant and the apathetic are easy to exploit.

    If you perform actions as the root user, there are no restrictions.  The root user can do anything..

    Always be suspicious of any advice which follows, "Use 'sudo su' to switch to the root user".  Almost always, what follows (may as well be), "Then run these commands to completely compromise your base-system.  Because you are foolish enough to blindly follow a guide you found online."

    Why should we disable default repos?  Why should we trust the "community" repos?  When you hear "community repos", think AUR² for Arch-based Linux distros and PPA³ for Ubuntu-based Linux distros.  People use them.  I don't know whether they should trust them.

    I don't⁴.

    But, I have heard from sources I trust — disabling the "no subscription nag-screen" — that's common.  Proxmox VE is free for developers.  But, they still nag you to get a subscription.  You don't need to switch to the root user.  You can just run that command (and almost all other commands) with sudo.

    If I recall correctly, however, there is a free-for-developers subscription.  So, disabling the "nag-screen" — that may be a solution to a privacy-concern problem; e.g. to avoid providing personal info, like an email address or phone number.

    I don't know the process of getting a developer subscription.  Not yet, anyway.

    ¹ DE → Desktop Environment

    ² AUR → Arch User Repository

    ³ PPA → Personal Package Archive

    ⁴ I don't have time to investigate community repos, their contributors, or each package I might install.  There's an old saying, "Check your sources."  In the video, he's literally changing the sources.list file — as root.  Why?  Does Proxmox not allow sudoers to change that file with the sudo command?  Or is he just lazy?  Some users (foolishly) use "sudo su" before running privileged commands, to avoid typing "sudo [command]" each time. smh

  • I may not understand entirely what's going on here, but if I remember one thing from my Unix classes, it's about the sudo thing lol. It's like getting a magic "do everything without asking" wand which I agree can create chaos if used incorrectly.

  • The magic "do everything without asking" only occurs for the root-user; i.e. "sudo su".  After successfully completing the "sudo su" password challenge, you will not be challenged, again.  Neither for your password nor the root password.

    Using "sudo [command]", however, challenges you for the password for each command, once per session, or every N number of minutes; e.g. every 15 minutes.  If you close your terminal (or type "exit<Enter>"), the session has ended.  Opening a new terminal will open a new session and sudo will challenge you for the password, again.

    The sudo command is sufficient for almost every use-case.  It stands for "superuser do".  Most distros, however, restrict sudo permissions on some areas of the system.  To make changes to those areas, you must open a root-user session.

    The root user has no restrictions.  After "sudo su", you're no longer "superuser doing".  You've opened a root-user session.  In that session, you are the superuser (a.k.a. the root-user).

    The superuser never needs to use sudo.

    The sudo-analogy in Windows, is "Run as Administrator".  The root-analogy in Windows, however, is not an account in the Administrators group.  There is another account — called Administrator — which is the built-in Windows "superuser".

  • I omitted, "The Administrators group, in Windows, is analogous to the sudoers group, in Linux¹"

    ¹  Or any UNIX-based OS, like BSD and macOS (Apple's BSD-based OS).  Sometimes it's called the "%wheel" group.

  • I omitted, "The Administrators group, in Windows, is analogous to the sudoers group, in Linux¹"

    ¹  Or any UNIX-based OS, like BSD and macOS (Apple's BSD-based OS).  Sometimes it's called the "%wheel" group.

No Data