Proxmox Offline Mirror - Example Working Slimmed Down Config?

[happypuffinlinuxengineer]

Hello Proxmox Community,

I've been working on trying to trim down the offline mirror's package selection to make a smaller Debian and PVE repo to transfer to an isolated net. I haven't had much luck - it's still pulling in many unneeded dependencies.

Does someone have a list that only pulls down the packages required by a PVE install? I have no other Debian machines in that isolated environment that would need other packages.

The only non-PVE package I would need is the freeipa-client, but I will try and work out the dependencies for that independently once I have a basis of what would be a minimal repo.

My current proxmox-offline-mirror.cfg:

mirror: debian_bookworm_main
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /usr/share/keyrings/debian-archive-bookworm-automatic.gpg
        repository deb http://deb.debian.org/debian bookworm main contrib non-free
        sync false
        verify true
        skip-packages 'linux-image-*'
        skip-sections debug
        skip-sections education
        skip-sections electronics
        skip-sections games
        skip-sections hamradio
        skip-sections haskel
        skip-sections introspection
        skip-sections lisp
        skip-sections mathematics
        skip-sections golang
        skip-sections interpreters
        skip-sections ocaml
        skip-sections science
        skip-sections tex
        skip-sections video
        skip-sections zope

mirror: pve_bookworm_no_subscription
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
        repository deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
        sync false
        verify true

mirror: debian_bookworm_updates
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /usr/share/keyrings/debian-archive-bookworm-automatic.gpg
        repository deb http://deb.debian.org/debian bookworm-updates main contrib
        sync false
        verify true
        skip-sections debug
        skip-sections debian-installer
        skip-sections lib-devel
        
mirror: debian_bookworm_security
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg
        repository deb http://deb.debian.org/debian-security bookworm-security main contrib
        sync false
        verify true

mirror: hpe_proliant_deb
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        repository deb http://downloads.linux.hpe.com/SDR/repo/mcp/ bookworm/current non-free
        sync false
        key-path /etc/apt/trusted.gpg
        verify false

 

[jsterr]

Hello Proxmox Community,

I've been working on trying to trim down the offline mirror's package selection to make a smaller Debian and PVE repo to transfer to an isolated net. I haven't had much luck - it's still pulling in many unneeded dependencies.

Does someone have a list that only pulls down the packages required by a PVE install? I have no other Debian machines in that isolated environment that would need other packages.

The only non-PVE package I would need is the freeipa-client, but I will try and work out the dependencies for that independently once I have a basis of what would be a minimal repo.

My current proxmox-offline-mirror.cfg:

mirror: debian_bookworm_main
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /usr/share/keyrings/debian-archive-bookworm-automatic.gpg
        repository deb http://deb.debian.org/debian bookworm main contrib non-free
        sync false
        verify true
        skip-packages 'linux-image-*'
        skip-sections debug
        skip-sections education
        skip-sections electronics
        skip-sections games
        skip-sections hamradio
        skip-sections haskel
        skip-sections introspection
        skip-sections lisp
        skip-sections mathematics
        skip-sections golang
        skip-sections interpreters
        skip-sections ocaml
        skip-sections science
        skip-sections tex
        skip-sections video
        skip-sections zope

mirror: pve_bookworm_no_subscription
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg
        repository deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
        sync false
        verify true

mirror: debian_bookworm_updates
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /usr/share/keyrings/debian-archive-bookworm-automatic.gpg
        repository deb http://deb.debian.org/debian bookworm-updates main contrib
        sync false
        verify true
        skip-sections debug
        skip-sections debian-installer
        skip-sections lib-devel
    
mirror: debian_bookworm_security
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        key-path /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg
        repository deb http://deb.debian.org/debian-security bookworm-security main contrib
        sync false
        verify true

mirror: hpe_proliant_deb
        architectures amd64
        architectures all
        base-dir /mnt/nfs/deb-repos-scratch
        ignore-errors false
        repository deb http://downloads.linux.hpe.com/SDR/repo/mcp/ bookworm/current non-free
        sync false
        key-path /etc/apt/trusted.gpg
        verify false

How much space do you need for that config? Have you been successfull pushing the size down further? Im getting to 80GB - thats ok for me.

Every 60.0s: du -sh */ | sort -rh                                                                        training2: Mon Apr  6 16:11:09 2026

63G     debian_trixie_main/
13G     pve_trixie_no-subscription/
1.7G    debian_trixie_security/
760M    ceph_squid_trixie/
19M     debian_trixie_updates/

Any way to fix this @aaron when using POM for mirroring the no-subscription-repos? Thanks for the help!


Thats my exclusion which should be checked manually by each person wanting to use it. Its does fit my usecase with having only pve-nodes using this offline-mirrors. Do not use those on other linux-servers, linux-desktops as a lot of packages are not included.

        skip-sections debug
        skip-sections education
        skip-sections electronics
        skip-sections fonts
        skip-sections games
        skip-sections gnome
        skip-sections gnustep
        skip-sections golang
        skip-sections graphics
        skip-sections hamradio
        skip-sections haskell
        skip-sections interpreters
        skip-sections introspection
        skip-sections java
        skip-sections kde
        skip-sections lisp
        skip-sections mathematics
        skip-sections mono
        skip-sections news
        skip-sections ocaml
        skip-sections oldlibs
        skip-sections otherosfs
        skip-sections science
        skip-sections sound
        skip-sections tex
        skip-sections video
        skip-sections x11
        skip-sections xfce
        skip-sections zope
        skip-packages '*-aarch64-linux-gnu*'
        skip-packages '*-alpha-linux-gnu*'
        skip-packages '*-arc-linux-gnu*'
        skip-packages '*-arm-linux-gnueabi*'
        skip-packages '*-hppa-linux-gnu*'
        skip-packages '*-i686-linux-gnu*'
        skip-packages '*-loongarch64-linux-gnu*'
        skip-packages '*-m68k-linux-gnu*'
        skip-packages '*-mips*-linux-gnu*'
        skip-packages '*-powerpc*-linux-gnu*'
        skip-packages '*-riscv64-linux-gnu*'
        skip-packages '*-s390x-linux-gnu*'
        skip-packages '*-sh4-linux-gnu*'
        skip-packages '*-sparc64-linux-gnu*'
        skip-packages '*-x86-64-linux-gnux32*'
        skip-packages '*mingw*'
        skip-packages 'binutils-arm-none-eabi'
        skip-packages 'chromium*'
        skip-packages 'emscripten'
        skip-packages 'firefox*'
        skip-packages 'fp-*'
        skip-packages 'fpc*'
        skip-packages 'gcc-*-cross*'
        skip-packages 'gcc-*-offload-*'
        skip-packages 'gcc-*-test-results'
        skip-packages 'gcc-h8300-*'
        skip-packages 'gccgo-*'
        skip-packages 'gdc-*'
        skip-packages 'gfortran-*'
        skip-packages 'gm2-*'
        skip-packages 'gnat-*'
        skip-packages 'gobjc*'
        skip-packages 'hunspell-*'
        skip-packages 'hyphen-*'
        skip-packages 'lazarus*'
        skip-packages 'lib32go*'
        skip-packages 'lib32gphobos*'
        skip-packages 'lib64go*'
        skip-packages 'libcamitk*'
        skip-packages 'libclang-*'
        skip-packages 'libcoq-*'
        skip-packages 'libghc-*'
        skip-packages 'libgo*'
        skip-packages 'libgo-*-cross'
        skip-packages 'libgphobos*'
        skip-packages 'libgphobos-*-cross'
        skip-packages 'libkf5*'
        skip-packages 'libkf6*'
        skip-packages 'liblomiri*'
        skip-packages 'libn32go*'
        skip-packages 'libnewlib-*'
        skip-packages 'librccl*'
        skip-packages 'libstd-rust-dev-wasm32'
        skip-packages 'libstdc++-*-dev-*-cross'
        skip-packages 'libstdc++-*-pic-*-cross'
        skip-packages 'libstdc++-arm-none-eabi-*'
        skip-packages 'libstdc++-riscv64-unknown-elf-*'
        skip-packages 'libswiftlang*'
        skip-packages 'libwine'
        skip-packages 'libx32*'
        skip-packages 'libreoffice*'
        skip-packages 'linux-image-*'
        skip-packages 'linux-source-*'
        skip-packages 'lomiri*'
        skip-packages 'mythes-*'
        skip-packages 'picolibc-*'
        skip-packages 'piglit'
        skip-packages 'r-base*'
        skip-packages 'r-bioc-*'
        skip-packages 'r-cran-*'
        skip-packages 'rocs'
        skip-packages 'ros-*'
        skip-packages 'ruby-*'
        skip-packages 'rust-*'
        skip-packages 'ssg-nondebian'
        skip-packages 'swiftlang'
        skip-packages 'texlive-*'
        skip-packages 'thunderbird*'
        skip-packages 'tryton-*'
        skip-packages 'unidic-mecab'
        skip-packages 'wine*'
        skip-packages '*-doc'

I compared to a system with no offline-mirror setup and one with my offline-server. both getting 130 updates on a fresh 9.1. Seems like my exklude list is correct.

 

[happypuffinlinuxengineer]

I ended up building my own solution using a Debian container and regular Apt tooling. I take a list of all of the packages installed on Proxmox VE after I finish my buildout with Ansible, and then pull those packages from the Proxmox Repo and the Debian repo. I got my bundle down to 2GB. I had difficulty getting the proxmox offline mirror to work for my needs, trying to cut it down based on repo groupings was proving to be difficult.