# About

Acraze is the proxmox hypervisor in the space. All virtual services inside the
space reside here.

# Maintainers

Current Maintainers:

- tyrolyean:     Responsible. Don't want to, but need to

# Technical

The hypervisors web-interface may be reached at
<https://acraze.srv.it-syndikat.org:8006>. It takes ldap credentials.

## unlock

In case the server was rebootet, has received a power cut, or for any other
reason was rebooted, you need to unlock it. For this you need the
unlock password. As per policy, at least 4 people need to have the unlock key
inside their personal password managers. This currently includes @tyrolyean,
@lambda, @deneb and @drkhsh. The server is reachable during unlock at
`10.17.4.2` assigned via dhcp or `acraze-unlock.srv.it-syndikat.org` if dns
works. Unlock user is `root`.

To unlock, run `zfsunlock`.

## Specifications

The following is an excerpt of the hardware specifications:
<pre>
         .://:`              `://:.            tyrolyean@acraze
       `hMMMMMMd/          /dMMMMMMh`          ----------------
        `sMMMMMMMd:      :mMMMMMMMs`           OS: Proxmox VE 8.3.4 x86_64
`-/+oo+/:`.yMMMMMMMh-  -hMMMMMMMy.`:/+oo+/-`   Host: Super Server 0123456789
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`   Kernel: 6.8.12-8-pve
  `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`     Uptime: 14 days, 5 hours, 17 mins
    ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.       Packages: 1032 (dpkg)
      .+ooooooo+-`oNMMMMNo`-+ooooooo+.         Shell: fish 3.6.0
        -+ooooooo/.`sMMs`./ooooooo+-           Resolution: 1920x1080
          :oooooooo/`..`/oooooooo:             Terminal: /dev/pts/1
          :oooooooo/`..`/oooooooo:             CPU: Intel Xeon E5-2683 v4 (64) @ 3.000GHz
        -+ooooooo/.`sMMs`./ooooooo+-           GPU: NVIDIA Tesla P40
      .+ooooooo+-`oNMMMMNo`-+ooooooo+.         Memory: 258922MiB / 290059MiB
    ./ooooooo+- +NMMMMMMMMN+ -+ooooooo/.
  `/oooooooo:`:mMMMMMMMMMMMMm:`:oooooooo/`
`:oooooooo/`-hMMMMMMMyyMMMMMMMh-`/oooooooo:`
`-/+oo+/:`.yMMMMMMMh-  -hMMMMMMMy.`:/+oo+/-`
        `sMMMMMMMm:      :dMMMMMMMs`
       `hMMMMMMd/          /dMMMMMMh`
         `://:`              `://:`
</pre>

## File system

VMs are stored on a ZFS raid 1. It uses ZFS subvolumes to separate virtual
machines.

## Interfacing

To interface either access <https://acraze.srv.it-syndikat.org:8006/> or ssh to the same
host. For recovery purposes, the IP address is 10.17.4.2. The root password is noted in
Vaultwarden.

## VM Network

VMs should use the pre-configured bridge interface `vmbr0`, which will put them
in the SRV subnet on the router (currently 10.17.4.0/24). You will also get your
dns record set into the `.srv.it-syndikat.org` local dyn dns domain and get an
IPv6 address assigned, but **ONLY** via dhcpv6.

## Commands

If you don't want to use the graphical interface, you can use the several
command line programs. 

### List virtual machines

`qm list`

### Get ther serial console of an old parabox vm

`qm terminal <VM-ID>`

### List guest volumes

`pvesm list <storage>`

Note: at the time of writing there is only one storage: `tank_id`

### Delete a guests volume

`pvesm free <volume_id>`

### Import a disk image as new vm disk

`qm importdisk <VM-ID> <image path> <storage>`

Note: if an import fails or is aborted, there will probably be a leftover zfs
subvolume with the size of the imported image. To remove it, see the command
above.

### Create local (PAM) user with PVE web access

Creating a system user isn't enough for access to the PVE webinterface. We
have to tell PVE about the user and assing them some roles. Here we use
PVEAdmin which should be root equivalent:

    $ adduser my-user
    ...
    $ pveum user add my-user@pam
    $ pveum acl modify / --roles PVEAdmin --users my-user@pam