My Staycation With Proxmox: Sun, Silence, and Servers

A tech adventure to entertain me on a week of summer relaxation.

My Staycation With Proxmox: Sun, Silence, and Servers
Photo by Toa Heftiba / Unsplash

When most think of a summer staycation, images of lazy afternoons in a hammock, or perhaps an at-home spa day come to mind. Me? I envisioned a week of diving into Proxmox, the magic of LXC containers, and the delightful dance of SSH keys and Ansible. Here's my memorable tech-adventure from the comfort of my own home.

Setting Up The Proxmox Server

As my staycation began, I dusted off my trusty Intel NUC Gen 8 — a compact powerhouse of a machine that had been awaiting a new lease on life. And what better way to reinvigorate it than with Proxmox?

Preparing the Flashdrive

Before anything else, I needed a bootable USB flash drive with the Proxmox installer. I downloaded the latest Proxmox VE ISO image from their official site. To turn my ordinary USB stick into a bootable Proxmox installer, I used my trusty Windows go-to for this sort of task, Balena Etcher. After selecting the Proxmox ISO and setting my USB as the destination, Etcher did its magic, making my USB drive the key to my Proxmox adventure.

Booting the installer from USB

Now came the part where I breathed new life into the NUC. Intel's NUCs have a famously user-friendly BIOS interface, and accessing it was as easy as tapping F2 during the boot-up process. Once inside, I navigated to the Boot tab and prioritized the USB drive as the primary boot device.

Also, and buyer beware, I had to disable secure boot on the NUC to allow the proxmox installer to work.

Restarting the NUC with the USB drive plugged in, I was greeted with the Proxmox installer screen. Here, the interface is intuitive. The first few prompts gathered essential information such as my time zone, keyboard layout, and installation target (the internal SSD of the NUC, in this case).

The next steps had me inputting my desired password and email for Proxmox notifications — crucial for managing and monitoring the server in the future. After a few more prompts, including network configurations (like setting a static IP, which I highly recommend), the installer began transferring Proxmox VE onto the NUC's SSD.

First Boot

The entire installation process took a bit, giving me just enough time to brew a cup of tea. Once completed, the system prompted for a reboot. Ejecting the USB drive, my NUC booted up, not as the bare-bones computer it was earlier, but as a powerful Proxmox server. I grabbed another device and opened a web browser. Inputting the NUC's network name followed by the port number 8006 (the default for Proxmox), I was led to a login screen.

At first, the browser warned me about an insecure connection due to the self-signed certificate Proxmox uses by default. It's a routine notification, and I proceeded by adding an exception in the browser. On the login page, I entered the username as root and used the password I set during the installation. The moment of truth arrived as I clicked the "Login" button.

To my delight, I was greeted by the Proxmox web interface — a sleek, intuitive dashboard displaying all the server's statistics at a glance. From here, I could manage virtual machines, LXC containers, storage, and the overall health of the system. The clear layout and detailed graphs felt like a control center, ready to be commanded. With this, my Proxmox adventure truly began, promising endless possibilities right from the cozy confines of my living room.

It Lives!

Diving into LXC Containers

LXC (Linux Container) containers are a fascinating realm within the Proxmox environment. These containers have a feather-light footprint, sharing the host's kernel but functioning almost like standalone Linux systems. And since my goal was to create an LXC container using the latest Debian template, my Proxmox staycation was shaping up to be more exciting than I'd imagined.

Pulling LXC Templates in Proxmox

Proxmox offers an easy way to fetch the latest LXC templates. From the web interface I navigated to the "Local (pve)" storage on the left sidebar, situated under the "Datacenter" node. Clicking on the "Content" tab, I was presented with an option that said "Templates". Upon selecting "Templates", a myriad of OS templates was available, each optimized for LXC deployment. From CentOS to Ubuntu, the options were aplenty.

But my eyes were set on Debian. I clicked the "Download" button next to the latest Debian LXC template, and Proxmox swiftly began fetching it from the online repositories.

Exploring the Debian LXC Container

Once the template was downloaded I clicked the "Create CT" button on the top right. This initiated the LXC container creation wizard.

The steps were intuitive: naming the container, allocating resources (like CPU and RAM), and assigning a network interface. When I reached the template selection page, I chose the Debian template I had just downloaded. After finalizing the settings and hitting "Finish," Proxmox got to work, creating an LXC container based on the Debian template.

The container initialization took mere moments. Once up and running, I clicked on the "Console" tab. This opened a terminal window, dropping me straight into my new Debian environment. To the untrained eye, it seemed as if I was operating a full-fledged Debian server. I began exploring, running a few standard commands (apt update, uname -a, etc.) and felt the exhilarating power and flexibility of LXC.

Being able to deploy a functional Debian system in minutes, with minimal overhead, underscored why LXC containers are such an asset in the virtualization world. This experiment marked just the beginning of my LXC adventures on Proxmox, and I can't wait to delve deeper.

Taking a step back: SSH keys

Woah, not so fast! I neglected to add an important part to the provisioning, including a SSH key. SSH keys offer a secure way to communicate with remote systems, and in the context of my Proxmox and LXC container project, they were paramount for good security practices.

Why Unique SSH Keys Are Vital

Using unique SSH keys, specifically for this project, adds an extra layer of security. Imagine having a specialized key for each room in your house instead of one master key for all the doors. If one key were to be compromised, the others would remain secure. In the same vein, having unique SSH keys ensured that if one part of my project were to face security issues, the others would remain unaffected.

Ed25519 is a public-key signature system known for its robustness and efficiency which offers a fantastic balance between speed and security. It's designed to be fast in both key generation and verification, all without compromising the level of security. Additionally Ed25519 has been constructed with modern cryptographic best practices in mind, avoiding many pitfalls and vulnerabilities that have been known to affect other algorithms.

Generating Ed25519 Keys

Creating secure Ed25519 SSH keys is pretty straightforward. You can use ssh-keygen to generate a key while adding a comment and specify a unique path.

ssh-keygen \
  -t ed25519 \
  -C "Proxmox LXC Project" \
  -f ~/.ssh/proxmox_lxc_ed25519_key
Generate the SSH Key

As always, setting strong permissions on the private key ensures that only the necessary users can access it.

chmod 600 ~/.ssh/proxmox_lxc_ed25519_key
Secure the SSH Key

By choosing Ed25519 and implementing it within my staycation project, I ensured a modern and secure way to manage my Proxmox server and LXC containers. It's akin to having a state-of-the-art digital lock system that's both lightweight and resilient. My staycation, as virtualized as it was, felt even more secure knowing that I was using one of the most robust key algorithms available.

My Staycation Tech Assistant, Ansible

Imagine having a personal assistant during your staycation, taking care of all the mundane tasks. That's Ansible for you, but for servers. With Ansible playbooks, I outlined precisely how I wanted my LXC containers configured. For me, it was like asking for breakfast in bed.

Provisioning New Containers

Ansible's declarative language allowed me to define the desired state of my LXC containers. Using Proxmox's Ansible modules, I created a playbook that provisions new Debian containers.

This playbook targets the Proxmox host, and by specifying the Debian template, provisions new containers with the previously generated Ed25519 SSH key. This provides secure and password-less SSH access to the container.

- name: Provision Debian LXC containers
  hosts: proxmox_host
  gather_facts: no
    - name: Create new LXC container
        api_host: nuc8
        api_user: root@pam
        api_password: {{ API_PASSWORD }}
        vmid: 400
        node: nuc8
        hostname: debiancontainer
        pool: Pool1
        password: {{ CONTAINER_PASSWORD }}
        pubkey: {{ CONTAINER_PUBKEY }}
        ostemplate: 'local:vztmpl/debian-12-standard_12.0-1_amd64.tar.zst'
        storage: local-lvm
        disk: 20
        cores: 1
        memory: 1024
        swap: 512
        netif: '{"net0":"name=eth0,bridge=vmbr0,ip=dhcp"}'
        state: present

    - name: Start the container
        api_host: nuc8
        api_user: root@pam
        api_password: {{ API_PASSWORD }}
        vmid: 400
        state: started
        timeout: 300

Next, I needed to install HashiCorp Packer inside the containers to build new LXC templates. Using an inventory of newly created debian containers, this was a typical Configuration Management task for Ansible.

- name: Install HashiCorp Packer
  hosts: debian_containers
  become: yes
    - name: Download Packer
        dest: /tmp/

    - name: Unzip Packer
        src: /tmp/
        dest: /usr/local/bin
        mode: 0755

    - name: Verify Packer Installation
      command: packer --version
      register: version
      changed_when: false

    - debug:
        msg: "Packer version: {{ version.stdout }}"

What could have been a complex, error-prone manual process was simplified into automated, repeatable playbooks. Ansible allowed me to spend less time on repetitive tasks and more time enjoying my virtualized staycation adventure. Building containers, integrating SSH keys, and installing Packer were turned into a seamless flow, right at my fingertips. By embracing automation, my staycation became a thrilling exploration of what's possible when technology works for you.

Lessons From The Lounge Chair

1. Home is where the tech is. A staycation can be as enriching as any exotic vacation when you've got a fascinating project to immerse yourself in.
2. Containers are the perfect summer meal. LXC containers are as light and fulfilling, offering flexibility without the bulk.
3. Ansible is the ultimate tech helper. Automating tasks with Ansible is like having a robotic housekeeper. Once you've set it up, you can kick back and enjoy your summer reads.

By the end of my staycation, I felt rejuvenated. Not only had I experienced Proxmox and the related technology I had decided to focus on, but I'd also enjoyed the simple pleasures of home. Tech and relaxation had blended beautifully.

So next time you're considering a vacation, remember that sometimes the most exciting adventures are just a keyboard away, right in the comfort of your living room!