update: Setup of LXC updated.

vms-and-lxcs.md

@@ -2,11 +2,11 @@
 
 ## Microsft Azure compatible Linux Distributions
 
-We love Debian, but it's not well supported by Microsoft Azure. Thus we are going mainstream and use Ubuntu.
+We love Debian, but it's not well supported by Microsoft Azure. Thus we are once in a while going mainstream and use Ubuntu, if VMs must be connected to Azure.
 
 ## User Management
 
-- Limit root login to console only as an emergency fallback. You can login via the hypervisor console then.
+- Limit root login to console only as an emergency fallback. You can login via the proxmox console then.
 - Create a `ansible` super user with sudo rights; allow SSH access by keys only. This is used for maintenance and configuration.
 - Create a normal user `debian` with restricted privileges; also allow SSH by keys only. This one can be used for normal system tasks.
 - Disallow password-based SSH logins for all users besides root.
@@ -47,11 +47,41 @@ SSH keys are managed via the approach described in the [infra-terraform-sshkeyva
 - Make use of the [Azure Naming Tool](https://app-azurenamingtool-dev-bnhfgbdgafeqh2gf.switzerlandnorth-01.azurewebsites.net/) to get a suitable name for the LXC container. We use the same schema as for virtual machines. E.g. `vm-mal-dev-opr-1`
 - Create a new ssh key according to the [infra-terraform-sshkeyvault](https://xwr.visualstudio.com/jambor.pro/_git/infra-terraform-sshkeyvault) repository. Use a name from the naming tool, e.g. `kvs-mal-dev-opr-1`
 
-- Search for a pre-defined template or the latest Ubuntu template: [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/scripts)
+- Search for a pre-defined template or the latest Debian / Ubuntu empty template: [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/scripts)
 - Review the script and check that you understand it and no malicious code is in it. (ha ha, we all do that, right?)
 - Execute the script on the Proxmox servers shell via the web interface. SSH is not advised for that.
+- Use advanced settings like the example below.
+
+```bash
+  🧩  Using Advanced Settings on node prd-proxmox-2
+  🖥️  Operating System: debian
+  🌟  Version: 12
+  📦  Container Type: Unprivileged
+  🔐  Root Password: ********
+  🆔  Container ID: 101
+  🏠  Hostname: vm-mal-dev-opr-1
+  💾  Disk Size: 64 GB
+  🧠  CPU Cores: 1
+  🛠️  RAM Size: 2048 MiB
+  🌉  Bridge: vmbr0
+  📡  IP Address: dhcp
+  🌐  Gateway IP Address: Default
+  📡  APT-Cacher IP Address: Default
+  🚫  Disable IPv6: yes
+  ⚙️  Interface MTU Size: Default
+  🔍  DNS Search Domain: Host
+  📡  DNS Server IP Address: Host
+  🏷️  Vlan: 7
+  📡  Tags: ;
+  🔑  Root SSH Access: yes
+  🔍  Verbose Mode: yes
+```
+
+- **Important:** add the public ssh key to the LXC in the process to enable ssh via key.
+- If the service is exposing an http(s) service, put traefik infront of it if you want to access it from external. See [Proxmox VE Helper-Scripts](https://community-scripts.github.io/ProxmoxVE/scripts) for examples.
+
+If you cannot choose Ubuntu as distribution, and you must connect the VM to Azure you should choose to create an empty Ubunto LXC and install the desired service on top of that.
 
-- If you cannot choose Ubuntu as distribution, you should choose to create an empty Ubunto LXC and install the desired service on top of that.
 - Create a LXC within the Proxmox web interface and use the latest Ubuntu LTS template.
 - **Important networking note** using IPv6 dhcp causes the network to stop working as the lease seems not to be updated. Keep IPv6 as static, IPv4 can be dhcp.
 - Ensure to set the right vnet ID according to [networking instructions](network.md).