Infrastructure Runbook
Common operational tasks for the Proxmox host and LXC infrastructure. For service-specific tasks see the per-service runbooks under Services.
LXC Management
Set or reset root password on an LXC
Run from the Proxmox host shell (chizuru):
lxc-attach <CTID> -- passwd
lxc-attach 100 -- passwd
Access LXC console
From Proxmox web UI → select container → Console tab, or via shell:
lxc-attach <CTID>
Get IP address of an LXC
Run from the Proxmox host shell (chizuru):
lxc-attach <CTID> -- ip addr show eth0
lxc-attach 100 -- ip addr show eth0
Add SSH public key to an LXC
Attach to the container and run:
mkdir -p /root/.ssh && echo "<public-key>" >> /root/.ssh/authorized_keys && chmod 700 /root/.ssh && chmod 600 /root/.ssh/authorized_keys
Proxmox Host (chizuru)
- IP: 192.168.1.125
- SSH:
ssh [email protected]
SSH keys authorised on chizuru
| Key | Purpose |
|---|---|
homelab_claude (~/.ssh/homelab_claude) |
Claude Code automation access |
Runner key (/root/.ssh/id_ed25519 on LXC 101) |
Forgejo Runner → Proxmox for deployments |
Add a key to chizuru manually
echo "<public-key>" >> /root/.ssh/authorized_keys
General Tasks
Redeploy a service
Push any change under the service's path (see each workflow's paths: trigger) to main. The Forgejo Actions workflow will run the Ansible playbook automatically.
To force a redeploy without a code change, trigger the workflow manually from the Forgejo UI: Actions → select workflow → Run workflow.
Check Docker container logs on an LXC
Services are distributed across multiple LXCs. SSH to the relevant LXC and use docker logs:
# Example: check n8n logs on LXC 120
ssh [email protected] "pct exec 120 -- docker logs n8n"
# Example: check gatus logs on LXC 119
ssh [email protected] "pct exec 119 -- docker logs gatus"
Restart a Docker container on an LXC
# Example: restart synapse on LXC 121
ssh [email protected] "pct exec 121 -- docker restart synapse"
LXC-to-service mapping
| LXC | IP | Services |
|---|---|---|
| 118 (tools) | 192.168.1.118 | code-server, thelounge, qbitwebui |
| 119 (infra-apps) | 192.168.1.119 | gatus, ntfy, glance, oauth2-proxies |
| 120 (automation) | 192.168.1.120 | n8n |
| 121 (matrix) | 192.168.1.121 | synapse |
| 122 (ai) | 192.168.1.122 | open-webui |
| 123 (auth) | 192.168.1.123 | pocketid |
| cajita-elite (standalone) | 192.168.1.196 | PBS, Backrest |
Backup (cajita-elite)
Standalone PC running PBS + Backrest. See Backup setup and Backup runbook for details.
- PBS UI: https://pbs.eva-00.network
- Backrest UI: https://backrest.eva-00.network
- SSH:
ssh [email protected] - IaC:
ansible/playbooks/pbs.yml,ansible/playbooks/backrest.yml
All-Might (LXC 116)
Media library server hosting Grimmory (books/manga), RomM (game ROMs), and Shoko Server (anime collection). Uses a 4TB Crucial MX500 SSD mounted at /unohana.
- IP: 192.168.1.116
- Storage: 4TB SSD (
ata-CT4000MX500SSD1_2336E873A527-part1) →/mnt/all-mighton host →/unohanain LXC - Also bind-mounted read-only into Jellyfin (LXC 114) at
/unohana
| Service | URL | Port | Container |
|---|---|---|---|
| Grimmory | https://library.eva-00.network | 6060 | grimmory |
| RomM | https://romm.eva-00.network | 8080 | romm |
| Shoko Server | https://shoko.eva-00.network | 8111 | shoko-server |
| MariaDB | Internal | 3306 | mariadb |
Redeploy
Each service has its own workflow. Push changes to the relevant paths or trigger manually:
- LXC:
ansible/playbooks/all-might.yml - MariaDB:
ansible/playbooks/all-might-mariadb.yml - Grimmory:
ansible/playbooks/all-might-grimmory.yml - RomM:
ansible/playbooks/all-might-romm.yml - Shoko:
ansible/playbooks/all-might-shoko.yml
Check container logs
ssh [email protected] 'docker logs grimmory'
ssh [email protected] 'docker logs romm'
ssh [email protected] 'docker logs shoko-server'
ssh [email protected] 'docker logs mariadb'
Vault secrets
secret/all-might-mariadb— root password, per-app DB passwordssecret/all-might-grimmory— DB credentialssecret/all-might-romm— DB credentials, auth secret key, optional IGDB keys
See All-Might setup docs for full details.
Claude Code MCP Servers
MCP servers for the VS Code Claude Code extension must be configured in two places:
~/.claude/settings.json— used by the Claude Code CLI/Users/gabriel/git/.mcp.json— used by the VS Code extension (required — the extension does not readsettings.json)
If a tool is missing in the VS Code extension after adding it to settings.json, add it to .mcp.json and reload the window.
Current MCP servers (/Users/gabriel/git/.mcp.json)
| Name | Binary | Purpose |
|---|---|---|
forgejo |
/Users/gabriel/bin/gitea-mcp |
Forgejo repo/issue/PR management |
grafana |
/opt/homebrew/bin/mcp-grafana |
Grafana dashboards, Loki, Prometheus, alerts |
proxmox-plus |
venv Python | Proxmox VM/LXC management |
mediabot |
venv Python (run.sh) |
MediaManager media search/download |
Adding a new MCP server
- Add the entry to
~/.claude/settings.jsonundermcpServers - Add the same entry to
/Users/gabriel/git/.mcp.jsonundermcpServers - In VS Code: Developer: Reload Window