# VM/LXC Service Template

Use this checklist for managed Proxmox VMs/LXCs and service deployments.

## Metadata

- Service name:
- Hostname/FQDN:
- VMID/CTID:
- Proxmox node:
- Guest type: VM / LXC
- OS/template:
- Owner/project:
- Ticket:
- Runbook:
- Status:
- Created:
- Updated:

## Purpose

- Primary role:
- Criticality: experimental / standard / critical
- Users/stakeholders:

## Resource Allocation

- CPU:
- RAM:
- Disk:
- Storage:
- Network bridge:
- IP method: DHCP / reservation / static
- Observed IP:
- Tags:

## Access Boundary

- Exposure: LAN-only / LAN+Tailscale / public approved
- Public exposure approved by:
- Admin access method:
- SSH user/key policy:
- Sudo policy:
- Raw host access needed: yes/no

## DNS Registration

- Service hostname(s):
  - `<service>.dropcutstud.io`
- DNS owner/service:
- DNS record type:
- DNS target:
  - proxied web app: reverse proxy IP
  - direct admin/backend: service IP
- LAN resolution verified: yes/no
- Tailscale resolution verified: yes/no
- Temporary hosts/override used: yes/no
- Fallback direct URL/IP:

## Reverse Proxy / TLS

- Proxied by central reverse proxy: yes/no
- Proxy route:
  - hostname:
  - backend URL:
- TLS certificate source:
  - temporary self-signed / internal CA / Let's Encrypt DNS-01 / Tailscale cert / other
- Certificate/key location reference:
- Certificate renewal process:
- Client trust requirements:
- Direct backend preserved during migration: yes/no

## Backups / Restore

- Backup class: none / experimental / standard / critical / manual-only
- Backup status: missing / snapshot-only / configured / verified / restore-tested / intentionally-none
- Backup scope:
- Backup destination:
- Off-guest copy: yes/no/not required
- Encryption method/reference:
- Schedule:
- Retention:
- Last backup verified:
- Restore test required: yes/no
- Last restore test:
- Recovery material owner/location reference only:
- Standard reference: `docs/service-backup-standard.md`

## Updates / Maintenance

- Update method:
- Update cadence:
- Snapshot before updates: yes/no
- Maintenance window expectations:
- Rollback method:

## Monitoring / Dashboard

- Health check URL/command:
- Dashboard registration:
- Logs:
- Alerts:

## Secrets

- Secret storage location/reference only:
- Service accounts/tokens:
- Rotation expectation:
- Revocation procedure:
- Do not record secret values in this file.

## Verification

- Service process active:
- Port listening:
- Backend reachable:
- DNS resolves:
- TLS works:
- Client/browser smoke test:
- Backup verified:
- No public exposure unless approved:

## Rollback / Removal

- Disable service:
- Restore prior config:
- Remove DNS/proxy entries:
- Destroy/revert VM/LXC:
- Data retention/disposal notes:

## Registry Updates

Update these files when applicable:

- `infra/proxmox-registry.yaml`
- `systems/inventory.md`
- `systems/status.md`
- `docs/server-change-log.md`
- service runbook
- active ticket