Ben Vincent
c6f3ad3009
- remove zfs - remove some sysctl values - remove memlocks from limits - install iptables, required for creating bridges
66 lines
1.4 KiB
YAML
66 lines
1.4 KiB
YAML
---
|
|
hiera_include:
|
|
- incus
|
|
|
|
profiles::packages::include:
|
|
bridge-utils: {}
|
|
dnsmasq: {}
|
|
squashfs-tools: {}
|
|
iptables-nft: {}
|
|
|
|
profiles::pki::vault::alt_names:
|
|
- incus-images.service.consul
|
|
- incus-images.query.consul
|
|
- "incus-images.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
profiles::ssh::sign::principals:
|
|
- incus-images.service.consul
|
|
- incus-images.query.consul
|
|
- "incus-images.service.%{facts.country}-%{facts.region}.consul"
|
|
|
|
# configure consul service
|
|
consul::services:
|
|
incus-images:
|
|
service_name: 'incus-images'
|
|
tags:
|
|
- 'incus'
|
|
- 'images'
|
|
- 'container'
|
|
- 'lxd'
|
|
address: "%{facts.networking.ip}"
|
|
port: 8443
|
|
checks:
|
|
- id: 'incus_https_check'
|
|
name: 'incus HTTPS Check'
|
|
http: "https://%{facts.networking.fqdn}:8443"
|
|
method: 'GET'
|
|
tls_skip_verify: true
|
|
interval: '10s'
|
|
timeout: '1s'
|
|
profiles::consul::client::node_rules:
|
|
- resource: service
|
|
segment: incus-images
|
|
disposition: write
|
|
|
|
# manage incus
|
|
incus::init: true
|
|
incus::server_port: 8443
|
|
|
|
# add sysadmin to incus-admin group
|
|
profiles::accounts::sysadmin::extra_groups:
|
|
- incus-admin
|
|
|
|
# sysctl recommendations
|
|
sysctl::base::values:
|
|
net.ipv4.conf.all.forwarding:
|
|
value: '1'
|
|
net.ipv6.conf.all.forwarding:
|
|
value: '1'
|
|
|
|
# limits.d recommendations
|
|
limits::entries:
|
|
'*/nofile':
|
|
both: 1048576
|
|
'root/nofile':
|
|
both: 1048576
|