feat: add incus-image host

- add incus-image host to cobbler/puppet - add privileged image type for incus
2025-06-08 21:32:16 +10:00 · 2025-06-08 21:32:16 +10:00 · 2c4355cda5
commit 2c4355cda5
parent 06fc648c1c
3 changed files with 76 additions and 0 deletions
--- a/config/globals/profiles.yaml
+++ b/config/globals/profiles.yaml
@ -81,6 +81,13 @@ docker:
    security.syscalls.intercept.setxattr: true
    linux.kernel_modules: overlay,ip_tables,br_netfilter,nf_nat,xt_conntrack
  devices: []
+incusimages:
+  description: "Special container for privileged access"
+  project: null
+  config:
+    security.privileged: true
+    security.nesting: true
+  devices: []

 # cephfs
 shared_media_all:
--- a/config/instances/ausyd1nxvm2062/config.yaml
+++ b/config/instances/ausyd1nxvm2062/config.yaml
@ -0,0 +1,17 @@
+description: Incus Image Server
+cobbler_mgmt_classes:
+  - roles::infra::incus::imagehost
+profiles:
+  - disk10
+  - net_com1_eth0
+  - 2core4096
+  - fuse
+  - kmsg
+  - incusimages
+  - sys_fs_rw
+storage_volumes:
+  data:
+    pool: fastpool
+    path: /var/lib/incus
+    config:
+      size: 50GB
--- a/config/instances/ausyd1nxvm2062/terragrunt.hcl
+++ b/config/instances/ausyd1nxvm2062/terragrunt.hcl
@ -0,0 +1,52 @@
+locals {
+  node_name     = "prodnxsr0011"
+  config_common     = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
+  config_specific   = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
+  config            = merge(local.config_common, local.config_specific)
+  instance_name     = basename(get_terragrunt_dir())
+}
+
+inputs = merge(
+  {
+    name = local.instance_name
+  },
+  local.config
+)
+
+include "root" {
+  path   = find_in_parent_folders("root.hcl")
+}
+
+include "instances" {
+  path   = find_in_parent_folders("instances.hcl")
+  expose = true
+  merge_strategy = "deep"
+}
+
+dependencies {
+  paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
+}
+
+terraform {
+  source = "${get_repo_root()}/modules/instance"
+}
+
+generate "incus" {
+  path      = "incus.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+    provider "incus" {
+      generate_client_certificates = true
+      accept_remote_certificate    = true
+
+      remote {
+        name    = "${basename(get_terragrunt_dir())}"
+        scheme  = "https"
+        address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
+        port    = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
+        token   = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
+        default = true
+      }
+    }
+  EOF
+}