feat: initial commit
- have been working on this for some time now
This commit is contained in:
@@ -0,0 +1,8 @@
|
||||
almalinux/8/cloud:
|
||||
remote: images
|
||||
aliases:
|
||||
- almalinux8
|
||||
almalinux/9/cloud:
|
||||
remote: images
|
||||
aliases:
|
||||
- almalinux9
|
||||
@@ -0,0 +1,21 @@
|
||||
brwan1:
|
||||
type: bridge
|
||||
config:
|
||||
bridge.mtu: 1500
|
||||
ipv4.nat: false
|
||||
dns.mode: none
|
||||
dns.domain: main.unkin.net
|
||||
brcom1:
|
||||
type: bridge
|
||||
config:
|
||||
bridge.mtu: 1500
|
||||
ipv4.nat: false
|
||||
dns.mode: none
|
||||
dns.domain: main.unkin.net
|
||||
brdmz1:
|
||||
type: bridge
|
||||
config:
|
||||
bridge.mtu: 1500
|
||||
ipv4.nat: false
|
||||
dns.mode: none
|
||||
dns.domain: main.unkin.net
|
||||
@@ -0,0 +1,321 @@
|
||||
# special devices
|
||||
gpu:
|
||||
description: "Pass-through Intel GPU"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: gpu
|
||||
name: intel_gpu
|
||||
properties:
|
||||
gputype: physical
|
||||
vendorid: "8086"
|
||||
uid: "0"
|
||||
gid: "39"
|
||||
mode: "0660"
|
||||
gpu-render-only:
|
||||
description: "Pass /dev/dri/renderD128 for headless VAAPI workloads"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: unix-char
|
||||
name: renderD128
|
||||
properties:
|
||||
source: /dev/dri/renderD128
|
||||
path: /dev/dri/renderD128
|
||||
uid: "0"
|
||||
gid: "39"
|
||||
mode: "0660"
|
||||
kvm:
|
||||
description: "Pass-through /dev/kvm to container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: unix-char
|
||||
name: kvm
|
||||
properties:
|
||||
path: /dev/kvm
|
||||
mode: "0666"
|
||||
fuse:
|
||||
description: "Pass-through /dev/fuse to container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: unix-char
|
||||
name: fuse
|
||||
properties:
|
||||
path: /dev/fuse
|
||||
mode: "0666"
|
||||
kmsg:
|
||||
description: "Pass-through /dev/kmsg to container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: unix-char
|
||||
name: kmsg
|
||||
properties:
|
||||
path: /dev/kmsg
|
||||
mode: "0660"
|
||||
tun:
|
||||
description: "Pass-through /dev/net/tun to container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: unix-char
|
||||
name: tun
|
||||
properties:
|
||||
path: /dev/net/tun
|
||||
mode: "0666"
|
||||
sys_fs_rw:
|
||||
description: "Enable read-write mount of the /sys filesystem"
|
||||
project: null
|
||||
config:
|
||||
raw.lxc: |
|
||||
lxc.mount.auto=sys:rw
|
||||
devices: []
|
||||
docker:
|
||||
description: "Enable Docker inside unprivileged container"
|
||||
project: null
|
||||
config:
|
||||
security.nesting: true
|
||||
security.syscalls.intercept.mknod: true
|
||||
security.syscalls.intercept.setxattr: true
|
||||
linux.kernel_modules: overlay,ip_tables,br_netfilter,nf_nat,xt_conntrack
|
||||
devices: []
|
||||
|
||||
# cephfs
|
||||
shared_media_all:
|
||||
description: "Mount /shared/media directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: media-all
|
||||
properties:
|
||||
source: /shared/media
|
||||
path: /shared/media
|
||||
shared_media_movies:
|
||||
description: "Mount /shared/media/movies directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: media-movies
|
||||
properties:
|
||||
source: /shared/media/movies
|
||||
path: /shared/media/movies
|
||||
shared_media_tvseries:
|
||||
description: "Mount /shared/media/tvseries directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: media-tvseries
|
||||
properties:
|
||||
source: /shared/media/tvseries
|
||||
path: /shared/media/tvseries
|
||||
shared_apps_gitea:
|
||||
description: "Mount /shared/apps/gitea directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: gitea-shared
|
||||
properties:
|
||||
source: /shared/apps/gitea
|
||||
path: /shared/apps/gitea
|
||||
shared_apps_nomad:
|
||||
description: "Mount /shared/apps/nomad directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: nomad-shared
|
||||
properties:
|
||||
source: /shared/apps/nomad
|
||||
path: /shared/apps/nomad
|
||||
shared_apps_packagerepo:
|
||||
description: "Mount /shared/apps/packagerepo directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: packagerepo-shared
|
||||
properties:
|
||||
source: /shared/apps/packagerepo
|
||||
path: /shared/apps/packagerepo
|
||||
shared_apps_jellyfin:
|
||||
description: "Mount /shared/apps/jellyfin directly into the container"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: jellyfin-shared
|
||||
properties:
|
||||
source: /shared/apps/jellyfin
|
||||
path: /shared/apps/jellyfin
|
||||
|
||||
# storage
|
||||
disk10:
|
||||
description: "Add 10GB root disk"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: root
|
||||
properties:
|
||||
pool: fastpool
|
||||
size: 10GB
|
||||
path: /
|
||||
disk20:
|
||||
description: "Add 20GB root disk"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: root
|
||||
properties:
|
||||
pool: fastpool
|
||||
size: 20GB
|
||||
path: /
|
||||
disk30:
|
||||
description: "Add 30GB root disk"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: disk
|
||||
name: root
|
||||
properties:
|
||||
pool: fastpool
|
||||
size: 30GB
|
||||
path: /
|
||||
# networking
|
||||
net_wan1_eth0:
|
||||
description: "Add eth0 on wan1 bridge"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: nic
|
||||
name: eth0
|
||||
properties:
|
||||
parent: brwan1
|
||||
nictype: bridged
|
||||
net_com1_eth0:
|
||||
description: "Add eth0 on com1 bridge"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: nic
|
||||
name: eth0
|
||||
properties:
|
||||
parent: brcom1
|
||||
nictype: bridged
|
||||
net_com1_eth1:
|
||||
description: "Add eth1 on com1 bridge"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: nic
|
||||
name: eth1
|
||||
properties:
|
||||
parent: brcom1
|
||||
nictype: bridged
|
||||
net_dmz1_eth0:
|
||||
description: "Add eth0 on dmz1 bridge"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: nic
|
||||
name: eth0
|
||||
properties:
|
||||
parent: brdmz1
|
||||
nictype: bridged
|
||||
net_dmz1_eth1:
|
||||
description: "Add eth1 on dmz1 bridge"
|
||||
project: null
|
||||
config: {}
|
||||
devices:
|
||||
- type: nic
|
||||
name: eth1
|
||||
properties:
|
||||
parent: brdmz1
|
||||
nictype: bridged
|
||||
# cpu/memory
|
||||
1core256:
|
||||
description: "1 core, 256MB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 1
|
||||
limits.memory: 256MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
1core512:
|
||||
description: "1 core, 512MB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 1
|
||||
limits.memory: 512MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
1core1024:
|
||||
description: "1 core, 1GB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 1
|
||||
limits.memory: 1024MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
2core1024:
|
||||
description: "2 cores, 1GB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 2
|
||||
limits.memory: 1024MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
2core2048:
|
||||
description: "2 cores, 2GB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 2
|
||||
limits.memory: 2048MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
2core4096:
|
||||
description: "2 cores, 4GB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 2
|
||||
limits.memory: 4096MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
4core4096:
|
||||
description: "4 cores, 4GB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 4
|
||||
limits.memory: 4096MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
4core8192:
|
||||
description: "4 cores, 8GB RAM"
|
||||
project: null
|
||||
config:
|
||||
boot.autostart: true
|
||||
limits.cpu: 4
|
||||
limits.memory: 8192MB
|
||||
limits.memory.enforce: hard
|
||||
limits.memory.swap: false
|
||||
devices: []
|
||||
@@ -0,0 +1,5 @@
|
||||
fastpool:
|
||||
driver: zfs
|
||||
description: nvme backed zfs store
|
||||
config:
|
||||
source: fastpool/data/incus
|
||||
@@ -0,0 +1,8 @@
|
||||
imagestore:
|
||||
pool: fastpool
|
||||
description: location to store images
|
||||
hashicorp-vault:
|
||||
pool: fastpool
|
||||
description: store passed to vault servers
|
||||
config:
|
||||
size: 20GB
|
||||
Reference in New Issue
Block a user