From 2c4355cda54d5090f593ecae423c42366439d97b Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 8 Jun 2025 21:32:16 +1000
Subject: [PATCH] feat: add incus-image host

- add incus-image host to cobbler/puppet
- add privileged image type for incus
---
 config/globals/profiles.yaml                  |  7 +++
 config/instances/ausyd1nxvm2062/config.yaml   | 17 ++++++
 .../instances/ausyd1nxvm2062/terragrunt.hcl   | 52 +++++++++++++++++++
 3 files changed, 76 insertions(+)
 create mode 100644 config/instances/ausyd1nxvm2062/config.yaml
 create mode 100644 config/instances/ausyd1nxvm2062/terragrunt.hcl

diff --git a/config/globals/profiles.yaml b/config/globals/profiles.yaml
index 4ddad4a..a497f86 100644
--- a/config/globals/profiles.yaml
+++ b/config/globals/profiles.yaml
@@ -81,6 +81,13 @@ docker:
     security.syscalls.intercept.setxattr: true
     linux.kernel_modules: overlay,ip_tables,br_netfilter,nf_nat,xt_conntrack
   devices: []
+incusimages:
+  description: "Special container for privileged access"
+  project: null
+  config:
+    security.privileged: true
+    security.nesting: true
+  devices: []
 
 # cephfs
 shared_media_all:
diff --git a/config/instances/ausyd1nxvm2062/config.yaml b/config/instances/ausyd1nxvm2062/config.yaml
new file mode 100644
index 0000000..042b1ab
--- /dev/null
+++ b/config/instances/ausyd1nxvm2062/config.yaml
@@ -0,0 +1,17 @@
+description: Incus Image Server
+cobbler_mgmt_classes:
+  - roles::infra::incus::imagehost
+profiles:
+  - disk10
+  - net_com1_eth0
+  - 2core4096
+  - fuse
+  - kmsg
+  - incusimages
+  - sys_fs_rw
+storage_volumes:
+  data:
+    pool: fastpool
+    path: /var/lib/incus
+    config:
+      size: 50GB
diff --git a/config/instances/ausyd1nxvm2062/terragrunt.hcl b/config/instances/ausyd1nxvm2062/terragrunt.hcl
new file mode 100644
index 0000000..98fe447
--- /dev/null
+++ b/config/instances/ausyd1nxvm2062/terragrunt.hcl
@@ -0,0 +1,52 @@
+locals {
+  node_name     = "prodnxsr0011"
+  config_common     = yamldecode(file("${get_terragrunt_dir()}/../config_common.yaml"))
+  config_specific   = yamldecode(file("${get_terragrunt_dir()}/config.yaml"))
+  config            = merge(local.config_common, local.config_specific)
+  instance_name     = basename(get_terragrunt_dir())
+}
+
+inputs = merge(
+  {
+    name = local.instance_name
+  },
+  local.config
+)
+
+include "root" {
+  path   = find_in_parent_folders("root.hcl")
+}
+
+include "instances" {
+  path   = find_in_parent_folders("instances.hcl")
+  expose = true
+  merge_strategy = "deep"
+}
+
+dependencies {
+  paths = ["${get_repo_root()}/config/nodes/${local.node_name}"]
+}
+
+terraform {
+  source = "${get_repo_root()}/modules/instance"
+}
+
+generate "incus" {
+  path      = "incus.tf"
+  if_exists = "overwrite_terragrunt"
+  contents  = <<-EOF
+    provider "incus" {
+      generate_client_certificates = true
+      accept_remote_certificate    = true
+
+      remote {
+        name    = "${basename(get_terragrunt_dir())}"
+        scheme  = "https"
+        address = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_addr}"
+        port    = "${yamldecode(file("${get_repo_root()}/config/nodes/${local.node_name}/config.yaml")).node_port}"
+        token   = "${get_env("INCUS_TOKEN_${upper(local.node_name)}")}"
+        default = true
+      }
+    }
+  EOF
+}
-- 
2.47.3