# special devices gpu: description: "Pass-through Intel GPU" project: null config: {} devices: - type: gpu name: intel_gpu properties: gputype: physical vendorid: "8086" uid: "0" gid: "39" mode: "0660" gpu-render-only: description: "Pass /dev/dri/renderD128 for headless VAAPI workloads" project: null config: {} devices: - type: unix-char name: renderD128 properties: source: /dev/dri/renderD128 path: /dev/dri/renderD128 uid: "0" gid: "39" mode: "0660" kvm: description: "Pass-through /dev/kvm to container" project: null config: {} devices: - type: unix-char name: kvm properties: path: /dev/kvm mode: "0666" fuse: description: "Pass-through /dev/fuse to container" project: null config: {} devices: - type: unix-char name: fuse properties: path: /dev/fuse mode: "0666" kmsg: description: "Pass-through /dev/kmsg to container" project: null config: {} devices: - type: unix-char name: kmsg properties: path: /dev/kmsg mode: "0660" tun: description: "Pass-through /dev/net/tun to container" project: null config: {} devices: - type: unix-char name: tun properties: path: /dev/net/tun mode: "0666" sys_fs_rw: description: "Enable read-write mount of the /sys filesystem" project: null config: raw.lxc: | lxc.mount.auto=sys:rw devices: [] docker: description: "Enable Docker inside unprivileged container" project: null config: security.nesting: true security.syscalls.intercept.mknod: true security.syscalls.intercept.setxattr: true linux.kernel_modules: overlay,ip_tables,br_netfilter,nf_nat,xt_conntrack devices: [] # cephfs shared_media_all: description: "Mount /shared/media directly into the container" project: null config: {} devices: - type: disk name: media-all properties: source: /shared/media path: /shared/media shared_media_movies: description: "Mount /shared/media/movies directly into the container" project: null config: {} devices: - type: disk name: media-movies properties: source: /shared/media/movies path: /shared/media/movies shared_media_tvseries: description: "Mount /shared/media/tvseries directly into the container" project: null config: {} devices: - type: disk name: media-tvseries properties: source: /shared/media/tvseries path: /shared/media/tvseries shared_apps_gitea: description: "Mount /shared/apps/gitea directly into the container" project: null config: {} devices: - type: disk name: gitea-shared properties: source: /shared/apps/gitea path: /shared/apps/gitea shared_apps_nomad: description: "Mount /shared/apps/nomad directly into the container" project: null config: {} devices: - type: disk name: nomad-shared properties: source: /shared/apps/nomad path: /shared/apps/nomad shared_apps_packagerepo: description: "Mount /shared/apps/packagerepo directly into the container" project: null config: {} devices: - type: disk name: packagerepo-shared properties: source: /shared/apps/packagerepo path: /shared/apps/packagerepo shared_apps_jellyfin: description: "Mount /shared/apps/jellyfin directly into the container" project: null config: {} devices: - type: disk name: jellyfin-shared properties: source: /shared/apps/jellyfin path: /shared/apps/jellyfin # storage disk10: description: "Add 10GB root disk" project: null config: {} devices: - type: disk name: root properties: pool: fastpool size: 10GB path: / disk20: description: "Add 20GB root disk" project: null config: {} devices: - type: disk name: root properties: pool: fastpool size: 20GB path: / disk30: description: "Add 30GB root disk" project: null config: {} devices: - type: disk name: root properties: pool: fastpool size: 30GB path: / # networking net_wan1_eth0: description: "Add eth0 on wan1 bridge" project: null config: {} devices: - type: nic name: eth0 properties: parent: brwan1 nictype: bridged net_com1_eth0: description: "Add eth0 on com1 bridge" project: null config: {} devices: - type: nic name: eth0 properties: parent: brcom1 nictype: bridged net_com1_eth1: description: "Add eth1 on com1 bridge" project: null config: {} devices: - type: nic name: eth1 properties: parent: brcom1 nictype: bridged net_dmz1_eth0: description: "Add eth0 on dmz1 bridge" project: null config: {} devices: - type: nic name: eth0 properties: parent: brdmz1 nictype: bridged net_dmz1_eth1: description: "Add eth1 on dmz1 bridge" project: null config: {} devices: - type: nic name: eth1 properties: parent: brdmz1 nictype: bridged # cpu/memory 1core256: description: "1 core, 256MB RAM" project: null config: boot.autostart: true limits.cpu: 1 limits.memory: 256MB limits.memory.enforce: hard limits.memory.swap: false devices: [] 1core512: description: "1 core, 512MB RAM" project: null config: boot.autostart: true limits.cpu: 1 limits.memory: 512MB limits.memory.enforce: hard limits.memory.swap: false 1core1024: description: "1 core, 1GB RAM" project: null config: boot.autostart: true limits.cpu: 1 limits.memory: 1024MB limits.memory.enforce: hard limits.memory.swap: false devices: [] 2core1024: description: "2 cores, 1GB RAM" project: null config: boot.autostart: true limits.cpu: 2 limits.memory: 1024MB limits.memory.enforce: hard limits.memory.swap: false devices: [] 2core2048: description: "2 cores, 2GB RAM" project: null config: boot.autostart: true limits.cpu: 2 limits.memory: 2048MB limits.memory.enforce: hard limits.memory.swap: false devices: [] 2core4096: description: "2 cores, 4GB RAM" project: null config: boot.autostart: true limits.cpu: 2 limits.memory: 4096MB limits.memory.enforce: hard limits.memory.swap: false devices: [] 4core4096: description: "4 cores, 4GB RAM" project: null config: boot.autostart: true limits.cpu: 4 limits.memory: 4096MB limits.memory.enforce: hard limits.memory.swap: false devices: [] 4core8192: description: "4 cores, 8GB RAM" project: null config: boot.autostart: true limits.cpu: 4 limits.memory: 8192MB limits.memory.enforce: hard limits.memory.swap: false devices: []