Ben Vincent
ec94cc8f54
All checks were successful
Build / build (pull_request) Successful in 2m58s
- add three backend dovecot servers - add shared maildata cephfs subvolume
368 lines
7.9 KiB
YAML
368 lines
7.9 KiB
YAML
gpu:
|
|
description: "Pass-through Intel GPU"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: gpu
|
|
name: intel_gpu
|
|
properties:
|
|
gputype: physical
|
|
vendorid: "8086"
|
|
uid: "0"
|
|
gid: "39"
|
|
mode: "0660"
|
|
gpu-render-only:
|
|
description: "Pass /dev/dri/renderD128 for headless VAAPI workloads"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: unix-char
|
|
name: renderD128
|
|
properties:
|
|
source: /dev/dri/renderD128
|
|
path: /dev/dri/renderD128
|
|
uid: "0"
|
|
gid: "39"
|
|
mode: "0660"
|
|
kvm:
|
|
description: "Pass-through /dev/kvm to container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: unix-char
|
|
name: kvm
|
|
properties:
|
|
path: /dev/kvm
|
|
mode: "0666"
|
|
fuse:
|
|
description: "Pass-through /dev/fuse to container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: unix-char
|
|
name: fuse
|
|
properties:
|
|
path: /dev/fuse
|
|
mode: "0666"
|
|
kmsg:
|
|
description: "Pass-through /dev/kmsg to container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: unix-char
|
|
name: kmsg
|
|
properties:
|
|
path: /dev/kmsg
|
|
mode: "0660"
|
|
tun:
|
|
description: "Pass-through /dev/net/tun to container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: unix-char
|
|
name: tun
|
|
properties:
|
|
path: /dev/net/tun
|
|
mode: "0666"
|
|
sys_fs_rw:
|
|
description: "Enable read-write mount of the /sys filesystem"
|
|
project: null
|
|
config:
|
|
raw.lxc: |
|
|
lxc.mount.auto=sys:rw
|
|
devices: []
|
|
docker:
|
|
description: "Enable Docker inside unprivileged container"
|
|
project: null
|
|
config:
|
|
security.nesting: true
|
|
security.syscalls.intercept.mknod: true
|
|
security.syscalls.intercept.setxattr: true
|
|
linux.kernel_modules: overlay,ip_tables,br_netfilter,nf_nat,xt_conntrack
|
|
devices: []
|
|
incusimages:
|
|
description: "Special container for privileged access"
|
|
project: null
|
|
config:
|
|
security.privileged: true
|
|
security.nesting: true
|
|
devices: []
|
|
|
|
# cephfs
|
|
shared_media_all:
|
|
description: "Mount /shared/media directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: media-all
|
|
properties:
|
|
source: /shared/media
|
|
path: /shared/media
|
|
shared_media_movies:
|
|
description: "Mount /shared/media/movies directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: media-movies
|
|
properties:
|
|
source: /shared/media/movies
|
|
path: /shared/media/movies
|
|
shared_media_tvseries:
|
|
description: "Mount /shared/media/tvseries directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: media-tvseries
|
|
properties:
|
|
source: /shared/media/tvseries
|
|
path: /shared/media/tvseries
|
|
shared_apps_gitea:
|
|
description: "Mount /shared/apps/gitea directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: gitea-shared
|
|
properties:
|
|
source: /shared/apps/gitea
|
|
path: /shared/apps/gitea
|
|
shared_apps_nomad:
|
|
description: "Mount /shared/apps/nomad directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: nomad-shared
|
|
properties:
|
|
source: /shared/apps/nomad
|
|
path: /shared/apps/nomad
|
|
shared_apps_packagerepo:
|
|
description: "Mount /shared/apps/packagerepo directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: packagerepo-shared
|
|
properties:
|
|
source: /shared/apps/packagerepo
|
|
path: /shared/apps/packagerepo
|
|
shared_apps_jellyfin:
|
|
description: "Mount /shared/apps/jellyfin directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: jellyfin-shared
|
|
properties:
|
|
source: /shared/apps/jellyfin
|
|
path: /shared/apps/jellyfin
|
|
shared_apps_maildata:
|
|
description: "Mount /shared/apps/maildata directly into the container"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: maildata-shared
|
|
properties:
|
|
source: /shared/apps/maildata
|
|
path: /shared/apps/maildata
|
|
|
|
# storage
|
|
disk10:
|
|
description: "Add 10GB root disk"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: root
|
|
properties:
|
|
pool: fastpool
|
|
size: 10GB
|
|
path: /
|
|
disk20:
|
|
description: "Add 20GB root disk"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: root
|
|
properties:
|
|
pool: fastpool
|
|
size: 20GB
|
|
path: /
|
|
disk30:
|
|
description: "Add 30GB root disk"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: disk
|
|
name: root
|
|
properties:
|
|
pool: fastpool
|
|
size: 30GB
|
|
path: /
|
|
# networking
|
|
net_wan1_eth0:
|
|
description: "Add eth0 on wan1 bridge"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: nic
|
|
name: eth0
|
|
properties:
|
|
parent: brwan1
|
|
nictype: bridged
|
|
net_com1_eth0:
|
|
description: "Add eth0 on com1 bridge"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: nic
|
|
name: eth0
|
|
properties:
|
|
parent: brcom1
|
|
nictype: bridged
|
|
net_com1_eth1:
|
|
description: "Add eth1 on com1 bridge"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: nic
|
|
name: eth1
|
|
properties:
|
|
parent: brcom1
|
|
nictype: bridged
|
|
net_dmz1_eth0:
|
|
description: "Add eth0 on dmz1 bridge"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: nic
|
|
name: eth0
|
|
properties:
|
|
parent: brdmz1
|
|
nictype: bridged
|
|
net_dmz1_eth1:
|
|
description: "Add eth1 on dmz1 bridge"
|
|
project: null
|
|
config: {}
|
|
devices:
|
|
- type: nic
|
|
name: eth1
|
|
properties:
|
|
parent: brdmz1
|
|
nictype: bridged
|
|
# cpu/memory
|
|
1core256:
|
|
description: "1 core, 256MB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 1
|
|
limits.memory: 256MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
1core512:
|
|
description: "1 core, 512MB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 1
|
|
limits.memory: 512MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
1core1024:
|
|
description: "1 core, 1GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 1
|
|
limits.memory: 1024MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
2core1024:
|
|
description: "2 cores, 1GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 2
|
|
limits.memory: 1024MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
2core2048:
|
|
description: "2 cores, 2GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 2
|
|
limits.memory: 2048MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
2core3072:
|
|
description: "2 cores, 3GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 2
|
|
limits.memory: 3072MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
2core4096:
|
|
description: "2 cores, 4GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 2
|
|
limits.memory: 4096MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
2core6144:
|
|
description: "2 cores, 6GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 2
|
|
limits.memory: 6144MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
4core4096:
|
|
description: "4 cores, 4GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 4
|
|
limits.memory: 4096MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
4core6144:
|
|
description: "4 cores, 6GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 4
|
|
limits.memory: 6144MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|
|
4core8192:
|
|
description: "4 cores, 8GB RAM"
|
|
project: null
|
|
config:
|
|
boot.autostart: true
|
|
limits.cpu: 4
|
|
limits.memory: 8192MB
|
|
limits.memory.enforce: hard
|
|
limits.memory.swap: false
|
|
devices: []
|