Split incus.tf into per-resource files and add nixos-container profile #48

Merged

AlexCaswen merged 13 commits from 49-profile-and-file-split into main

2026-05-10 02:41:17 +00:00

AlexCaswen commented

2026-05-10 02:22:02 +00:00

(Migrated from gitlab.com)

Changes

File split

Break the monolithic incus.tf into self-describing files:

server.tf — Incus server observability config
network.tf — incusbr0 bridge
nixos-image.tf — pinned NixOS/unstable image
storage.tf — shared local pool (IncusOS-managed)
profiles.tf — nixos-container profile
btc-node.tf — Bitcoin Core (pool + volume + instance)
eth-node.tf — Erigon (pool + volume + instance)
dev.tf — Development (volume + instance, uses trade pool)
trade.tf — Trading engine (pool + volume + instance)
monitoring.tf — Monitoring stack (pool + volume + instance)
sol.tf — Solana (pool only, container pending)

Profile

New incus_profile.nixos_container with security.nesting = false. The default profile (IncusOS-managed) already provides root disk on local pool and eth0 NIC on incusbr0.

Containers now use profiles = ["default", "nixos-container"] and only declare unique devices: data volume mount + eth0 IP override. Root disk and base NIC come from the default profile.

What the plan should show

1 new resource: incus_profile.nixos_container
Updates to 5 containers: adding profile list, removing redundant root device and security.nesting config
These are non-destructive in-place updates (no container recreation)

Closes #49

## Changes ### File split Break the monolithic `incus.tf` into self-describing files: - `server.tf` — Incus server observability config - `network.tf` — incusbr0 bridge - `nixos-image.tf` — pinned NixOS/unstable image - `storage.tf` — shared local pool (IncusOS-managed) - `profiles.tf` — nixos-container profile - `btc-node.tf` — Bitcoin Core (pool + volume + instance) - `eth-node.tf` — Erigon (pool + volume + instance) - `dev.tf` — Development (volume + instance, uses trade pool) - `trade.tf` — Trading engine (pool + volume + instance) - `monitoring.tf` — Monitoring stack (pool + volume + instance) - `sol.tf` — Solana (pool only, container pending) ### Profile New `incus_profile.nixos_container` with `security.nesting = false`. The `default` profile (IncusOS-managed) already provides root disk on `local` pool and eth0 NIC on `incusbr0`. Containers now use `profiles = ["default", "nixos-container"]` and only declare unique devices: data volume mount + eth0 IP override. Root disk and base NIC come from the default profile. ### What the plan should show - 1 new resource: `incus_profile.nixos_container` - Updates to 5 containers: adding profile list, removing redundant root device and security.nesting config - These are non-destructive in-place updates (no container recreation) Closes #49

AlexCaswen (Migrated from gitlab.com) approved these changes

2026-05-10 02:22:02 +00:00

AlexCaswen commented

2026-05-10 02:39:04 +00:00

(Migrated from gitlab.com)

added 1 commit

d7f2ee1d - Edit dev.tf to trigger validate

Compare with previous version

added 1 commit <ul><li>d7f2ee1d - Edit dev.tf to trigger validate</li></ul> [Compare with previous version](/AlexCaswen/m3-infra/-/merge_requests/48/diffs?diff_id=1791605395&start_sha=5b83c6f26e0124ad0d2244d6ba76ae13e30aaedd)

AlexCaswen commented

2026-05-10 02:41:04 +00:00

(Migrated from gitlab.com)

assigned to @AlexCaswen