Volt CLI: source-available under AGPSL v5.0

Complete infrastructure platform CLI:
- Container runtime (systemd-nspawn)
- VoltVisor VMs (Neutron Stardust / QEMU)
- Stellarium CAS (content-addressed storage)
- ORAS Registry
- GitOps integration
- Landlock LSM security
- Compose orchestration
- Mesh networking

Copyright (c) Armored Gates LLC. All rights reserved.
Licensed under AGPSL v5.0

configs/images/desktop-productivity.yaml

@@ -0,0 +1,100 @@
+# Volt Image: Desktop Productivity
+# Target density: 2,000+ per host
+# Full VDI replacement with ODE
+
+name: volt/desktop-productivity
+version: "1.0"
+description: "Full productivity desktop with ODE remote display"
+
+# Base configuration
+kernel: kernel-desktop
+userland: glibc-standard
+
+# Resource defaults
+defaults:
+  memory: 2G
+  cpus: 2
+  network: default
+
+# Included packages (shared)
+packages:
+  # Core
+  - glibc
+  - systemd
+  - dbus
+  
+  # Desktop environment (minimal GNOME or KDE)
+  - wayland
+  - sway  # or gnome-shell-minimal
+  - xwayland
+  
+  # Productivity
+  - libreoffice
+  - firefox
+  - thunderbird
+  
+  # Utilities
+  - file-manager
+  - terminal
+  - text-editor
+  
+  # ODE
+  - ode-server
+
+# Init system
+init:
+  type: systemd
+  target: graphical.target
+
+# Shell
+shell: /bin/bash
+
+# Display configuration
+display:
+  compositor: sway
+  resolution: 1920x1080
+  dpi: 96
+
+# ODE configuration
+ode:
+  enabled: true
+  default_profile: office
+  profiles:
+    - terminal
+    - office
+    - creative
+
+# Security policy
+security:
+  landlock_profile: desktop
+  seccomp_profile: desktop
+  capabilities:
+    drop:
+      - SYS_ADMIN
+      - NET_RAW
+    add:
+      - NET_BIND_SERVICE
+
+# Filesystem layout
+filesystem:
+  readonly:
+    - /usr
+    - /lib
+  writable:
+    - /home
+    - /tmp
+    - /var
+  
+  # User home is attached storage
+  attached:
+    - source: "${USER_HOME}"
+      target: /home/user
+      type: bind
+
+# Metadata
+metadata:
+  category: desktop
+  density: 2000
+  boot_time: "<600ms"
+  ode_capable: true
+  vdi_replacement: true

configs/images/dev.yaml

@@ -0,0 +1,123 @@
+# Volt Image: Development Environment
+# Target density: 10,000+ per host
+# Full development environment with git-attached storage
+
+name: volt/dev
+version: "1.0"
+description: "Development environment VM"
+
+# Base configuration
+kernel: kernel-dev
+userland: glibc-standard
+
+# Resource defaults
+defaults:
+  memory: 1G
+  cpus: 2
+  network: bridge
+
+# Included packages
+packages:
+  # Core
+  - glibc
+  - bash
+  - coreutils
+  - util-linux
+  
+  # Development tools
+  - git
+  - git-lfs
+  - make
+  - cmake
+  - gcc
+  - g++
+  - gdb
+  - strace
+  - ltrace
+  
+  # Languages
+  - python3
+  - python3-pip
+  - nodejs
+  - npm
+  
+  # Optional (installable)
+  # - go
+  # - rust
+  # - java
+  
+  # Editors
+  - vim
+  - nano
+  
+  # Networking
+  - curl
+  - wget
+  - openssh-client
+  - openssh-server
+  
+  # Utilities
+  - tmux
+  - htop
+  - tree
+  - jq
+
+# Init system
+init:
+  type: busybox
+  services:
+    - sshd
+
+# Shell
+shell: /bin/bash
+
+# Security policy (more permissive for dev)
+security:
+  landlock_profile: dev
+  seccomp_profile: dev
+  capabilities:
+    drop:
+      - SYS_ADMIN
+    add:
+      - NET_BIND_SERVICE
+      - SYS_PTRACE  # For debugging
+
+# Filesystem layout
+filesystem:
+  readonly:
+    - /usr
+    - /lib
+  writable:
+    - /home
+    - /tmp
+    - /var
+    - /workspace
+  
+  # Git-attached workspace
+  attached:
+    - source: "${PROJECT_GIT}"
+      target: /workspace
+      type: git
+
+# Environment
+environment:
+  TERM: xterm-256color
+  LANG: en_US.UTF-8
+  PATH: /usr/local/bin:/usr/bin:/bin
+  EDITOR: vim
+
+# SSH configuration
+ssh:
+  enabled: true
+  port: 22
+  allow_password: false
+  authorized_keys_path: /home/dev/.ssh/authorized_keys
+
+# Metadata
+metadata:
+  category: development
+  density: 10000
+  boot_time: "<400ms"
+  onboarding_time: "<5 minutes"
+  ode_capable: false
+  git_attached: true

configs/images/edge.yaml

@@ -0,0 +1,66 @@
+# Volt Image: Edge
+# Target density: 100,000+ per host
+# Optimized for IoT gateways, edge compute
+
+name: volt/edge
+version: "1.0"
+description: "Minimal edge computing VM"
+
+# Base configuration
+kernel: kernel-minimal
+userland: busybox-tiny
+
+# Resource defaults (extremely minimal)
+defaults:
+  memory: 32M
+  cpus: 1
+  network: default
+
+# Included packages (absolute minimum)
+packages:
+  - busybox-static
+  - ca-certificates
+
+# Init system
+init:
+  type: direct
+  command: /app/edge-agent
+
+# No shell by default (security)
+shell: none
+
+# Security policy (maximum lockdown)
+security:
+  landlock_profile: edge
+  seccomp_profile: edge-minimal
+  capabilities:
+    drop:
+      - ALL
+    add:
+      - NET_BIND_SERVICE
+  
+  # No privilege escalation
+  no_new_privileges: true
+  
+  # Read-only root
+  read_only_root: true
+
+# Filesystem layout
+filesystem:
+  readonly:
+    - /
+  writable:
+    - /tmp
+    - /var/run
+
+# Network
+network:
+  type: host  # Direct host networking for edge
+  
+# Metadata
+metadata:
+  category: edge
+  density: 100000
+  boot_time: "<100ms"
+  total_size: "20MB"
+  ode_capable: false

configs/images/k8s-node.yaml

@@ -0,0 +1,82 @@
+# Volt Image: Kubernetes Node
+# Target density: 30,000+ per host
+# Purpose-built K8s worker node
+
+name: volt/k8s-node
+version: "1.0"
+description: "Kubernetes worker node VM"
+
+# Base configuration
+kernel: kernel-server
+userland: musl-minimal
+
+# Resource defaults
+defaults:
+  memory: 256M
+  cpus: 1
+  network: bridge
+
+# Included packages
+packages:
+  - busybox
+  - kubelet
+  - containerd  # Uses Voltainer runtime!
+  - runc
+  - cni-plugins
+  - iptables
+  - conntrack-tools
+
+# Init system
+init:
+  type: busybox
+  services:
+    - containerd
+    - kubelet
+
+# Shell
+shell: /bin/ash
+
+# Security policy
+security:
+  landlock_profile: k8s-node
+  seccomp_profile: server
+  capabilities:
+    drop:
+      - ALL
+    add:
+      - NET_ADMIN
+      - NET_BIND_SERVICE
+      - SYS_ADMIN  # Required for container runtime
+      - MKNOD
+
+# Filesystem layout
+filesystem:
+  readonly:
+    - /usr
+    - /lib
+  writable:
+    - /var/lib/kubelet
+    - /var/lib/containerd
+    - /var/log
+    - /tmp
+    - /etc/kubernetes
+
+# Kubelet configuration
+kubelet:
+  config_path: /etc/kubernetes/kubelet.conf
+  kubeconfig_path: /etc/kubernetes/kubelet.kubeconfig
+  container_runtime: containerd
+  container_runtime_endpoint: unix:///run/containerd/containerd.sock
+  
+# Labels
+labels:
+  voltvisor.io/managed: "true"
+  voltvisor.io/type: "k8s-node"
+
+# Metadata
+metadata:
+  category: kubernetes
+  density: 30000
+  boot_time: "<200ms"
+  ode_capable: false
+  voltainer_native: true  # Uses Voltainer as container runtime

configs/images/server.yaml

@@ -0,0 +1,72 @@
+# Volt Image: Server
+# Target density: 50,000+ per host
+# Unique size: ~5MB per VM
+
+name: volt/server
+version: "1.0"
+description: "Minimal server VM for headless workloads"
+
+# Base configuration
+kernel: kernel-server
+userland: musl-minimal
+
+# Resource defaults
+defaults:
+  memory: 256M
+  cpus: 1
+  network: default
+
+# Included packages (shared)
+packages:
+  - busybox
+  - openssl
+  - curl
+  - ca-certificates
+  - tzdata
+
+# Init system
+init:
+  type: busybox
+  command: /sbin/init
+
+# Shell
+shell: /bin/ash
+
+# Security policy
+security:
+  landlock_profile: server
+  seccomp_profile: server
+  capabilities:
+    drop:
+      - ALL
+    add:
+      - NET_BIND_SERVICE
+      - SETUID
+      - SETGID
+
+# Filesystem layout
+filesystem:
+  readonly:
+    - /usr
+    - /lib
+    - /bin
+    - /sbin
+  writable:
+    - /tmp
+    - /var
+    - /app
+
+# Health check
+healthcheck:
+  type: tcp
+  port: 8080
+  interval: 30s
+  timeout: 5s
+  retries: 3
+
+# Metadata
+metadata:
+  category: server
+  density: 50000
+  boot_time: "<200ms"
+  ode_capable: false