volt/configs/images/edge.yaml

# Volt Image: Edge
# Target density: 100,000+ per host
# Optimized for IoT gateways, edge compute

name: volt/edge
version: "1.0"
description: "Minimal edge computing VM"

# Base configuration
kernel: kernel-minimal
userland: busybox-tiny

# Resource defaults (extremely minimal)
defaults:
  memory: 32M
  cpus: 1
  network: default

# Included packages (absolute minimum)
packages:
  - busybox-static
  - ca-certificates

# Init system
init:
  type: direct
  command: /app/edge-agent

# No shell by default (security)
shell: none

# Security policy (maximum lockdown)
security:
  landlock_profile: edge
  seccomp_profile: edge-minimal
  capabilities:
    drop:
      - ALL
    add:
      - NET_BIND_SERVICE
  
  # No privilege escalation
  no_new_privileges: true
  
  # Read-only root
  read_only_root: true

# Filesystem layout
filesystem:
  readonly:
    - /
  writable:
    - /tmp
    - /var/run

# Network
network:
  type: host  # Direct host networking for edge
  
# Metadata
metadata:
  category: edge
  density: 100000
  boot_time: "<100ms"
  total_size: "20MB"
  ode_capable: false