0ebe75b2ca
Complete infrastructure platform CLI: - Container runtime (systemd-nspawn) - VoltVisor VMs (Neutron Stardust / QEMU) - Stellarium CAS (content-addressed storage) - ORAS Registry - GitOps integration - Landlock LSM security - Compose orchestration - Mesh networking Copyright (c) Armored Gates LLC. All rights reserved. Licensed under AGPSL v5.0
66 lines
1.2 KiB
TOML
66 lines
1.2 KiB
TOML
# full-hybrid.toml — Hybrid-native workload with all options for Volt
|
|
#
|
|
# Exercises every configurable isolation knob:
|
|
# - Custom kernel profile
|
|
# - Strict seccomp
|
|
# - Landlock LSM (no AppArmor, ever)
|
|
# - Full cgroups v2 resource limits
|
|
# - CPU pinning
|
|
# - I/O weight control
|
|
# - Network port forwarding
|
|
# - Read-only rootfs layer
|
|
# - Private user namespace
|
|
|
|
[workload]
|
|
name = "test-hybrid-full"
|
|
type = "hybrid"
|
|
image = "ubuntu:24.04"
|
|
|
|
[resources]
|
|
memory = "2G"
|
|
memory_soft = "1G"
|
|
cpu_weight = 200
|
|
cpu_set = "0-1"
|
|
io_weight = 150
|
|
pids_max = 8192
|
|
|
|
[network]
|
|
mode = "private"
|
|
bridge = "voltbr0"
|
|
dns = ["1.1.1.1", "1.0.0.1"]
|
|
|
|
[[network.port_forward]]
|
|
host_port = 8080
|
|
container_port = 80
|
|
protocol = "tcp"
|
|
|
|
[[network.port_forward]]
|
|
host_port = 8443
|
|
container_port = 443
|
|
protocol = "tcp"
|
|
|
|
[kernel]
|
|
profile = "server"
|
|
# custom_path = "/var/lib/volt/kernels/vmlinuz-custom"
|
|
|
|
[security]
|
|
seccomp = "strict"
|
|
landlock = "server"
|
|
private_users = true
|
|
read_only_rootfs = false
|
|
|
|
[environment]
|
|
VOLT_ENV = "test"
|
|
APP_MODE = "production"
|
|
LOG_LEVEL = "info"
|
|
|
|
[[volumes]]
|
|
host_path = "/tmp/volt-test-data"
|
|
container_path = "/data"
|
|
read_only = false
|
|
|
|
[[volumes]]
|
|
host_path = "/etc/ssl/certs"
|
|
container_path = "/etc/ssl/certs"
|
|
read_only = true
|