# create image from iso
openstack image create --file /tmp/ubuntu-24.04.1-live-server-amd64.iso --disk-format iso --progress ubuntu-24.04.1-live-server-amd64.iso
 
# create volume for the final VM
openstack volume create test-vm1-vol1 --size 10 --bootable
 
# create temporary installation VM
openstack server create test-vm1-inst --image ubuntu-24.04.1-live-server-amd64.iso --flavor m1.small --key-name test-keypair --network test-network
 
# attach volume to temporary VM
openstack server add volume test-vm1-inst test-vm1-vol1
 
# show console url from temporary VM
openstack console url show -c url -f value test-vm1-inst
 
# install OS in console
 
# delete temporary VM
openstack server stop test-vm1-inst
openstack server delete test-vm1-inst
 
# create final VM
openstack server create test-vm1 --volume test-vm1-vol1 --flavor m1.small --key-name test-keypair --network test-network
openstack console url show -c url -f value test-vm1
 
# remove iso imagge
openstack image delete ubuntu-24.04.1-live-server-amd64.iso

---
- name: Create container
  hosts: incus1.example.com
  # become: yes
  tasks:
    - name: Create incus container
      community.general.lxd_container:
        url: "unix:/var/lib/incus/unix.socket"
        name: u2404
        source:
          type: image
          mode: pull
          server: https://images.linuxcontainers.org/
          alias: ubuntu/24.04/cloud
          protocol: simplestreams
        wait_for_container: true
        wait_for_ipv4_addresses: true
        config:
          limits.cpu: "4"
          boot.autostart: "true"
          cloud-init.user-data: |
            #cloud-config
            package_upgrade: true
            locale: en_US.UTF-8
            timezone: Europe/Berlin
            apt_upgrade: true
            package_upgrade: true
            packages:
              - openssh-server
            # disable_root: false
            ssh_authorized_keys:
              - "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
          cloud-init.network-config: |
          network:
            version: 2
            ethernets:
              eno1:
                dhcp4: true
        profiles: ["disk-default", "nic-dev"]
      register: container
 
    - name: Configure temporary user for initial run
      set_fact:
        remote_user: ubuntu
      delegate_to: localhost
      delegate_facts: True
      when: container.changed- name: Create container
 
 
- name: Configure container
  hosts: u2404.example.com
  gather_facts: no
  remote_user:  "{{ hostvars['localhost']['remote_user'] | default(lookup('env', 'USER')) }}"
  become: yes
  tasks:
    - name: Create a user 'johnd' with a home directory
      ansible.builtin.user:
        name: johnd
        create_home: yes

terraform {
  required_providers {
    incus = {
      source = "lxc/incus"
    }
  }
}
 
provider "incus" {
  # generate_client_certificates = true
  # accept_remote_certificate    = true
 
  remote {
    name    = "10.0.1.104"
    scheme  = "https"
    address = "10.0.1.104"
    token   = "xxxxxxxxxxxxxxxxxxxxxxxxxx"
    default = true
  }
}
 
data "template_file" "user_data" {
  template = <<EOF
#cloud-config
package_update: true
packages:
  - nginx
runcmd:
  - sudo systemctl stop unattended-upgrades
  - sudo apt purge -y unattended-upgrades
EOF
}
 
resource "incus_instance" "instance_1" {
  name             = "u2404"
  description      = "Terraform Incus test container"
  image            = "images:ubuntu/24.04/cloud"
  profiles         = ["default"]
  wait_for_network = true
 
  config = {
    "boot.autostart"       = true
    "limits.cpu"           = 4
    "cloud-init.user-data" = data.template_file.user_data.rendered
  }
 
  device {
    name = "http"
    type = "proxy"
    properties = {
      listen = "tcp:0.0.0.0:80"
      connect = "tcp:127.0.0.1:80"
    }
  }
}

sudo apt-get install -y curl gnupg2 wget git apt-transport-https ca-certificates software-properties-common
sudo add-apt-repository -y ppa:mosquitto-dev/mosquitto-ppa
sudo apt install mosquitto mosquitto-clients -y
 
sudo mosquitto_passwd -c -b /etc/mosquitto/passwd foo pass1234

# todo sudo
cat <<EOF> /etc/mosquitto/conf.d/default.conf
listener 1883
password_file /etc/mosquitto/passwd
EOF
chmod a+r /etc/mosquitto/passwd
 
sudo systemctl restart mosquitto

sudo snap install mqtt-explorer

>D
>B
 
=>sensor53 r
>M 1
+1,3,s,0,9600,
1,77070100010800ff@1000,Total consumption,kWh,total_in,2
1,77070100020800ff@1000,Total feed-in,kWh,total_out,2
1,77070100100700ff@1,Power,W,power_curr,0
#

# ZFS (optional)
sudo apt install -y zfsutils-linux
sudo lvcreate --name storage --size 100G ubuntu-vg
sudo zpool create incus /dev/ubuntu-vg/storage
sudo zpool set autotrim=on incus
sudo zfs create incus/storage
 
# uninstall LXD
snap remove lxd

mkdir -p /etc/apt/keyrings/
curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc
 
sh -c 'cat <<EOF > /etc/apt/sources.list.d/zabbly-incus-stable.sources
Enabled: yes
Types: deb
URIs: https://pkgs.zabbly.com/incus/stable
Suites: $(. /etc/os-release && echo ${VERSION_CODENAME})
Components: main
Architectures: $(dpkg --print-architecture)
Signed-By: /etc/apt/keyrings/zabbly.asc
EOF'
 
sudo apt update
sudo apt install -y incus bash-completion #incus-tools
 
sudo usermod -aG incus-admin ubuntu
 
# fixme
# incus completion fish

sudo apt install -y certbot
 
pyenv activate osc
pip install python-designateclient certbot-dns-openstack zope
 
# list available zones
openstack zone list
 
# Create letsencrypt directory
mkdir ~/letsencrypt
 
# Request wildcard certificate
DOMAIN=example.com
certbot -a dns-openstack certonly \
    --agree-tos \
    --register-unsafely-without-email \
    --work-dir ~/letsencrypt/work \
    --config-dir ~/letsencrypt/etc \
    --logs-dir ~/letsencrypt/log \
    --dns-openstack-propagation-seconds 60 \
    -d *.${DOMAIN}
#    -d *.example.com,example.com
 
# List certificates
ls -l ~/letsencrypt/etc/archive/*/*

watch -n1 openstack recordset list example.com

# Create router
openstack router create test-router1 \
  --centralized \
  --ha \
  --external-gateway public
 
# Show available tenant IPv6 subnet
openstack subnet pool list --share | grep tenant-subnet-pool-v6
 
# Create network
openstack network create test-network1
 
# DUAL-STACK: Create IPv4 subnet (skip for IPv6 only)
openstack subnet create test-subnet1-ipv4 \
  --network test-network1 \
  --subnet-range 10.11.12.0/24
 
# DUAL-STACK: Attach IPv4 subnet to router (skip for IPv6 only)
openstack router add subnet test-router1 test-subnet1-ipv4
 
# Create IPv6 subnet
openstack subnet create test-subnet1-ipv6 \
  --network test-network1 \
  --ip-version 6 \
  --subnet-pool tenant-subnet-pool-v6 \
  --prefix-length 64 \
  --ipv6-ra-mode dhcpv6-stateless \
  --ipv6-address-mode dhcpv6-stateless
 
# Attach IPv6 subnet to router
openstack router add subnet test-router1 test-subnet1-ipv6
 
# OPTINAL: allow access from outside
SECURITY_GROUP=test-secgroup
openstack security group create ${SECURITY_GROUP}
 
# DUAL-STACK: allow access to Floating FIP from outside (skip for IPv6 only)
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol icmp --ingress --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol icmp --egress --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol tcp --dst-port 22 --remote-ip 0.0.0.0/0