# yaml-language-server: $schema=../talconfig.json
# Restore target after GPT wipe: `cp talconfig.with-longhorn.yaml talconfig.yaml` then `talhelper genconfig -o out` and apply all nodes.
# Noble lab — Talos machine configs via talhelper.
# 1) talhelper gensecret > talsecret.yaml   # or SOPS-encrypt to talsecret.sops.yaml (do not commit)
# 2) talhelper genconfig -o out           # writes to talos/out/ (gitignored from repo root)
# 3) talosctl apply-config --insecure -n <ip> --file out/noble-<host>.yaml
#
# installDisk: confirm with `talosctl disks -n <ip> --insecure` (Proxmox virtio is often /dev/sda).
# Longhorn data disk: second disk (often /dev/sdb SCSI or /dev/vdb virtio) → XFS at /var/mnt/longhorn.
# After changing schematic/extensions: regenerate configs, upgrade nodes with new installer image, then reboot if needed.
# Helm must set defaultDataPath to /var/mnt/longhorn (see clusters/noble/apps/longhorn/values.yaml).
#
# Image Factory schematic (iscsi-tools + util-linux-tools), nocloud installer — pinned per-node via `talosImageURL`
# (base URL only, no `:tag` — talhelper validates and appends `talosVersion`).
# After edits: `talhelper genconfig -o out` → `machine.install.image` in out/*.yaml.
# Cluster upgrade: `talosctl upgrade --image factory.talos.dev/nocloud-installer/249d9135de54962744e917cfe654117000cba369f9152fbab9d055a00aa3664f:v1.12.6 -n <ip> --wait`
clusterName: noble
talosVersion: v1.12.6
endpoint: https://192.168.50.230:6443
allowSchedulingOnControlPlanes: true
additionalApiServerCertSans:
  - 192.168.50.230
  - noble.lab
  - kube.noble.lab
nodes:
  - hostname: helium
    ipAddress: 192.168.50.10
    controlPlane: false
    installDisk: /dev/sda
    talosImageURL: &noble-installer factory.talos.dev/nocloud-installer/249d9135de54962744e917cfe654117000cba369f9152fbab9d055a00aa3664f
  - hostname: neon
    ipAddress: 192.168.50.20
    controlPlane: true
    installDisk: /dev/sda
    talosImageURL: *noble-installer
  - hostname: argon
    ipAddress: 192.168.50.30
    controlPlane: true
    installDisk: /dev/sda
    talosImageURL: *noble-installer
  - hostname: krypton
    ipAddress: 192.168.50.40
    controlPlane: true
    installDisk: /dev/sda
    talosImageURL: *noble-installer
controlPlane:
  schematic: &noble-schematic
    customization:
      systemExtensions:
        officialExtensions:
          - siderolabs/iscsi-tools
          - siderolabs/util-linux-tools
  userVolumes:
    - &longhorn-data
      name: longhorn
      # Whole dedicated disk (no partition min/max math). Avoids "not enough space" when
      # grow+maxSize:100% on a separate data disk incorrectly fails provisioning.
      volumeType: disk
      provisioning:
        diskSelector:
          # Proxmox virtio SCSI: second disk is often vdb, not sdb. Prefer WWN/serial in prod.
          match: disk.dev_path == '/dev/sdb' || disk.dev_path == '/dev/vdb'
      filesystem:
        type: xfs
worker:
  schematic: *noble-schematic
  userVolumes:
    - *longhorn-data
patches:
  - |-
    cluster:
      network:
        cni:
          name: none
    machine:
      kubelet:
        # Avoid NodeIPController warnings when VIP / multiple addresses exist; pin to LAN.
        nodeIP:
          validSubnets:
            - 192.168.50.0/24
        extraMounts:
          - destination: /var/mnt/longhorn
            type: bind
            source: /var/mnt/longhorn
            options:
              - bind
              - rshared
              - rw
          # Chart DaemonSet hostPath is /var/lib/longhorn (not configurable in Helm 1.11.x).
          - destination: /var/lib/longhorn
            type: bind
            source: /var/mnt/longhorn
            options:
              - bind
              - rshared
              - rw