Incus/LXD RHEL-based distro profile for a basic initialization

create-instance.sh

incus launch images:rockylinux/9/cloud test --profile rhel
incus launch images:rockylinux/9/cloud test-vm --vm --profile rhel --profile vm-config

incus-rhel-profile.yaml

config:
  cloud-init.vendor-data: |
    ## template: jinja
    #cloud-config
    write_files:
      - content: |
          install_weak_deps=False
        path: /etc/dnf/dnf.conf
        append: true
      - content: |
          Subsystem       sftp    /usr/libexec/openssh/sftp-server
        path: /etc/ssh/sshd_config
        append: true
        defer: true
    hostname: "{{ ds.meta_data.instance_id }}.lab.internal"
    yum_repos:
      epel-release:
        name: Extra Packages for Enterprise Linux $releasever - $basearch
        baseurl: https://dl.fedoraproject.org/pub/epel/$releasever/Everything/$basearch/
        metalink: https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch&infra=$infra&content=$contentdir
        countme: 1
        gpgcheck: true
        gpgkey: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever
    disable_root: false
    ssh_authorized_keys:
      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvD75Ua7ga0A2brGA3jIQUnxYQJo+RUq1AMZlBEty3/PVTMxTPtvJeMmFASK4nTehkGkukjkp5qoj3uYfP/247UKI/q5Uw/kkeu2ELEJacHY+ZGE/tFsQ80mxR8+qsmVmERA2mWkEYCihjYOKxa0VwdoEfNiU/OmstunQIXC99VXeA7LswY7St0RsH0NgZ+jX6WVa6Nq34k1wIrEyfeAANEz2ucqaG9bVUpkPA12v62ngptUK/PCW2vpHKlbGWbrHbCdamg6w/n4vKdO7ihwN5NBgw7m3lwjwqKsBFV3SLoGgNflLt0O64Muk/ynTA8rWFhWL7TE8c/7ZfhSVclShMkbla7wbza59REz+KTKglJj6TkOPvlU1AAvra5mesXuheahzXekBz+VAlfEtzEFgnAraPlM4SAJelqoWXHNX8lm9CFOu9euAd1WWHr/9ADTnJTAunGQUNMaFrJtVaIsgHSEowUZ/VVUEx4Q09X0EjIcEMhQRdueT8+T84kLjCwAU= canhdinh@pop-os
    package_upgrade: true
    packages:
      - bash-completion
      - openssh
      - openssh-server
      - curl
      - wget
      - htop
      - vim
      - tar
      - man
      - firewalld
      - certbot
    timezone: Asia/Ho_Chi_Minh
    runcmd:
      - systemctl set-default multi-user.target
      - systemctl enable --now sshd
      - systemctl enable --now firewalld.service
      - firewall-cmd --remove-service=cockpit --permanent
      - firewall-cmd --remove-service=dhcpv6-client --permanent
      - firewall-cmd --add-service=http --permanent
      - firewall-cmd --add-service=ssh --permanent
      - firewall-cmd --reload
      - mandb
      - curl -Lk https://ca.lab.internal/roots.pem -o /etc/pki/ca-trust/source/anchors/ca.crt
      - update-ca-trust extract
  limits.cpu: "1"
  limits.memory: 2GiB
description: RHEL profile
devices:
  eth0:
    name: eth0
    network: incusbr0
    type: nic
  root:
    path: /
    pool: local
    type: disk
name: rhel
used_by: []
project: default

incus-vm-config.yaml

config:
  cloud-init.user-data: |
    #cloud-config
    bootcmd:
      - setenforce 0
      - sed -i 's/^\(SELINUX\)=enforcing/\1=permissive/' /etc/selinux/config
    runcmd:
      - systemctl set-default multi-user.target
      - systemctl enable --now sshd
      - systemctl enable --now firewalld.service
      - firewall-cmd --remove-service=cockpit --permanent
      - firewall-cmd --remove-service=dhcpv6-client --permanent
      - firewall-cmd --add-service=http --permanent
      - firewall-cmd --add-service=ssh --permanent
      - firewall-cmd --reload
      - mandb
      - curl -Lk https://ca.lab.internal/roots.pem -o /etc/pki/ca-trust/source/anchors/ca.crt
      - update-ca-trust extract
      - grub2-mkconfig -o /boot/grub2/grub.cfg --update-bls-cmdline
      - grubby --update-kernel ALL --args selinux=0
  limits.cpu: "1"
  limits.memory: 2GiB
description: Profile for VM
devices:
  agent:
    source: agent:config
    type: disk
name: vm-config
used_by: []
project: default