platform/onprem/vyos-edge

Epoch: 2026E

Purpose

Provision and publish a VyOS routed edge appliance on Proxmox by specializing the existing Proxmox VM lifecycle and injecting first-boot VyOS configuration.

Why it exists

• HybridOps needs a first-class routed edge default that matches the accepted VyOS architecture.
• VyOS should reuse the existing Proxmox VM lifecycle rather than introducing a second generic VM stack.

Required behaviour

• MUST consume template state from core/onprem/vyos-template-seed by default.
• MUST allow core/onprem/vyos-template-import as an explicit compatibility override when template lifecycle is managed outside HyOps.
• MUST reuse platform/onprem/platform-vm semantics for:
• naming
• env prefixing
• state publication
• VM identity outputs
• MUST publish routed edge identity outputs such as:
• management IP
• loopback/router ID
• ASN
• tunnel endpoints
• interface map
• MUST require explicit cloud-init payload inputs and fail validation when any are missing:
• cloud_init_user_data
• cloud_init_network_data (network v1 with version and config)
• cloud_init_meta_data (instance-id and local-hostname)
• MUST fail validation when eth1 is configured as a static LAN address in first-boot bootstrap intent.
• MUST allow eth1 DHCP intent when the edge is expected to receive transit addressing dynamically.
• MUST support state-first configuration and fail clearly if required upstream template or addressing state is absent.

Product boundary

• This module owns VM specialization and initial VyOS bootstrap intent.
• Day-2 route policy, IPsec, and BGP validation MAY be handled by dedicated network automation modules or blueprints.
• It MUST NOT replace the shared Linux control-plane host model.