Initial CSI setup — democratic-csi + NFS on int

- controller.nomad: CSI controller pinned to int
- node.nomad: CSI node plugin (int only for now, expand later)
- volumes/example.hcl: template for creating new volumes

NFS: int exports /opt/csi-volumes to 192.168.15.0/24
Plugin ID: org.democratic-csi.nfs

README.md

@@ -0,0 +1,55 @@
+# nomad-csi
+
+Nomad CSI storage for i80.dk — democratic-csi + NFS on int.i80.dk.
+
+## Architecture
+
+- **NFS server**: `int.i80.dk` exports `/opt/csi-volumes` to 192.168.15.0/24
+- **CSI driver**: [democratic-csi](https://github.com/democratic-csi/democratic-csi) v1.9.0
+- **Plugin ID**: `org.democratic-csi.nfs`
+
+## Deploy
+
+```bash
+# One-time: deploy CSI controller + node plugin
+nomad job run csi/controller.nomad
+nomad job run csi/node.nomad
+
+# Verify
+nomad plugin status org.democratic-csi.nfs
+```
+
+## Create a volume
+
+```bash
+# Edit csi/volumes/example.hcl with your id/name/size, then:
+nomad volume create csi/volumes/my-volume.hcl
+
+# Volumes are persistent — only deleted explicitly:
+nomad volume delete my-volume-id
+```
+
+## Use in a job
+
+```hcl
+volume "data" {
+  type            = "csi"
+  source          = "my-volume-id"
+  access_mode     = "single-node-writer"
+  attachment_mode = "file-system"
+}
+
+# ...in the task:
+volume_mount {
+  volume      = "data"
+  destination = "/data"
+}
+```
+
+## Expanding to all workers
+
+When ready, update `csi/node.nomad`:
+- Change `type = "service"` → `type = "system"`
+- Remove the `constraint` block
+
+Workers need `nfs-common` installed (via Ansible `storage.yml` playbook).

csi/controller.nomad

@@ -0,0 +1,69 @@
+job "csi-nfs-controller" {
+  datacenters = ["dc1"]
+  type        = "service"
+  namespace   = "default"
+
+  # Pin controller to int — NFS server lives here
+  constraint {
+    attribute = "${node.unique.name}"
+    value     = "int"
+  }
+
+  group "controller" {
+    count = 1
+
+    task "plugin" {
+      driver = "docker"
+
+      config {
+        image   = "democraticcsi/democratic-csi:latest"
+        command = "/bin/democratic-csi"
+        args = [
+          "--csi-version=1.5.0",
+          "--csi-name=org.democratic-csi.nfs",
+          "--driver-config-file=${NOMAD_TASK_DIR}/driver-config-file.yaml",
+          "--log-level=info",
+          "--csi-mode=controller",
+          "--server-socket=${CSI_ENDPOINT}",
+        ]
+
+        volumes = [
+          "/opt/csi-volumes:/opt/csi-volumes",
+        ]
+
+        privileged = true
+      }
+
+      csi_plugin {
+        id        = "org.democratic-csi.nfs"
+        type      = "controller"
+        mount_dir = "/csi"
+      }
+
+      template {
+        data        = <<TMPL
+driver: nfs-client
+instance_id: int-nfs-1
+nfs:
+  shareHost: 192.168.15.25
+  shareBasePath: /opt/csi-volumes
+  controllerBasePath: /opt/csi-volumes
+  shareAlldirs: false
+  shareAllowedNetworks:
+    - 192.168.15.0/24
+  shareAllowedHosts: []
+  shareMaprootUser: root
+  shareMaprootGroup: root
+server:
+  port: 50051
+TMPL
+        destination = "${NOMAD_TASK_DIR}/driver-config-file.yaml"
+      }
+
+      resources {
+        cpu    = 100
+        memory = 128
+      }
+    }
+  }
+}

csi/node.nomad

@@ -0,0 +1,69 @@
+job "csi-nfs-node" {
+  datacenters = ["dc1"]
+  type        = "service"
+  namespace   = "default"
+
+  # Only int for now — expand to all workers once verified
+  constraint {
+    attribute = "${node.unique.name}"
+    value     = "int"
+  }
+
+  group "node" {
+    count = 1
+
+    task "plugin" {
+      driver = "docker"
+
+      config {
+        image        = "democraticcsi/democratic-csi:latest"
+        command      = "/bin/democratic-csi"
+        network_mode = "host"
+        args = [
+          "--csi-version=1.5.0",
+          "--csi-name=org.democratic-csi.nfs",
+          "--driver-config-file=${NOMAD_TASK_DIR}/driver-config-file.yaml",
+          "--log-level=info",
+          "--csi-mode=node",
+          "--server-socket=${CSI_ENDPOINT}",
+        ]
+
+        privileged = true
+      }
+
+      csi_plugin {
+        id        = "org.democratic-csi.nfs"
+        type      = "node"
+        mount_dir = "/csi"
+      }
+
+      template {
+        data        = <<TMPL
+driver: nfs-client
+instance_id: int-nfs-1
+nfs:
+  shareHost: 192.168.15.25
+  shareBasePath: /opt/csi-volumes
+  controllerBasePath: /opt/csi-volumes
+  shareAlldirs: false
+  shareAllowedNetworks:
+    - 192.168.15.0/24
+  shareAllowedHosts: []
+  shareMaprootUser: root
+  shareMaprootGroup: root
+  mountOptions:
+    - nolock
+    - nfsvers=4
+server:
+  port: 50051
+TMPL
+        destination = "${NOMAD_TASK_DIR}/driver-config-file.yaml"
+      }
+
+      resources {
+        cpu    = 100
+        memory = 128
+      }
+    }
+  }
+}

csi/volumes/example.hcl

@@ -0,0 +1,14 @@
+# Example: create a named CSI volume for use in pipelines
+# Usage: nomad volume create nomad-jobs/csi/example-volume.hcl
+#
+id           = "my-app-data"
+name         = "my-app-data"
+type         = "csi"
+plugin_id    = "org.democratic-csi.nfs"
+capacity_min = "1GiB"
+capacity_max = "50GiB"
+
+capability {
+  access_mode     = "single-node-writer"
+  attachment_mode = "file-system"
+}