nij4t/default.yaml

## default.yaml
# ===================================================================== #
# BASIC CONFIGURATION
# ===================================================================== #

# Arch: "default", "x86_64", "aarch64".
# "default" corresponds to the host architecture.
arch: "default"

# An image must support systemd and cloud-init.
# Ubuntu and Fedora are known to work.
# Default: none (must be specified)
images:
  # Try to use a local image first.
  - location: "~/Downloads/impish-server-cloudimg-amd64.img"
    arch: "x86_64"
  - location: "~/Downloads/impish-server-cloudimg-arm64.img"
    arch: "aarch64"

  # Download the file from the internet when the local file is missing.
  # Hint: run `limactl prune` to invalidate the "current" cache
  - location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-amd64.img"
    arch: "x86_64"
  - location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-arm64.img"
    arch: "aarch64"

# CPUs: if you see performance issues, try limiting cpus to 1.
# Default: 4
cpus: 4

# Memory size
# Default: "4GiB"
memory: "4GiB"

# Disk size
# Default: "100GiB"
disk: "100GiB"

# Expose host directories to the guest, the mount point might be accessible from all UIDs in the guest
# Default: none
mounts:
  - location: "~"
    # CAUTION: `writable` SHOULD be false for the home directory.
    # Setting `writable` to true is possible, but untested and dangerous.
    writable: false
  - location: "/tmp/lima"
    writable: true

ssh:
  # A localhost port of the host. Forwarded to port 22 of the guest.
  # Default: 0 (automatically assigned to a free port)
  localPort: 0
  # Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub .
  # This option is useful when you want to use other SSH-based
  # applications such as rsync with the Lima instance.
  # If you have an insecure key under ~/.ssh, do not use this option.
  # Default: true
  loadDotSSHPubKeys: true
  # Forward ssh agent into the instance.
  # Default: false
  forwardAgent: false

# ===================================================================== #
# ADVANCED CONFIGURATION
# ===================================================================== #

containerd:
  # Enable system-wide (aka rootful)  containerd and its dependencies (BuildKit, Stargz Snapshotter)
  # Default: false
  system: false
  # Enable user-scoped (aka rootless) containerd and its dependencies
  # Default: true
  user: true
#  # Override containerd archive
#  # Default: hard-coded URL with hard-coded digest (see the output of `limactl info | jq .defaultTemplate.containerd.archives`)
#  archives:
#    - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz"
#      arch: "x86_64"
#      digest: "sha256:..."

# Provisioning scripts need to be idempotent because they might be called
# multiple times, e.g. when the host VM is being restarted.
# provision:
#   # `system` is executed with the root privilege
#   - mode: system
#     script: |
#       #!/bin/bash
#       set -eux -o pipefail
#       export DEBIAN_FRONTEND=noninteractive
#       apt-get install -y vim
#   # `user` is executed without the root privilege
#   - mode: user
#     script: |
#       #!/bin/bash
#       set -eux -o pipefail
#       cat <<EOF > ~/.vimrc
#       set number
#       EOF
provision:
  # `system` is executed with the root privilege
  - mode: system
    script: |
      #!/bin/bash
      set -eux -o pipefail
      if ! apt list --installed | grep docker-ce; then
        curl -fsSL https://get.docker.com | sh -
        sudo cat <<EOF > /etc/profile.d/docker.sh
      #!/bin/bash
      export DOCKER_HOST=unix:///run/user/\$(id -u)/docker.sock
      EOF
      else
        echo "Docker already installed"
      fi

  # `user` is executed without the root privilege
  - mode: user
    script: |
      #!/bin/bash
      set -eux -o pipefail
      dockerd-rootless-setuptool.sh install
      if ! grep DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS ~/.config/systemd/user/docker.service; then
        /usr/bin/sed -i '/Environment=.*/a Environment=DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2375:2375/tcp"' ~/.config/systemd/user/docker.service
        /usr/bin/sed -i "s/ExecStart=.*/ExecStart=\/usr\/bin\/dockerd-rootless.sh -H unix:\/\/\/run\/user\/$(id -u)\/docker.sock -H tcp:\/\/0.0.0.0:2375/g" ~/.config/systemd/user/docker.service
        mkdir -p ~/.docker/cli-plugins/
        curl -SL https://github.com/docker/compose/releases/download/v2.0.0-rc.3/docker-compose-linux-amd64 -o ~/.docker/cli-plugins/docker-compose
        chmod +x ~/.docker/cli-plugins/docker-compose
      else
       echo "Docker service already configured"
      fi
      /usr/bin/systemctl --user daemon-reload
      /usr/bin/systemctl --user restart docker.service

# probes:
#  # Only `readiness` probes are supported right now.
#  - mode: readiness
#    description: vim to be installed
#    script: |
#       #!/bin/bash
#       set -eux -o pipefail
#       if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then
#         echo >&2 "vim is not installed yet"
#         exit 1
#       fi
#    hint: |
#      vim was not installed in the guest. Make sure the package system is working correctly.
#      Also see "/var/log/cloud-init-output.log" in the guest.

# ===================================================================== #
# FURTHER ADVANCED CONFIGURATION
# ===================================================================== #

firmware:
  # Use legacy BIOS instead of UEFI.
  # Default: false
  legacyBIOS: false

video:
  # QEMU display, e.g., "none", "cocoa", "sdl", "gtk".
  # As of QEMU v5.2, enabling this is known to have negative impact
  # on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
  # Default: "none"
  display: "none"

# The instance can get routable IP addresses from the vmnet framework using
# https://github.com/lima-vm/vde_vmnet.
networks:
  # Lima can manage daemons for networks defined in $LIMA_HOME/_config/networks.yaml
  # automatically. Both vde_switch and vde_vmnet binaries must be installed into
  # secure locations only alterable by the "root" user.
  # - lima: shared
  #   # MAC address of the instance; lima will pick one based on the instance name,
  #   # so DHCP assigned ip addresses should remain constant over instance restarts.
  #   macAddress: ""
  #   # Interface name, defaults to "lima0", "lima1", etc.
  #   interface: ""
  #
  # Lima can also connect to "unmanaged" vde networks addressed by "vnl". This
  # means that the daemons will not be controlled by Lima, but must be started
  # before the instance.  The interface type (host, shared, or bridged) is
  # configured in vde_vmnet and not in lima.
  # vnl (virtual network locator) points to the vde_switch socket directory,
  # optionally with vde:// prefix
  # - vnl: "vde:///var/run/vde.ctl"
  #   # VDE Switch port number (not TCP/UDP port number). Set to 65535 for PTP mode.
  #   # Default: 0
  #   switchPort: 0
  #   # MAC address of the instance; lima will pick one based on the instance name,
  #   # so DHCP assigned ip addresses should remain constant over instance restarts.
  #   macAddress: ""
  #   # Interface name, defaults to "lima0", "lima1", etc.
  #   interface: ""

# Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden.
# Rules are checked sequentially until the first one matches.
portForwards:
  - guestPort: 2375
    hostIP: "127.0.0.1" # overrides the default value "127.0.0.1"; allows privileged port forwarding
# portForwards:
#   - guestPort: 443
#     hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
#   # default: hostPort: 443 (same as guestPort)
#   # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
#   # default: proto: "tcp" (only valid value right now)
#
#   - guestPortRange: [4000, 4999]
#     hostIP:  "0.0.0.0" # overrides the default value "127.0.0.1"
#   # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange)
#
#   - guestPort: 80
#     hostPort: 8080 # overrides the default value 80
#
#   - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1"
#     hostIP: "127.0.0.2" # overrides the default value "127.0.0.1"
#   # default: guestPortRange: [1, 65535]
#   # default: hostPortRange: [1, 65535]
#
#   - guestPort: 8888
#     ignore: true (don't forward this port)
#
#   - guestSocket: "/run/user/{{.UID}}/my.sock"
#     hostSocket: mysocket
#   # "guestSocket" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}.
#   # "hostSocket" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}.
#   # Put sockets into "{{.Dir}}/sock" to avoid collision with Lima internal sockets!
#   # Sockets can also be forwarded to ports and vice versa, but not to/from a range of ports.
#   # Forwarding requires the lima user to have rw access to the "guestsocket",
#   # and the local user rwx access to the directory of the "hostsocket".
#
#   # Lima internally appends this fallback rule at the end:
#   - guestIP: "127.0.0.1"
#     guestPortRange: [1, 65535]
#     hostIP: "127.0.0.1"
#     hostPortRange: [1, 65535]
#   # Any port still not matched by a rule will not be forwarded (ignored)

# Message. Information to be shown to the user, given as a Go template for the instance.
# The same template variables as for listing instances can be used, for example {{.Dir}}.
# You can view the complete list of variables using `limactl list --list-fields` command.
# It also includes {{.HostOS}} and {{.HostArch}} vars, for the runtime GOOS and GOARCH.
# message: |
#   This will be shown to the user.

# Extra environment variables that will be loaded into the VM at start up.
# These variables are consumed by internal init scripts, and also added
# to /etc/environment.
# If you set any of "ftp_proxy", "http_proxy", "https_proxy", or "no_proxy", then
# Lima will automatically set an uppercase variant to the same value as well.
# env:
#   KEY: value

# Lima will override the proxy environment variables with values from the current process
# environment (the environment in effect when you run `limactl start`). It will automatically
# replace the strings "localhost" and "127.0.0.1" with the host gateway address from inside
# the VM, so it stays routable. Use of the process environment can be disabled by setting
# propagateProxyEnv to false.
# Default: true
propagateProxyEnv: true

# The host agent implements a DNS server that looks up host names on the host
# using the local system resolver. This means changing VPN and network settings
# are reflected automatically into the guest, including conditional forward,
# and mDNS lookup:
# Default: true
useHostResolver: true

# If useHostResolver is false, then the following rules apply for configuring dns:
# Explicitly set DNS addresses for qemu user-mode networking. By default qemu picks *one*
# nameserver from the host config and forwards all queries to this server. On macOS
# Lima adds the nameservers configured for the "en0" interface to the list. In case this
# still doesn't work (e.g. VPN setups), the servers can be specified here explicitly.
# If nameservers are specified here, then the "en0" configuration will be ignored.
# dns:
# - 1.1.1.1
# - 1.0.0.1

# ===================================================================== #
# GLOBAL DEFAULTS AND OVERRIDES
# ===================================================================== #

# The builtin defaults can be changed globally by creating a $LIMA_HOME/_config/default.yaml
# file. It will be used by ALL instances under the same $LIMA_HOME, and it
# will be applied on each `limactl start`, so can affect instance restarts.

# A similar mechanism is $LIMA_HOME/_config/override.yaml, which will take
# precedence even over the settings in an instances lima.yaml file.
# It too applies to ALL instances under the same $LIMA_HOME, and is applied
# on each restart. It can be used to globally override settings, e.g. make
# the mount of the home directory writable.

# On each instance start the config settings are determined: If a value is
# not set in `lima.yaml`, then the `default.yaml` is used. If that file
# doesn't exist, or the value is not defined in the file, then the buildin
# default is used. If `override.yaml` exists and defines the value, then
# it overrides whatever has been choosen so far.

# For slices (e.g. `mounts`, `provision`) and maps (`env`) the entries are
# combined instead of replacing each other. Slices are produced from override
# settings, followed by lima.yaml, followed by defaults.yaml (but NOT from
# builtin defaults). Maps are produced starting with defaults.yaml values,
# overwriting with lima.yaml ones, overwriting with override.yaml.

# Exceptions:
# - `dns` will use the list from the highest priority file; they are not
#   combined. If override.yaml defines a list of `dns` entries, then the
#   settings in default.yaml and lima.yaml are ignored.
#
# - `mounts` will update the `writable` setting when 2 entries have the
#   same `location` value. For this reason they are processed in the opposite
#   order: starting with default, followed by lima, and then override.
#
# -`networks` will replace lower priority entries with the same `interface`
#   name with higher priority definitions. This does not apply if the
#  `interface` field is empty. `networks` are therefore also processed
#  in lowest to highest priority order.

# ===================================================================== #
# END OF TEMPLATE
# ===================================================================== #
	# ===================================================================== #
	# BASIC CONFIGURATION
	# ===================================================================== #

	# Arch: "default", "x86_64", "aarch64".
	# "default" corresponds to the host architecture.
	arch: "default"

	# An image must support systemd and cloud-init.
	# Ubuntu and Fedora are known to work.
	# Default: none (must be specified)
	images:
	# Try to use a local image first.
	- location: "~/Downloads/impish-server-cloudimg-amd64.img"
	arch: "x86_64"
	- location: "~/Downloads/impish-server-cloudimg-arm64.img"
	arch: "aarch64"

	# Download the file from the internet when the local file is missing.
	# Hint: run `limactl prune` to invalidate the "current" cache
	- location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-amd64.img"
	arch: "x86_64"
	- location: "https://cloud-images.ubuntu.com/impish/current/impish-server-cloudimg-arm64.img"
	arch: "aarch64"

	# CPUs: if you see performance issues, try limiting cpus to 1.
	# Default: 4
	cpus: 4

	# Memory size
	# Default: "4GiB"
	memory: "4GiB"

	# Disk size
	# Default: "100GiB"
	disk: "100GiB"

	# Expose host directories to the guest, the mount point might be accessible from all UIDs in the guest
	# Default: none
	mounts:
	- location: "~"
	# CAUTION: `writable` SHOULD be false for the home directory.
	# Setting `writable` to true is possible, but untested and dangerous.
	writable: false
	- location: "/tmp/lima"
	writable: true

	ssh:
	# A localhost port of the host. Forwarded to port 22 of the guest.
	# Default: 0 (automatically assigned to a free port)
	localPort: 0
	# Load ~/.ssh/*.pub in addition to $LIMA_HOME/_config/user.pub .
	# This option is useful when you want to use other SSH-based
	# applications such as rsync with the Lima instance.
	# If you have an insecure key under ~/.ssh, do not use this option.
	# Default: true
	loadDotSSHPubKeys: true
	# Forward ssh agent into the instance.
	# Default: false
	forwardAgent: false

	# ===================================================================== #
	# ADVANCED CONFIGURATION
	# ===================================================================== #

	containerd:
	# Enable system-wide (aka rootful) containerd and its dependencies (BuildKit, Stargz Snapshotter)
	# Default: false
	system: false
	# Enable user-scoped (aka rootless) containerd and its dependencies
	# Default: true
	user: true
	# # Override containerd archive
	# # Default: hard-coded URL with hard-coded digest (see the output of `limactl info \| jq .defaultTemplate.containerd.archives`)
	# archives:
	# - location: "~/Downloads/nerdctl-full-X.Y.Z-linux-amd64.tar.gz"
	# arch: "x86_64"
	# digest: "sha256:..."

	# Provisioning scripts need to be idempotent because they might be called
	# multiple times, e.g. when the host VM is being restarted.
	# provision:
	# # `system` is executed with the root privilege
	# - mode: system
	# script: \|
	# #!/bin/bash
	# set -eux -o pipefail
	# export DEBIAN_FRONTEND=noninteractive
	# apt-get install -y vim
	# # `user` is executed without the root privilege
	# - mode: user
	# script: \|
	# #!/bin/bash
	# set -eux -o pipefail
	# cat <<EOF > ~/.vimrc
	# set number
	# EOF
	provision:
	# `system` is executed with the root privilege
	- mode: system
	script: \|
	#!/bin/bash
	set -eux -o pipefail
	if ! apt list --installed \| grep docker-ce; then
	curl -fsSL https://get.docker.com \| sh -
	sudo cat <<EOF > /etc/profile.d/docker.sh
	#!/bin/bash
	export DOCKER_HOST=unix:///run/user/\$(id -u)/docker.sock
	EOF
	else
	echo "Docker already installed"
	fi

	# `user` is executed without the root privilege
	- mode: user
	script: \|
	#!/bin/bash
	set -eux -o pipefail
	dockerd-rootless-setuptool.sh install
	if ! grep DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS ~/.config/systemd/user/docker.service; then
	/usr/bin/sed -i '/Environment=.*/a Environment=DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2375:2375/tcp"' ~/.config/systemd/user/docker.service
	/usr/bin/sed -i "s/ExecStart=.*/ExecStart=\/usr\/bin\/dockerd-rootless.sh -H unix:\/\/\/run\/user\/$(id -u)\/docker.sock -H tcp:\/\/0.0.0.0:2375/g" ~/.config/systemd/user/docker.service
	mkdir -p ~/.docker/cli-plugins/
	curl -SL https://github.com/docker/compose/releases/download/v2.0.0-rc.3/docker-compose-linux-amd64 -o ~/.docker/cli-plugins/docker-compose
	chmod +x ~/.docker/cli-plugins/docker-compose
	else
	echo "Docker service already configured"
	fi
	/usr/bin/systemctl --user daemon-reload
	/usr/bin/systemctl --user restart docker.service

	# probes:
	# # Only `readiness` probes are supported right now.
	# - mode: readiness
	# description: vim to be installed
	# script: \|
	# #!/bin/bash
	# set -eux -o pipefail
	# if ! timeout 30s bash -c "until command -v vim; do sleep 3; done"; then
	# echo >&2 "vim is not installed yet"
	# exit 1
	# fi
	# hint: \|
	# vim was not installed in the guest. Make sure the package system is working correctly.
	# Also see "/var/log/cloud-init-output.log" in the guest.

	# ===================================================================== #
	# FURTHER ADVANCED CONFIGURATION
	# ===================================================================== #

	firmware:
	# Use legacy BIOS instead of UEFI.
	# Default: false
	legacyBIOS: false

	video:
	# QEMU display, e.g., "none", "cocoa", "sdl", "gtk".
	# As of QEMU v5.2, enabling this is known to have negative impact
	# on performance on macOS hosts: https://gitlab.com/qemu-project/qemu/-/issues/334
	# Default: "none"
	display: "none"

	# The instance can get routable IP addresses from the vmnet framework using
	# https://github.com/lima-vm/vde_vmnet.
	networks:
	# Lima can manage daemons for networks defined in $LIMA_HOME/_config/networks.yaml
	# automatically. Both vde_switch and vde_vmnet binaries must be installed into
	# secure locations only alterable by the "root" user.
	# - lima: shared
	# # MAC address of the instance; lima will pick one based on the instance name,
	# # so DHCP assigned ip addresses should remain constant over instance restarts.
	# macAddress: ""
	# # Interface name, defaults to "lima0", "lima1", etc.
	# interface: ""
	#
	# Lima can also connect to "unmanaged" vde networks addressed by "vnl". This
	# means that the daemons will not be controlled by Lima, but must be started
	# before the instance. The interface type (host, shared, or bridged) is
	# configured in vde_vmnet and not in lima.
	# vnl (virtual network locator) points to the vde_switch socket directory,
	# optionally with vde:// prefix
	# - vnl: "vde:///var/run/vde.ctl"
	# # VDE Switch port number (not TCP/UDP port number). Set to 65535 for PTP mode.
	# # Default: 0
	# switchPort: 0
	# # MAC address of the instance; lima will pick one based on the instance name,
	# # so DHCP assigned ip addresses should remain constant over instance restarts.
	# macAddress: ""
	# # Interface name, defaults to "lima0", "lima1", etc.
	# interface: ""

	# Port forwarding rules. Forwarding between ports 22 and ssh.localPort cannot be overridden.
	# Rules are checked sequentially until the first one matches.
	portForwards:
	- guestPort: 2375
	hostIP: "127.0.0.1" # overrides the default value "127.0.0.1"; allows privileged port forwarding
	# portForwards:
	# - guestPort: 443
	# hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"; allows privileged port forwarding
	# # default: hostPort: 443 (same as guestPort)
	# # default: guestIP: "127.0.0.1" (also matches bind addresses "0.0.0.0", "::", and "::1")
	# # default: proto: "tcp" (only valid value right now)
	#
	# - guestPortRange: [4000, 4999]
	# hostIP: "0.0.0.0" # overrides the default value "127.0.0.1"
	# # default: hostPortRange: [4000, 4999] (must specify same number of ports as guestPortRange)
	#
	# - guestPort: 80
	# hostPort: 8080 # overrides the default value 80
	#
	# - guestIP: "127.0.0.2" # overrides the default value "127.0.0.1"
	# hostIP: "127.0.0.2" # overrides the default value "127.0.0.1"
	# # default: guestPortRange: [1, 65535]
	# # default: hostPortRange: [1, 65535]
	#
	# - guestPort: 8888
	# ignore: true (don't forward this port)
	#
	# - guestSocket: "/run/user/{{.UID}}/my.sock"
	# hostSocket: mysocket
	# # "guestSocket" can include these template variables: {{.Home}}, {{.UID}}, and {{.User}}.
	# # "hostSocket" can include {{.Home}}, {{.Dir}}, {{.Name}}, {{.UID}}, and {{.User}}.
	# # Put sockets into "{{.Dir}}/sock" to avoid collision with Lima internal sockets!
	# # Sockets can also be forwarded to ports and vice versa, but not to/from a range of ports.
	# # Forwarding requires the lima user to have rw access to the "guestsocket",
	# # and the local user rwx access to the directory of the "hostsocket".
	#
	# # Lima internally appends this fallback rule at the end:
	# - guestIP: "127.0.0.1"
	# guestPortRange: [1, 65535]
	# hostIP: "127.0.0.1"
	# hostPortRange: [1, 65535]
	# # Any port still not matched by a rule will not be forwarded (ignored)

	# Message. Information to be shown to the user, given as a Go template for the instance.
	# The same template variables as for listing instances can be used, for example {{.Dir}}.
	# You can view the complete list of variables using `limactl list --list-fields` command.
	# It also includes {{.HostOS}} and {{.HostArch}} vars, for the runtime GOOS and GOARCH.
	# message: \|
	# This will be shown to the user.

	# Extra environment variables that will be loaded into the VM at start up.
	# These variables are consumed by internal init scripts, and also added
	# to /etc/environment.
	# If you set any of "ftp_proxy", "http_proxy", "https_proxy", or "no_proxy", then
	# Lima will automatically set an uppercase variant to the same value as well.
	# env:
	# KEY: value

	# Lima will override the proxy environment variables with values from the current process
	# environment (the environment in effect when you run `limactl start`). It will automatically
	# replace the strings "localhost" and "127.0.0.1" with the host gateway address from inside
	# the VM, so it stays routable. Use of the process environment can be disabled by setting
	# propagateProxyEnv to false.
	# Default: true
	propagateProxyEnv: true

	# The host agent implements a DNS server that looks up host names on the host
	# using the local system resolver. This means changing VPN and network settings
	# are reflected automatically into the guest, including conditional forward,
	# and mDNS lookup:
	# Default: true
	useHostResolver: true

	# If useHostResolver is false, then the following rules apply for configuring dns:
	# Explicitly set DNS addresses for qemu user-mode networking. By default qemu picks one
	# nameserver from the host config and forwards all queries to this server. On macOS
	# Lima adds the nameservers configured for the "en0" interface to the list. In case this
	# still doesn't work (e.g. VPN setups), the servers can be specified here explicitly.
	# If nameservers are specified here, then the "en0" configuration will be ignored.
	# dns:
	# - 1.1.1.1
	# - 1.0.0.1

	# ===================================================================== #
	# GLOBAL DEFAULTS AND OVERRIDES
	# ===================================================================== #

	# The builtin defaults can be changed globally by creating a $LIMA_HOME/_config/default.yaml
	# file. It will be used by ALL instances under the same $LIMA_HOME, and it
	# will be applied on each `limactl start`, so can affect instance restarts.

	# A similar mechanism is $LIMA_HOME/_config/override.yaml, which will take
	# precedence even over the settings in an instances lima.yaml file.
	# It too applies to ALL instances under the same $LIMA_HOME, and is applied
	# on each restart. It can be used to globally override settings, e.g. make
	# the mount of the home directory writable.

	# On each instance start the config settings are determined: If a value is
	# not set in `lima.yaml`, then the `default.yaml` is used. If that file
	# doesn't exist, or the value is not defined in the file, then the buildin
	# default is used. If `override.yaml` exists and defines the value, then
	# it overrides whatever has been choosen so far.

	# For slices (e.g. `mounts`, `provision`) and maps (`env`) the entries are
	# combined instead of replacing each other. Slices are produced from override
	# settings, followed by lima.yaml, followed by defaults.yaml (but NOT from
	# builtin defaults). Maps are produced starting with defaults.yaml values,
	# overwriting with lima.yaml ones, overwriting with override.yaml.

	# Exceptions:
	# - `dns` will use the list from the highest priority file; they are not
	# combined. If override.yaml defines a list of `dns` entries, then the
	# settings in default.yaml and lima.yaml are ignored.
	#
	# - `mounts` will update the `writable` setting when 2 entries have the
	# same `location` value. For this reason they are processed in the opposite
	# order: starting with default, followed by lima, and then override.
	#
	# -`networks` will replace lower priority entries with the same `interface`
	# name with higher priority definitions. This does not apply if the
	# `interface` field is empty. `networks` are therefore also processed
	# in lowest to highest priority order.

	# ===================================================================== #
	# END OF TEMPLATE
	# ===================================================================== #