feat: talos-image SBC overlay support, fix talosconfig output format

- talos-image module: Add sbc_overlay variable for single-board computers
  - Support for turingrk1, rock5b, rpi_generic, jetson_nano, and 16+ SBC boards
  - Auto-detection of overlay images from overlay name
- talos-cluster module: Fix talosconfig output format
  - Now generates proper YAML with context, endpoints, nodes
  - Add talosconfig_path output
- talos-wipe.sh: Remove eMMC wipe attempt (system disk), add --yes flag
- Update CHANGELOG.md and README.md for v1.3.9

Author: jfreed-dev

CHANGELOG.md

@@ -7,25 +7,37 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.3.9] - 2026-01-19
+
 ### Added
+- **talos-image module**: SBC overlay support for single-board computers
+  - New `sbc_overlay` variable for board-specific overlays (turingrk1, rpi_generic, rock5b, etc.)
+  - Auto-detection of overlay images from overlay name
+  - Supports 16+ SBC boards across Rockchip, Raspberry Pi, Jetson, and Allwinner families
+- **talos-cluster module**: Added `talosconfig_path` output
+- **talos-wipe.sh**: Added `--yes` / `-y` flag for non-interactive automation
 - **scripts/find-armbian-image.sh** - Find and download Armbian images for Turing RK1 from GitHub releases
-  - Lists all available images with `--list`
-  - Downloads images with `--download`
-  - Generates Armbian autoconfig files for first-boot setup with `--autoconfig`
-  - SSH public key setup with `--ssh-key` for passwordless access
-  - Static IP configuration with `--static-ip`, `--gateway`, `--netmask`, `--dns`
+- **test/addon-test/** - Comprehensive addon module test configuration
+- **test/provider-test/** - Provider data source test configuration
 
 ### Fixed
-- Shellcheck SC2002 warnings in helper scripts (replaced `cat file | cmd` with `cmd < file`)
+- **talos-cluster module**: Fixed talosconfig output format - now generates proper YAML with context, endpoints, nodes (previously output unusable JSON)
+- **talos-wipe.sh**: Removed eMMC wipe attempt - eMMC is system disk and cannot be wiped via talosctl reset
+- Shellcheck SC2002 warnings in helper scripts
 
 ### Changed
-- Enhanced docs/WORKFLOWS.md with comprehensive K3s deployment steps
-  - Network planning section with DHCP reservation recommendation
-  - Static IP configuration via autoconfig for networks without DHCP reservations
-  - Direct URL flashing via BMC API
-  - Autoconfig generation for automated first-boot setup
-  - Node configuration scripts for password, hostname, SSH keys
-  - K3s prerequisites (open-iscsi, nfs-common) for Longhorn support
+- Enhanced docs/WORKFLOWS.md with comprehensive K3s and Talos deployment steps
+- Updated README version references to ~> 1.3.9
+
+### Verified
+- All addon modules tested on Talos v1.9.2 (Turing RK1 with turingrk1 overlay)
+  - metallb: L2 mode with IP pool 10.10.88.80-89
+  - ingress-nginx: LoadBalancer service on 10.10.88.80
+  - cert-manager: Self-signed CA and ClusterIssuers ready
+  - longhorn: StorageClass created with NVMe storage class
+  - monitoring: Prometheus + Grafana with persistent storage
+  - portainer: Agent accessible on 10.10.88.81:9001
+- Talos Image Factory integration with SBC overlays verified
 
 ## [1.3.8] - 2026-01-19
 

README.md

@@ -33,7 +33,7 @@ Reusable Terraform modules for Turing Pi cluster provisioning and management.
 # Deploy Talos cluster
 module "talos" {
   source  = "jfreed-dev/modules/turingpi//modules/talos-cluster"
-  version = ">= 1.3.0"
+  version = "~> 1.3.9"
 
   cluster_name     = "homelab"
   cluster_endpoint = "https://192.168.1.101:6443"
@@ -65,7 +65,7 @@ module "metallb" {
 # Deploy K3s cluster
 module "k3s" {
   source  = "jfreed-dev/modules/turingpi//modules/k3s-cluster"
-  version = ">= 1.3.0"
+  version = "~> 1.3.9"
 
   cluster_name = "homelab"
 
@@ -239,9 +239,19 @@ module "monitoring" {
 ## Requirements
 
 - Terraform >= 1.0
-- [Turing Pi Provider](https://github.com/jfreed-dev/terraform-provider-turingpi) >= 1.3.0 (for flashing)
+- [Turing Pi Provider](https://github.com/jfreed-dev/terraform-provider-turingpi) ~> 1.3.9 (for flashing)
 - [Talos Provider](https://github.com/siderolabs/terraform-provider-talos) >= 0.7 (for Talos clusters)
 
+## Verified Configurations
+
+Tested and verified on v1.3.9:
+- K3s v1.31.4+k3s1 on Armbian 26.2.0-trunk.151 (trixie)
+- BMC firmware v2.3.4
+- MetalLB L2 mode with IP pool assignment
+- Longhorn with 2-replica volumes
+- Prometheus/Grafana with persistent storage
+- Ingress-NGINX with LoadBalancer service
+
 ## License
 
 Apache License 2.0

modules/talos-cluster/main.tf

@@ -97,9 +97,24 @@ resource "local_file" "kubeconfig" {
 }
 
 # Write talosconfig to file if path specified
+# Format: proper talosctl YAML with context, endpoints, and nodes
 resource "local_file" "talosconfig" {
-  count           = var.talosconfig_path != null ? 1 : 0
-  content         = yamlencode(talos_machine_secrets.this.client_configuration)
+  count = var.talosconfig_path != null ? 1 : 0
+  content = yamlencode({
+    context = var.cluster_name
+    contexts = {
+      (var.cluster_name) = {
+        endpoints = [for node in var.control_plane : node.host]
+        nodes = concat(
+          [for node in var.control_plane : node.host],
+          [for node in var.workers : node.host]
+        )
+        ca  = talos_machine_secrets.this.client_configuration.ca_certificate
+        crt = talos_machine_secrets.this.client_configuration.client_certificate
+        key = talos_machine_secrets.this.client_configuration.client_key
+      }
+    }
+  })
   filename        = var.talosconfig_path
   file_permission = "0600"
 }

modules/talos-cluster/outputs.tf

@@ -31,6 +31,11 @@ output "kubeconfig_path" {
   value       = var.kubeconfig_path != null ? var.kubeconfig_path : null
 }
 
+output "talosconfig_path" {
+  description = "Path to talosconfig file (if written)"
+  value       = var.talosconfig_path != null ? var.talosconfig_path : null
+}
+
 output "nvme_enabled" {
   description = "Whether NVMe storage is configured"
   value       = var.nvme_storage_enabled

modules/talos-image/main.tf

@@ -8,31 +8,70 @@ locals {
     full         = ["siderolabs/iscsi-tools", "siderolabs/util-linux-tools", "siderolabs/nfs-utils", "siderolabs/qemu-guest-agent"]
   }
 
+  # SBC overlay image mapping (overlay name -> image)
+  sbc_overlay_images = {
+    # Rockchip-based boards
+    turingrk1            = "siderolabs/sbc-rockchip"
+    rock5b               = "siderolabs/sbc-rockchip"
+    rockpi4              = "siderolabs/sbc-rockchip"
+    rockpi4c             = "siderolabs/sbc-rockchip"
+    rock4cplus           = "siderolabs/sbc-rockchip"
+    rock4se              = "siderolabs/sbc-rockchip"
+    rock64               = "siderolabs/sbc-rockchip"
+    nanopi-r4s           = "siderolabs/sbc-rockchip"
+    nanopi-r5s           = "siderolabs/sbc-rockchip"
+    orangepi-r1-plus-lts = "siderolabs/sbc-rockchip"
+    helios64             = "siderolabs/sbc-rockchip"
+    # Raspberry Pi boards
+    rpi_generic = "siderolabs/sbc-raspberrypi"
+    # Jetson boards
+    jetson_nano = "siderolabs/sbc-jetson"
+    # Allwinner-based boards
+    bananapi_m64           = "siderolabs/sbc-allwinner"
+    libretech_all_h3_cc_h5 = "siderolabs/sbc-allwinner"
+    pine64                 = "siderolabs/sbc-allwinner"
+  }
+
+  # Determine the overlay image (explicit or auto-detected)
+  resolved_overlay_image = var.sbc_overlay != null ? coalesce(
+    var.sbc_overlay_image,
+    lookup(local.sbc_overlay_images, var.sbc_overlay, null)
+  ) : null
+
   # Merge preset extensions with custom extensions
   all_extensions = distinct(concat(
     local.preset_extensions[var.preset],
     var.extensions
   ))
 
-  # Build the schematic YAML
-  schematic_yaml = yamlencode({
-    customization = {
-      systemExtensions = length(local.all_extensions) > 0 ? {
-        officialExtensions = local.all_extensions
-      } : null
-      extraKernelArgs = length(var.extra_kernel_args) > 0 ? var.extra_kernel_args : null
-    }
-  })
+  # Build the schematic YAML (with optional SBC overlay)
+  schematic_yaml = yamlencode(merge(
+    {
+      customization = {
+        systemExtensions = length(local.all_extensions) > 0 ? {
+          officialExtensions = local.all_extensions
+        } : null
+        extraKernelArgs = length(var.extra_kernel_args) > 0 ? var.extra_kernel_args : null
+      }
+    },
+    var.sbc_overlay != null && local.resolved_overlay_image != null ? {
+      overlay = {
+        name  = var.sbc_overlay
+        image = local.resolved_overlay_image
+      }
+    } : {}
+  ))
 
   # Known schematic IDs for common configurations (saves API calls)
+  # Note: Overlays are version-specific, so we can only cache non-overlay schematics
   known_schematics = {
-    # iscsi-tools + util-linux-tools (Longhorn support)
+    # iscsi-tools + util-linux-tools (Longhorn support) - no overlay
     "siderolabs/iscsi-tools,siderolabs/util-linux-tools" = "613e1592b2da41ae5e265e8789429f22e121aab91cb4deb6bc3c0b6262961245"
   }
 
-  # Check if we have a known schematic ID
+  # Check if we have a known schematic ID (only when no overlay is specified)
   extensions_key  = join(",", sort(local.all_extensions))
-  known_schematic = lookup(local.known_schematics, local.extensions_key, null)
+  known_schematic = var.sbc_overlay == null ? lookup(local.known_schematics, local.extensions_key, null) : null
   use_known       = local.known_schematic != null
 }
 

modules/talos-image/outputs.tf

@@ -37,3 +37,13 @@ output "download_command" {
   description = "curl command to download the image"
   value       = local.schematic_id != null ? "curl -LO ${local.image_base_url}/${var.platform}-${var.architecture}.raw.xz" : null
 }
+
+output "sbc_overlay" {
+  description = "SBC overlay name (if configured)"
+  value       = var.sbc_overlay
+}
+
+output "sbc_overlay_image" {
+  description = "SBC overlay image (if configured)"
+  value       = local.resolved_overlay_image
+}

modules/talos-image/variables.tf

@@ -49,3 +49,16 @@ variable "preset" {
     error_message = "Preset must be 'none', 'longhorn', 'longhorn-nfs', 'qemu', or 'full'."
   }
 }
+
+# SBC Overlay configuration
+variable "sbc_overlay" {
+  description = "SBC overlay name for single-board computers (e.g., 'turingrk1', 'rpi_generic', 'rock5b'). Required for SBC hardware support."
+  type        = string
+  default     = null
+}
+
+variable "sbc_overlay_image" {
+  description = "SBC overlay image name (e.g., 'siderolabs/sbc-rockchip'). If not specified, auto-detected from overlay name."
+  type        = string
+  default     = null
+}

scripts/talos-wipe.sh

@@ -13,9 +13,9 @@
 #   -p, --password PASS       BMC password (default: turing, or TURINGPI_PASSWORD env)
 #   -d, --disks DEVICES       Comma-separated user disks to wipe (default: /dev/nvme0n1)
 #   --no-nvme                 Skip NVMe wipe
-#   --no-emmc                 Skip eMMC wipe (eMMC wiped by default)
 #   --clean-terraform         Also clean terraform state files
 #   --force-power-off         Force power off via BMC if graceful shutdown fails
+#   --yes, -y                 Skip interactive confirmation (for automation)
 #   --log FILE                Log output to file
 #   --dry-run                 Show commands without executing
 #   -h, --help                Show this help message
@@ -38,11 +38,10 @@ BMC_IP="${TURINGPI_ENDPOINT:-}"
 BMC_USER="${TURINGPI_USERNAME:-}"
 BMC_PASSWORD="${TURINGPI_PASSWORD:-}"
 USER_DISKS="/dev/nvme0n1"
-EMMC_DEVICE="/dev/mmcblk0"
 WIPE_NVME=true
-WIPE_EMMC=true
 CLEAN_TERRAFORM=false
 FORCE_POWER_OFF=false
+SKIP_CONFIRM=false
 LOG_FILE=""
 DRY_RUN=false
 
@@ -117,9 +116,9 @@ while [[ $# -gt 0 ]]; do
         -p|--password) BMC_PASSWORD="$2"; shift 2 ;;
         -d|--disks) USER_DISKS="$2"; shift 2 ;;
         --no-nvme) WIPE_NVME=false; shift ;;
-        --no-emmc) WIPE_EMMC=false; shift ;;
         --clean-terraform) CLEAN_TERRAFORM=true; shift ;;
         --force-power-off) FORCE_POWER_OFF=true; shift ;;
+        --yes|-y) SKIP_CONFIRM=true; shift ;;
         --log) LOG_FILE="$2"; shift 2 ;;
         --dry-run) DRY_RUN=true; shift ;;
         -h|--help) show_help ;;
@@ -282,20 +281,18 @@ echo ""
 echo "Data to be PERMANENTLY DESTROYED:"
 echo "  • Talos system partitions (STATE, EPHEMERAL)"
 [[ "$WIPE_NVME" == "true" ]] && echo -e "  ${RED}• NVMe drives: $USER_DISKS${NC}"
-[[ "$WIPE_EMMC" == "true" ]] && echo -e "  ${RED}• eMMC boot drives: $EMMC_DEVICE${NC}"
+echo ""
+echo -e "${YELLOW}Note: eMMC is system disk and cannot be wiped via talosctl reset${NC}"
 echo ""
 [[ "$CLEAN_TERRAFORM" == "true" ]] && echo "Terraform cleanup: enabled"
 [[ "$FORCE_POWER_OFF" == "true" ]] && echo "Force power off: enabled"
 [[ -n "$LOG_FILE" ]] && echo "Logging to: $LOG_FILE"
 [[ "$DRY_RUN" == "true" ]] && echo -e "${YELLOW}DRY RUN MODE - No changes will be made${NC}"
 echo ""
 
-# Confirm before proceeding
-if [[ "$DRY_RUN" != "true" ]]; then
+# Confirm before proceeding (unless --yes flag or dry-run)
+if [[ "$DRY_RUN" != "true" && "$SKIP_CONFIRM" != "true" ]]; then
     echo -e "${RED}This will PERMANENTLY DESTROY ALL DATA on these nodes!${NC}"
-    if [[ "$WIPE_EMMC" == "true" ]]; then
-        echo -e "${RED}Nodes will be UNBOOTABLE until re-flashed via BMC!${NC}"
-    fi
     echo ""
     read -p "Type 'DESTROY' to confirm: " confirm
     if [[ "$confirm" != "DESTROY" ]]; then
@@ -317,18 +314,14 @@ if [[ -f "$TALOSCONFIG" ]]; then
     WIPE_CMD+=" --system-labels-to-wipe STATE --system-labels-to-wipe EPHEMERAL"
 
     # Add NVMe disks if enabled
+    # Note: eMMC is system disk and cannot be wiped via talosctl reset
     if [[ "$WIPE_NVME" == "true" && -n "$USER_DISKS" ]]; then
         IFS=',' read -ra DISK_ARRAY <<< "$USER_DISKS"
         for disk in "${DISK_ARRAY[@]}"; do
             WIPE_CMD+=" --user-disks-to-wipe $disk"
         done
     fi
 
-    # Add eMMC disk if enabled
-    if [[ "$WIPE_EMMC" == "true" && -n "$EMMC_DEVICE" ]]; then
-        WIPE_CMD+=" --user-disks-to-wipe $EMMC_DEVICE"
-    fi
-
     # Don't reboot - we want to shutdown
     WIPE_CMD+=" --reboot=false"