aditya/blog
1
0
Fork 0
mirror of https://git.adityakumar.xyz/blog.git synced 2024-11-09 10:59:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

install incus on nixos

Browse source
This commit is contained in:
Aditya 2024-02-29 20:06:03 +05:30
parent b837e1692b
commit af8cc2d4bb
Signed by: aditya
SSH key fingerprint: SHA256:jL1IvWsjjlPtw6HvDIHfXfhO9IkIokNEyIfuFhSdoyU
1 changed files with 186 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

186
content/post/install-incus-on-nixos.md Normal file
View file

@ -0,0 +1,186 @@
---
title: "Install Incus on Nixos"
date: 2024-02-29T19:14:10+05:30
lastmod: 2024-02-29T19:14:10+05:30
draft: false;
keywords: [incus, nixos]
description: ""
tags: [incus, nixos]
categories: [linux]
author: ""
# You can also close(false) or open(true) something for this content.
# P.S. comment can only be closed
comment: false
toc: true
autoCollapseToc: false
postMetaInFooter: true
hiddenFromHomePage: false
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
contentCopyright: false
reward: false
mathjax: false
mathjaxEnableSingleDollar: false
mathjaxEnableAutoNumber: false
# You unlisted posts you might want not want the header or footer to show
hideHeaderAndFooter: false
# You can enable or disable out-of-date content warning for individual post.
# Comment this out to use the global config.
#enableOutdatedInfoWarning: false
flowchartDiagrams:
enable: false
options: ""
sequenceDiagrams:
enable: false
options: ""
---
Incus, a manager and hypervisor for system containers (LXC) and virtual machines (QEMU), is an excellent tool for managing and orchestrating your applications and services. It is a fork of LXD by the original maintainers.
<!--more-->
I found the documentation regarding NixOS lacking and thought I should put it somewhere for future reference. If you have experience with LXD, it will mostly be similar but expect things to get different as time passes.
## Installation
Incus is already present in `nixpkgs` and can be installed by adding
```nix
virtualisation.incus.enable = true
```
to your `configuration.nix`. Consider adding yourself to `incus-admin` group to avoid using `sudo` every time. It can be done by
```nix
users.user.USER.extraGroups = [ "incus-admin" ];
```
Of course, replace `USER` with your username.
You need IP forwarding for NAT'ing to work
```nix
boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true;
"net.ipv4.default.forwarding" = true;
};
```
Enable kernel module for IP forwarding to work
```nix
boot.kernelModules = [ "nf_nat_ftp" ];
```
Set up a bridge
```nix
networking.bridges = { incusbr0.interfaces = []; };
```
This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here.
Add firewall rules to enable networking in the container
```nix
networking.firewall.extraCommands = ''
iptables -A INPUT incusbr0 -j ACCEPT
iptables -A FORWARD -o incusbr0 -j ACCEPT
iptables -A FORWARD -i incusbr0 -j ACCEPT
iptables -A OUTPUT -o incusbr0 -j ACCEPT
'';
```
Enable lxcfs to use it
```nix
virtualisation.lxc.lxcfs.enable = true;
```
Now switch to the new configuration with
```nix
nixos-rebuild switch
```
## Setting up incus
Incus requires initial setup for networking and storage. It can be done interactively by running
```bash
incus admin init
```
List all available images
```bash
incus image list images:
```
Create a new image `alpine` based on Alpine Linux
```bash
incus launch images:alpine/3.19 alpine
```
Interact with the newly created image
```bash
incus exec alpine -- ash
```
This will drop you in an `ash` shell in the container.
You can copy containers by running
```bash
incus copy $CONTAINER1 $CONTAINER2
```
List containers
```bash
incus list
```
Stop container
```bash
incus stop $CONTAINER
```
Delete container
```bash
incus delete $CONTAINER
```
## Configuration
Launch a new container with resource constrants
```bash
incus launch images:alpine/3.19 alp1 --config limits.cpu=1 --config limits.memory=192MiB
```
Check configuration
```bash
incus config show alp1
```
Update configuration
```bash
incus config set alp1 limits.memory=128MiB
```
## Interaction
Run arbitrary commands
```bash
incus exec alpine -- apk update
```
Pull a file from container
```bash
incus file pull alpine/etc/hosts .
```
Push file back to the container
```bash
incus file push hosts alpine/etc/hosts
```
## Snapshots
Create a snapshot
```bash
incus snapshot create alpine alpine_snapshot
```
Restore the container to the snapshot
```bash
incus snapshot restore alpine alpine_snapshot
```
Delete the snapshot
```bash
incus delete alpine/alpine_snapshot
```
## References
1. [Howto setup LXD on NixOS with NixOS guest using unmanaged bridge network interface](https://discourse.nixos.org/t/howto-setup-lxd-on-nixos-with-nixos-guest-using-unmanaged-bridge-network-interface/21591)
2. [First steps with Incus](https://linuxcontainers.org/incus/docs/main/tutorial/first_steps/)