Incus: Difference between revisions

(4 intermediate revisions by 4 users not shown)

Line 1:

~~Incus~~ is a next generation system container and virtual machine manager. It is a community driven alternative to Canonical's LXD, keeping the Apache-2.0 license.

[https://linuxcontainers.org/incus/ {{PAGENAME}}] (<s>[[wikipedia:en:LXC#LXD]]</s>) is a next generation system container and virtual machine manager. It is a community driven alternative to Canonical's [[LXD]], keeping the Apache-2.0 license.

This document aims to provide NixOS specific information related to Incus. For non-NixOS specific documentation, please see the upstream documentation: https://linuxcontainers.org/incus/docs/main/

Line 6:

The service can be enabled and started by adding the service to your NixOS configuration. It must still be initialized.

virtualisation.incus.enable = true;

To provide non-root access to the Incus server, you will want to add your user to the incus-admin group. Don't forget to ~~logout and log back in~~.

networking.nftables.enable = true;

See [[#Networking/Firewall]] for more information on the latter option.

To provide non-root access to the Incus server, you will want to add your user to the incus-admin group. Don't forget to reboot.

users.users.YOUR_USERNAME.extraGroups = ["incus-admin"];

You should now be able to use the incus client to talk to the server.<syntaxhighlight lang="shell-session">

Line 72:

Line 75:

== Networking/Firewall ==

When using Incus on NixOS, nftables is required to ensure broadest compatibility with other services that manage firewall rules ~~from release 24.05~~. Trying to use iptables will fail eval, and this can be fixed by switching to nftables and for simple firewalls should be a drop-in replacement for iptables.<syntaxhighlight lang="nix">

When using Incus on NixOS, nftables is required to ensure broadest compatibility with other services that manage firewall rules. Trying to use iptables will fail eval, and this can be fixed by switching to nftables and for simple firewalls should be a drop-in replacement for iptables.<syntaxhighlight lang="nix">

networking.nftables.enable = true;

</syntaxhighlight>

Line 116:

Line 119:

Container and VM images are built by Hydra as part of the [https://github.com/NixOS/nixpkgs/blob/master/nixos/release.nix NixOS release].

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.~~lxdContainerImage~~.x86_64-linux

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.incusContainerImage.x86_64-linux

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.incusVirtualMachineImage.x86_64-linux

~~https://hydra.nixos.org/job/nixos/trunk-combined/nixos.lxdVirtualMachineImage.x86_64-linux~~

Line 153:

Line 157:

system = "x86_64-linux";

modules = [

"${inputs.nixpkgs}/nixos/modules/virtualisation/~~lxd~~-virtual-machine.nix"

"${inputs.nixpkgs}/nixos/modules/virtualisation/incus-virtual-machine.nix"

(

{ pkgs, ... }:

Line 232:

Line 236:

[[Category:Server]]

[[Category:Container]]

[[Category:Virtualization]]

@@ Line 1: / Line 1: @@
-Incus is a next generation system container and virtual machine manager. It is a community driven alternative to Canonical's LXD, keeping the Apache-2.0 license.
+[https://linuxcontainers.org/incus/ {{PAGENAME}}] (<s>[[wikipedia:en:LXC#LXD]]</s>) is a next generation system container and virtual machine manager. It is a community driven alternative to Canonical's [[LXD]], keeping the Apache-2.0 license.
 This document aims to provide NixOS specific information related to Incus. For non-NixOS specific documentation, please see the upstream documentation: https://linuxcontainers.org/incus/docs/main/
@@ Line 6: / Line 6: @@
 The service can be enabled and started by adding the service to your NixOS configuration. It must still be initialized.
   virtualisation.incus.enable = true;
-To provide non-root access to the Incus server, you will want to add your user to the incus-admin group. Don't forget to logout and log back in.
+ networking.nftables.enable = true;
+See [[#Networking/Firewall]] for more information on the latter option.
+To provide non-root access to the Incus server, you will want to add your user to the incus-admin group. Don't forget to reboot.
   users.users.YOUR_USERNAME.extraGroups = ["incus-admin"];
 You should now be able to use the incus client to talk to the server.<syntaxhighlight lang="shell-session">
@@ Line 72: / Line 75: @@
 == Networking/Firewall ==
-When using Incus on NixOS, nftables is required to ensure broadest compatibility with other services that manage firewall rules from release 24.05. Trying to use iptables will fail eval, and this can be fixed by switching to nftables and for simple firewalls should be a drop-in replacement for iptables.<syntaxhighlight lang="nix">
+When using Incus on NixOS, nftables is required to ensure broadest compatibility with other services that manage firewall rules. Trying to use iptables will fail eval, and this can be fixed by switching to nftables and for simple firewalls should be a drop-in replacement for iptables.<syntaxhighlight lang="nix">
 networking.nftables.enable = true;
 </syntaxhighlight>
@@ Line 116: / Line 119: @@
 Container and VM images are built by Hydra as part of the [https://github.com/NixOS/nixpkgs/blob/master/nixos/release.nix NixOS release].
-https://hydra.nixos.org/job/nixos/trunk-combined/nixos.lxdContainerImage.x86_64-linux
+https://hydra.nixos.org/job/nixos/trunk-combined/nixos.incusContainerImage.x86_64-linux
+https://hydra.nixos.org/job/nixos/trunk-combined/nixos.incusVirtualMachineImage.x86_64-linux
-https://hydra.nixos.org/job/nixos/trunk-combined/nixos.lxdVirtualMachineImage.x86_64-linux
@@ Line 153: / Line 157: @@
      system = "x86_64-linux";
      modules = [
-       "${inputs.nixpkgs}/nixos/modules/virtualisation/lxd-virtual-machine.nix"
+       "${inputs.nixpkgs}/nixos/modules/virtualisation/incus-virtual-machine.nix"
        (
          { pkgs, ... }:
@@ Line 232: / Line 236: @@
 [[Category:Server]]
 [[Category:Container]]
+[[Category:Virtualization]]