Incus: Difference between revisions

Line 31:

NixOS has an option for providing a preseed to Incus, as documented in the initialize link above. This is a declarative initialization, with the caveat that Incus preseed will never remove a resource created. Here is an example that is similar to the Minimal initialization option.<syntaxhighlight lang="nix">

virtualisation.incus.preseed = {

networks = [

{

config = {

Line 77:

networking.firewall.trustedInterfaces = [ "incusbr0" ];

== NixOS Instances ==

To launch a new NixOS container use the following command.

<pre>

incus launch images:nixos/unstable nixos -c security.nesting=true

</pre>

A NixOS virtual machine is launched with the following.

incus launch images:nixos/unstable nixos -c security.secureboot=false

== NixOS Images ==

Line 97:

Line 106:

https://hydra.nixos.org/job/nixos/trunk-combined/nixos.lxdVirtualMachineImage.x86_64-linux

Line 106:

Line 116:

=== Custom Images ===

All the necessary build infrastructure exists in nixpkgs to build custom images.

Define some NixOS systems.<syntaxhighlight lang="nix">

nixosConfigurations = {

container = inputs.nixpkgs.lib.nixosSystem {

system = "x86_64-linux";

modules = [

"${inputs.nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"

(

{ pkgs, ... }:

{

environment.systemPackages = [ pkgs.vim ];

}

)

];

};

vm = inputs.nixpkgs.lib.nixosSystem {

system = "x86_64-linux";

modules = [

"${inputs.nixpkgs}/nixos/modules/virtualisation/lxd-virtual-machine.nix"

(

{ pkgs, ... }:

{

environment.systemPackages = [ pkgs.vim ];

}

)

];

};

</syntaxhighlight>Then you can build the image and associated metadata.<syntaxhighlight lang="shell-session">

# nix build .#nixosConfigurations.container.config.system.build.squashfs --print-out-paths

/nix/store/24djf2qlpkyh29va8z6pxrqp8x5z6xyv-nixos-lxc-image-x86_64-linux.img

# nix build .#nixosConfigurations.container.config.system.build.metadata --print-out-paths

/nix/store/2snjw9y8brfh5gia44jv6bhdhmmdydva-tarball

# nix build .#nixosConfigurations.vm.config.system.build.qemuImage --print-out-paths

/nix/store/znk28bp34bycb3h5k0byb61bwda23q5l-nixos-disk-image

=~~= NixOS Instances ==~~

# nix build .#nixosConfigurations.vm.config.system.build.metadata --print-out-paths

~~To launch a new~~ NixOS ~~container use the following command~~.

/nix/store/2snjw9y8brfh5gia44jv6bhdhmmdydva-tarball

</syntaxhighlight>Finally, the image can be imported into an Incus storage pool and used to launch instances.<syntaxhighlight lang="shell-session">

# incus image import --alias nixos/custom/container /nix/store/2snjw9y8brfh5gia44jv6bhdhmmdydva-tarball/tarball/nixos-system-x86_64-linux.tar.xz /nix/store/24djf2qlpkyh29va8z6pxrqp8x5z6xyv-nixos-lxc-image-x86_64-linux.img

Image imported with fingerprint: 9d0d6f3df0cccec4da7ce4f69952bd389b6dd655fd9070e498f591aaffbb2cda

# incus image list nixos/custom/container

+------------------------+--------------+--------+--------------------------------------------------+--------------+-----------+-----------+----------------------+

+------------------------+--------------+--------+--------------------------------------------------+--------------+-----------+-----------+----------------------+

| nixos/custom/container | 9d0d6f3df0cc | no | NixOS Uakari 24.05.20240513.a39a12a x86_64-linux | x86_64 | CONTAINER | 170.31MiB | 2024/05/21 09:21 EDT |

+------------------------+--------------+--------+--------------------------------------------------+--------------+-----------+-----------+----------------------+

~~<pre>~~

# incus launch nixos/custom/container -c security.nesting=true

incus launch ~~images:~~nixos/~~unstable nixos~~ -c security.nesting=true

Launching the instance

~~</pre>~~

Instance name is: square-heron

~~A NixOS virtual machine is launched with the following.~~

# incus shell square-heron

incus ~~launch images:nixos/unstable nixos~~ -~~c security.secureboot=false~~

[root@nixos:~]# which vim

/run/current-system/sw/bin/vim

</syntaxhighlight>

[[Category:Server]]

[[Category:Container]]