mirror of
https://git.adityakumar.xyz/blog.git
synced 2024-11-21 15:22:52 +00:00
install incus on nixos
This commit is contained in:
parent
b837e1692b
commit
af8cc2d4bb
1 changed files with 186 additions and 0 deletions
186
content/post/install-incus-on-nixos.md
Normal file
186
content/post/install-incus-on-nixos.md
Normal file
|
@ -0,0 +1,186 @@
|
||||||
|
---
|
||||||
|
title: "Install Incus on Nixos"
|
||||||
|
date: 2024-02-29T19:14:10+05:30
|
||||||
|
lastmod: 2024-02-29T19:14:10+05:30
|
||||||
|
draft: false;
|
||||||
|
keywords: [incus, nixos]
|
||||||
|
description: ""
|
||||||
|
tags: [incus, nixos]
|
||||||
|
categories: [linux]
|
||||||
|
author: ""
|
||||||
|
|
||||||
|
# You can also close(false) or open(true) something for this content.
|
||||||
|
# P.S. comment can only be closed
|
||||||
|
comment: false
|
||||||
|
toc: true
|
||||||
|
autoCollapseToc: false
|
||||||
|
postMetaInFooter: true
|
||||||
|
hiddenFromHomePage: false
|
||||||
|
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
|
||||||
|
contentCopyright: false
|
||||||
|
reward: false
|
||||||
|
mathjax: false
|
||||||
|
mathjaxEnableSingleDollar: false
|
||||||
|
mathjaxEnableAutoNumber: false
|
||||||
|
|
||||||
|
# You unlisted posts you might want not want the header or footer to show
|
||||||
|
hideHeaderAndFooter: false
|
||||||
|
|
||||||
|
# You can enable or disable out-of-date content warning for individual post.
|
||||||
|
# Comment this out to use the global config.
|
||||||
|
#enableOutdatedInfoWarning: false
|
||||||
|
|
||||||
|
flowchartDiagrams:
|
||||||
|
enable: false
|
||||||
|
options: ""
|
||||||
|
|
||||||
|
sequenceDiagrams:
|
||||||
|
enable: false
|
||||||
|
options: ""
|
||||||
|
|
||||||
|
---
|
||||||
|
Incus, a manager and hypervisor for system containers (LXC) and virtual machines (QEMU), is an excellent tool for managing and orchestrating your applications and services. It is a fork of LXD by the original maintainers.
|
||||||
|
<!--more-->
|
||||||
|
I found the documentation regarding NixOS lacking and thought I should put it somewhere for future reference. If you have experience with LXD, it will mostly be similar but expect things to get different as time passes.
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
Incus is already present in `nixpkgs` and can be installed by adding
|
||||||
|
```nix
|
||||||
|
virtualisation.incus.enable = true
|
||||||
|
```
|
||||||
|
to your `configuration.nix`. Consider adding yourself to `incus-admin` group to avoid using `sudo` every time. It can be done by
|
||||||
|
```nix
|
||||||
|
users.user.USER.extraGroups = [ "incus-admin" ];
|
||||||
|
```
|
||||||
|
Of course, replace `USER` with your username.
|
||||||
|
|
||||||
|
You need IP forwarding for NAT'ing to work
|
||||||
|
```nix
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.ipv4.conf.all.forwarding" = true;
|
||||||
|
"net.ipv4.default.forwarding" = true;
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
Enable kernel module for IP forwarding to work
|
||||||
|
```nix
|
||||||
|
boot.kernelModules = [ "nf_nat_ftp" ];
|
||||||
|
```
|
||||||
|
|
||||||
|
Set up a bridge
|
||||||
|
```nix
|
||||||
|
networking.bridges = { incusbr0.interfaces = []; };
|
||||||
|
```
|
||||||
|
This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here.
|
||||||
|
|
||||||
|
Add firewall rules to enable networking in the container
|
||||||
|
```nix
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
iptables -A INPUT incusbr0 -j ACCEPT
|
||||||
|
iptables -A FORWARD -o incusbr0 -j ACCEPT
|
||||||
|
iptables -A FORWARD -i incusbr0 -j ACCEPT
|
||||||
|
iptables -A OUTPUT -o incusbr0 -j ACCEPT
|
||||||
|
'';
|
||||||
|
```
|
||||||
|
|
||||||
|
Enable lxcfs to use it
|
||||||
|
```nix
|
||||||
|
virtualisation.lxc.lxcfs.enable = true;
|
||||||
|
```
|
||||||
|
|
||||||
|
Now switch to the new configuration with
|
||||||
|
```nix
|
||||||
|
nixos-rebuild switch
|
||||||
|
```
|
||||||
|
|
||||||
|
## Setting up incus
|
||||||
|
Incus requires initial setup for networking and storage. It can be done interactively by running
|
||||||
|
```bash
|
||||||
|
incus admin init
|
||||||
|
```
|
||||||
|
List all available images
|
||||||
|
```bash
|
||||||
|
incus image list images:
|
||||||
|
```
|
||||||
|
|
||||||
|
Create a new image `alpine` based on Alpine Linux
|
||||||
|
```bash
|
||||||
|
incus launch images:alpine/3.19 alpine
|
||||||
|
```
|
||||||
|
|
||||||
|
Interact with the newly created image
|
||||||
|
```bash
|
||||||
|
incus exec alpine -- ash
|
||||||
|
```
|
||||||
|
This will drop you in an `ash` shell in the container.
|
||||||
|
|
||||||
|
You can copy containers by running
|
||||||
|
```bash
|
||||||
|
incus copy $CONTAINER1 $CONTAINER2
|
||||||
|
```
|
||||||
|
|
||||||
|
List containers
|
||||||
|
```bash
|
||||||
|
incus list
|
||||||
|
```
|
||||||
|
|
||||||
|
Stop container
|
||||||
|
```bash
|
||||||
|
incus stop $CONTAINER
|
||||||
|
```
|
||||||
|
|
||||||
|
Delete container
|
||||||
|
```bash
|
||||||
|
incus delete $CONTAINER
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
Launch a new container with resource constrants
|
||||||
|
```bash
|
||||||
|
incus launch images:alpine/3.19 alp1 --config limits.cpu=1 --config limits.memory=192MiB
|
||||||
|
```
|
||||||
|
|
||||||
|
Check configuration
|
||||||
|
```bash
|
||||||
|
incus config show alp1
|
||||||
|
```
|
||||||
|
|
||||||
|
Update configuration
|
||||||
|
```bash
|
||||||
|
incus config set alp1 limits.memory=128MiB
|
||||||
|
```
|
||||||
|
## Interaction
|
||||||
|
Run arbitrary commands
|
||||||
|
```bash
|
||||||
|
incus exec alpine -- apk update
|
||||||
|
```
|
||||||
|
|
||||||
|
Pull a file from container
|
||||||
|
```bash
|
||||||
|
incus file pull alpine/etc/hosts .
|
||||||
|
```
|
||||||
|
|
||||||
|
Push file back to the container
|
||||||
|
```bash
|
||||||
|
incus file push hosts alpine/etc/hosts
|
||||||
|
```
|
||||||
|
|
||||||
|
## Snapshots
|
||||||
|
Create a snapshot
|
||||||
|
```bash
|
||||||
|
incus snapshot create alpine alpine_snapshot
|
||||||
|
```
|
||||||
|
|
||||||
|
Restore the container to the snapshot
|
||||||
|
```bash
|
||||||
|
incus snapshot restore alpine alpine_snapshot
|
||||||
|
```
|
||||||
|
|
||||||
|
Delete the snapshot
|
||||||
|
```bash
|
||||||
|
incus delete alpine/alpine_snapshot
|
||||||
|
```
|
||||||
|
|
||||||
|
## References
|
||||||
|
1. [Howto setup LXD on NixOS with NixOS guest using unmanaged bridge network interface](https://discourse.nixos.org/t/howto-setup-lxd-on-nixos-with-nixos-guest-using-unmanaged-bridge-network-interface/21591)
|
||||||
|
2. [First steps with Incus](https://linuxcontainers.org/incus/docs/main/tutorial/first_steps/)
|
Loading…
Reference in a new issue