mirror of
https://git.adityakumar.xyz/blog.git
synced 2024-11-21 15:22:52 +00:00
install incus on nixos
This commit is contained in:
parent
b837e1692b
commit
af8cc2d4bb
1 changed files with 186 additions and 0 deletions
186
content/post/install-incus-on-nixos.md
Normal file
186
content/post/install-incus-on-nixos.md
Normal file
|
@ -0,0 +1,186 @@
|
|||
---
|
||||
title: "Install Incus on Nixos"
|
||||
date: 2024-02-29T19:14:10+05:30
|
||||
lastmod: 2024-02-29T19:14:10+05:30
|
||||
draft: false;
|
||||
keywords: [incus, nixos]
|
||||
description: ""
|
||||
tags: [incus, nixos]
|
||||
categories: [linux]
|
||||
author: ""
|
||||
|
||||
# You can also close(false) or open(true) something for this content.
|
||||
# P.S. comment can only be closed
|
||||
comment: false
|
||||
toc: true
|
||||
autoCollapseToc: false
|
||||
postMetaInFooter: true
|
||||
hiddenFromHomePage: false
|
||||
# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
|
||||
contentCopyright: false
|
||||
reward: false
|
||||
mathjax: false
|
||||
mathjaxEnableSingleDollar: false
|
||||
mathjaxEnableAutoNumber: false
|
||||
|
||||
# You unlisted posts you might want not want the header or footer to show
|
||||
hideHeaderAndFooter: false
|
||||
|
||||
# You can enable or disable out-of-date content warning for individual post.
|
||||
# Comment this out to use the global config.
|
||||
#enableOutdatedInfoWarning: false
|
||||
|
||||
flowchartDiagrams:
|
||||
enable: false
|
||||
options: ""
|
||||
|
||||
sequenceDiagrams:
|
||||
enable: false
|
||||
options: ""
|
||||
|
||||
---
|
||||
Incus, a manager and hypervisor for system containers (LXC) and virtual machines (QEMU), is an excellent tool for managing and orchestrating your applications and services. It is a fork of LXD by the original maintainers.
|
||||
<!--more-->
|
||||
I found the documentation regarding NixOS lacking and thought I should put it somewhere for future reference. If you have experience with LXD, it will mostly be similar but expect things to get different as time passes.
|
||||
|
||||
## Installation
|
||||
Incus is already present in `nixpkgs` and can be installed by adding
|
||||
```nix
|
||||
virtualisation.incus.enable = true
|
||||
```
|
||||
to your `configuration.nix`. Consider adding yourself to `incus-admin` group to avoid using `sudo` every time. It can be done by
|
||||
```nix
|
||||
users.user.USER.extraGroups = [ "incus-admin" ];
|
||||
```
|
||||
Of course, replace `USER` with your username.
|
||||
|
||||
You need IP forwarding for NAT'ing to work
|
||||
```nix
|
||||
boot.kernel.sysctl = {
|
||||
"net.ipv4.conf.all.forwarding" = true;
|
||||
"net.ipv4.default.forwarding" = true;
|
||||
};
|
||||
```
|
||||
|
||||
Enable kernel module for IP forwarding to work
|
||||
```nix
|
||||
boot.kernelModules = [ "nf_nat_ftp" ];
|
||||
```
|
||||
|
||||
Set up a bridge
|
||||
```nix
|
||||
networking.bridges = { incusbr0.interfaces = []; };
|
||||
```
|
||||
This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here.
|
||||
|
||||
Add firewall rules to enable networking in the container
|
||||
```nix
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A INPUT incusbr0 -j ACCEPT
|
||||
iptables -A FORWARD -o incusbr0 -j ACCEPT
|
||||
iptables -A FORWARD -i incusbr0 -j ACCEPT
|
||||
iptables -A OUTPUT -o incusbr0 -j ACCEPT
|
||||
'';
|
||||
```
|
||||
|
||||
Enable lxcfs to use it
|
||||
```nix
|
||||
virtualisation.lxc.lxcfs.enable = true;
|
||||
```
|
||||
|
||||
Now switch to the new configuration with
|
||||
```nix
|
||||
nixos-rebuild switch
|
||||
```
|
||||
|
||||
## Setting up incus
|
||||
Incus requires initial setup for networking and storage. It can be done interactively by running
|
||||
```bash
|
||||
incus admin init
|
||||
```
|
||||
List all available images
|
||||
```bash
|
||||
incus image list images:
|
||||
```
|
||||
|
||||
Create a new image `alpine` based on Alpine Linux
|
||||
```bash
|
||||
incus launch images:alpine/3.19 alpine
|
||||
```
|
||||
|
||||
Interact with the newly created image
|
||||
```bash
|
||||
incus exec alpine -- ash
|
||||
```
|
||||
This will drop you in an `ash` shell in the container.
|
||||
|
||||
You can copy containers by running
|
||||
```bash
|
||||
incus copy $CONTAINER1 $CONTAINER2
|
||||
```
|
||||
|
||||
List containers
|
||||
```bash
|
||||
incus list
|
||||
```
|
||||
|
||||
Stop container
|
||||
```bash
|
||||
incus stop $CONTAINER
|
||||
```
|
||||
|
||||
Delete container
|
||||
```bash
|
||||
incus delete $CONTAINER
|
||||
```
|
||||
|
||||
## Configuration
|
||||
Launch a new container with resource constrants
|
||||
```bash
|
||||
incus launch images:alpine/3.19 alp1 --config limits.cpu=1 --config limits.memory=192MiB
|
||||
```
|
||||
|
||||
Check configuration
|
||||
```bash
|
||||
incus config show alp1
|
||||
```
|
||||
|
||||
Update configuration
|
||||
```bash
|
||||
incus config set alp1 limits.memory=128MiB
|
||||
```
|
||||
## Interaction
|
||||
Run arbitrary commands
|
||||
```bash
|
||||
incus exec alpine -- apk update
|
||||
```
|
||||
|
||||
Pull a file from container
|
||||
```bash
|
||||
incus file pull alpine/etc/hosts .
|
||||
```
|
||||
|
||||
Push file back to the container
|
||||
```bash
|
||||
incus file push hosts alpine/etc/hosts
|
||||
```
|
||||
|
||||
## Snapshots
|
||||
Create a snapshot
|
||||
```bash
|
||||
incus snapshot create alpine alpine_snapshot
|
||||
```
|
||||
|
||||
Restore the container to the snapshot
|
||||
```bash
|
||||
incus snapshot restore alpine alpine_snapshot
|
||||
```
|
||||
|
||||
Delete the snapshot
|
||||
```bash
|
||||
incus delete alpine/alpine_snapshot
|
||||
```
|
||||
|
||||
## References
|
||||
1. [Howto setup LXD on NixOS with NixOS guest using unmanaged bridge network interface](https://discourse.nixos.org/t/howto-setup-lxd-on-nixos-with-nixos-guest-using-unmanaged-bridge-network-interface/21591)
|
||||
2. [First steps with Incus](https://linuxcontainers.org/incus/docs/main/tutorial/first_steps/)
|
Loading…
Reference in a new issue