diff options
author | Aditya <bluenerd@protonmail.com> | 2024-03-16 00:21:50 +0530 |
---|---|---|
committer | Aditya <bluenerd@protonmail.com> | 2024-03-16 00:21:50 +0530 |
commit | c9126cdbad7cfee5332a981fa1d4cb21b8fb910f (patch) | |
tree | 8d45a9c9a566fa90310400a3ab5e64c34fce263d /content | |
parent | 13a1bfab953c6f273f91082331051e2a7957203d (diff) |
update incus container internet connectivity
Diffstat (limited to 'content')
-rw-r--r-- | content/post/install-incus-on-nixos.md | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/content/post/install-incus-on-nixos.md b/content/post/install-incus-on-nixos.md index 4c0a608..8a0aca4 100644 --- a/content/post/install-incus-on-nixos.md +++ b/content/post/install-incus-on-nixos.md @@ -1,7 +1,7 @@ --- title: "Install Incus on Nixos" date: 2024-02-29T19:14:10+05:30 -lastmod: 2024-02-29T19:14:10+05:30 +lastmod: 2024-03-16T00:21:10+05:30 draft: false; keywords: [incus, nixos] description: "" @@ -73,7 +73,7 @@ networking.bridges = { incusbr0.interfaces = []; }; ``` This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here. -Add firewall rules to enable networking in the container +<s>Add firewall rules to enable networking in the container ```nix networking.firewall.extraCommands = '' iptables -A INPUT incusbr0 -j ACCEPT @@ -82,8 +82,16 @@ networking.firewall.extraCommands = '' iptables -A OUTPUT -o incusbr0 -j ACCEPT ''; ``` +</s> +Incus on NixOS dropped `iptables` support and recommends using `nftables`. Enable `nftables` and add `incusbr0` to trusted interfaces. + +```nix +networking.nftables.enable = true; +networking.firewall.trustedInterfaces = [ "incusbr0" ]; +``` Enable lxcfs to use it + ```nix virtualisation.lxc.lxcfs.enable = true; ``` |