diff options
| -rw-r--r-- | content/post/install-incus-on-nixos.md | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/content/post/install-incus-on-nixos.md b/content/post/install-incus-on-nixos.md index 4c0a608..8a0aca4 100644 --- a/content/post/install-incus-on-nixos.md +++ b/content/post/install-incus-on-nixos.md @@ -1,7 +1,7 @@ --- title: "Install Incus on Nixos" date: 2024-02-29T19:14:10+05:30 -lastmod: 2024-02-29T19:14:10+05:30 +lastmod: 2024-03-16T00:21:10+05:30 draft: false; keywords: [incus, nixos] description: "" @@ -73,7 +73,7 @@ networking.bridges = { incusbr0.interfaces = []; }; ``` This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here. -Add firewall rules to enable networking in the container +<s>Add firewall rules to enable networking in the container ```nix networking.firewall.extraCommands = '' iptables -A INPUT incusbr0 -j ACCEPT @@ -82,8 +82,16 @@ networking.firewall.extraCommands = '' iptables -A OUTPUT -o incusbr0 -j ACCEPT ''; ``` +</s> +Incus on NixOS dropped `iptables` support and recommends using `nftables`. Enable `nftables` and add `incusbr0` to trusted interfaces. + +```nix +networking.nftables.enable = true; +networking.firewall.trustedInterfaces = [ "incusbr0" ]; +``` Enable lxcfs to use it + ```nix virtualisation.lxc.lxcfs.enable = true; ``` |