aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--content/post/install-incus-on-nixos.md12
1 files changed, 10 insertions, 2 deletions
diff --git a/content/post/install-incus-on-nixos.md b/content/post/install-incus-on-nixos.md
index 4c0a608..8a0aca4 100644
--- a/content/post/install-incus-on-nixos.md
+++ b/content/post/install-incus-on-nixos.md
@@ -1,7 +1,7 @@
---
title: "Install Incus on Nixos"
date: 2024-02-29T19:14:10+05:30
-lastmod: 2024-02-29T19:14:10+05:30
+lastmod: 2024-03-16T00:21:10+05:30
draft: false;
keywords: [incus, nixos]
description: ""
@@ -73,7 +73,7 @@ networking.bridges = { incusbr0.interfaces = []; };
```
This is used to provide NAT'd internet to the guest. It is manipulated directly by incus, so no need to specify any bridged interfaces here.
-Add firewall rules to enable networking in the container
+<s>Add firewall rules to enable networking in the container
```nix
networking.firewall.extraCommands = ''
iptables -A INPUT incusbr0 -j ACCEPT
@@ -82,8 +82,16 @@ networking.firewall.extraCommands = ''
iptables -A OUTPUT -o incusbr0 -j ACCEPT
'';
```
+</s>
+Incus on NixOS dropped `iptables` support and recommends using `nftables`. Enable `nftables` and add `incusbr0` to trusted interfaces.
+
+```nix
+networking.nftables.enable = true;
+networking.firewall.trustedInterfaces = [ "incusbr0" ];
+```
Enable lxcfs to use it
+
```nix
virtualisation.lxc.lxcfs.enable = true;
```