modules/nixos/incus.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.nixfiles.modules.incus;
in {
  options.nixfiles.modules.incus.enable = mkEnableOption "Incus";

  config = mkIf cfg.enable {
    ark.directories = ["/var/lib/incus"];

    virtualisation.incus = {
      enable = true;

      preseed = mkDefault {
        networks = [
          {
            name = "incusbr0";
            type = "bridge";
            config = {
              "ipv4.address" = "10.0.30.1/24";
              "ipv4.nat" = true;
              "ipv6.address" = "fc30::1/64";
              "ipv6.nat" = true;
            };
          }
        ];
        storage_pools = [
          {
            name = "default";
            driver = "dir";
            config.source = "/var/lib/incus/storage-pools/default";
          }
        ];
        profiles = [
          {
            name = "default";
            devices = {
              eth0 = {
                type = "nic";
                name = "eth0";
                network = "incusbr0";
              };
              root = {
                type = "disk";
                pool = "default";
                size = "15GiB";
                path = "/";
              };
            };
          }
        ];
      };
    };

    networking.firewall.trustedInterfaces = ["incusbr0"];

    my.extraGroups = ["incus-admin"];
  };
}