switch to incus

hosts/common/optional/lxd/default.nix

@@ -1,18 +1,13 @@
+{ pkgs, ... }:
 {
   imports = [
     ./lxd-preseed.nix
-    ./lxd-networking.nix
   ];
-
+  networking.nftables.enable = true;
   virtualisation = {
-    lxd = {
+    incus = {
+      package = pkgs.incus;
       enable = true;
-
-      recommendedSysctlSettings = true;
-    };
-
-    lxc = {
-      lxcfs.enable = true;
     };
   };
 }

hosts/common/optional/lxd/lxd-networking.nix

@@ -1,21 +0,0 @@
-{ ... }:
-let
-  lxd_profiles = {
-    "default" = (import ./profiles/default.nix);
-  };
-in
-{
-  boot = {
-    kernelModules = [ "nf_nat_ftp" ];
-
-    kernel.sysctl = {
-      "net.ipv4.conf.all.forwarding" = true;
-      "net.ipv4.conf.default.forwarding" = true;
-    };
-  };
-
-  # allow static ipv4 for containers
-  networking.firewall.extraCommands = ''
-    iptables -A INPUT -i ${lxd_profiles.default.network.name} -m comment --comment "lxd rule for ${lxd_profiles.default.network.name}" -j ACCEPT
-  '';
-}

hosts/common/optional/lxd/lxd-preseed.nix

@@ -7,8 +7,14 @@ let
 in
 {
   virtualisation = {
-    lxd = {
+    incus = {
       preseed = {
+
+        config = {
+          "core.https_address" = ":8443";
+          "images.auto_update_interval" = 9;
+        };
+
         networks = [
           lxd_profiles.default.network
         ];

hosts/common/optional/lxd/profiles/default.nix

@@ -6,6 +6,7 @@
     config = {
       "ipv4.address" = "10.100.1.1/8";
       "ipv4.nat" = "true";
+      "ipv4.firewall" = "false";
     };
   };
 
@@ -13,12 +14,12 @@
     {
       name = "postgres";
       driver = "btrfs";
-      config.source = "/dev/zd0";
+      config.source = "/dev/zvol/zspeed/postgres";
     }
     {
       name = "test";
       driver = "btrfs";
-      config.source = "/dev/zd16";
+      config.source = "/dev/zvol/zspeed/test";
     }
   ];