From 2e24bebafcb967adee3b766eccf4a9193af7a71e Mon Sep 17 00:00:00 2001
From: Sridhar Ratnakumar <3998+srid@users.noreply.github.com>
Date: Tue, 21 Jan 2025 15:19:24 -0500
Subject: [PATCH] Use incus (#77)

---
 configurations/nixos/pureintent/default.nix |  1 +
 modules/nixos/linux/lxd.nix                 | 61 ++++++++++++++++++++-
 2 files changed, 59 insertions(+), 3 deletions(-)

diff --git a/configurations/nixos/pureintent/default.nix b/configurations/nixos/pureintent/default.nix
index 23a4387..a436c9f 100644
--- a/configurations/nixos/pureintent/default.nix
+++ b/configurations/nixos/pureintent/default.nix
@@ -11,6 +11,7 @@ in
   imports = [
     self.nixosModules.default
     ./configuration.nix
+    (self + /modules/nixos/linux/lxd.nix)
     (self + /modules/nixos/shared/github-runner.nix)
   ];
 
diff --git a/modules/nixos/linux/lxd.nix b/modules/nixos/linux/lxd.nix
index a93db4e..fe3a910 100644
--- a/modules/nixos/linux/lxd.nix
+++ b/modules/nixos/linux/lxd.nix
@@ -1,7 +1,62 @@
-{ flake, ... }: {
-  virtualisation.lxd.enable = true;
+# https://wiki.nixos.org/wiki/Incus
+{ flake, ... }:
+let
+  networkName = "incusbr0";
+
+  # Problems? 
+  # 1. Disable the service
+  # 2. Reset with: `sudo rm -rf /var/lib/lx* /var/lib/incus/`
+  # 3. Reboot
+  # 4. Then re-enable service
+  #
+  # Getting `user-1000` related nonsense errors?
+  # Just use the default project: `incus project switch default`
+  preseedConfig = {
+    networks = [
+      {
+        name = networkName;
+        type = "bridge";
+      }
+    ];
+    profiles = [
+      {
+        name = "default";
+        devices = {
+          eth0 = {
+            name = "eth0";
+            network = networkName;
+            type = "nic";
+          };
+          root = {
+            path = "/";
+            pool = "default";
+            type = "disk";
+          };
+        };
+      }
+    ];
+    storage_pools = [
+      {
+        name = "default";
+        driver = "dir";
+        config = {
+          source = "/var/lib/incus/storage-pools/default";
+        };
+      }
+    ];
+  };
+in
+{
+  virtualisation.incus = {
+    enable = true;
+    preseed = preseedConfig;
+  };
 
   users.users.${flake.config.me.username} = {
-    extraGroups = [ "lxd" ];
+    extraGroups = [ "incus" "incus-admin" ];
   };
+
+  networking.nftables.enable = true;
+
+  networking.firewall.trustedInterfaces = [ networkName ];
 }