#incus — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #incus, aggregated by home.social.
-
I have secured my home access a bit more.
I now run a Wireguard VPN-server inside an Incus container.
The container has two interfaces.
One on my LAN and one only shared with the host via Incus.The host runs a ssh-server that only binds to the interface shared with the container.
So the only access to my ssh-server is through the VPN.
The VPN is configured with a PSK to be more resistant against post quantum encryption.
My ssh-server only accepts key-authentication and post quantum KEX.
-
I have secured my home access a bit more.
I now run a Wireguard VPN-server inside an Incus container.
The container has two interfaces.
One on my LAN and one only shared with the host via Incus.The host runs a ssh-server that only binds to the interface shared with the container.
So the only access to my ssh-server is through the VPN.
The VPN is configured with a PSK to be more resistant against post quantum encryption.
My ssh-server only accepts key-authentication and post quantum KEX.
-
I have secured my home access a bit more.
I now run a Wireguard VPN-server inside an Incus container.
The container has two interfaces.
One on my LAN and one only shared with the host via Incus.The host runs a ssh-server that only binds to the interface shared with the container.
So the only access to my ssh-server is through the VPN.
The VPN is configured with a PSK to be more resistant against post quantum encryption.
My ssh-server only accepts key-authentication and post quantum KEX.
-
I have secured my home access a bit more.
I now run a Wireguard VPN-server inside an Incus container.
The container has two interfaces.
One on my LAN and one only shared with the host via Incus.The host runs a ssh-server that only binds to the interface shared with the container.
So the only access to my ssh-server is through the VPN.
The VPN is configured with a PSK to be more resistant against post quantum encryption.
My ssh-server only accepts key-authentication and post quantum KEX.
-
I have secured my home access a bit more.
I now run a Wireguard VPN-server inside an Incus container.
The container has two interfaces.
One on my LAN and one only shared with the host via Incus.The host runs a ssh-server that only binds to the interface shared with the container.
So the only access to my ssh-server is through the VPN.
The VPN is configured with a PSK to be more resistant against post quantum encryption.
My ssh-server only accepts key-authentication and post quantum KEX.
-
@violet
There are many opinions and combinations possible, of course. I prefer simple, community backed, and solid foss blocks that interoperate. That converged to:
* #debian for base OS
* data on encrypted #zfs
* #incus for VM and system containers management (formerly LXD)
* #ansible for automation, with the debops collectionInfrastructure for people, to solve our problems and at our scale, with all the tools under direct control of worker sysadmins
-
@violet
There are many opinions and combinations possible, of course. I prefer simple, community backed, and solid foss blocks that interoperate. That converged to:
* #debian for base OS
* data on encrypted #zfs
* #incus for VM and system containers management (formerly LXD)
* #ansible for automation, with the debops collectionInfrastructure for people, to solve our problems and at our scale, with all the tools under direct control of worker sysadmins
-
@violet
There are many opinions and combinations possible, of course. I prefer simple, community backed, and solid foss blocks that interoperate. That converged to:
* #debian for base OS
* data on encrypted #zfs
* #incus for VM and system containers management (formerly LXD)
* #ansible for automation, with the debops collectionInfrastructure for people, to solve our problems and at our scale, with all the tools under direct control of worker sysadmins
-
@violet
There are many opinions and combinations possible, of course. I prefer simple, community backed, and solid foss blocks that interoperate. That converged to:
* #debian for base OS
* data on encrypted #zfs
* #incus for VM and system containers management (formerly LXD)
* #ansible for automation, with the debops collectionInfrastructure for people, to solve our problems and at our scale, with all the tools under direct control of worker sysadmins
-
@violet
There are many opinions and combinations possible, of course. I prefer simple, community backed, and solid foss blocks that interoperate. That converged to:
* #debian for base OS
* data on encrypted #zfs
* #incus for VM and system containers management (formerly LXD)
* #ansible for automation, with the debops collectionInfrastructure for people, to solve our problems and at our scale, with all the tools under direct control of worker sysadmins
-
I used to name my VM's when I launched them, last week I forgot to do it and I have been allowing incus to do the naming now.
-
Updated my #homelab to #k3s 1.35, deployed #vaultwarden, #pihole with #unbound and #forgejo with #woodpecker. All the web guis have #letsencryt certificates. Storage redundancy is achieved by #longhorn which maintains redundant copies of pvcs across the nodes. The nodes are vms controlled by #incus, so that I can shut down the whole k8s thingy with a simple incus stop command when I’m done playing.
k3s is really nice and easy to deploy and well documented, getting things to run in k8s though is mainly pasting yaml from the internet and hoping for the best. -
Updated my #homelab to #k3s 1.35, deployed #vaultwarden, #pihole with #unbound and #forgejo with #woodpecker. All the web guis have #letsencryt certificates. Storage redundancy is achieved by #longhorn which maintains redundant copies of pvcs across the nodes. The nodes are vms controlled by #incus, so that I can shut down the whole k8s thingy with a simple incus stop command when I’m done playing.
k3s is really nice and easy to deploy and well documented, getting things to run in k8s though is mainly pasting yaml from the internet and hoping for the best. -
Updated my #homelab to #k3s 1.35, deployed #vaultwarden, #pihole with #unbound and #forgejo with #woodpecker. All the web guis have #letsencryt certificates. Storage redundancy is achieved by #longhorn which maintains redundant copies of pvcs across the nodes. The nodes are vms controlled by #incus, so that I can shut down the whole k8s thingy with a simple incus stop command when I’m done playing.
k3s is really nice and easy to deploy and well documented, getting things to run in k8s though is mainly pasting yaml from the internet and hoping for the best. -
Updated my #homelab to #k3s 1.35, deployed #vaultwarden, #pihole with #unbound and #forgejo with #woodpecker. All the web guis have #letsencryt certificates. Storage redundancy is achieved by #longhorn which maintains redundant copies of pvcs across the nodes. The nodes are vms controlled by #incus, so that I can shut down the whole k8s thingy with a simple incus stop command when I’m done playing.
k3s is really nice and easy to deploy and well documented, getting things to run in k8s though is mainly pasting yaml from the internet and hoping for the best. -
Updated my #homelab to #k3s 1.35, deployed #vaultwarden, #pihole with #unbound and #forgejo with #woodpecker. All the web guis have #letsencryt certificates. Storage redundancy is achieved by #longhorn which maintains redundant copies of pvcs across the nodes. The nodes are vms controlled by #incus, so that I can shut down the whole k8s thingy with a simple incus stop command when I’m done playing.
k3s is really nice and easy to deploy and well documented, getting things to run in k8s though is mainly pasting yaml from the internet and hoping for the best. -
Pour ceux qui auraient la mauvaise idée de passer trop tôt la mise à jour d'Ubuntu 24.04 à 26.04 sur un serveur avec #incus : attention, les nouvelles sécurités par défaut d' AppArmor cassent tout ! La solution ici : https://discuss.linuxcontainers.org/t/issues-in-ubuntu-26-04-apt-not-working-in-unprivileged-lxcs/26591
-
Pour ceux qui auraient la mauvaise idée de passer trop tôt la mise à jour d'Ubuntu 24.04 à 26.04 sur un serveur avec #incus : attention, les nouvelles sécurités par défaut d' AppArmor cassent tout ! La solution ici : https://discuss.linuxcontainers.org/t/issues-in-ubuntu-26-04-apt-not-working-in-unprivileged-lxcs/26591
-
I got tired of fussing with #FRR and trying to use it to do VRF's and routing as it really is geared towards Dynamic Routing! Back to #VyOS for the #homelab. I am still using VRRP with 3 FRR routers on my #incus hosts. So as long as my upstream router is up. I can reboot hosts all day long and no internet go down.
-
Debusine projects in GSoC, incus backend landing in Debian CI and other updates, Salsa CI maintenance. #Freexian collaborators worked on these and many more contributions to #Debian in March 2026.
Read all the details at https://www.freexian.com/blog/debian-contributions-03-2026/?utm_source=mastodon&utm_medium=social
We thank the organizations subscribing to our Long Term Support contracts (https://www.freexian.com/lts/?utm_source=mastodon&utm_medium=social) and consulting services (https://www.freexian.com/services/?utm_source=mastodon&utm_medium=social) for making this possible.
-
Incus 7.0 LTS arrives with five years of support, updated requirements, security fixes, OCI image support, and storage improvements.
https://linuxiac.com/incus-7-0-lts-container-and-virtual-machine-manager-released/ -
Не runc’ом единым: интересные среды запуска контейнеров
Существует множество сред для запуска контейнеров; среди распространенных можно выделить runc и kata. Мы в
https://habr.com/ru/companies/beeline_cloud/articles/979010/
#beeline_cloud #контейнеризация #youki #urunc #ocre #quark #kuasar #incus
-
@jonny I installed #Forgejo in an #Incus container in about an hour, and by golly, so should you. (Slaps hood of $300 used Dell Optiplex 3060)
#SelfHosting #OpenSource -
Incus 7.0 LTS:rilasciato il gestore di container e macchine virtuali con supporto a lungo termine
Incus è un sistema avanzato per la gestione di container (ambienti isolati che condividono il kernel del sistema operativo ma funzionano come piccoli sistemi indipendenti) e macchine virtuali (sistemi operativi completi eseguiti in modo isolato tramite un hypervisor)#incus #UnoLinux #linux #gnulinuxitalia #gnulinux
-
#Incus 7.0 LTS is now out!
That's already the second Long Term Support release for the Incus project and it should be a great upgrade both for users of Incus 6.23 and those on 6.0.6 LTS!
https://discuss.linuxcontainers.org/t/incus-7-0-lts-has-been-released/26641 -
JumpyVi is iterating on the Bluefin developer mode. #incus support is going to slay out on this one!
-
Kapsule: it shipped and nobody died
"In my last post , I laid out the vision for Kapsule—a container-based extensibility layer for KDE Linux built on top of Incus."
I really like what's happening here. This might be of good use for other distros as well.
Link: https://blog.lasath.org/2026/02/kapsule-it-shipped-and-nobody-died.html?m=1
-
Kapsule: Completing the KDE Linux Extensibility Story
"Just like KDE Neon got pigeonholed with the reputation of being "for testing KDE software," KDE Linux risks getting branded as "for developing KDE software only.""
Link: https://blog.lasath.org/2026/02/kapsule-completing-kde-linux.html?m=1
-
Вместо 8 разных VPS: как я организовал практику студентам на одном сервере
Как дать студентам курса живой опыт деплоя, не заставляя их покупать собственные VPS и не плодя локальные виртуалки? Я решил эту задачу, «нарезав» один сервер на полностью изолированные рабочие пространства с помощью системы контейнеризации Incus . В этой статье — история одного занятия с пошаговым гайдом и разбором всех собранных граблей: почему Docker конфликтует с ZFS, куда пропадает интернет из-за IPv6 и как пробросить порты так, чтобы у каждого студента был свой кусочек сервера.
-
Nachdem ich mich ca. 15 Jahre mit LXC in der Kommandozeile herumgeschlagen habe, werde ich mich mal etwas mit LXD bzw. dessen Fork Incus beschäftigen und mal den einen oder anderen Container umziehen :neocat_happy: Der erste, nicht ganz so wichtige Container zieht gerade schon dank
lxc-to-incusum. Mal schauen, wie das Ergebnis dann aussieht :neocat_solder_googly: #lxc #lxd #incus #container -
Now that #incus 6.23 is out, it's time to get back to the weekly live streams and the ongoing work to add Ceph provisioning to IncusOS!
https://youtube.com/live/k-XnnGT9HQM?feature=share -
Wrapping up the week with an #Incus release!
Incus 6.23 is out as our last 6.x release before Incus 7.0 LTS next month! This release includes quite a few security fixes as well as exciting features including dependent volumes, FreeBSD support and more!
https://discuss.linuxcontainers.org/t/incus-6-23-has-been-released/26447 -
If you are looking for a relatively straightforward way of running HomeAssistantOS, and you have a Proxmox, LXC or Incus instance, then it might be worth checking out their OVA. It's not difficult to download the OVA and import into LXC/Incus as a VM. Fully supported by HA and by default you get root access to the VM via the instance console.
#homeassistant #selfhosting #incus -
And in this week's #Incus OS livestream, I'll be continuing the Ceph deployment work, now looking at deploying the OSDs! https://youtube.com/live/8UqOPtj_Z24?feature=share
-
Just released #LXC, #LXCFS and #Incus 6.0.6 LTS as the latest LTS bugfix release for our projects!
https://stgraber.org/2026/03/16/lxc-lxcfs-incus-6-0-6-lts-release/ -
In this week's #Incus OS live stream, I'll be continuing the work from last week on getting Ceph deployed by IncusOS! https://youtube.com/live/C3dOFJ0UtaI?feature=share
-
Starting this week, I'll be using the #Incus OS live streams to work on our upcoming full cluster deployment logic (Ceph, OVN, Grafana, OpenFGA, HAProxy, ...). First up will be Ceph!
https://youtube.com/live/FHmoNarNBak?feature=share -
Wrapping up the week with a rather busy #Incus release! Incus 6.22 is now out with quite a lot of changes all over the place, from an improved Windows agent to a variety of storage, network and clustering features.
https://discuss.linuxcontainers.org/t/incus-6-22-has-been-released/26300 -
Here is how I use a corporate sanctioned Windows managed laptop as a perfectly cromulent headless Linux server for sane (?🤔) development workflow, it is, of course, containers all the way down !
https://www.beatworm.co.uk/blog/windows/windows-is-my-cloud
#linux #laptop #windows #vm #containers #hacking #wsl2 #incus #docker #madScience -
My solution for syncing keepass between Linux and iPhone (works with KeePassDX on Android too) using Nextcloud:
My Linux computer is running Incus, and one container is my Nextcloud server.
I have created a folder ~/nextcloud where my keepass.kdbx is located.
KeePassXC is using this file directly and since it's a local file it's always accessible.
I have mounted ~/nextcloud inside the Incus Nextcloud container as /data.
In Nextcloud I have monuted /data as a folder for my Nextcloud user.
In KeePassium in iPhone I have set it up to use WebDAV to my Nextcloud server and then choosen the keepass.kdbx file.
(This way I can also easily share any file between Linux and iPhone)
(I know there are other ways to do this, but since I want to always have access to keepass.kdbx on Linux even if Nextcloud is not running this solution best fits my needs)
#KeePass #KeePassXC #KeePassDX #KeePassium #Incus #Nextcloud #Linux #iPhone #Android #WebDAV #PasswordManager #PasswordManagers #Passwords -
Got incus-deploy to a state where it can now reliably deploy #Ceph, #OVN and #Incus in just a few minutes, taking care of all the clustering bits and resulting in a fully functional environment!
https://asciinema.org/a/654385 -
Spent a good chunk of my day today trying to figure out why #incus cluster and #OVN weren't playing together just to find out there was a fucking typo in one of my configs. Yea.. fuck. I was able to successfully #zfs send/receive to incus and then incus recover all the instances. It is a bit cumbersome with all of the zfs commands you gotta .. but it does work. Don't think it's any better than just export and import into incus. Might be slower, but strait forward.
-
Going to be streaming some #Incus work this afternoon, working on improving our #OVN TLS support!
https://www.youtube.com/watch?v=1dTOb4XrSNs -
Unhappy with #DockerDesktop on #macOS? Give #Colima a try!
It's a free and open #container runtime for macOS. It now supports the macOS #virtualization framework, #virtiofs for fast volume mounts and forwarding #inotify events for hot/live reloading. It can even provide a #containerd, #kubernetes or #incus runtime.
https://github.com/abiosoft/colima
(I would've preferred #podman, as that's what I'm mostly using in production, but it still doesn't support forwarding inotify events on macOS)