{"id":15694121,"url":"https://github.com/rgl/incus-playground","last_synced_at":"2025-05-08T06:07:31.908Z","repository":{"id":199017849,"uuid":"702002698","full_name":"rgl/incus-playground","owner":"rgl","description":"My Incus playground","archived":false,"fork":false,"pushed_at":"2025-04-28T23:14:48.000Z","size":324,"stargazers_count":13,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-05-08T06:07:27.194Z","etag":null,"topics":["incus","lxc","vagrant"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rgl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2023-10-08T07:56:51.000Z","updated_at":"2025-04-28T23:14:52.000Z","dependencies_parsed_at":null,"dependency_job_id":"fa0dfd59-9919-4bcf-a537-f6d107164d0a","html_url":"https://github.com/rgl/incus-playground","commit_stats":{"total_commits":31,"total_committers":1,"mean_commits":31.0,"dds":0.0,"last_synced_commit":"f6fcc2f01b6d3096c4f0e17ead9e2c255090d3be"},"previous_names":["rgl/incus-playground"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fincus-playground","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fincus-playground/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fincus-playground/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rgl%2Fincus-playground/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rgl","download_url":"https://codeload.github.com/rgl/incus-playground/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253009991,"owners_count":21839718,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["incus","lxc","vagrant"],"created_at":"2024-10-03T18:52:46.798Z","updated_at":"2025-05-08T06:07:31.890Z","avatar_url":"https://github.com/rgl.png","language":"Shell","readme":"# About\n\nMy [Incus](https://github.com/lxc/incus) playground.\n\nThis will:\n\n* Install [Incus](https://github.com/lxc/incus).\n  * Set up projects:\n    * `foo`.\n    * `bar`.\n* Install [Keycloak](https://github.com/keycloak/keycloak) as the [Incus authentication provider](https://linuxcontainers.org/incus/docs/main/authentication/#authentication-openid) (a OpenID Connect (OIDC) provider).\n  * Set up users:\n    * `alice`.\n    * `bob`.\n* Install [OpenFGA](https://github.com/openfga/openfga) as the [Incus authorization provider](https://linuxcontainers.org/incus/docs/main/authorization/#open-fine-grained-authorization-openfga).\n  * Set up user authorizations:\n    * For `alice`:\n      * Grant the `admin` role on the `incus` server.\n    * For `bob`:\n      * Grant the `operator` role on the `foo` project.\n\n# Usage\n\nInstall the [Base Debian 12 Box](https://github.com/rgl/debian-vagrant).\n\nAdd the following entries to your `hosts` file:\n\n```\n10.0.0.10 pandora.incus.test\n10.0.0.20 incus.test\n```\n\nLaunch the environment:\n\n```bash\nvagrant up --provider=libvirt --no-destroy-on-error --no-tty\n```\n\nTry executing some workloads:\n\n```bash\n# ssh into into the vagrant created VM.\nvagrant ssh incus\n\n# switch to root.\nsudo -i\n\n# run a system container.\nincus launch images:debian/12 debian-ct\nincus info debian-ct\nincus config show debian-ct\nincus exec debian-ct -- cat /etc/os-release\nincus exec debian-ct -- ip addr\nincus exec debian-ct -- mount\nincus exec debian-ct -- df -h\nincus exec debian-ct -- ps axw\n\n# run a application container.\nincus remote add docker https://docker.io --protocol oci\nincus launch docker:debian:12-slim debian-app-ct\nincus info debian-app-ct\nincus config show debian-app-ct\nincus exec debian-app-ct -- bash -c 'apt-get update \u0026\u0026 apt-get install -y iproute2 procps'\nincus exec debian-app-ct -- cat /etc/os-release\nincus exec debian-app-ct -- ip addr\nincus exec debian-app-ct -- mount\nincus exec debian-app-ct -- df -h\nincus exec debian-app-ct -- ps axw\n\n# run a virtual machine.\nincus launch images:debian/12 debian-vm --vm\nincus info debian-vm\nincus config show debian-vm\nincus exec debian-vm -- cat /etc/os-release\nincus exec debian-vm -- ip addr\nincus exec debian-vm -- mount\nincus exec debian-vm -- df -h\nincus exec debian-vm -- ps axw\n\n# show information.\nincus info\nincus list\nincus image list\nif [ -n \"$(incus storage info default | grep 'driver: btrfs')\" ]; then\n    btrfs filesystem show\n    btrfs filesystem df -h /var/lib/incus/storage-pools/default\n    btrfs subvolume list -t /var/lib/incus/storage-pools/default\nfi\nif [ -n \"$(incus storage info default | grep 'driver: zfs')\" ]; then\n    zfs list\n    zfs get all incus/containers/debian-ct\n    zfs get all incus/virtual-machines/debian-vm\nfi\nnft list ruleset\n\n# stop and delete.\nincus stop debian-ct\nincus stop debian-app-ct\nincus stop debian-vm\nincus delete debian-ct\nincus delete debian-app-ct\nincus delete debian-vm\n```\n\nAccess Keycloak at:\n\n* https://pandora.incus.test:8443\n* https://pandora.incus.test:8443/realms/pandora/account\n\nAccess Incus at:\n\n* https://incus.test:8443\n\nTest the OIDC authentication:\n\n```bash\nvagrant ssh pandora\n# login as alice:alice (as defined in keycloak/main.tf).\n# then, repeat this whole section as bob:bob.\n# NB you can manage your authentication at:\n#     https://pandora.incus.test:8443/realms/pandora/account\nincus remote add incus.test --auth-type oidc\nincus remote list\nincus info incus.test:\nincus info incus.test: | grep auth_ # check your user information.\nincus project list incus.test:\nincus launch images:debian/12 incus.test:debian-ct\nincus list incus.test:\nincus list incus.test: --all-projects\nincus config show incus.test:debian-ct\nincus exec incus.test:debian-ct -- cat /etc/os-release\nincus stop incus.test:debian-ct\nincus delete incus.test:debian-ct\nincus remote remove incus.test\nexit\n```\n\nPlay with OpenFGA:\n\n```bash\nvagrant ssh pandora\nsudo -i\nexport FGA_STORE_ID=\"$(jq -r .store.id /vagrant/shared/openfga-incus.json)\"\nfga store list\nfga tuple read\nexit\nexit\n```\n\n# Update dependencies\n\nList this repository dependencies (and which have newer versions):\n\n```bash\nexport GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN'\n./renovate.sh\n```\n\n# References\n\n* [Incus documentation](https://linuxcontainers.org/incus/docs/main/)\n  * [Incus Authentication](https://linuxcontainers.org/incus/docs/main/authentication/#authentication-openid) (OpenID Connect (OIDC))\n    * [Keycloak](https://github.com/keycloak/keycloak)\n  * [Incus Authorization (OpenFGA)](https://linuxcontainers.org/incus/docs/main/authorization/#open-fine-grained-authorization-openfga)\n    * [OpenFGA](https://github.com/openfga/openfga)\n* [Incus repository](https://github.com/lxc/incus)\n* [Incus package repository](https://github.com/zabbly/incus)\n* [distrobuilder: System container and VM image builder for Incus and LXC](https://github.com/lxc/distrobuilder)\n* [Images for containers and virtual machines](https://images.linuxcontainers.org/)\n* [BTRFS documentation](https://btrfs.readthedocs.io/en/latest/)\n* [BTRFS Incus storage driver](https://linuxcontainers.org/incus/docs/main/reference/storage_btrfs/)\n* [BTRFS Debian wiki](https://wiki.debian.org/Btrfs)\n* [ZFS Debian wiki](https://wiki.debian.org/ZFS)\n* [ZFS Incus storage driver](https://linuxcontainers.org/incus/docs/main/reference/storage_zfs/)\n* [ZFS repository](https://github.com/openzfs/zfs)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fincus-playground","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frgl%2Fincus-playground","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frgl%2Fincus-playground/lists"}