IncusOS is a modern, immutable Linux operating system image specifically designed to run Incus, a community-driven fork of LXD for managing system containers and virtual machines.
Key Features
• Immutable Design: The root filesystem is read-only, ensuring consistency and reducing the risk of configuration drift or accidental changes.
• Atomic Updates: Uses an A/B update mechanism via systemd’s sysupdate tool for seamless, rollback-capable upgrades without downtime.
• Minimal Footprint: Based on Debian 13 (Trixie), it includes only essential components for running Incus, with the latest stable versions of the Linux kernel, ZFS, and Incus provided via Zabbly builds.
• Locked-Down Management: No local or remote shell access; all administration is handled through the authenticated Incus API for enhanced security and simplicity.
Architecture
IncusOS is built using systemd’s mkosi tool for image creation, sysext for application installation, and other systemd utilities for tasks like network configuration and disk partitioning. It leverages ZFS for storage and supports running Incus instances efficiently on dedicated hardware or VMs.
Security
• Boot Security: Actively relies on UEFI Secure Boot to verify the integrity of the boot chain.
• Encryption: Full disk encryption using TPM 2.0 for key management, protecting data at rest.
• Hardware Support: Requires x86-64-v3 baseline (e.g., Intel Xeon E5 v3 or AMD equivalents from 2014 onward); older CPUs (v1/v2) are incompatible. Software TPM support is planned but not yet available.
Installation
IncusOS can be installed on physical hardware or in a virtual machine. Download the ISO from the GitHub repository at lxc/incus-os, boot from it, and follow the guided setup for partitioning, encryption, and Incus configuration. Detailed steps, including video tutorials, are available in the official release announcement on the Linux Containers forum. Prerequisites include compatible UEFI hardware with TPM 2.0 for full security features.