| 29 Apr 2025 |
 adamcstephens | 6.12 added access token auth | 12:15:27 |
| adamcstephens | won't help if you're on LTS though :) | 12:15:44 |
 hexa | I'm not 😄 | 12:18:34 |
| hexa | but tokens are single use apparently | 12:18:39 |
| hexa | oh nvm | 12:18:48 |
| hexa | Redacted or Malformed Event | 12:19:41 |
| hexa | so by default single use? | 12:19:44 |
| hexa | https://linuxcontainers.org/incus/docs/main/server_config/#server-core:core.remote_token_expiry | 12:19:46 |
| adamcstephens | hmm, maybe this is for non-client usage | 12:21:44 |
| adamcstephens |
To do this, the user must generate a signed JWT which has its Subject field set to the full fingerprint of their client certificate, it must have valid NotBefore and NotAfter fields and be signed by the client certificate’s private key.
| 12:23:55 |
| hexa | https://linuxcontainers.org/incus/docs/main/authentication/#adding-client-certificates-using-tokens | 12:26:34 |
| adamcstephens | yeah, that's for the older client setup where you copy/paste the cert | 12:27:32 |
| hexa | oh no | 12:27:59 |
| adamcstephens | i don't see any docs on how to create the JWT | 12:30:03 |
| adamcstephens | there's a helper program in the tests for generating them... https://github.com/lxc/incus/blob/3540539ab5fa1ed3dc84a3f8112183d8d1ba28e4/test/tls2jwt/tls2jwt.go | 12:32:24 |
| hexa | meh | 12:34:37 |
| adamcstephens | yeah, still not great | 12:34:50 |
| adamcstephens | Do you have OIDC? | 12:35:20 |
| hexa | not yet | 12:35:34 |
| adamcstephens | i should really try that method out. | 12:36:47 |
| adamcstephens | nvm https://github.com/kanidm/kanidm/issues/1523 | 12:57:22 |
| hexa | meh | 12:57:39 |
| adamcstephens | all of my one users will have to wait ;) | 12:59:41 |
| adamcstephens | 𑁱 for instance in (incus list -f compact | rg RUNNING | awk '{print $1}')
incus exec $instance -- grep ^ID= /etc/os-release
incus exec $instance -- df -i /
echo
end
ID=ubuntu
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda2 12787200 23322 12763878 1% /
ID=debian
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda2 12787200 23396 12763804 1% /
ID=fedora
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda2 511488 23066 488422 5% /
ID="opensuse-tumbleweed"
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/sda2 12787200 16116 12771084 1% /
ID=alpine
Filesystem Inodes Used Available Use% Mounted on
/dev/sda2 511488 3955 507533 1% /
ID=nixos
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/disk/by-label/nixos 6332928 201504 6131424 4% /
| 13:13:42 |
| hexa | yeah, so flakes and no gc | 13:25:41 |
| hexa | * yeah, so flakes and no gc did it | 13:25:43 |
| hexa | /dev/disk/by-label/nixos 2032000 609547 1422453 30% /
| 13:26:03 |
| hexa | but I'm still up here 😄 | 13:26:07 |
| adamcstephens | Hopefully we can increase the inodes during creation | 13:35:33 |
| adamcstephens | Could be a good excuse to see if we can use repart to create the image :) | 14:09:09 |
