NixOS Wiki

Talk:Proxmox Linux Container: Difference between revisions

← Older edit
VisualWikitext
imported>Vater
mNo edit summary
Vater (talk | contribs)
37 edits
 
(8 intermediate revisions by one other user not shown)
Line 223: Line 223:
|  
|  
|  
|  
[[NixOS]] is using "Sandboxing" by default.<ref>https://search.nixos.org/options?query=nix.useSandbox</ref> Therefore the option <code>nesting</code> for the  container on Proxmox Virtual Environment for NixOS must be acitivated.
----
if nesting is not acitivated
(try to) update (download and build) Nix expressions (<code>nix-env</code>) in a NixOS container on Proxmox Virtual Environment
: <code>nix-channel --update</code>
<pre>
unpacking channels...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: while setting up the build environment: mounting /proc: Operation not permitted
error: program '/nix/store/rphxpqbsxgmykf8nyyr0pqi53nm78xa5-nix-2.3.15/bin/nix-env' failed with exit code 1
</pre>
(try to) rebuild NixOS
: <code>nixos-rebuild switch</code>
<pre>
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:13
building Nix...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix' was not found in the Nix search path (add it using $NIX_PATH or -I)
/tmp/nixos-rebuild.qaFefR/nix
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
building the system configuration...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
</pre>
----
if nesting is acitivated
update (download and build) Nix expressions (<code>nix-env</code>) in a NixOS container on Proxmox Virtual Environment sucessfully
: <code>nix-channel --update</code>
<pre>
unpacking channels...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
created 1 symlinks in user environment
</pre>
: <code>nix-channel --update</code>
<pre>
unpacking channels...
</pre>
rebuild NixOS sucessfully
: <code>nixos-rebuild switch</code>
<pre>
building Nix...
building the system configuration...
</pre>
<pre></pre>
<pre>
activating the configuration...
setting up /etc...
setting up tmpfiles
</pre>
----
----
how to configure that the option <code>nesting</code> is aciviated
(optional you can) check the (pve) lxc config file (and it should look like something like the following with ''nesting=1'' on the line ''features:'')
(optional you can) check the (pve) lxc config file (and it should look like something like the following with ''nesting=1'' on the line ''features:'')
<code>less /etc/pve/lxc/1000.conf</code>
<code>less /etc/pve/lxc/1000.conf</code>
Line 231: Line 302:
</pre>
</pre>
<pre></pre>
<pre></pre>
After changing (adding) the option for <code>nesting</code> the container must be restarted.
|-
|-
| start the NixOS container with Proxmox Virtual Environment
| start the NixOS container with Proxmox Virtual Environment
Line 489: Line 563:
; Is there a scenario where you would like to have a privileged (<code>unprivileged = 0</code>) container?: I do not know.
; Is there a scenario where you would like to have a privileged (<code>unprivileged = 0</code>) container?: I do not know.


==== Is there a cgroup2 only NixOS containers? ====
==== Is there a cgroup2 only NixOS container? ====


; Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (<code>/usr/share/perl5/PVE/LXC/Setup.pm</code>))? Or can we create such a (pre)build image (''tar'')?: I do not know.
; Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (<code>/usr/share/perl5/PVE/LXC/Setup.pm</code>))? Or can we create such a (pre)build image (''tar'')?: I do not know.
Line 512: Line 586:


https://git.proxmox.com/?p=pve-container.git;a=blob;f=src/PVE/LXC/Setup/Base.pm;h=a5b77d32f82747ea558d0398919414945b133dc0;hb=HEAD#l523
https://git.proxmox.com/?p=pve-container.git;a=blob;f=src/PVE/LXC/Setup/Base.pm;h=a5b77d32f82747ea558d0398919414945b133dc0;hb=HEAD#l523
: <code>nano /etc/nixos/configuration.nix</code>
<pre>
  systemd.enableUnifiedCgroupHierarchy = true;
</pre>
==== Why there is a ''Service'' section in the service manager configuration in a NixOS container? ====
<pre></pre>
<pre>
starting systemd...
/etc/systemd/system.conf:13: Unknown section 'Service'. Ignoring.
</pre>
<pre></pre>
<code>/etc/systemd/system.conf</code>
<pre></pre>
<pre>
[Service]
ProtectProc=default
ProtectControlGroups=no
ProtectKernelTunables=no
</pre>
<pre></pre>


== documentation ==
== documentation ==
Line 528: Line 626:
linux
linux
* …
* …
== articles ==
* https://blog.xirion.net/posts/nixos-proxmox-lxc/
*: with
** (PVE 6.3?)
** (NixOS 21.05?)
== upgrade (a PCT) to 21.11 ==
==== the folder ''/sbin/'' is missing ====
----
in your NixOS PCT
: <code>nix-channel --add https://nixos.org/channels/nixos-21.11 nixos</code>
: <code>nixos-rebuild switch --upgrade</code>
<pre></pre>
<pre>
ln: failed to create symbolic link '/sbin/init': No such file or directory
Activation script snippet 'installInitScript' failed (1)
</pre>
<pre></pre>
<pre>
warning: error(s) occurred while switching to the new configuration
</pre>
: <code>mkdir /sbin</code>
: <code>nixos-rebuild switch --upgrade</code>
<pre></pre>
----
on your PVE host
(for all the following starts of your NixOS PCT)
: <code>nano /etc/pve/lxc/1001.conf</code>
<pre></pre>
<pre>
#lxc.init.cmd: /init
lxc.init.cmd: /sbin/init
</pre>
<pre></pre>
----
== best (and easiest) way to get a "default" (working) shell in a pve ct after entering (<code>pct enter</code>) ==
:: <code>source /etc/set-environment</code>
: or
::: <code>/bin/sh -l</code>
:: or
::: <code>sh -l</code>
: or
:: <code>. /etc/profile</code>
or is possible to set an option in nixos or pve?
--[[User:Vater|Vater]] ([[User talk:Vater|talk]]) 17:47, 15 July 2024 (UTC)
Add topic
Retrieved from "https://wiki.nixos.org/wiki/Talk:Proxmox_Linux_Container"
Return to "Proxmox Linux Container" page.