Official NixOS Wiki

Talk:Proxmox Linux Container: Difference between revisions

← Older edit
VisualWikitext
imported>Vater
Vater (talk | contribs)
50 edits
 
(10 intermediate revisions by one other user not shown)
Line 223: Line 223:
|  
|  
|  
|  
[[NixOS]] is using "Sandboxing" by default.<ref>https://search.nixos.org/options?query=nix.useSandbox</ref> Therefore the option <code>nesting</code> for the  container on Proxmox Virtual Environment for NixOS must be acitivated.
----
if nesting is not acitivated
(try to) update (download and build) Nix expressions (<code>nix-env</code>) in a NixOS container on Proxmox Virtual Environment
: <code>nix-channel --update</code>
<pre>
unpacking channels...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: while setting up the build environment: mounting /proc: Operation not permitted
error: program '/nix/store/rphxpqbsxgmykf8nyyr0pqi53nm78xa5-nix-2.3.15/bin/nix-env' failed with exit code 1
</pre>
(try to) rebuild NixOS
: <code>nixos-rebuild switch</code>
<pre>
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I), at (string):1:13
building Nix...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos/modules/installer/tools/nix-fallback-paths.nix' was not found in the Nix search path (add it using $NIX_PATH or -I)
/tmp/nixos-rebuild.qaFefR/nix
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs' was not found in the Nix search path (add it using $NIX_PATH or -I)
building the system configuration...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels/nixos' does not exist, ignoring
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
</pre>
----
if nesting is acitivated
update (download and build) Nix expressions (<code>nix-env</code>) in a NixOS container on Proxmox Virtual Environment sucessfully
: <code>nix-channel --update</code>
<pre>
unpacking channels...
warning: Nix search path entry '/nix/var/nix/profiles/per-user/root/channels' does not exist, ignoring
created 1 symlinks in user environment
</pre>
: <code>nix-channel --update</code>
<pre>
unpacking channels...
</pre>
rebuild NixOS sucessfully
: <code>nixos-rebuild switch</code>
<pre>
building Nix...
building the system configuration...
</pre>
<pre></pre>
<pre>
activating the configuration...
setting up /etc...
setting up tmpfiles
</pre>
----
----
how to configure that the option <code>nesting</code> is aciviated
(optional you can) check the (pve) lxc config file (and it should look like something like the following with ''nesting=1'' on the line ''features:'')
(optional you can) check the (pve) lxc config file (and it should look like something like the following with ''nesting=1'' on the line ''features:'')
<code>less /etc/pve/lxc/1000.conf</code>
<code>less /etc/pve/lxc/1000.conf</code>
<pre></pre>
<pre>
<pre>
arch: amd64
cores: 2
features: nesting=1
features: nesting=1
hostname: CT1000
memory: 1024
net0: name=eth0,bridge=vmbr0,hwaddr=A1:B2:C3:D4:E5:F6,ip=dhcp,type=veth
ostype: unmanaged
rootfs: storage:vm-1000-disk-0,size=4G
swap: 512
unprivileged: 1
</pre>
</pre>
<pre></pre>
After changing (adding) the option for <code>nesting</code> the container must be restarted.
|-
|-
| start the NixOS container with Proxmox Virtual Environment
| start the NixOS container with Proxmox Virtual Environment
Line 364: Line 431:
|  
|  
|  
|  
(optional) check the default configuration file for NixOS
: <code>cat /etc/nixos/configuration.nix</code>
<pre>
{ config, pkgs, ... }:
{
  imports = [ <nixpkgs/nixos/modules/virtualisation/lxc-container.nix> ];
 
}
</pre>
: <code>nano /etc/nixos/configuration.nix</code>
: <code>nano /etc/nixos/configuration.nix</code>
<pre>
<pre>
Line 391: Line 447:
}
}
</pre>
</pre>
: <code>nixos-rebuild switch</code>
: <code>nixos-rebuild switch</code>
<pre>
<pre>
building Nix...
building Nix...
building the system configuration...
building the system configuration...
</pre>
<pre>
these derivations will be built:
these derivations will be built:
</pre>
   /nix/store/4c6mbv3y3i6m9qzv48j0ncy7163x3m7b-system-units.drv
<!--
   /nix/store/nfc7hz3shyrc1jm2nqsgh5m7izcj8psc-etc.drv
these derivations will be built:
   /nix/store/fmx0v41zcyr7g38qjvdsdk5fifkjxfhx-nixos-system-nixos-21.05.3787.564cb4d81d4.drv
  /nix/store/70vn8sdp0vmkih8b6ankvfrgrrzcsqc3-builder.pl.drv
building '/nix/store/4c6mbv3y3i6m9qzv48j0ncy7163x3m7b-system-units.drv'...
   /nix/store/73skknpbrxn3ma8x2z1hmilsz5xvxhc2-unit-systemd-vconsole-setup.service-disabled.drv
building '/nix/store/nfc7hz3shyrc1jm2nqsgh5m7izcj8psc-etc.drv'...
  /nix/store/qqqb2r0xy0kwkf20zq7g0nff3jw05rhy-nixos-version.drv
building '/nix/store/fmx0v41zcyr7g38qjvdsdk5fifkjxfhx-nixos-system-nixos-21.05.3787.564cb4d81d4.drv'...
  /nix/store/yhkn5ifgvgyi5qqchxxf92sinryhgj0p-system-path.drv
  /nix/store/bangdpmh3ckia8bkh33w79ljafa696bm-unit-systemd-fsck-.service.drv
  /nix/store/c2b2sm2qq8320w3nq75liyml13mrwy16-configuration.nix.drv
  /nix/store/h2ca5yjzf69pvrpybbyx711dix1kdli8-etc-os-release.drv
  /nix/store/rgyxgl2piqnk3vnni9dvma1vssb11m3g-dbus-catalog.xml.drv
  /nix/store/hxv4wpgb7lr1dx70pa9mvfzfv73zgaph-dbus-1.drv
  /nix/store/r5w2f8sp18954mrr82va0f3mmrpv2nqv-unit-polkit.service.drv
  /nix/store/rssbhl1j6fd93y2wwhviasv7acjgyfp5-unit-dbus.service.drv
  /nix/store/k04nljvj479pxcapckaqyrynni3k0k3p-system-units.drv
  /nix/store/mdyyq44dl6ylnn2kk1zxa18wkzsw3ycj-issue.drv
  /nix/store/y0dk0w3mnjswz07jkzsrvxkl08pk4pz5-unit-dbus.service.drv
  /nix/store/qn86bsazs92g5pldbbn0c60vc09qx8x2-user-units.drv
   /nix/store/f2vy2kzjh8v445jdcfkkc8gz3j3m1gjw-etc.drv
   /nix/store/qjxd71i7nrbh15n419gslzsy5fcmgc01-nixos-21.05.3740.ce7a1190a0f.drv
  /nix/store/qn8iv33ys79rxvzymlmdn1s8j18pqwww-local-cmds.drv
  /nix/store/fz5jdljbpibg0r6gln5qllqiaqrk12nc-stage-2-init.sh.drv
  /nix/store/wvgj75jm6nc3zkdn0ky2lfv8y0jd00wn-nixos-system-nixos-21.05.3740.ce7a1190a0f.drv
these paths will be fetched (3.16 MiB download, 4.27 MiB unpacked):
  /nix/store/0946q0lawbbyz3blln78qv65hm0l9d9g-acl-2.3.0-man
  /nix/store/1fdyxjsh9fsyiyv77giq21b9h5232hph-stdenv-linux
  /nix/store/1hryqjd57545vry9ym8dzl43dmqf4lf4-util-linux-2.36.2-man
  /nix/store/3mlbnbrzy4i7cssdbpgds010514hkdkd-systemd-247.6-man
  /nix/store/4vkjqbcaczn3qcmy64c8yk29s6537991-ncurses-6.2-man
  /nix/store/5bv2p3cc06cfgc934cfpmvhgsvx60p41-libcap-2.48-man
  /nix/store/5mcrlz0dkwrhzck0db6dq19d45bbjcw0-bash-interactive-4.4-p23-man
  /nix/store/63mk52rhk47z705511x6fj7c6dvbih4g-xz-5.2.5-man
  /nix/store/63vf898w16yhrbpb7ib2yb6x3kjh4csh-curl-7.76.1-man
  /nix/store/71wmig7469qvcqxfgnnazpgd3g4bnnrd-libxslt-1.1.34-bin
  /nix/store/8kn2pcf5p1jc528kmslskgbycxcmvf42-getconf-1003.1-2008
  /nix/store/8mv2lnfhfdkvcfxmjlg42w99jd52rx9w-dbus-1.12.20-man
  /nix/store/9by2vb17x8q0cmqi3k4ryh6iwanvmrym-lndir-1.0.3
  /nix/store/9yk2k0j6xm1hq8rr651vlqx70nikqj94-libxslt-1.1.34
  /nix/store/dd5988vwnirs66qf5wp8inn4ixma9rlv-gzip-1.10-man
  /nix/store/jdl9wrpvkfcjw7yj1430icbfm7csjx5v-zstd-1.4.9-man
  /nix/store/ji2n6yjd47qklwpi06fcfngvycxb7k83-attr-2.4.48-man
  /nix/store/lw01h380nqrxxjxnv2756qfziyl8a6a6-gawk-5.1.0-man
  /nix/store/n4zsgk6bs4af95naymr00yx8nsrs828b-linux-pam-1.5.1-man
  /nix/store/r2imj0j1wzkhdq29g7hxj9nvlvvgwbgq-e2fsprogs-1.46.2-man
  /nix/store/syfk44gy7wqk33va9clqjxmh9yh47diw-bzip2-1.0.6.0.2-man
  /nix/store/x1bb87f971kjvgdkn9n9rnv4dzj6mikw-desktop-file-utils-0.24
  /nix/store/zzjkdpgwwsc0yr5f6prz9kqgzrmd3ry1-shadow-4.8.1-man
copying path '/nix/store/3mlbnbrzy4i7cssdbpgds010514hkdkd-systemd-247.6-man' from 'https://cache.nixos.org'...
copying path '/nix/store/0946q0lawbbyz3blln78qv65hm0l9d9g-acl-2.3.0-man' from 'https://cache.nixos.org'...
copying path '/nix/store/ji2n6yjd47qklwpi06fcfngvycxb7k83-attr-2.4.48-man' from 'https://cache.nixos.org'...
copying path '/nix/store/5mcrlz0dkwrhzck0db6dq19d45bbjcw0-bash-interactive-4.4-p23-man' from 'https://cache.nixos.org'...
copying path '/nix/store/syfk44gy7wqk33va9clqjxmh9yh47diw-bzip2-1.0.6.0.2-man' from 'https://cache.nixos.org'...
copying path '/nix/store/63vf898w16yhrbpb7ib2yb6x3kjh4csh-curl-7.76.1-man' from 'https://cache.nixos.org'...
copying path '/nix/store/8mv2lnfhfdkvcfxmjlg42w99jd52rx9w-dbus-1.12.20-man' from 'https://cache.nixos.org'...
copying path '/nix/store/x1bb87f971kjvgdkn9n9rnv4dzj6mikw-desktop-file-utils-0.24' from 'https://cache.nixos.org'...
copying path '/nix/store/r2imj0j1wzkhdq29g7hxj9nvlvvgwbgq-e2fsprogs-1.46.2-man' from 'https://cache.nixos.org'...
copying path '/nix/store/lw01h380nqrxxjxnv2756qfziyl8a6a6-gawk-5.1.0-man' from 'https://cache.nixos.org'...
copying path '/nix/store/8kn2pcf5p1jc528kmslskgbycxcmvf42-getconf-1003.1-2008' from 'https://cache.nixos.org'...
copying path '/nix/store/dd5988vwnirs66qf5wp8inn4ixma9rlv-gzip-1.10-man' from 'https://cache.nixos.org'...
copying path '/nix/store/5bv2p3cc06cfgc934cfpmvhgsvx60p41-libcap-2.48-man' from 'https://cache.nixos.org'...
copying path '/nix/store/9yk2k0j6xm1hq8rr651vlqx70nikqj94-libxslt-1.1.34' from 'https://cache.nixos.org'...
copying path '/nix/store/n4zsgk6bs4af95naymr00yx8nsrs828b-linux-pam-1.5.1-man' from 'https://cache.nixos.org'...
copying path '/nix/store/71wmig7469qvcqxfgnnazpgd3g4bnnrd-libxslt-1.1.34-bin' from 'https://cache.nixos.org'...
copying path '/nix/store/9by2vb17x8q0cmqi3k4ryh6iwanvmrym-lndir-1.0.3' from 'https://cache.nixos.org'...
copying path '/nix/store/4vkjqbcaczn3qcmy64c8yk29s6537991-ncurses-6.2-man' from 'https://cache.nixos.org'...
copying path '/nix/store/zzjkdpgwwsc0yr5f6prz9kqgzrmd3ry1-shadow-4.8.1-man' from 'https://cache.nixos.org'...
copying path '/nix/store/1fdyxjsh9fsyiyv77giq21b9h5232hph-stdenv-linux' from 'https://cache.nixos.org'...
copying path '/nix/store/1hryqjd57545vry9ym8dzl43dmqf4lf4-util-linux-2.36.2-man' from 'https://cache.nixos.org'...
copying path '/nix/store/63mk52rhk47z705511x6fj7c6dvbih4g-xz-5.2.5-man' from 'https://cache.nixos.org'...
copying path '/nix/store/jdl9wrpvkfcjw7yj1430icbfm7csjx5v-zstd-1.4.9-man' from 'https://cache.nixos.org'...
building '/nix/store/70vn8sdp0vmkih8b6ankvfrgrrzcsqc3-builder.pl.drv'...
building '/nix/store/c2b2sm2qq8320w3nq75liyml13mrwy16-configuration.nix.drv'...
building '/nix/store/rgyxgl2piqnk3vnni9dvma1vssb11m3g-dbus-catalog.xml.drv'...
building '/nix/store/h2ca5yjzf69pvrpybbyx711dix1kdli8-etc-os-release.drv'...
building '/nix/store/mdyyq44dl6ylnn2kk1zxa18wkzsw3ycj-issue.drv'...
building '/nix/store/qjxd71i7nrbh15n419gslzsy5fcmgc01-nixos-21.05.3740.ce7a1190a0f.drv'...
building '/nix/store/qqqb2r0xy0kwkf20zq7g0nff3jw05rhy-nixos-version.drv'...
building '/nix/store/qn8iv33ys79rxvzymlmdn1s8j18pqwww-local-cmds.drv'...
building '/nix/store/yhkn5ifgvgyi5qqchxxf92sinryhgj0p-system-path.drv'...
collision between `/nix/store/ii06nl46nlpzar1zwrywhfwr4yzaj7av-nix-bash-completions-0.6.8/share/bash-completion/completions/nixos-container' and `/nix/store/xzp8yxv1m4i3n5ghiddvgv38q2aivbn6-nixos-container/share/bash-completion/completions/nixos-container'
created 1503 symlinks in user environment
building '/nix/store/fz5jdljbpibg0r6gln5qllqiaqrk12nc-stage-2-init.sh.drv'...
building '/nix/store/hxv4wpgb7lr1dx70pa9mvfzfv73zgaph-dbus-1.drv'...
building '/nix/store/r5w2f8sp18954mrr82va0f3mmrpv2nqv-unit-polkit.service.drv'...
building '/nix/store/rssbhl1j6fd93y2wwhviasv7acjgyfp5-unit-dbus.service.drv'...
building '/nix/store/y0dk0w3mnjswz07jkzsrvxkl08pk4pz5-unit-dbus.service.drv'...
building '/nix/store/bangdpmh3ckia8bkh33w79ljafa696bm-unit-systemd-fsck-.service.drv'...
building '/nix/store/73skknpbrxn3ma8x2z1hmilsz5xvxhc2-unit-systemd-vconsole-setup.service-disabled.drv'...
building '/nix/store/qn86bsazs92g5pldbbn0c60vc09qx8x2-user-units.drv'...
building '/nix/store/k04nljvj479pxcapckaqyrynni3k0k3p-system-units.drv'...
building '/nix/store/f2vy2kzjh8v445jdcfkkc8gz3j3m1gjw-etc.drv'...
building '/nix/store/wvgj75jm6nc3zkdn0ky2lfv8y0jd00wn-nixos-system-nixos-21.05.3740.ce7a1190a0f.drv'...
activating the configuration...
activating the configuration...
setting up /etc...
setting up /etc...
reloading user units for root...
reloading user units for root...
setting up tmpfiles
setting up tmpfiles
reloading the following units: dbus.service
</pre>
!-->
 
<pre></pre>
: <code>systemctl list-units --failed</code>
<pre>
<pre>
setting up tmpfiles
  UNIT LOAD ACTIVE SUB DESCRIPTION
reloading the following units: dbus.service
0 loaded units listed.
</pre>
</pre>
| https://github.com/NixOS/nixpkgs/issues/9735#issuecomment-783535726
| https://github.com/NixOS/nixpkgs/issues/9735#issuecomment-783535726
Line 594: Line 563:
; Is there a scenario where you would like to have a privileged (<code>unprivileged = 0</code>) container?: I do not know.
; Is there a scenario where you would like to have a privileged (<code>unprivileged = 0</code>) container?: I do not know.


==== Is there a cgroup2 only NixOS containers? ====
==== Is there a cgroup2 only NixOS container? ====


; Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (<code>/usr/share/perl5/PVE/LXC/Setup.pm</code>))? Or can we create such a (pre)build image (''tar'')?: I do not know.
; Is there a configuration with cgroups versions 2 only - where cgroups version 1 is not needed - (so that is possible to rollback the manipulation of the pve lxc startup script (<code>/usr/share/perl5/PVE/LXC/Setup.pm</code>))? Or can we create such a (pre)build image (''tar'')?: I do not know.
Line 617: Line 586:


https://git.proxmox.com/?p=pve-container.git;a=blob;f=src/PVE/LXC/Setup/Base.pm;h=a5b77d32f82747ea558d0398919414945b133dc0;hb=HEAD#l523
https://git.proxmox.com/?p=pve-container.git;a=blob;f=src/PVE/LXC/Setup/Base.pm;h=a5b77d32f82747ea558d0398919414945b133dc0;hb=HEAD#l523
: <code>nano /etc/nixos/configuration.nix</code>
<pre>
  systemd.enableUnifiedCgroupHierarchy = true;
</pre>
==== Why there is a ''Service'' section in the service manager configuration in a NixOS container? ====
<pre></pre>
<pre>
starting systemd...
/etc/systemd/system.conf:13: Unknown section 'Service'. Ignoring.
</pre>
<pre></pre>
<code>/etc/systemd/system.conf</code>
<pre></pre>
<pre>
[Service]
ProtectProc=default
ProtectControlGroups=no
ProtectKernelTunables=no
</pre>
<pre></pre>


== documentation ==
== documentation ==
Line 633: Line 626:
linux
linux
* …
* …
== articles ==
* https://blog.xirion.net/posts/nixos-proxmox-lxc/
*: with
** (PVE 6.3?)
** (NixOS 21.05?)
== upgrade (a PCT) to 21.11 ==
==== the folder ''/sbin/'' is missing ====
----
in your NixOS PCT
: <code>nix-channel --add https://nixos.org/channels/nixos-21.11 nixos</code>
: <code>nixos-rebuild switch --upgrade</code>
<pre></pre>
<pre>
ln: failed to create symbolic link '/sbin/init': No such file or directory
Activation script snippet 'installInitScript' failed (1)
</pre>
<pre></pre>
<pre>
warning: error(s) occurred while switching to the new configuration
</pre>
: <code>mkdir /sbin</code>
: <code>nixos-rebuild switch --upgrade</code>
<pre></pre>
----
on your PVE host
(for all the following starts of your NixOS PCT)
: <code>nano /etc/pve/lxc/1001.conf</code>
<pre></pre>
<pre>
#lxc.init.cmd: /init
lxc.init.cmd: /sbin/init
</pre>
<pre></pre>
----
== best (and easiest) way to get a "default" (working) shell in a pve ct after entering (<code>pct enter</code>) ==
:: <code>source /etc/set-environment</code>
: or
::: <code>/bin/sh -l</code>
:: or
::: <code>sh -l</code>
: or
:: <code>. /etc/profile</code>
or is possible to set an option in nixos or pve?
--[[User:Vater|Vater]] ([[User talk:Vater|talk]]) 17:47, 15 July 2024 (UTC)
Add topic
Retrieved from "https://wiki.nixos.org/wiki/Talk:Proxmox_Linux_Container"
Return to "Proxmox Linux Container" page.