nixos/proxmox-lxc: init

[illustris]

Motivation for this change

Support is being added to Proxmox for NixOS LXCs
https://lists.proxmox.com/pipermail/pve-devel/2022-February/051767.html

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 22.05 Release Notes (or backporting 21.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
  • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
• Fits CONTRIBUTING.md.

[illustris]

https://lists.proxmox.com/pipermail/pve-devel/2022-February/051781.html

Patch for NixOS support has been applied to PVE

[illustris]

Tested with nix-community/nixos-generators#137

For testing, cherry-pick illustris/pve-container@73e0c2f on top of your version of pve-container, build the deb and install

[illustris@desktop:~/src/nixpkgs]$ git diff
diff --git a/pkgs/tools/nix/nixos-generators/default.nix b/pkgs/tools/nix/nixos-generators/default.nix
index e20f36b1ef9..2025fbd5a63 100644
--- a/pkgs/tools/nix/nixos-generators/default.nix
+++ b/pkgs/tools/nix/nixos-generators/default.nix
@@ -3,12 +3,7 @@
 stdenv.mkDerivation rec {
   pname = "nixos-generators";
   version = "1.5.0";
-  src = fetchFromGitHub {
-    owner = "nix-community";
-    repo = "nixos-generators";
-    rev = version;
-    sha256 = "sha256-Icz/2Jl3eO4JnatU1iAFiMzVAQR9IDrsiqhOIvMkCS4=";
-  };
+  src = /home/illustris/src/nixos-generators;
   nativeBuildInputs = [ makeWrapper ];
   installFlags = [ "PREFIX=$(out)" ];
   postFixup = ''

[illustris@desktop:~/src/nixpkgs]$ nix-shell -I nixpkgs=$(pwd) -p nixos-generators
this derivation will be built:
  /nix/store/rsk9q4fz17kbgihgga2058dh8js7y35i-nixos-generators-1.5.0.drv
building '/nix/store/rsk9q4fz17kbgihgga2058dh8js7y35i-nixos-generators-1.5.0.drv'...
.
.
.

[nix-shell:~/src/nixpkgs]$ nixos-generate -I nixpkgs=$(pwd) --format proxmox-lxc
these 20 derivations will be built:
  /nix/store/b23zk2ld72dp2x7yf6xnrfc9kfhrlq6y-nixos-version.drv
  /nix/store/2fz7x31y31s32rkv394k641dq6rmy827-system-path.drv
.
.
.
real    0m12.750s
user    4m39.210s
sys     0m4.173s
/nix/store/fi6ycrps8r7m4hny1lnxza1yjg3bb8vv-tarball/tarball/nixos-system-x86_64-linux.tar.xz

[nix-shell:~/src/nixpkgs]$ rsync -avzh --progress /nix/store/fi6ycrps8r7m4hny1lnxza1yjg3bb8vv-tarball/tarball/nixos-system-x86_64-linux.tar.xz [email protected]:/var/lib/vz/template/cache/
sending incremental file list
nixos-system-x86_64-linux.tar.xz

         22.74K   0%    0.00kB/s    0:00:00  
        102.87M  77%   98.08MB/s    0:00:00  
        132.03M 100%   97.74MB/s    0:00:01 (xfr#1, to-chk=0/1)

sent 129.52M bytes  received 79.66K bytes  28.80M bytes/sec
total size is 132.03M  speedup is 1.02

[nix-shell:~/src/nixpkgs]$ ssh [email protected]

root@metaverse:~# pct create 99999 local:vztmpl/nixos-system-x86_64-linux.tar.xz --features nesting=1 --net0 name=eth0,bridge=vmbr0,gw=192.168.1.1,ip=192.168.1.111/24 --ssh-public-keys .ssh/id_rsa.pub --unprivileged 1 --storage local-lvm
  Logical volume "vm-99999-disk-0" created.
Creating filesystem with 1048576 4k blocks and 262144 inodes
Filesystem UUID: dff890f9-a29c-4682-8823-818131e2a205
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736
extracting archive '/var/lib/vz/template/cache/nixos-system-x86_64-linux.tar.xz'
Total bytes read: 796723200 (760MiB, 90MiB/s)
Architecture detection failed: open '/bin/sh' failed: No such file or directory

Falling back to amd64.
Use `pct set VMID --arch ARCH` to change.

root@metaverse:~# pct start 99999

root@metaverse:~# pct enter 99999

sh-5.1# /bin/sh -l

[root@nixos:~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

    link/ether 1a:cf:4b:25:40:fb brd ff:ff:ff:ff:ff:ff link-netnsid 0

    inet 192.168.1.111/24 brd 192.168.1.255 scope global eth0

       valid_lft forever preferred_lft forever

[root@nixos:~]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=3.28 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=2.44 ms

64 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=2.90 ms

^C

--- 8.8.8.8 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2004ms

rtt min/avg/max/mdev = 2.436/2.871/3.279/0.344 ms

[root@nixos:~]#
logout
sh-5.1#
exit

root@metaverse:~# ssh 192.168.1.111
The authenticity of host '192.168.1.111 (192.168.1.111)' can't be established.
ED25519 key fingerprint is SHA256:sDaQQ1ySGDo7p7suNtQ93WE+aSyjvWSPHlmmrtLcV9k.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.1.111' (ED25519) to the list of known hosts.

Last login: Fri Feb 18 05:23:35 2022

[root@nixos:~]#
logout
Connection to 192.168.1.111 closed.