DEVELOPMENT ENVIRONMENT

~liljamo/nix-arta

ref: 277404e994ce4b2a464d5b31238daae5e3e63491 nix-arta/docs/lxc.md -rw-r--r-- 977 bytes
277404e9Jonni Liljamo feat(systems/hosts/oci): auto-update and remove registry ui port a month ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# LXC
Docs for LXC things.

## Creating a new NixOS LXC container
### Build the base image
```
nix build ".#lxcbase"
```
Take the output of that, and import it into Proxmox.

### Create the container from the image
Do a normal container setup, without IP setup.

Add the following to `/etc/pve/lxc/ID.conf` for Tailscale to work:
```
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
```

### Make an entry in this repository for the wanted container
A bare minimum setup, meaning a host with:
 * the LXC profile,
 * the base role,
 * IP map in util,
 * secrets configured

Get the age key for the host with:
```
nix-shell -p ssh-to-age --run 'ssh-keyscan 10.1.2.2 | ssh-to-age'
```
That might fail at first. If it does, ssh once into the container to trust the
fingerprint and try again.

### Rebuild the real container on top of the base, the base is available at 10.1.2.2
Might need two rebuilds.

### Profit
And done!