~liljamo/nix-arta (a2307139c283dc5eb3b5855a073203f78e30462d): docs/lxc.md blame

f93b6c72 Jonni Liljamo 


065f5525 Jonni Liljamo 





f93b6c72 Jonni Liljamo 

065f5525 Jonni Liljamo 
f93b6c72 Jonni Liljamo 
065f5525 Jonni Liljamo 




f93b6c72 Jonni Liljamo 
065f5525 Jonni Liljamo 
f93b6c72 Jonni Liljamo 


065f5525 Jonni Liljamo 








f93b6c72 Jonni Liljamo 
065f5525 Jonni Liljamo 
f93b6c72 Jonni Liljamo 

065f5525 Jonni Liljamo 
f93b6c72 Jonni Liljamo

3 months ago


a month ago





3 months ago

a month ago
3 months ago
a month ago




3 months ago
a month ago
3 months ago


a month ago








3 months ago
a month ago
3 months ago

a month ago
3 months ago

# LXC
Docs for LXC things.

## Creating a new NixOS LXC container
### Build the base image
```
nix build ".#lxcbase"
```
Take the output of that, and import it into Proxmox.

### Create the container from the image
Do a normal container setup, without IP setup.

Add the following to `/etc/pve/lxc/ID.conf` for Tailscale to work:
```
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
```

### Make an entry in this repository for the wanted container
A bare minimum setup, meaning a host with:
 * the LXC profile,
 * the base role,
 * IP map in util,
 * secrets configured

Get the age key for the host with:
```
nix-shell -p ssh-to-age --run 'ssh-keyscan 10.1.2.2 | ssh-to-age'
```
That might fail at first. If it does, ssh once into the container to trust the
fingerprint and try again.

### Rebuild the real container on top of the base, the base is available at 10.1.2.2
Might need two rebuilds.

### Profit
And done!