Building ProxmoxVE Linux Containers with Nix

You can use 'make-system-tarball' to create a Linux Container that can run on ProxmoxVE, for example like https://codeberg.org/raboof/nix-mastodon-bot/src/branch/main/default.nix#L31

Running NixOS as a ProxmoxVE LXC container

With a small amount of work, it is possible to use NixOS as a LXC container under ProxmoxVE.

Finding a container tarball

These given instructions are known to be working in december of 2024 on ProxmoxVE v8.3.1 and NixOS v24.11. Hopefully these instructions will remain to be working for a while. Previous given instructions on this page were using the generic LXC-container tarball (nixos.containerTarball), these new instructions use the ProxmoxVE-specific LXC-container tarball (nixos.proxmoxLXC).

1. Open a browser and navigate: [1](https://hydra.nixos.org/project/nixos)
2. Navigate to the release you want to run (at this time: release-24.11). (small ones don't have the tarball we need).
3. Open the "Jobs" tab of the release
4. Enter in the searchbar: nixos.proxmoxLXC
   

   Hydra job for ProxmoxLXC container
5. Choose the latest successfull job and click on the corresponding checkmark icon to navigate.
6. Under Build products, copy the link of nixos-system-x86_64-linux.tar.xz to your clipboard. This is the download-link of the tarball. For example: https://hydra.nixos.org/build/282070945/download/1/nixos-system-x86_64-linux.tar.xz
7. Open your ProxmoxVE Web UI
8. Navigate to the CT Templates via the storage.
9. Click the button Download from URL
   

   Download from URL button
10. Paste from the clipboard the download link and initiate the download.
    

    Downloading tarball

Tip Renaming the downloaded container tarball The download will result in a "CT Template" named: nixos-system-x86_64-linux.tar.xz. This name does not contain any version identification. If desired you might want the add this yourself by renaming the file on disk. You can do that by opening a Shell of your ProxmoxVE host. The path where the templates are stored depends on your ProxmoxVE setup, it might be: /var/lib/vz/template/cache/ or /var/lib/pve/local-btrfs/template/cache/. mv nixos-system-x86_64-linux.tar.xz nixos-${RELEASE}-default_${BUILDID}_amd64.tar.xz

ProxmoxVE CLI Create container

In the Shell of your ProxmoxVE host, create a container using the following snippet:

ctid="99999"
ctname="nixos"
ctt="local:vztmpl/nixos-system-x86_64-linux.tar.xz"
cts="local-lvm"     

pct create ${ctid} ${ctt} \
  --hostname=${ctname} \
  -ostype=nixos --cmode=console --unprivileged=0 --features nesting=1 \
  -net0 name=eth0,bridge=vmbr0,hwaddr=BC:24:11:8B:6C:00,ip=dhcp,type=veth \
  --arch=amd64 --swap=1024 --memory=2048 \
  -storage=${cts}

In the above snippet it might be that you have to replace the default storage names local and local-lvm to your specific storage names. For instance when using BTRFS for your ProxmoxVE host this will probably be both local-btrfs as storage-names.

Tip use tab-completion in the CLI for the local:... path!

If the snippet ran succesfully, you should have a stopped NixOS container. You now to increase the disk size, start the container and "enter" it:

pct resize ${ctid} rootfs +2G
pct start ${ctid}
pct enter ${ctid}

Container shell

Upon "entering" the container, you should now see the prompt of the container.

Now do:

source /etc/set-environment
passwd --delete root
nano /etc/nixos/configuration.nix

You should now be in the editor "nano". Add the following minimal NixOS configuration to have an easy accessible NixOS container:

{ config, modulesPath, pkgs, lib, ... }:
{
  imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
  nix.settings = { sandbox = false; };  
  systemd.network.wait-online.enable = false;
  security.pam.services.sshd.allowNullPassword = true;
  services.openssh = {
    enable = true;
    openFirewall = true;
    settings = {
        PermitRootLogin = "yes";
        PasswordAuthentication = true;
        PermitEmptyPasswords = "yes";
    };
  };
  system.stateVersion = "24.11";
}

Save the file using the key strokes <CTRL+O>, <ENTER> and <CTRL-X>. We're now going to switch to the NixOS configuration:

nix-channel --update
nixos-rebuild switch --upgrade

That's it! You now have a running NixOS-container. Via the ProxmoxVE UI you can open the console and log on as root, no password is needed. If you don't see the login prompt, you can trigger it to appear by pressing the ENTER key once.

For resolving errors you might want to use resolvectl, ifconfig and journalctl -ef

Tip Don't forget to increase the disk-size before adding packages to your NixOS configuration