Incus
Incus is a next generation system container and virtual machine manager. It is a community driven alternative to Canonical's LXD.
Linux containers provides installation instructions, including for nixos [1]. Wide variety of linux distro images are available, including for NixOS [2].
NixOS image
There is a pre-built NixOS image available at https://images.linuxcontainers.org/ providing both stable and unstable NixOS distributions.
To list available nixos images you can use incus image list command:
$ incus image list images:nixos +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/23.11 (3 more) | 4a84a70fb432 | yes | Nixos 23.11 amd64 (20240216_01:02) | x86_64 | CONTAINER | 128.94MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/23.11 (3 more) | cee1d901cca2 | yes | Nixos 23.11 amd64 (20240216_01:02) | x86_64 | VIRTUAL-MACHINE | 467.54MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/23.11/arm64 (1 more) | 0881cc69ae39 | yes | Nixos 23.11 arm64 (20240216_01:03) | aarch64 | VIRTUAL-MACHINE | 474.89MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/23.11/arm64 (1 more) | c436a2e0a0e3 | yes | Nixos 23.11 arm64 (20240216_01:03) | aarch64 | CONTAINER | 123.78MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/unstable (3 more) | 711ad413f1d4 | yes | Nixos unstable amd64 (20240216_01:03) | x86_64 | VIRTUAL-MACHINE | 467.31MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/unstable (3 more) | b15681a4f2cf | yes | Nixos unstable amd64 (20240216_01:03) | x86_64 | CONTAINER | 174.39MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/unstable/arm64 (1 more) | 95242674aa96 | yes | Nixos unstable arm64 (20240216_01:03) | aarch64 | VIRTUAL-MACHINE | 475.38MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+ | nixos/unstable/arm64 (1 more) | c0a02e8fd464 | yes | Nixos unstable arm64 (20240216_01:03) | aarch64 | CONTAINER | 168.44MiB | Feb 16, 2024 at 12:00am (UTC) | +-------------------------------+--------------+--------+---------------------------------------+--------------+-----------------+-----------+-------------------------------+
To launch a new NixOS container use the following command:
incus launch images:nixos/unstable nixos -c security.nesting=true
security.nesting=true is needed for nix to work correctly.
Your new instance should be running:
$ incus list +-------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS | +-------+---------+----------------------+-----------------------------------------------+-----------+-----------+ | nixos | RUNNING | 10.227.60.142 (eth0) | fd42:49ed:2bf3:f0ad:216:3eff:fe73:47bd (eth0) | CONTAINER | 0 | +-------+---------+----------------------+-----------------------------------------------+-----------+-----------+ $ incus exec nixos -- bash
After that you can run a root shell inside container using incus exec nixos -- bash. From there you probably want to add a new user and use ssh to connect via the IP that you can find using incus list command. If for some reason instance does not get an IP, it's most likely issue with firewalld and you need to add incusbr0 to allowed firewall zone.
Image is built using linuxcontainers CI job [3], the source of which can be found here [4]. As we can see jenkins CI job downloads lxdVirtualMachineImage derivation produced by hydra, which produces qcow2 image file. Configuration for nixos image can be found here [5].