Note
This post was originally written during the period that the author is obsessed with Roam Research and Logseq, but unfortunately this writing style made the content really difficult to read on phones so was quickly abandoned.
-
https://hub.nspawn.org/images/ provides NixOS tarball
- Has a sane default configuration.nix
- Has
boot.loader.initScript.enable = true;(otherwise nspawn won't be able to boot the system) - Has
boot.isContainer = true;- Source at
nixos/modules/virtualization/container-config.nix - Disables kernel, documentation, firewall etc.
- Source at
- Uses
systemd-networkd - But no
sshd
- Has
- Has a sane default configuration.nix
-
Use
machinectl pull-tar <hub url>to fetch NixOS tarball- To give the new system a nickname
<machinectl cmd> nickname - Delete leftover tarball with
machinectl clean
- To give the new system a nickname
-
Configure the host side
- Edit
/etc/systemd/nspawn/nickname.nspawn- Set
Private = nounder[Network](saves a lot of headache) - Set
Capability = allunder[Exec](also a time-saver)- Optionally set
PrivateUsers = no
- Optionally set
- Set
- Start this container when booting
systemctl enable systemd-nspawn@nickname
- Edit
-
Start the container
machinectl start nickname -
Configure the guest NixOS
- To access the container
machinectl shell root@nickname - Do a channel update or flake update1
- Edit
/etc/nixos/configuration.nix- Enable sshd by
services.openssh.enable = true;- Change the port to not conflict with the host's sshd
- Enable sshd by
- Do a
nixos-rebuild
- To access the container
That should be everything.
Footnotes
-
This is the most tedious part but motivation isn't enough for me to talk about it. ↩︎