Today I pivoted some of my projects from LXD to Incus, and was pleased to find NixOS is being built for images:
now.
However:
[nhensel@nixos:~]$ incus launch images:nixos/23.11
Creating the instance
Instance name is: neutral-dinosaur
Starting neutral-dinosaur
[nhensel@nixos:~]$ incus exec neutral-dinosaur nixos-rebuild switch
...
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
[nhensel@nixos:~]$ incus exec neutral-dinosaur -- nix-channel --update
unpacking channels...
error: this system does not support the kernel namespaces that are required for sandboxing; use '--no-sandbox' to disable sandboxing
error: program '/nix/store/j7nl2pj606d8ld5818hw3z3fbz00sdc5-nix-2.18.1/bin/nix-env' failed with exit code 1
The solution is security.nesting
:
[nhensel@nixos:~]$ incus launch images:nixos/23.11 -c security.nesting=true
Creating the instance
Instance name is: pleasing-terrier
Starting pleasing-terrier
[nhensel@nixos:~]$ incus shell pleasing-terrier
[root@nixos:~]# nixos-rebuild switch --upgrade
building Nix...
building the system configuration...
activating the configuration...
setting up /etc...
setting up tmpfiles
Cannot set file attributes for '/var/empty', value=0x00000010, mask=0x00000010, ignoring: Operation not permitted
[root@nixos:~]#