From d2cf5832003458c2c832fb6cdda38fbac5e28dfd Mon Sep 17 00:00:00 2001
From: Chris Toph <toph@ryot.foo>
Date: Fri, 28 Mar 2025 17:41:48 -0400
Subject: [PATCH] Add LXC host for minimal LXC setup.

---
 home/toph/lxc/default.nix            | 10 +++++
 hosts/common/optional/system/lxc.nix | 39 +++++++++++++++++--
 hosts/nixos/lxc/default.nix          | 58 ++++++++++++++++++++++++++++
 hosts/nixos/lxc/hardware.nix         | 12 ++++++
 hosts/users/default.nix              |  2 +-
 5 files changed, 116 insertions(+), 5 deletions(-)
 create mode 100644 home/toph/lxc/default.nix
 create mode 100644 hosts/nixos/lxc/default.nix
 create mode 100644 hosts/nixos/lxc/hardware.nix

diff --git a/home/toph/lxc/default.nix b/home/toph/lxc/default.nix
new file mode 100644
index 0000000..fef0923
--- /dev/null
+++ b/home/toph/lxc/default.nix
@@ -0,0 +1,10 @@
+{
+  pkgs,
+  ...
+}:
+{
+  imports = [
+    ## Required Configs ##
+    ../common/core # required
+  ];
+}
diff --git a/hosts/common/optional/system/lxc.nix b/hosts/common/optional/system/lxc.nix
index 4c88692..7489417 100644
--- a/hosts/common/optional/system/lxc.nix
+++ b/hosts/common/optional/system/lxc.nix
@@ -1,4 +1,9 @@
-{ modulesPath, ... }:
+{
+  modulesPath,
+  lib,
+  config,
+  ...
+}:
 {
   imports = [
     # Include the default lxc/lxd configuration.
@@ -6,10 +11,36 @@
   ];
 
   # Treats the system as a container.
-  boot.isContainer = true;
+  boot = {
+    isContainer = true;
+  };
 
-  # Set your system kind (needed for flakes)
-  nixpkgs.hostPlatform = "x86_64-linux";
+  console.enable = true;
+
+  nix.settings = {
+    sandbox = false;
+  };
+
+  systemd = {
+    mounts = [
+      {
+        enable = false;
+        where = "/sys/kernel/debug";
+      }
+    ];
+
+    # By default only starts getty on tty0 but first on LXC is tty1
+    services."autovt@".unitConfig.ConditionPathExists = [
+      ""
+      "/dev/%I"
+    ];
+
+    # These are disabled by `console.enable` but console via tty is the default in Proxmox
+    services."getty@tty1".enable = lib.mkForce true;
+    services."autovt@".enable = lib.mkForce true;
+  };
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 
   # Supress systemd units that don't work because of LXC.
   # https://blog.xirion.net/posts/nixos-proxmox-lxc/#configurationnix-tweak
diff --git a/hosts/nixos/lxc/default.nix b/hosts/nixos/lxc/default.nix
new file mode 100644
index 0000000..61b7fcf
--- /dev/null
+++ b/hosts/nixos/lxc/default.nix
@@ -0,0 +1,58 @@
+###############################################################
+#
+#  Barebones LXC Container for Proxmox
+#
+#  This is a special host for LXC installations in Proxmox.
+#  Has the barebones configuration needed to then setup the wanted new host config
+#
+###############################################################
+
+{
+  inputs,
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  username = "toph";
+in
+{
+  imports = lib.flatten [
+    ## Hardware ##
+    ./hardware.nix
+
+    (map lib.custom.relativeToRoot [
+      ## Required Configs ##
+      "hosts/common/core"
+
+      ## Proxy Specific ##
+      "hosts/users/${username}" # # Not the best solution but I always have one user so ¯\_(ツ)_/¯
+    ])
+  ];
+
+  ## Host Specifications ##
+  hostSpec = {
+    hostName = "lxc";
+    username = username;
+    handle = "tophC7";
+    password = "[REDACTED]";
+    [REDACTED];
+    email = "[REDACTED]";
+    userFullName = "[REDACTED]";
+    isARM = false;
+  };
+
+  networking = {
+    enableIPv6 = false;
+  };
+
+  ## System-wide packages ##
+  programs.nix-ld.enable = true;
+  environment.systemPackages = with pkgs; [
+    lazydocker
+  ];
+
+  # https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
+  system.stateVersion = "25.05";
+}
diff --git a/hosts/nixos/lxc/hardware.nix b/hosts/nixos/lxc/hardware.nix
new file mode 100644
index 0000000..f0e401e
--- /dev/null
+++ b/hosts/nixos/lxc/hardware.nix
@@ -0,0 +1,12 @@
+{
+  lib,
+  ...
+}:
+{
+  imports = lib.flatten [
+    (map lib.custom.relativeToRoot [
+      "hosts/common/optional/system/lxc.nix"
+      "hosts/common/optional/system/pool.nix"
+    ])
+  ];
+}
diff --git a/hosts/users/default.nix b/hosts/users/default.nix
index ce208a4..fb8d14b 100644
--- a/hosts/users/default.nix
+++ b/hosts/users/default.nix
@@ -46,7 +46,7 @@ in
   # root's ssh key are mainly used for remote deployment, borg, and some other specific ops
   users.users.root = {
     shell = pkgs.bash;
-    password = hostSpec.password;
+    password = lib.mkForce hostSpec.password;
     openssh.authorizedKeys.keys = config.users.users.${hostSpec.username}.openssh.authorizedKeys.keys; # root's ssh keys are mainly used for remote deployment.
   };
 }