{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreiae3salhxuibmsvfkg4cehxzfedvperqn77d2dso7k2ia7liuisua",
"uri": "at://did:plc:hcasvtk5xz7juoqnakrv3fxo/app.bsky.feed.post/3mnigfwqmoj42"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreidr43rw3yagr7mpismtooabf6al3mu2gawknneg52e4dre4pcaxga"
},
"mimeType": "image/png",
"size": 23235
},
"description": "After two years with NixOS, I have grown to love having my entire system declared in one place. When I started building Proxmox VMs, I wanted the same thing. I wanted neovim, tmux, and all my settings ready from the first boot, not bolted on afterwards.\n\nNixOS makes this surprisingly simple. With nixos-rebuild build-image, what used to require external tools like nixos-generators is now built in. In this post I will show how I set up a minimalistic VM that can be used as a boilerplate for the co",
"path": "/nixos-based-proxmox-vms/",
"publishedAt": "2026-06-04T20:07:21.000Z",
"site": "https://nerdiverset.no",
"textContent": "After two years with NixOS, I have grown to love having my entire system declared in one place. When I started building Proxmox VMs, I wanted the same thing. I wanted neovim, tmux, and all my settings ready from the first boot, not bolted on afterwards.\n\nNixOS makes this surprisingly simple. With `nixos-rebuild build-image`, what used to require external tools like nixos-generators is now built in. In this post I will show how I set up a minimalistic VM that can be used as a boilerplate for the coming VMs that will be built.\n\n## Bare minimum configuration\n\nTo create a Proxmox .vma file there are a few things we need to have in order, we need to import the correct virtualisation module, we need to configure the baseline for Proxmox resources, for remote builds we need a user with SSH-keys and sudo privileges without password, and finally since I use Home Manager, we need to set the hostname explicitly since in my user configuration I import by hostname.\n\nThings not displayed in the configuration below is the virtualisation import, that lives in the configuration.nix, and my user configuration, which is in hosts/common/users\n\n\n {\n config,\n pkgs,\n lib,\n ...\n }: {\n # Platform\n nixpkgs.hostPlatform = \"x86_64-linux\";\n\n # Hostname\n networking.hostName = lib.mkOverride 40 \"test-vm\"; # need to take precedence over proxmox-img which has mkdefault with a value of 50\n\n # Locale\n console.keyMap = \"no\";\n i18n.defaultLocale = \"en_US.UTF-8\";\n i18n.extraLocaleSettings = {\n LC_TIME = \"nb_NO.UTF-8\";\n };\n time.timeZone = \"Europe/Oslo\";\n\n # Boot\n boot.growPartition = true;\n boot.loader.grub = {\n efiSupport = true;\n efiInstallAsRemovable = true;\n device = \"nodev\";\n };\n\n # Filesystems\n fileSystems.\"/\" = {\n device = \"/dev/disk/by-label/nixos\";\n autoResize = true;\n fsType = \"ext4\";\n };\n\n # Proxmox VMA Image Settings\n proxmox.qemuConf = {\n cores = 2;\n memory = 4096;\n name = \"test-vm\";\n net0 = \"virtio,bridge=vmbr0\";\n bios = \"ovmf\";\n ostype = \"l26\";\n };\n virtualisation.diskSize = 16384;\n\n # SSH\n services.openssh = {\n enable = true;\n settings.PasswordAuthentication = false;\n settings.KbdInteractiveAuthentication = false;\n };\n\n security.sudo.wheelNeedsPassword = false;\n\n # Packages\n environment.systemPackages = with pkgs; [\n vim\n curl\n git\n ];\n\n # System State Version\n system.stateVersion = \"24.11\";\n home-manager.users.fredrik.home.stateVersion = lib.mkDefault \"24.11\";\n }\n\n\n\n## Building and applying the VMA file\n\nWith the configuration ready we only need to generate a VMA file and move it to the Proxmox server!\n\nCreating and moving the image:\n\n\n # creating the image\n nixos-rebuild build-image --image-variant proxmox --flake .#test-vm\n\n # moving the image\n scp result/vzdump-test-vm.vma.zst root@<proxmox-ip>:/var/lib/vz/template/cache/\n\n\nWith the image safely transported to the Proxmox server, we need to restore it and apply cloud-init configurations:\n\n\n # SSH to the server\n ssh root@<proxmox-ip>\n\n # restore the VM\n qmrestore /var/lib/vz/template/cache/vzdump-test-vm.vma.zst <vm-id> --unique true --storage local-lvm\n\n # Set up IP addresses, static IPv4 and SLAAC ipv6\n qm set <vm-id> --ipconfig0 ip=192.168.10.233/24,gw=192.168.10.1,ip6=auto # Note that I set this up in a test network before I converted to the new IP schema\n\n # start the VM\n qm start <vm-id>\n\n\n\nNow we have a running VM with sshd server running and our keys in authorized keys! Since I have the same username on my desktop as the new VM I can SSH by just specifying the IP\n\n\n ssh 192.168.10.233\n\n\nWith this we now have a fully... well, functional VM! With it now built we can use `nixos-rebuild` with `--target-host` to update it! The big benefit is that we can use our main machine to build from with beefier specs and one cache that can build for all our VMs\n\n## Remote build\n\nDuring my little exploration in to building VM images I quickly saw the great benefits of the remote building. My beefy main computer to build and push, utilizing the cache for each subsequent build. And this is the part where we need the sudo to be passwordless!\n\n\n nixos-rebuild switch --flake .#test-vm --target-host fredrik@<ip> --sudo\n\n\n## Conclusion\n\nAfter going down the rabbit hole of building images for Proxmox and remote builds I am very happy with the outcome, and the ease of use when I need to set up a new VM from my normal flake setup. Having the ability to quickly add in a new template that pulls my user and Home Manager configuration is really a nice way to do it. And it stays declarative in case I need to set up a new machine with the same setup. I have said it before, and can't say it enough, I love having things declaratively",
"title": "Nixos based Proxmox VMs"
}