1. 首先你需要个docker-ce

yum install docker-ce -b test

找个地方存在你的NixOS的根目录

DEST=/opt/weiping.xwp/nixos
mkdir -p $DEST/{dev,proc,etc/nixos}

docker run --privileged -v $DEST:/mnt -it --rm --cap-add SYS_ADMIN docker.io/nixos/nix:latest

2. 你需要设置国内镜像

容器里运行

echo "substituters = https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store https://cache.nixos.org/" >> /etc/nix/nix.conf
nix-channel --add https://mirrors.tuna.tsinghua.edu.cn/nix-channels/nixos-22.11 nixpkgs
nix-channel --update
nix-channel --list

Install the nixos install tools:

nix-env -f '<nixpkgs>' -iA nixos-install-tools util-linux

Copy the configuration.nix file and run the installation:

cat > /mnt/etc/nixos/configuration.nix
…see below…
<Ctrl-D>

# workaround for error: while setting up the build environment: mounting /proc: Operation not permitted «
mount --bind /proc/ /mnt/proc
mount --bind /dev/ /mnt/dev

nixos-install --root /mnt

# /etc/nixos/configuration.nix
#
# Edit this configuration file to define what should be installed on
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

{
  imports = [];

  boot.isContainer = true;
  boot.loader.initScript.enable = true;

  time.timeZone = "Europe/Skopje";

  networking.hostName = ""; # empty
  networking.useDHCP = false;
  networking.useNetworkd = true;
  networking.useHostResolvConf = false;
  networking.firewall.enable = false;
  # default password is "root", create with `openssl passwd -6 root`
  users.users.root.initialHashedPassword = "$6$V1JB3DXzfkBBjaxL$V4ymu8BxUdDKwDqRMsy4bu4tyocBglz6qtuyonMbi.HweoKbcgLr.W57A62SPqi6CzEGWtER9vskXHAqoHpr4/";
    nix.settings.substituters = [ "https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store" "https://mirrors4.bfsu.edu.cn/nix-channels/store" ];

  environment.systemPackages = with pkgs; [
     vim
     wget
  ];
  # services.sshd.enable = true;

  system.stateVersion = "22.11";
}

3. 准备网络

brctl addbr  br0
ip addr add 192.168.122.1/24 dev br0

yum install dnsmasq
cat > /etc/dnsmasq.conf
strict-order
except-interface=lo
bind-dynamic
interface=virbr0
dhcp-range=192.168.122.2,192.168.122.254
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
<Ctrl-D>

systemctl start dnsmasq.service && systemctl enable dnsmasq.service

iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -o eth0 -j MASQUERADE

4. Boot

sudo systemd-nspawn --network-bridge=virbr0 --directory $DEST -- /sbin/init
…
-p 10000:20000 that host port 10000 is mapped to container port 20000

# poweroff

5. 转入后台运行

创建一个systemd unit

cat  > /usr/lib/systemd/system/systemd-nspawn@nixos.service
[Unit]
Description=Container
Documentation=man:systemd-nspawn(1)
After=network.target

[Service]
ExecStart=/usr/bin/systemd-nspawn --quiet --keep-unit --link-journal=try-guest --network-bridge=virbr0 --directory=/opt/weiping.xwp/nixos -- /sbin/init
KillMode=mixed
Type=notify
RestartForceExitStatus=133
SuccessExitStatus=133
Slice=machine.slice
Delegate=yes

[Install]
WantedBy=machines.target

systemctl start systemd-nspawn@nixos.service

进入NixOS的方式
machine start nixos

如果你用systemd-nspwan的自注册能力，只需要将根目录转移到 /var/lib/machines/nixos

这样你就拥有一个NixOS初始环境，并且可以联通外网，如果需要对外提供服务，做下DNAT放通相应端口，或者使用systemd-nspawn的-p参数即可