Enabling features by default for specific LXC type

[illustris]

I'm trying to add support for NixOS LXCs to proxmox. So far I've made a patch for pve-container that adds support for detecting NixOS LXCs, and writing host-managed configs to the container, that will then get applied by a service running inside the container.
https://github.com/illustris/pve-container/tree/3.3-4-nixos
For NixOS to work properly, nesting is required. For now I manually enable nesting on newly created LXCs, but is there some way to do this on container creation automatically after OS detection?

 

[t.lamprecht]

For NixOS to work properly, nesting is required. For now I manually enable nesting on newly created LXCs, but is there some way to do this on container creation automatically after OS detection?

No, currently we have no such auto-enable mechanism for nesting. It'd not be hard to do, contrary to privileged level its a switch one can enable with just a fresh CT start, no file changes required. But, it exposes some more information about the host to the Container, that's why we did not just enable it always but placed it under a switch in the first place.

Now, as modern systemd versions and other parts of common container userland requires this more and more it could be argued for, as the user will enable it anyway (they want to run that CT after all) if it does not work without the nested flag.
Not tested it, but you may be able to just set that flag in $conf in the new call of your derived NixOS module.

As a general note, such development specific discussion could fit the pve-devel mailing list a bit better:
https://pve.proxmox.com/wiki/Developer_Documentation#Mailing_List