pyrox.dev
1<chapter xmlns="http://docbook.org/ns/docbook"
2 xmlns:xlink="http://www.w3.org/1999/xlink"
3 xmlns:xi="http://www.w3.org/2001/XInclude"
4 version="5.0"
5 xml:id="ch-containers">
6
7<title>Container Management</title>
8
9<para>NixOS allows you to easily run other NixOS instances as
10<emphasis>containers</emphasis>. Containers are a light-weight
11approach to virtualisation that runs software in the container at the
12same speed as in the host system. NixOS containers share the Nix store
13of the host, making container creation very efficient.</para>
14
15<warning><para>Currently, NixOS containers are not perfectly isolated
16from the host system. This means that a user with root access to the
17container can do things that affect the host. So you should not give
18container root access to untrusted users.</para></warning>
19
20<para>NixOS containers can be created in two ways: imperatively, using
21the command <command>nixos-container</command>, and declaratively, by
22specifying them in your <filename>configuration.nix</filename>. The
23declarative approach implies that containers get upgraded along with
24your host system when you run <command>nixos-rebuild</command>, which
25is often not what you want. By contrast, in the imperative approach,
26containers are configured and updated independently from the host
27system.</para>
28
29<xi:include href="imperative-containers.xml" />
30<xi:include href="declarative-containers.xml" />
31<xi:include href="container-networking.xml" />
32
33</chapter>
34