pyrox.dev
1<chapter xmlns="http://docbook.org/ns/docbook"
2 xmlns:xlink="http://www.w3.org/1999/xlink"
3 xmlns:xi="http://www.w3.org/2001/XInclude"
4 version="5.0"
5 xml:id="ch-containers">
6 <title>Container Management</title>
7 <para>
8 NixOS allows you to easily run other NixOS instances as
9 <emphasis>containers</emphasis>. Containers are a light-weight approach to
10 virtualisation that runs software in the container at the same speed as in
11 the host system. NixOS containers share the Nix store of the host, making
12 container creation very efficient.
13 </para>
14 <warning>
15 <para>
16 Currently, NixOS containers are not perfectly isolated from the host system.
17 This means that a user with root access to the container can do things that
18 affect the host. So you should not give container root access to untrusted
19 users.
20 </para>
21 </warning>
22 <para>
23 NixOS containers can be created in two ways: imperatively, using the command
24 <command>nixos-container</command>, and declaratively, by specifying them in
25 your <filename>configuration.nix</filename>. The declarative approach implies
26 that containers get upgraded along with your host system when you run
27 <command>nixos-rebuild</command>, which is often not what you want. By
28 contrast, in the imperative approach, containers are configured and updated
29 independently from the host system.
30 </para>
31 <xi:include href="imperative-containers.xml" />
32 <xi:include href="declarative-containers.xml" />
33 <xi:include href="container-networking.xml" />
34</chapter>