pyrox.dev
1# Declarative Container Specification {#sec-declarative-containers}
2
3You can also specify containers and their configuration in the host's
4`configuration.nix`. For example, the following specifies that there
5shall be a container named `database` running PostgreSQL:
6
7```nix
8containers.database =
9 { config =
10 { config, pkgs, ... }:
11 { services.postgresql.enable = true;
12 services.postgresql.package = pkgs.postgresql_14;
13 };
14 };
15```
16
17If you run `nixos-rebuild switch`, the container will be built. If the
18container was already running, it will be updated in place, without
19rebooting. The container can be configured to start automatically by
20setting `containers.database.autoStart = true` in its configuration.
21
22By default, declarative containers share the network namespace of the
23host, meaning that they can listen on (privileged) ports. However, they
24cannot change the network configuration. You can give a container its
25own network as follows:
26
27```nix
28containers.database = {
29 privateNetwork = true;
30 hostAddress = "192.168.100.10";
31 localAddress = "192.168.100.11";
32};
33```
34
35This gives the container a private virtual Ethernet interface with IP
36address `192.168.100.11`, which is hooked up to a virtual Ethernet
37interface on the host with IP address `192.168.100.10`. (See the next
38section for details on container networking.)
39
40To disable the container, just remove it from `configuration.nix` and
41run `nixos-rebuild
42 switch`. Note that this will not delete the root directory of the
43container in `/var/lib/nixos-containers`. Containers can be destroyed using
44the imperative method: `nixos-container destroy foo`.
45
46Declarative containers can be started and stopped using the
47corresponding systemd service, e.g.
48`systemctl start container@database`.