pyrox.dev
1<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="ch-containers">
2 <title>Container Management</title>
3 <para>
4 NixOS allows you to easily run other NixOS instances as
5 <emphasis>containers</emphasis>. Containers are a light-weight
6 approach to virtualisation that runs software in the container at
7 the same speed as in the host system. NixOS containers share the Nix
8 store of the host, making container creation very efficient.
9 </para>
10 <warning>
11 <para>
12 Currently, NixOS containers are not perfectly isolated from the
13 host system. This means that a user with root access to the
14 container can do things that affect the host. So you should not
15 give container root access to untrusted users.
16 </para>
17 </warning>
18 <para>
19 NixOS containers can be created in two ways: imperatively, using the
20 command <literal>nixos-container</literal>, and declaratively, by
21 specifying them in your <literal>configuration.nix</literal>. The
22 declarative approach implies that containers get upgraded along with
23 your host system when you run <literal>nixos-rebuild</literal>,
24 which is often not what you want. By contrast, in the imperative
25 approach, containers are configured and updated independently from
26 the host system.
27 </para>
28 <xi:include href="imperative-containers.section.xml" />
29 <xi:include href="declarative-containers.section.xml" />
30 <xi:include href="container-networking.section.xml" />
31</chapter>