pyrox.dev
1# Container Management {#ch-containers}
2
3NixOS allows you to easily run other NixOS instances as *containers*.
4Containers are a light-weight approach to virtualisation that runs
5software in the container at the same speed as in the host system. NixOS
6containers share the Nix store of the host, making container creation
7very efficient.
8
9::: {.warning}
10Currently, NixOS containers are not perfectly isolated from the host
11system. This means that a user with root access to the container can do
12things that affect the host. So you should not give container root
13access to untrusted users.
14:::
15
16NixOS containers can be created in two ways: imperatively, using the
17command `nixos-container`, and declaratively, by specifying them in your
18`configuration.nix`. The declarative approach implies that containers
19get upgraded along with your host system when you run `nixos-rebuild`,
20which is often not what you want. By contrast, in the imperative
21approach, containers are configured and updated independently from the
22host system.
23
24```{=include=} sections
25imperative-containers.section.md
26declarative-containers.section.md
27container-networking.section.md
28```