pyrox.dev
1# Declarative Container Specification {#sec-declarative-containers}
2
3You can also specify containers and their configuration in the host's
4`configuration.nix`. For example, the following specifies that there
5shall be a container named `database` running PostgreSQL:
6
7```nix
8{
9 containers.database =
10 { config =
11 { config, pkgs, ... }:
12 { services.postgresql.enable = true;
13 services.postgresql.package = pkgs.postgresql_14;
14 };
15 };
16}
17```
18
19If you run `nixos-rebuild switch`, the container will be built. If the
20container was already running, it will be updated in place, without
21rebooting. The container can be configured to start automatically by
22setting `containers.database.autoStart = true` in its configuration.
23
24By default, declarative containers share the network namespace of the
25host, meaning that they can listen on (privileged) ports. However, they
26cannot change the network configuration. You can give a container its
27own network as follows:
28
29```nix
30{
31 containers.database = {
32 privateNetwork = true;
33 hostAddress = "192.168.100.10";
34 localAddress = "192.168.100.11";
35 };
36}
37```
38
39This gives the container a private virtual Ethernet interface with IP
40address `192.168.100.11`, which is hooked up to a virtual Ethernet
41interface on the host with IP address `192.168.100.10`. (See the next
42section for details on container networking.)
43
44To disable the container, just remove it from `configuration.nix` and
45run `nixos-rebuild
46 switch`. Note that this will not delete the root directory of the
47container in `/var/lib/nixos-containers`. Containers can be destroyed using
48the imperative method: `nixos-container destroy foo`.
49
50Declarative containers can be started and stopped using the
51corresponding systemd service, e.g.
52`systemctl start container@database`.