nixos/doc/manual/administration/declarative-containers.xml at v206 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / doc / manual / administration / declarative-containers.xml
at v206 2.1 kB view raw
 1<section  xmlns="http://docbook.org/ns/docbook"
 2          xmlns:xlink="http://www.w3.org/1999/xlink"
 3          xmlns:xi="http://www.w3.org/2001/XInclude"
 4          version="5.0"
 5          xml:id="sec-declarative-containers">
 6
 7<title>Declarative Container Specification</title>
 8
 9<para>You can also specify containers and their configuration in the
10host’s <filename>configuration.nix</filename>.  For example, the
11following specifies that there shall be a container named
12<literal>database</literal> running PostgreSQL:
13
14<programlisting>
15containers.database =
16  { config =
17      { config, pkgs, ... }:
18      { services.postgresql.enable = true;
19        services.postgresql.package = pkgs.postgresql92;
20      };
21  };
22</programlisting>
23
24If you run <literal>nixos-rebuild switch</literal>, the container will
25be built and started. If the container was already running, it will be
26updated in place, without rebooting.</para>
27
28<para>By default, declarative containers share the network namespace
29of the host, meaning that they can listen on (privileged)
30ports. However, they cannot change the network configuration. You can
31give a container its own network as follows:
32
33<programlisting>
34containers.database =
35  { privateNetwork = true;
36    hostAddress = "192.168.100.10";
37    localAddress = "192.168.100.11";
38  };
39</programlisting>
40
41This gives the container a private virtual Ethernet interface with IP
42address <literal>192.168.100.11</literal>, which is hooked up to a
43virtual Ethernet interface on the host with IP address
44<literal>192.168.100.10</literal>.  (See the next section for details
45on container networking.)</para>
46
47<para>To disable the container, just remove it from
48<filename>configuration.nix</filename> and run <literal>nixos-rebuild
49switch</literal>. Note that this will not delete the root directory of
50the container in <literal>/var/lib/containers</literal>.</para>
51
52<para>Declarative containers can be started and stopped using the
53corresponding systemd service, e.g. <literal>systemctl start
54container@database</literal>.</para>
55
56</section>