commit 5aaeddee5f2da59e5664d5c215ff08cfb6a6f252 · pyrox.dev/nixpkgs

+28

nixos/doc/manual/administration/containers.chapter.md

···

       1
       1
       +
       # Container Management {#ch-containers}

     

       2
       2
       +
       

     

       3
       3
       +
       NixOS allows you to easily run other NixOS instances as *containers*.

     

       4
       4
       +
       Containers are a light-weight approach to virtualisation that runs

     

       5
       5
       +
       software in the container at the same speed as in the host system. NixOS

     

       6
       6
       +
       containers share the Nix store of the host, making container creation

     

       7
       7
       +
       very efficient.

     

       8
       8
       +
       

     

       9
       9
       +
       ::: {.warning}

     

       10
       10
       +
       Currently, NixOS containers are not perfectly isolated from the host

     

       11
       11
       +
       system. This means that a user with root access to the container can do

     

       12
       12
       +
       things that affect the host. So you should not give container root

     

       13
       13
       +
       access to untrusted users.

     

       14
       14
       +
       :::

     

       15
       15
       +
       

     

       16
       16
       +
       NixOS containers can be created in two ways: imperatively, using the

     

       17
       17
       +
       command `nixos-container`, and declaratively, by specifying them in your

     

       18
       18
       +
       `configuration.nix`. The declarative approach implies that containers

     

       19
       19
       +
       get upgraded along with your host system when you run `nixos-rebuild`,

     

       20
       20
       +
       which is often not what you want. By contrast, in the imperative

     

       21
       21
       +
       approach, containers are configured and updated independently from the

     

       22
       22
       +
       host system.

     

       23
       23
       +
       

     

       24
       24
       +
       ```{=docbook}

     

       25
       25
       +
       <xi:include href="imperative-containers.section.xml" />

     

       26
       26
       +
       <xi:include href="declarative-containers.section.xml" />

     

       27
       27
       +
       <xi:include href="container-networking.section.xml" />

     

       28
       28
       +
       ```

-34

nixos/doc/manual/administration/containers.xml

···

       1
       1
       -
       <chapter xmlns="http://docbook.org/ns/docbook"

     

       2
       2
       -
               xmlns:xlink="http://www.w3.org/1999/xlink"

     

       3
       3
       -
               xmlns:xi="http://www.w3.org/2001/XInclude"

     

       4
       4
       -
               version="5.0"

     

       5
       5
       -
               xml:id="ch-containers">

     

       6
       6
       -
        <title>Container Management</title>

     

       7
       7
       -
        <para>

     

       8
       8
       -
         NixOS allows you to easily run other NixOS instances as

     

       9
       9
       -
         <emphasis>containers</emphasis>. Containers are a light-weight approach to

     

       10
       10
       -
         virtualisation that runs software in the container at the same speed as in

     

       11
       11
       -
         the host system. NixOS containers share the Nix store of the host, making

     

       12
       12
       -
         container creation very efficient.

     

       13
       13
       -
        </para>

     

       14
       14
       -
        <warning>

     

       15
       15
       -
         <para>

     

       16
       16
       -
          Currently, NixOS containers are not perfectly isolated from the host system.

     

       17
       17
       -
          This means that a user with root access to the container can do things that

     

       18
       18
       -
          affect the host. So you should not give container root access to untrusted

     

       19
       19
       -
          users.

     

       20
       20
       -
         </para>

     

       21
       21
       -
        </warning>

     

       22
       22
       -
        <para>

     

       23
       23
       -
         NixOS containers can be created in two ways: imperatively, using the command

     

       24
       24
       -
         <command>nixos-container</command>, and declaratively, by specifying them in

     

       25
       25
       -
         your <filename>configuration.nix</filename>. The declarative approach implies

     

       26
       26
       -
         that containers get upgraded along with your host system when you run

     

       27
       27
       -
         <command>nixos-rebuild</command>, which is often not what you want. By

     

       28
       28
       -
         contrast, in the imperative approach, containers are configured and updated

     

       29
       29
       -
         independently from the host system.

     

       30
       30
       -
        </para>

     

       31
       31
       -
        <xi:include href="../from_md/administration/imperative-containers.section.xml" />

     

       32
       32
       -
        <xi:include href="../from_md/administration/declarative-containers.section.xml" />

     

       33
       33
       -
        <xi:include href="../from_md/administration/container-networking.section.xml" />

     

       34
       34
       -
       </chapter>

+1 -1

nixos/doc/manual/administration/running.xml

···

       16
       16
        
        <xi:include href="../from_md/administration/control-groups.chapter.xml" />

     

       17
       17
        
        <xi:include href="../from_md/administration/logging.chapter.xml" />

     

       18
       18
        
        <xi:include href="../from_md/administration/cleaning-store.chapter.xml" />

     

       19
       19
       -
        <xi:include href="containers.xml" />

     

       19
       19
       +
        <xi:include href="../from_md/administration/containers.chapter.xml" />

     

       20
       20
        
        <xi:include href="troubleshooting.xml" />

     

       21
       21
        
       </part>

+31

nixos/doc/manual/from_md/administration/containers.chapter.xml

···

       1
       1
       +
       <chapter xmlns="http://docbook.org/ns/docbook"  xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" xml:id="ch-containers">

     

       2
       2
       +
         <title>Container Management</title>

     

       3
       3
       +
         <para>

     

       4
       4
       +
           NixOS allows you to easily run other NixOS instances as

     

       5
       5
       +
           <emphasis>containers</emphasis>. Containers are a light-weight

     

       6
       6
       +
           approach to virtualisation that runs software in the container at

     

       7
       7
       +
           the same speed as in the host system. NixOS containers share the Nix

     

       8
       8
       +
           store of the host, making container creation very efficient.

     

       9
       9
       +
         </para>

     

       10
       10
       +
         <warning>

     

       11
       11
       +
           <para>

     

       12
       12
       +
             Currently, NixOS containers are not perfectly isolated from the

     

       13
       13
       +
             host system. This means that a user with root access to the

     

       14
       14
       +
             container can do things that affect the host. So you should not

     

       15
       15
       +
             give container root access to untrusted users.

     

       16
       16
       +
           </para>

     

       17
       17
       +
         </warning>

     

       18
       18
       +
         <para>

     

       19
       19
       +
           NixOS containers can be created in two ways: imperatively, using the

     

       20
       20
       +
           command <literal>nixos-container</literal>, and declaratively, by

     

       21
       21
       +
           specifying them in your <literal>configuration.nix</literal>. The

     

       22
       22
       +
           declarative approach implies that containers get upgraded along with

     

       23
       23
       +
           your host system when you run <literal>nixos-rebuild</literal>,

     

       24
       24
       +
           which is often not what you want. By contrast, in the imperative

     

       25
       25
       +
           approach, containers are configured and updated independently from

     

       26
       26
       +
           the host system.

     

       27
       27
       +
         </para>

     

       28
       28
       +
         <xi:include href="imperative-containers.section.xml" />

     

       29
       29
       +
         <xi:include href="declarative-containers.section.xml" />

     

       30
       30
       +
         <xi:include href="container-networking.section.xml" />

     

       31
       31
       +
       </chapter>