kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity
My personal project and infrastructure archive
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
378420 Commits
7 Branches
1 Tag
1.4 GiB
 
 
 
 
 
 
Tag: Branch: Tree: e052be0a84
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e052be0a84'
${ noResults }
nomicon/nixos/doc/manual/from_md/administration/declarative-containers.sect...

60 lines
2.4 KiB
Raw Blame History

<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-declarative-containers">
<title>Declarative Container Specification</title>
<para>
You can also specify containers and their configuration in the
host’s <literal>configuration.nix</literal>. For example, the
following specifies that there shall be a container named
<literal>database</literal> running PostgreSQL:
</para>
<programlisting language="bash">
containers.database =
{ config =
{ config, pkgs, ... }:
{ services.postgresql.enable = true;
services.postgresql.package = pkgs.postgresql_10;
};
};
</programlisting>
<para>
If you run <literal>nixos-rebuild switch</literal>, the container
will be built. If the container was already running, it will be
updated in place, without rebooting. The container can be configured
to start automatically by setting
<literal>containers.database.autoStart = true</literal> in its
configuration.
</para>
<para>
By default, declarative containers share the network namespace of
the host, meaning that they can listen on (privileged) ports.
However, they cannot change the network configuration. You can give
a container its own network as follows:
</para>
<programlisting language="bash">
containers.database = {
privateNetwork = true;
hostAddress = &quot;192.168.100.10&quot;;
localAddress = &quot;192.168.100.11&quot;;
};
</programlisting>
<para>
This gives the container a private virtual Ethernet interface with
IP address <literal>192.168.100.11</literal>, which is hooked up to
a virtual Ethernet interface on the host with IP address
<literal>192.168.100.10</literal>. (See the next section for details
on container networking.)
</para>
<para>
To disable the container, just remove it from
<literal>configuration.nix</literal> and run
<literal>nixos-rebuild switch</literal>. Note that this will not
delete the root directory of the container in
<literal>/var/lib/nixos-containers</literal>. Containers can be
destroyed using the imperative method:
<literal>nixos-container destroy foo</literal>.
</para>
<para>
Declarative containers can be started and stopped using the
corresponding systemd service, e.g.
<literal>systemctl start container@database</literal>.
</para>
</section>