about summary refs log tree commit diff
path: root/nixpkgs/nixos/doc/manual/administration/declarative-containers.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/nixos/doc/manual/administration/declarative-containers.xml')
-rw-r--r--nixpkgs/nixos/doc/manual/administration/declarative-containers.xml60
1 files changed, 60 insertions, 0 deletions
diff --git a/nixpkgs/nixos/doc/manual/administration/declarative-containers.xml b/nixpkgs/nixos/doc/manual/administration/declarative-containers.xml
new file mode 100644
index 000000000000..d03dbc4d7055
--- /dev/null
+++ b/nixpkgs/nixos/doc/manual/administration/declarative-containers.xml
@@ -0,0 +1,60 @@
+<section  xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude"
+          version="5.0"
+          xml:id="sec-declarative-containers">
+ <title>Declarative Container Specification</title>
+
+ <para>
+  You can also specify containers and their configuration in the host’s
+  <filename>configuration.nix</filename>. For example, the following specifies
+  that there shall be a container named <literal>database</literal> running
+  PostgreSQL:
+<programlisting>
+containers.database =
+  { config =
+      { config, pkgs, ... }:
+      { <xref linkend="opt-services.postgresql.enable"/> = true;
+      <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_9_6;
+      };
+  };
+</programlisting>
+  If you run <literal>nixos-rebuild switch</literal>, the container will be
+  built. If the container was already running, it will be updated in place,
+  without rebooting. The container can be configured to start automatically by
+  setting <literal>containers.database.autoStart = true</literal> in its
+  configuration.
+ </para>
+
+ <para>
+  By default, declarative containers share the network namespace of the host,
+  meaning that they can listen on (privileged) ports. However, they cannot
+  change the network configuration. You can give a container its own network as
+  follows:
+<programlisting>
+containers.database = {
+  <link linkend="opt-containers._name_.privateNetwork">privateNetwork</link> = true;
+  <link linkend="opt-containers._name_.hostAddress">hostAddress</link> = "192.168.100.10";
+  <link linkend="opt-containers._name_.localAddress">localAddress</link> = "192.168.100.11";
+};
+</programlisting>
+  This gives the container a private virtual Ethernet interface with IP address
+  <literal>192.168.100.11</literal>, which is hooked up to a virtual Ethernet
+  interface on the host with IP address <literal>192.168.100.10</literal>. (See
+  the next section for details on container networking.)
+ </para>
+
+ <para>
+  To disable the container, just remove it from
+  <filename>configuration.nix</filename> and run <literal>nixos-rebuild
+  switch</literal>. Note that this will not delete the root directory of the
+  container in <literal>/var/lib/containers</literal>. Containers can be
+  destroyed using the imperative method: <literal>nixos-container destroy
+  foo</literal>.
+ </para>
+
+ <para>
+  Declarative containers can be started and stopped using the corresponding
+  systemd service, e.g. <literal>systemctl start container@database</literal>.
+ </para>
+</section>
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-09 01:56:20 +0000