nixpkgs/nixos/doc/manual/administration/declarative-containers.xml

42 lines
2.5 KiB
XML
Raw Normal View History

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="sec-declarative-containers">
2018-05-02 00:57:09 +01:00
<title>Declarative Container Specification</title>
2018-05-02 00:57:09 +01:00
<para>
2019-09-18 21:13:35 +01:00
You can also specify containers and their configuration in the hosts <filename>configuration.nix</filename>. For example, the following specifies that there shall be a container named <literal>database</literal> running PostgreSQL:
<programlisting>
containers.database =
{ config =
{ config, pkgs, ... }:
2018-04-05 09:43:56 +01:00
{ <xref linkend="opt-services.postgresql.enable"/> = true;
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_9_6;
};
};
</programlisting>
2019-09-18 21:13:35 +01:00
If you run <literal>nixos-rebuild switch</literal>, the container will be built. If the container was already running, it will be updated in place, without rebooting. The container can be configured to start automatically by setting <literal>containers.database.autoStart = true</literal> in its configuration.
2018-05-02 00:57:09 +01:00
</para>
<para>
2019-09-18 21:13:35 +01:00
By default, declarative containers share the network namespace of the host, meaning that they can listen on (privileged) ports. However, they cannot change the network configuration. You can give a container its own network as follows:
<programlisting>
2018-04-05 09:43:56 +01:00
containers.database = {
<link linkend="opt-containers._name_.privateNetwork">privateNetwork</link> = true;
<link linkend="opt-containers._name_.hostAddress">hostAddress</link> = "192.168.100.10";
<link linkend="opt-containers._name_.localAddress">localAddress</link> = "192.168.100.11";
};
</programlisting>
2019-09-18 21:13:35 +01:00
This gives the container a private virtual Ethernet interface with IP address <literal>192.168.100.11</literal>, which is hooked up to a virtual Ethernet interface on the host with IP address <literal>192.168.100.10</literal>. (See the next section for details on container networking.)
2018-05-02 00:57:09 +01:00
</para>
<para>
2019-09-18 21:13:35 +01:00
To disable the container, just remove it from <filename>configuration.nix</filename> and run <literal>nixos-rebuild switch</literal>. Note that this will not delete the root directory of the container in <literal>/var/lib/containers</literal>. Containers can be destroyed using the imperative method: <literal>nixos-container destroy foo</literal>.
2018-05-02 00:57:09 +01:00
</para>
<para>
2019-09-18 21:13:35 +01:00
Declarative containers can be started and stopped using the corresponding systemd service, e.g. <literal>systemctl start container@database</literal>.
2018-05-02 00:57:09 +01:00
</para>
2015-03-10 15:22:50 +00:00
</section>