61 lines
2.2 KiB
XML
61 lines
2.2 KiB
XML
<section xmlns="http://docbook.org/ns/docbook"
|
||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||
version="5.0"
|
||
xml:id="sec-declarative-containers">
|
||
|
||
<title>Declarative Container Specification</title>
|
||
|
||
<para>You can also specify containers and their configuration in the
|
||
host’s <filename>configuration.nix</filename>. For example, the
|
||
following specifies that there shall be a container named
|
||
<literal>database</literal> running PostgreSQL:
|
||
|
||
<programlisting>
|
||
containers.database =
|
||
{ config =
|
||
{ config, pkgs, ... }:
|
||
{ services.postgresql.enable = true;
|
||
services.postgresql.package = pkgs.postgresql96;
|
||
};
|
||
};
|
||
</programlisting>
|
||
|
||
If you run <literal>nixos-rebuild switch</literal>, the container will
|
||
be built. If the container was already running, it will be
|
||
updated in place, without rebooting. The container can be configured to
|
||
start automatically by setting <literal>containers.database.autoStart = true</literal>
|
||
in its configuration.</para>
|
||
|
||
<para>By default, declarative containers share the network namespace
|
||
of the host, meaning that they can listen on (privileged)
|
||
ports. However, they cannot change the network configuration. You can
|
||
give a container its own network as follows:
|
||
|
||
<programlisting>
|
||
containers.database =
|
||
{ privateNetwork = true;
|
||
hostAddress = "192.168.100.10";
|
||
localAddress = "192.168.100.11";
|
||
};
|
||
</programlisting>
|
||
|
||
This gives the container a private virtual Ethernet interface with IP
|
||
address <literal>192.168.100.11</literal>, which is hooked up to a
|
||
virtual Ethernet interface on the host with IP address
|
||
<literal>192.168.100.10</literal>. (See the next section for details
|
||
on container networking.)</para>
|
||
|
||
<para>To disable the container, just remove it from
|
||
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
|
||
switch</literal>. Note that this will not delete the root directory of
|
||
the container in <literal>/var/lib/containers</literal>. Containers can be
|
||
destroyed using the imperative method: <literal>nixos-container destroy
|
||
foo</literal>.</para>
|
||
|
||
<para>Declarative containers can be started and stopped using the
|
||
corresponding systemd service, e.g. <literal>systemctl start
|
||
container@database</literal>.</para>
|
||
|
||
</section>
|