2014-08-24 17:18:18 +00:00
|
|
|
<chapter xmlns="http://docbook.org/ns/docbook"
|
|
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
|
|
version="5.0"
|
|
|
|
xml:id="ch-containers">
|
2018-05-01 23:57:09 +00:00
|
|
|
<title>Container Management</title>
|
|
|
|
<para>
|
2019-09-19 17:17:30 +00:00
|
|
|
NixOS allows you to easily run other NixOS instances as
|
|
|
|
<emphasis>containers</emphasis>. Containers are a light-weight approach to
|
|
|
|
virtualisation that runs software in the container at the same speed as in
|
|
|
|
the host system. NixOS containers share the Nix store of the host, making
|
|
|
|
container creation very efficient.
|
2018-05-01 23:57:09 +00:00
|
|
|
</para>
|
|
|
|
<warning>
|
|
|
|
<para>
|
2019-09-19 17:17:30 +00:00
|
|
|
Currently, NixOS containers are not perfectly isolated from the host system.
|
|
|
|
This means that a user with root access to the container can do things that
|
|
|
|
affect the host. So you should not give container root access to untrusted
|
|
|
|
users.
|
2018-05-01 23:57:09 +00:00
|
|
|
</para>
|
|
|
|
</warning>
|
|
|
|
<para>
|
2019-09-19 17:17:30 +00:00
|
|
|
NixOS containers can be created in two ways: imperatively, using the command
|
|
|
|
<command>nixos-container</command>, and declaratively, by specifying them in
|
|
|
|
your <filename>configuration.nix</filename>. The declarative approach implies
|
|
|
|
that containers get upgraded along with your host system when you run
|
|
|
|
<command>nixos-rebuild</command>, which is often not what you want. By
|
|
|
|
contrast, in the imperative approach, containers are configured and updated
|
|
|
|
independently from the host system.
|
2018-05-01 23:57:09 +00:00
|
|
|
</para>
|
|
|
|
<xi:include href="imperative-containers.xml" />
|
|
|
|
<xi:include href="declarative-containers.xml" />
|
|
|
|
<xi:include href="container-networking.xml" />
|
2014-08-24 17:18:18 +00:00
|
|
|
</chapter>
|