2014-08-24 19:18:18 +02:00
|
|
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
|
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
|
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
|
|
|
version="5.0"
|
|
|
|
|
xml:id="sec-declarative-containers">
|
2018-05-02 01:57:09 +02:00
|
|
|
|
<title>Declarative Container Specification</title>
|
2014-08-24 19:18:18 +02:00
|
|
|
|
|
2018-05-02 01:57:09 +02:00
|
|
|
|
<para>
|
2019-09-19 19:17:30 +02:00
|
|
|
|
You can also specify containers and their configuration in the host’s
|
|
|
|
|
<filename>configuration.nix</filename>. For example, the following specifies
|
|
|
|
|
that there shall be a container named <literal>database</literal> running
|
|
|
|
|
PostgreSQL:
|
2014-08-24 19:18:18 +02:00
|
|
|
|
<programlisting>
|
|
|
|
|
containers.database =
|
|
|
|
|
{ config =
|
|
|
|
|
{ config, pkgs, ... }:
|
2018-04-05 10:43:56 +02:00
|
|
|
|
{ <xref linkend="opt-services.postgresql.enable"/> = true;
|
2018-10-23 18:22:14 +02:00
|
|
|
|
<xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql_9_6;
|
2014-08-24 19:18:18 +02:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
</programlisting>
|
2019-09-19 19:17:30 +02:00
|
|
|
|
If you run <literal>nixos-rebuild switch</literal>, the container will be
|
|
|
|
|
built. If the container was already running, it will be updated in place,
|
|
|
|
|
without rebooting. The container can be configured to start automatically by
|
|
|
|
|
setting <literal>containers.database.autoStart = true</literal> in its
|
|
|
|
|
configuration.
|
2018-05-02 01:57:09 +02:00
|
|
|
|
</para>
|
|
|
|
|
|
|
|
|
|
<para>
|
2019-09-19 19:17:30 +02:00
|
|
|
|
By default, declarative containers share the network namespace of the host,
|
|
|
|
|
meaning that they can listen on (privileged) ports. However, they cannot
|
|
|
|
|
change the network configuration. You can give a container its own network as
|
|
|
|
|
follows:
|
2014-08-24 19:18:18 +02:00
|
|
|
|
<programlisting>
|
2018-04-05 10:43:56 +02:00
|
|
|
|
containers.database = {
|
|
|
|
|
<link linkend="opt-containers._name_.privateNetwork">privateNetwork</link> = true;
|
|
|
|
|
<link linkend="opt-containers._name_.hostAddress">hostAddress</link> = "192.168.100.10";
|
|
|
|
|
<link linkend="opt-containers._name_.localAddress">localAddress</link> = "192.168.100.11";
|
|
|
|
|
};
|
2014-08-24 19:18:18 +02:00
|
|
|
|
</programlisting>
|
2019-09-19 19:17:30 +02:00
|
|
|
|
This gives the container a private virtual Ethernet interface with IP address
|
|
|
|
|
<literal>192.168.100.11</literal>, which is hooked up to a virtual Ethernet
|
|
|
|
|
interface on the host with IP address <literal>192.168.100.10</literal>. (See
|
|
|
|
|
the next section for details on container networking.)
|
2018-05-02 01:57:09 +02:00
|
|
|
|
</para>
|
|
|
|
|
|
|
|
|
|
<para>
|
2019-09-19 19:17:30 +02:00
|
|
|
|
To disable the container, just remove it from
|
|
|
|
|
<filename>configuration.nix</filename> and run <literal>nixos-rebuild
|
|
|
|
|
switch</literal>. Note that this will not delete the root directory of the
|
|
|
|
|
container in <literal>/var/lib/containers</literal>. Containers can be
|
|
|
|
|
destroyed using the imperative method: <literal>nixos-container destroy
|
|
|
|
|
foo</literal>.
|
2018-05-02 01:57:09 +02:00
|
|
|
|
</para>
|
|
|
|
|
|
|
|
|
|
<para>
|
2019-09-19 19:17:30 +02:00
|
|
|
|
Declarative containers can be started and stopped using the corresponding
|
|
|
|
|
systemd service, e.g. <literal>systemctl start container@database</literal>.
|
2018-05-02 01:57:09 +02:00
|
|
|
|
</para>
|
2015-03-10 16:22:50 +01:00
|
|
|
|
</section>
|