NixOS Wiki

NixOS Containers: Difference between revisions

← Older editNewer edit →
VisualWikitext
update stateVersion
Onny (talk | contribs)
262 edits
Simplify and cleanup page
Line 1: Line 1:
== Native NixOS containers ==
Setup native [https://wiki.archlinux.org/title/systemd-nspawn systemd-nspawn] containers, which are running NixOS and are configured and managed by NixOS using the <code>containers</code> directive.


It is possible to configure native [https://wiki.archlinux.org/title/systemd-nspawn systemd-nspawn] containers, which are running NixOS and are configured and managed by NixOS using the <code>containers</code> directive.
See [[Docker]] page for OCI container (Docker, Podman) configuration.


=== Configuration ===
=== Configuration ===


The following example creates a container called <code>nextcloud</code> running the web application [[Nextcloud]]. It will start automatically at boot and has its private network subnet.
The following example creates a container called webserver running a httpd web server. It will start automatically at boot and has its private network subnet.


{{file|/etc/nixos/configuration.nix|nix|<nowiki>
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
Line 16: Line 16:
};
};


containers.nextcloud = {
containers.webserver = {
   autoStart = true;
   autoStart = true;
   privateNetwork = true;
   privateNetwork = true;
Line 25: Line 25:
   config = { config, pkgs, lib, ... }: {
   config = { config, pkgs, lib, ... }: {


     services.nextcloud = {
     services.httpd = {
       enable = true;
       enable = true;
       package = pkgs.nextcloud28;
       adminAddr = "admin@example.org";
      hostName = "localhost";
      config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}"; # DON'T DO THIS IN PRODUCTION - the password file will be world-readable in the Nix Store!
     };
     };


     system.stateVersion = "24.11";
     networking = {
      firewall.allowedTCPPorts = [ 80 ];


    networking = {
      firewall = {
        enable = true;
        allowedTCPPorts = [ 80 ];
      };
       # Use systemd-resolved inside the container
       # Use systemd-resolved inside the container
       # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
       # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
Line 46: Line 40:
     services.resolved.enable = true;
     services.resolved.enable = true;


    system.stateVersion = "24.11";
   };
   };
};
};
Line 99: Line 94:
Checking the status of the container
Checking the status of the container
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
# systemctl status container@nextcloud
# systemctl status container@webserver
</syntaxhighlight>
</syntaxhighlight>


Login into the container
Login into the container
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
# nixos-container root-login nextcloud
# nixos-container root-login webserver
</syntaxhighlight>
</syntaxhighlight>


Start or stop a container
Start or stop a container
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
# nixos-container start nextcloud
# nixos-container start webserver
# nixos-container stop nextcloud
# nixos-container stop webserver
</syntaxhighlight>
</syntaxhighlight>


Destroy a container including its file system
Destroy a container including its file system
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
# nixos-container destroy nextcloud
# nixos-container destroy webserver
</syntaxhighlight>
</syntaxhighlight>


Further informations are available in the {{manual:nixos|sec=#ch-containers|chapter=NixOS manual}}.
Further informations are available in the {{manual:nixos|sec=#ch-containers|chapter=NixOS manual}}.
== Declarative OCI containers (Docker/Podman) ==
=== Example config ===
<syntaxhighlight lang="nixos">
{ config, pkgs, ... }:
{
  config.virtualisation.oci-containers.containers = {
    hackagecompare = {
      image = "chrissound/hackagecomparestats-webserver:latest";
      ports = ["127.0.0.1:3010:3010"];
      volumes = [
        "/root/hackagecompare/packageStatistics.json:/root/hackagecompare/packageStatistics.json"
      ];
      cmd = [
        "--base-url"
        "\"/hackagecompare\""
      ];
    };
  };
}
</syntaxhighlight>
=== Usage ===
NixOS uses Podman to run OCI containers. Note that these are '''user-specific''', so running commands with or without sudo can change your output.
List containers
<syntaxhighlight lang="console">
# podman ps
</syntaxhighlight>
Update image
<syntaxhighlight lang="console">
# podman restart hackagecompare
</syntaxhighlight>
List images
<syntaxhighlight lang="console">
# podman ls
</syntaxhighlight>Remove container<syntaxhighlight lang="console">
# podman rm hackagecompare
</syntaxhighlight>
Remove image
<syntaxhighlight lang="console">
# podman rmi c0d9a5f58afe
</syntaxhighlight>Update image<syntaxhighlight lang="console">
# podman pull chrissound/hackagecomparestats-webserver:latest
</syntaxhighlight>Run interactive shell in running container<syntaxhighlight lang="console">
# podman exec -ti $ContainerId /bin/sh
</syntaxhighlight>


== Troubleshooting ==
== Troubleshooting ==
Retrieved from "https://wiki.nixos.org/wiki/NixOS_Containers"