NixOS Containers: Difference between revisions
Flake containers |
→See also: Fix link to nixos-container.pl |
||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 113: | Line 113: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Further informations are available in the {{manual:nixos|sec=#ch-containers|chapter=NixOS manual}}. | View log for container<syntaxhighlight lang="console"> | ||
# journalctl -M webserver | |||
</syntaxhighlight>Further informations are available in the {{manual:nixos|sec=#ch-containers|chapter=NixOS manual}}. | |||
== Tips and tricks == | == Tips and tricks == | ||
| Line 142: | Line 144: | ||
}; | }; | ||
} | } | ||
</syntaxhighlight>To create and run container enter following commands. In this example the <code>flake.nix</code> file is in the same directory.<syntaxhighlight lang=" | </syntaxhighlight>To create and run that container, enter following commands. In this example the <code>flake.nix</code> file is in the same directory.<syntaxhighlight lang="console"> | ||
# nixos-container create flake-test --flake . | # nixos-container create flake-test --flake . | ||
host IP is 10.233.4.1, container IP is 10.233.4.2 | host IP is 10.233.4.1, container IP is 10.233.4.2 | ||
# nixos-container start flake-test | # nixos-container start flake-test | ||
</syntaxhighlight> | |||
==== Use agenix secrets in container ==== | |||
To add <code>agenix</code> secrets to a container bind mount the <code>ssh-host.key</code> and import the <code>agenix.nixosModule</code> and set <code>age.identityPaths</code> [https://discourse.nixos.org/t/secrets-inside-nixos-containers/34403/6 Source]<syntaxhighlight lang="nix"> | |||
{ agenix, ... }: | |||
{ | |||
containers."withSecret" = { | |||
# pass the private key to the container for agenix to decrypt the secret | |||
bindMounts."/etc/ssh/ssh_host_ed25519_key".isReadOnly = true; | |||
config = | |||
{ | |||
config, | |||
lib, | |||
pkgs, | |||
... | |||
}: | |||
{ | |||
imports = [ agenix.nixosModules.default ]; # import agenix-module into the nixos-container | |||
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # isn't set automatically when openssh is not setup | |||
# import the secret | |||
age.secrets."secret-name" = { | |||
file = ../secrets/secret.age; | |||
}; | |||
}; | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 165: | Line 197: | ||
* [https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html Blog Article - Declarative NixOS Containers] | * [https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html Blog Article - Declarative NixOS Containers] | ||
* [https://discourse.nixos.org/t/extra-container-run-declarative-containers-without-full-system-rebuilds/511 NixOS Discourse - Extra-container: Run declarative containers without full system rebuilds] | * [https://discourse.nixos.org/t/extra-container-run-declarative-containers-without-full-system-rebuilds/511 NixOS Discourse - Extra-container: Run declarative containers without full system rebuilds] | ||
* [https://github.com/NixOS/nixpkgs/blob/master/pkgs/ | * [https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ni/nixos-container/nixos-container.pl Nixpkgs - nixos-container.pl] | ||
* [https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/nixos-containers.nix Nixpkgs - nixos-containers.nix] | * [https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/nixos-containers.nix Nixpkgs - nixos-containers.nix] | ||
* [https://nixcademy.com/2023/08/29/nixos-nspawn/ nixos-nspawn] | * [https://nixcademy.com/2023/08/29/nixos-nspawn/ nixos-nspawn] | ||