NixOS Containers: Difference between revisions

From NixOS Wiki
imported>Alyaeanyx
m Add warning and improve formatting
imported>Onny
Add troubleshooting section for native NixOS containers
Line 2: Line 2:


It is possible to configure native systemd-nspawn containers, which are running NixOS and are configured and managed by NixOS using the <code>containers</code> directive.
It is possible to configure native systemd-nspawn containers, which are running NixOS and are configured and managed by NixOS using the <code>containers</code> directive.
=== Installation ===


The following example creates a container called <code>nextcloud</code> running the web application [[Nextcloud]]. It will start automatically at boot and has its private network subnet.
The following example creates a container called <code>nextcloud</code> running the web application [[Nextcloud]]. It will start automatically at boot and has its private network subnet.
Line 38: Line 40:


In order to reach the web application on the host system, we have to open [[Firewall]] port 80 and also configure NAT through <code>networking.nat</code>.
In order to reach the web application on the host system, we have to open [[Firewall]] port 80 and also configure NAT through <code>networking.nat</code>.
=== Usage ===


Checking the status of the container
Checking the status of the container
Line 61: Line 65:


Further informations are available in the {{manual:nixos|sec=#ch-containers|chapter=NixOS manual}}.
Further informations are available in the {{manual:nixos|sec=#ch-containers|chapter=NixOS manual}}.
=== Troubleshooting ===
Configuring nameservers for containers is [https://github.com/NixOS/nixpkgs/issues/162686 currently broken]. Therefore in some cases internet connectivity can be broken inside the containers. A temporary workaround is to manually write the <code>/etc/nixos/resolv.conf</code> file like this:
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
containers.nextcloud.config = { config, pkgs, ... }: {
  [...]
  environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
};
</nowiki>}}


== Declarative docker containers ==
== Declarative docker containers ==

Revision as of 16:23, 30 August 2022

Native NixOS containers

It is possible to configure native systemd-nspawn containers, which are running NixOS and are configured and managed by NixOS using the containers directive.

Installation

The following example creates a container called nextcloud running the web application Nextcloud. It will start automatically at boot and has its private network subnet.

/etc/nixos/configuration.nix
networking.nat = {
  enable = true;
  internalInterfaces = ["ve-+"];
  externalInterface = "ens3";
};

containers.nextcloud = {
  autoStart = true;                
  privateNetwork = true;           
  hostAddress = "192.168.100.10";
  localAddress = "192.168.100.11";
  config = { config, pkgs, ... }: {

    services.nextcloud = {                     
      enable = true;                   
      package = pkgs.nextcloud24;
      hostName = "localhost";
      config.adminpassFile = pkgs.writeText "adminpass" "test123"; # DON'T DO THIS IN PRODUCTION - the password file will be world-readable in the Nix Store!
    };

    system.stateVersion = "22.05";

    networking.firewall = {
      enable = true;
      allowedTCPPorts = [ 80 ];
    };

  };
};

In order to reach the web application on the host system, we have to open Firewall port 80 and also configure NAT through networking.nat.

Usage

Checking the status of the container

# systemctl status container@nextcloud

Login into the container

# nixos-container root-login nextcloud

Start or stop a container

# nixos-container start nextcloud
# nixos-container stop nextcloud

Destroy a container including its file system

# nixos-container destroy nextcloud

Further informations are available in the NixOS Manual, NixOS manual.

Troubleshooting

Configuring nameservers for containers is currently broken. Therefore in some cases internet connectivity can be broken inside the containers. A temporary workaround is to manually write the /etc/nixos/resolv.conf file like this:

/etc/nixos/configuration.nix
containers.nextcloud.config = { config, pkgs, ... }: {
  [...]
  environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
};

Declarative docker containers

Example config:

 { config, pkgs, ... }:
 {
   config.virtualisation.oci-containers.containers = {
     hackagecompare = {
       image = "chrissound/hackagecomparestats-webserver:latest";
       ports = ["127.0.0.1:3010:3010"];
       volumes = [
         "/root/hackagecompare/packageStatistics.json:/root/hackagecompare/packageStatistics.json"
       ];
       cmd = [
         "--base-url"
         "\"/hackagecompare\""
       ];
     };
   };
 }

Troubleshooting

I have changed the host's channel and some services are no longer functional

Symptoms:

  • Lost data in PostgreSQL database
  • MySQL has changed its path, where it creates the database

Solution

If you did not have a system.stateVersion option set inside your declarative container configuration, it will use the default one for the channel. Your data might be safe, if you did nothing meanwhile. Add the missing system.stateVersion to your container, rebuild, and possibly stop/start the container.

See also