NixOS Containers: Difference between revisions

Line 3:

It is possible to configure native [https://wiki.archlinux.org/title/systemd-nspawn systemd-nspawn] containers, which are running NixOS and are configured and managed by NixOS using the <code>containers</code> directive.

=== ~~Installation~~ ===

=== Configuration ===

The following example creates a container called <code>nextcloud</code> running the web application [[Nextcloud]]. It will start automatically at boot and has its private network subnet.

Line 51:

In order to reach the web application on the host system, we have to open [[Firewall]] port 80 and also configure NAT through <code>networking.nat</code>. The web service of the container will be available at http://192.168.100.11

==== Networking ====

By default, if <code>privateNetwork</code> is not set, the container shares the network with the host, enabling it to bind any port on any interface. However, when <code>privateNetwork</code> is set to <code>true</code>, the container gains its private virtual <code>eth0</code> and <code>ve-<container_name></code> on the host. This isolation is beneficial when you want the container to have its dedicated networking stack.

'''NAT (Network Address Translation)'''

</syntaxhighlight>

'''Bridge'''

networking = {

bridges.br0.interfaces = [ "eth0s31f6" ]; # Adjust interface accordingly

# Get bridge-ip with DHCP

useDHCP = false;

interfaces."br0".useDHCP = true;

# Set bridge-ip static

interfaces."br0".ipv4.addresses = [{

address = "192.168.100.3";

prefixLength = 24;

}];

defaultGateway = "192.168.100.1";

nameservers = [ "192.168.100.1" ];

};

containers.<name> = {

privateNetwork = true;

hostBridge = "br0"; # Specify the bridge name

localAddress = "192.168.100.5/24";

config = { };

};

</syntaxhighlight>

=== Usage ===

@@ Line 3: / Line 3: @@
 It is possible to configure native [https://wiki.archlinux.org/title/systemd-nspawn systemd-nspawn] containers, which are running NixOS and are configured and managed by NixOS using the <code>containers</code> directive.
-=== Installation ===
+=== Configuration ===
 The following example creates a container called <code>nextcloud</code> running the web application [[Nextcloud]]. It will start automatically at boot and has its private network subnet.
@@ Line 51: / Line 51: @@
 In order to reach the web application on the host system, we have to open [[Firewall]] port 80 and also configure NAT through <code>networking.nat</code>. The web service of the container will be available at http://192.168.100.11
+==== Networking ====
+{{expansion}}
+By default, if <code>privateNetwork</code> is not set, the container shares the network with the host, enabling it to bind any port on any interface. However, when <code>privateNetwork</code> is set to <code>true</code>, the container gains its private virtual <code>eth0</code> and <code>ve-<container_name></code> on the host. This isolation is beneficial when you want the container to have its dedicated networking stack.
+'''NAT (Network Address Translation)'''
+<syntaxhighlight lang="nix">
+</syntaxhighlight>
+'''Bridge'''
+<syntaxhighlight lang="nix">
+networking = {
+  bridges.br0.interfaces = [ "eth0s31f6" ]; # Adjust interface accordingly
+  # Get bridge-ip with DHCP
+  useDHCP = false;
+  interfaces."br0".useDHCP = true;
+  # Set bridge-ip static
+  interfaces."br0".ipv4.addresses = [{
+    address = "192.168.100.3";
+    prefixLength = 24;
+  }];
+  defaultGateway = "192.168.100.1";
+  nameservers = [ "192.168.100.1" ];
+};
+containers.<name> = {
+  privateNetwork = true;
+  hostBridge = "br0"; # Specify the bridge name
+  localAddress = "192.168.100.5/24";
+  config = { };
+};
+</syntaxhighlight>
 === Usage ===