370c7da4a9
nixpkgs nixos-25.11 브랜치의 nixos/doc/manual/ 디렉토리를 sparse clone으로 가져와 ~/obsidian/dev/nixos-manual/에 복사. _index.md에 구조/갱신 방법 정리. 오프라인 참조 + AI 에이전트 컨텍스트용. sandbox-tokyo 같은 NixOS 노드 운영 시 빠른 참조로 사용.
29 lines
1.1 KiB
Markdown
29 lines
1.1 KiB
Markdown
# Container Management {#ch-containers}
|
|
|
|
NixOS allows you to easily run other NixOS instances as *containers*.
|
|
Containers are a light-weight approach to virtualisation that runs
|
|
software in the container at the same speed as in the host system. NixOS
|
|
containers share the Nix store of the host, making container creation
|
|
very efficient.
|
|
|
|
::: {.warning}
|
|
Currently, NixOS containers are not perfectly isolated from the host
|
|
system. This means that a user with root access to the container can do
|
|
things that affect the host. So you should not give container root
|
|
access to untrusted users.
|
|
:::
|
|
|
|
NixOS containers can be created in two ways: imperatively, using the
|
|
command `nixos-container`, and declaratively, by specifying them in your
|
|
`configuration.nix`. The declarative approach implies that containers
|
|
get upgraded along with your host system when you run `nixos-rebuild`,
|
|
which is often not what you want. By contrast, in the imperative
|
|
approach, containers are configured and updated independently from the
|
|
host system.
|
|
|
|
```{=include=} sections
|
|
imperative-containers.section.md
|
|
declarative-containers.section.md
|
|
container-networking.section.md
|
|
```
|