We’ll cover imperative container management using nixos-container first. Be aware that container management is currently only possible as root. You create a container with identifier foo as follows: # nixos-container create foo This creates the container’s root directory in /var/lib/containers/foo and a small configuration file in /etc/containers/foo.conf. It also builds the container’s initial system configuration and stores it in /nix/var/nix/profiles/per-container/foo/system. You can modify the initial configuration of the container on the command line. For instance, to create a container that has sshd running, with the given public key for root: # nixos-container create foo --config ' = true; users.users.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"]; ' Creating a container does not start it. To start the container, run: # nixos-container start foo This command will return as soon as the container has booted and has reached multi-user.target. On the host, the container runs within a systemd unit called container@container-name.service. Thus, if something went wrong, you can get status info using systemctl: # systemctl status container@foo If the container has started successfully, you can log in as root using the root-login operation: # nixos-container root-login foo [root@foo:~]# Note that only root on the host can do this (since there is no authentication). You can also get a regular login prompt using the login operation, which is available to all users on the host: # nixos-container login foo foo login: alice Password: *** With nixos-container run, you can execute arbitrary commands in the container: # nixos-container run foo -- uname -a Linux foo 3.4.82 #1-NixOS SMP Thu Mar 20 14:44:05 UTC 2014 x86_64 GNU/Linux To change the configuration of the container, you can edit /var/lib/container/name/etc/nixos/configuration.nix, and run # nixos-container update foo This will build and activate the new configuration. You can also specify a new configuration on the command line: # nixos-container update foo --config ' = true; = "foo@example.org"; = [ 80 ]; ' # curl http://$(nixos-container show-ip foo)/ <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">… However, note that this will overwrite the container’s /etc/nixos/configuration.nix. Note that in previous versions of NixOS (17.09 and earlier) one could also use all nix-related commands (like nixos-rebuild switch) from inside the container. However, since the release of Nix 2.0 this is not supported anymore. Supporting Nix commands inside the container might be possible again in future versions. See the github issue for tracking progress on this issue. Containers can be stopped and started using nixos-container stop and nixos-container start, respectively, or by using systemctl on the container’s service unit. To destroy a container, including its file system, do # nixos-container destroy foo