Enable containers

boot.enableContainers = true;

NixOS containers can be created in two ways: imperatively, using the command nixos-container, and declaratively, by specifying them in your configuration.nix.

The declarative approach implies that containers get upgraded along with your host system when you run nixos-rebuild, which is often not what you want. By contrast, in the imperative approach, containers are configured and updated independently from the host system.

Imperative Container Management

Create a container.nix file to store the container's config:

{...}: {
  system.stateVersion = "25.11";

  networking.firewall.allowedTCPPorts = [5432];

  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    authentication = "host all all 0.0.0.0/0 trust";

    ensureDatabases = ["zero2prod"];
    ensureUsers = [
      {
        name = "zero2prod";
        ensureDBOwnership = true;
        ensureClauses.createdb = true;
      }
    ];
  };
}

Then create and start the container:

sudo nixos-container create zero2prod --config-file container.nix
sudo nixos-container start zero2prod

For this case of a postgres container it's common to use the container's IP in your .envrc: export PGHOST=$(nixos-container show-ip zero2prod)

You can also list and destroy containers.