As an alternative to specifying config, you can specify the path to the evaluated NixOS system configuration, typically a symlink to a system profile.

The Flake URI of the NixOS configuration to use for the container

Location of the host path to be mounted.

Determine whether the mounted path will be accessed in read-only mode.

Path to device node

A path to the nixpkgs that provide the modules, pkgs and lib for evaluating the container

Takes the path to a file representing a kernel network namespace that the container shall run in

Path to an image file to load before running the image

Path to file containing password.

A set of NixOS system configurations to be run as lightweight containers

Path to a script that streams the desired image on standard output

A specification of the desired configuration of this container, as a NixOS module.

Whether the container is automatically started at boot-time.

Extra veth-pairs to be created for the container.

An extra list of directories that is bound to the container.

A list of device nodes to which the containers has access to.

Extra flags passed to the systemd-nspawn command

Mount point on the container file system.

Allows the container to create and setup tunnel interfaces by granting the NET_ADMIN capability and enabling access to /dev/net/tun.

Put the host-side of the veth-pair into the named bridge

Mounts a set of tmpfs file systems into the container

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

Put the host-side of the veth-pair into the named bridge

The IPv4 address assigned to the host interface. (Not used when hostBridge is set.)

A set of special arguments to be passed to NixOS modules

The IPv6 address assigned to the host interface. (Not used when hostBridge is set.)

The list of host interfaces from which macvlans will be created

Source port of the external interface on host

Time for the container to start

Source port of the external interface on host

List of forwarded ports from host to container

Whether the container should be restarted during a NixOS configuration switch if its definition has changed.

The IPv4 address assigned to the interface in the container

The list of interfaces to be moved into the container.

List of forwarded ports from host to container

The IPv6 address assigned to the interface in the container

The IPv4 address assigned to the interface in the container

The IPv6 address assigned to the interface in the container

Whether to give the container its own private virtual Ethernet interface

The protocol specifier for port forwarding between host and container

Each attribute in this set specifies an option in the [Path] section of the unit

The protocol specifier for port forwarding between host and container

The name of this systemd unit, including its extension

Runs container in ephemeral mode with the empty root filesystem at boot

Whether to give the container its own private UIDs/GIDs space (user namespacing)

Target port of container

Define which other containers this one depends on

Target port of container

Each attribute in this set specifies an option in the [Path] section of the unit

Podman-specific settings in OCI containers

The path to repo in local machine

Packages added to the service's PATH environment variable

Commandline arguments to pass to the image's entrypoint.

The name of this systemd unit, including its extension

The hostname of the container.

OCI image to run.

Override the username or UID (and optionally groupname or GID) used in the container.

Systemd service name that manages the container

Image pull policy for the container

Device node access modifier

Labels to attach to the container at runtime.

Username for login.

This is the absolute path to the plugin executable.

The user under which the container should run.

List of devices to attach to this container.

Packages added to the service's PATH environment variable

Override the default working directory for the container.

When enabled, the container is automatically started on boot

Automatically remove the container when it is stopped or killed

Networks to attach the container to

Extra options for podman run.

Registry where to login to.

Extra options for podman that go before the run argument.

The resulting path of the generated Diffie-Hellman parameters file for other services to reference

Give extended privileges to the container

Override the default entrypoint of the image.

List of volumes to attach to this container

Logging driver for the container

Path to host the API on and forward to the daemon's api port

Environment variables to set for this container.

Environment files for this container.

File or block device to export.

Determines how podman should notify systemd that the unit is ready

Grant additional capabilities to the container

A path of a profile file to include

Capabilities to configure for the container

Network ports to publish from the container to the outer host

Path where to store the data files of the hidden service

Absolute path of the salt on the unencrypted device with that device's root directory as "/".

Start the specified units when this unit is started.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

If the specified units are started at the same time as this unit, delay this unit until they have started.

Where to store the backups

Additional packages that should be added to the agent's PATH

Project directory.

Like ‘requires’, but in addition, if the specified units unexpectedly disappear, this unit will be stopped as well.

Start the specified units when this unit is started.

If the specified units are stopped or restarted, then this unit is stopped or restarted as well.

If the specified units are started at the same time as this unit, delay them until this unit has started.