Return container to its original (declared) state

I’ve made some changes to my config that my container isn’t picking up (I changed the uid of the user it’s supposed to create, but it’s not getting changed). Now I want to destroy and rebuild it since its state doesn’t match what I defined, but the command line tool won’t let me:

# nixos-container destroy files
/run/current-system/sw/bin/nixos-container: cannot destroy declarative container (remove it from your configuration.nix instead)

Do I really have to make a fake change to my config just to get it to destroy the container, then revert the change to get it back?

This is going to be important going forward, because I’ve found that containers have a nasty habit of accumulating state that I’d prefer to purge from time to time by rebuilding them.

Update: I tried removing the config for the container, rebuilding, putting the config back, rebuilding. But it still won’t purge the container state. Even remove, rebuild, GC, put back, rebuild doesn’t work! How do I get my container back to its original state?

Your container’s files are in the /var/lib/containers subdir, but have you tried in your tests to set users.mutableUsers to false? I cannot say for sure, but maybe it will trigger the change you want.

The user was just an example. I also tested just adding and changing files here and there, and they also persist across everything. I just wanted a way to ensure determinism in case something inside the container messes things up.

But even /var/lib/containers isn’t a solution:

[root@nas:/var/lib/containers]# rm -rf files/
rm: cannot remove 'files/var/empty': Operation not permitted

You might be interested in containers.<name>.ephemeral which works well with bind mounting only the directories you need.

As for your error: Make /var/empty immutable (with chattr +i) by domenkozar · Pull Request #18365 · NixOS/nixpkgs · GitHub

Let me know if you have any issues with that.