Networking is implemented as a pair of Veth interfaces. `eth0` inside of the container, `ve-containername` on the host. A container has its own networking namespace so it can configure the network without affecting the host's network.

To allow containers to talk to the outside network we'll need to set-up NAT on the host. 
```
{
	networking.nat.enable = true;
	networking.nat.internalInterfaces = [ "ve-+" ];
	networking.nat.externalInterface = "eth0";
}
```

NetworkManager has to be stopped from trying to manage container interfaces:
```
{
	networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
}
```

---
[[NixOS - Containers]]