šŸ•’ 2 minutes

It's 2022: nftables kind of integrates now

This is a follow up to the It’s 2021: nftables still does not integrate. The good: What works compared to 2021? Pretty much everything is still revolving around the iptables-nft compatibility layer, but it has improved a lot so things seem to work just fine now.

šŸ•’ 1 minutes

Flakes and little convenient impurity escape hatch

Started using flakes recently? But then you found that: You need per-machine configuration for experimentation/secrets (well, e.g firewall config), but don’t want to publish them. Your configuration is against your usual quality standards, so it’d be shame to show them to the world. Here’s one solution to that - works similarly to how current NixOS deployments are still done.

šŸ•’ 5 minutes

Container bind mount pitfalls: DNS

It’s not DNS. There’s no way it’s DNS. It was DNS.

šŸ•’ 2 minutes

It's 2021: nftables still does not integrate

You probably have seen it around somewhere already, for example Debian trying hard to replace iptables with it. Debian 10 (buster) shipped with it already, Arch Linux wiki provided (usable) examples for the adventurous back in 2014 etc.

šŸ•’ 6 minutes

An adventure of getting Docker on NixOS running only with cgroups v2

After discovering Linux’s wonderful Pressure Stall Information (PSI for short) subsystem, I’ve been trying to set up monitoring on Docker containers where I run very memory, CPU and I/O hungry game servers (not hard to guess - it’s Minecraft).