It's 2022: nftables kind of integrates now
This is a follow up to the It’s 2021: nftables still does not integrate. The good: What works compared to 2021? Pretty much everything is still revolving around the iptables-nft compatibility layer, but it has improved a lot so things seem to work just fine now.
Flakes and little convenient impurity escape hatch
Started using flakes recently? But then you found that: You need per-machine configuration for experimentation/secrets (well, e.g firewall config), but don’t want to publish them. Your configuration is against your usual quality standards, so it’d be shame to show them to the world. Here’s one solution to that - works similarly to how current NixOS deployments are still done.
Container bind mount pitfalls: DNS
It’s not DNS. There’s no way it’s DNS. It was DNS.
It's 2021: nftables still does not integrate
You probably have seen it around somewhere already, for example Debian trying hard to replace iptables with it. Debian 10 (buster) shipped with it already, Arch Linux wiki provided (usable) examples for the adventurous back in 2014 etc.
An adventure of getting Docker on NixOS running only with cgroups v2
After discovering Linux’s wonderful Pressure Stall Information (PSI for short) subsystem, I’ve been trying to set up monitoring on Docker containers where I run very memory, CPU and I/O hungry game servers (not hard to guess - it’s Minecraft).