Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's not the case (anymore). I run a NixOS based router with nftables (no iptables installed at all), and podman works just fine. It simply adds its NAT rules to nftables (unless you tell it not to).

As far as I know, this was introduced with the new networking stack (netavark).



Do you have a link to your NixOS router config? Been thinking of doing this for a while but never got round to it.


Here's a redacted version: https://gist.github.com/dbrgn/137da9e9ad342d536d1e452fba3e9d... Maybe it's useful as reference. It includes multiple network interfaces, a firewall, VLANs, DNS and ad blocking (plus two network services). (This version of the config does not yet make use of podman, I'm still in the process of setting everything up.)

I'm also using nix flakes, to keep the setup reproducible.

If you want to get started, I can recommend the following:

1. Install nixos. That will only take a few minutes, and you end up with a system in which you have a "/etc/nixos/configuration.nix" file. Now you can edit the config file, run "nix-rebuild switch", and the changes have been applied. Every change results in a new entry in the bootloader menu, so you can always rollback.

2. Check out this great blog series: https://www.jjpdev.com/posts/home-router-nixos/ It helped me a lot.

3. Use https://search.nixos.org/options to search config options (the stuff in your config file).

Note: The blogpost still uses the classic way of managing network devices. I use Systemd, which I think is nicer and more flexible.


That's awesome, thanks for the links.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: