Let’s write an nbd service module for NixOS. We’ll look at the shape of NixOS modules, define the service’s options, generate the configuration for the server, write tests, and see how upstreaming into nixpkgs works.

Many recent distributed programs like etcd or Kubernetes require TLS certificates to communicate securely. Creating these by hand is tedious, so let’s see how to automate it with a nix flake.

NixOS 21.11 switched to the nf_tables backend for iptables. Let’s see what this means, and what new things we can and cannot do.