Last two days, I’ve been working on one of those projects in my homelab which wasn’t technically needed (because the existing solution was more than adequate) but had been lingering in my mind for awhile. Specifically, I had couple of things running in their own containers, one a Wireguard VPN and other a service that relied on that VPN for network connectivity, and the containers were connected through a network=container:foo. Worked great, but I was bothered that I wasn’t using native Nix modules. So, I created a micro-VM, declarative obviously, and migrated the services into it. I had to move from Network Manager to systemd networking for that, which then led me to ask, why don’t I move Wireguard to the latter as well. It’d be cool, plus I had a bunch of iptables stuff in my wg-quick setup and that felt brittle. So, did that too.
This is how a lot of self-hosting projects go: you micro-optimize a setup that is already better than what 99% people in the world have, just because of an itch or because you thought it’d be interesting!